Automate Your IPAM to Acclerate IT Service Delivery

Automation is among the key motivators for implementing an IP address management (IPAM) system. With the ubiquitous adoption of Internet-based technologies engendering IP networks over which nearly all of your applications communicate, it makes sense to simplify and minimize resource impacts for such networked applications and corresponding support. This IP convergence provides financial, efficiency, and productivity benefits in and of itself, but it also escalates reliance on and ensuing scrutiny of IP network performance, resiliency and integration into key business processes. 

Underpinning this IP convergence is the IPAM foundation. Email, web, application servers need IP addresses and DNS names. User laptops, mobiles, and other devices need IP addresses. Cloud virtual machines or containers need IP addresses and DNS names. Literally every device you need to connect to your network needs an IP address; and if users need to reach it by name, it also needs a DNS name. With no IP address or DNS name, there is no network. Clearly it behooves IT engineers to deploy reliable, performant, and resilient IPAM components to supply IP addresses and DNS names in each of these instances.

Reliability implies that IPAM be not only available when needed but accurate in its capability. When you need to instantiate of virtual machine on VMware for example, you need to rely on a corresponding IPAM function to be available, yes, but also supply an IP address that is unique and relevant to the subnet on which the virtual machine is provisioned. If you maintain IP address inventory in a spreadsheet, reliability necessitates availability of the spreadsheet owner to open and update the file and that this update process has been performed judiciously so no duplication of IP addresses erroneously results.

Performance in IPAM components essentially requires that IPAM is not inhibiting or worst case, halting the process underway. For example if my spreadsheet owner happens to be out to lunch or away on business or vacation, will you be able to obtain an IP address and DNS name in a timely fashion to instantiate ten containers within five minutes? Agility is an IT hallmark, particularly in today's multi-cloud world, and IPAM processes provide a key ingredient to achieving agility. Likewise, IPAM resilience is critical to supporting availability of alternative methods, e.g., a secondary spreadsheet owner, in order to perform IPAM functions in the face of an "outage" or unavailability of a necessary component. 

While expression of the spreadsheet-based IPAM technique may be trite, it's illustrative of the requirements for reliability, performance and resilience. Your IPAM system must meet these requirements to facilitate the efficiency, agility and manageability of your diverse network. Use of standard protocols such as DHCP for automating address assignment where relevant, and DNS for name resolution, enable you to use stock reference implementations of these protocols. In auto-configured environments such as in IPv6, IoT or public cloud networks, an IPAM system must provide visibility through various forms of discovery and/or through API-integration during the process, e.g., particularly for cloud instantiations. 

A centralized IPAM system serves as the heart of such a diverse network, enabling consistent and accurate tracking of IP address and DNS assignments. Automated deployment of DHCP and DNS server information to distributed DHCP and DNS servers, appliances or containers streamlines the process, promotes agility, and reduces potential errors in entering common information into multiple systems, e.g., a spreadsheet, DHCP server configuration file and a DNS interface. Use of an IPAM REST API with programmable workflows also embeds foundational IPAM functions within broader IT workflows such as automated server builds, container swarm deployments or virtual machine instantiations. 

By leveraging these protocols and IPAM system capabilities, you can streamline your IP address and DNS name assignment processes across your variegated IP network, streamlining overall service delivery. Inserting these capabilities into your orchestration workflows enables incorporation of the critical IPAM functions within corresponding workflows. IPControl, the IPAM solution from BT's Diamond IP for example includes intra-IPAM automation of IP block management, subnets and DHCP/DNS configurations, and it also provides a full REST API. Our Cloud Automation Appliance (CAA) provides an IPAM orchestration engine which enables you to define inter-system workflows with a drag-and-drop web user interface. We supply several sample workflows for public cloud interfaces such as Azure and AWS, as well as a full suite of IPAM API components that may be simply inserted into your workflows. 

A simple REST call to your CAA can render the provision of a subnet in AWS while updating IPControl or the discovery of resource groups, locations, virtual networks and virtual machine IP addresses from Azure for bootstrapping or synchronizing corresponding IPAM data in IPControl. These sample workflows, components, and user-definable workflows and components facilitate adaptation and automation of IP and DNS assignments in accordance with your network and your methods of operation.


Comments

Post a Comment

Popular posts from this blog

Handy AAAA filter in BIND 9.8

The ISC introduced a pair of new configuration file options in BIND 9.8 to enable administrators to easily filter who may receive AAAA record type responses even if valid responses exist. For example, clients on subnets that do not have IPv6 network access can be excluded from receiving affirmative answers for AAAA queries. This feature provides simpler administration than the alternative mechanism using views. The first option, filter-aaaa-on-v4,defines whether the server will return AAAA records to certain clients. Such clients are defined by the address match list parameter of the second option, filter-aaaa. Note that BIND must be compiled with the --enable-filter-aaaa option on the configure command line to enable AAAA filtering. The syntax of these options is as follows: filter-aaaa-on-v4 (yes | no | break-dnssec) ; filter-aaaa {addr_match_list;} ; The filter-aaaa option identifies the address match list for which the filter-aaaa-on-v4 option is to be applied as described
Read more

Inglorious DDI

We all know how critical DHCP/DNS/IPAM (DDI) services are. Your network cannot function without them. But like most foundational elements of anything, they are certainly not glamorous...like good luck finding a home designer who specializes in home foundations. I would not be shocked should HGTV pass on my brilliant concept for a foundation building show. I suppose most people would find a show detailing footing depths and concrete pouring techniques rather boring.  Nevertheless, there are countless shows for redesigning and remodeling homes. On most episodes the foundation is out of sight, out of mind. If it's stable, no one wants to pay it attention, they just expect it to keep doing its job, supporting the structure. Once in a while a foundational issue is brought up that unexpectedly threatens to raise the budget to heighten the drama. All work stops until the issue is addressed. And you'll notice that the owner never denies paying the extra amount to fix the issue.
Read more

BIND 9.8.0 Adds DNS64 Support - Part 2 - How is it configured?

BIND 9.8.0 introduced a new dns64 option statement that can be configured within the server named.conf options block or within a view options block. Recall from a prior post that DNS64 configures a recursive DNS server to issue A record queries on behalf of a client requesting AAAA records, then appends the returned IPv4 address to a defined IPv6 prefix. This manufactured IPv6 address enables the querying host to connect to a NAT64 gateway which will terminate the IPv6 connection from the client and map it to an outbound IPv4 connection to the appended IPv4 address, completing the connection! Whew! BIND offers a number of useful parameters within the dns64 statement to control this process. The statement syntax is: dns64 IPv6_prefix { [clients {address_match_list };] [mapped {address_match_list };] [exclude {address_match_list };] [suffix IPv6_addr;] [recursive-only (yes|no);] [break-dnssec (yes|no);] }; The IPv6_prefix parameter is the prefix to which returned
Read more