DNS, DHCP & IP Address Management appliances
For Microsoft DNS & DHCP servers
For open source DNS & DHCP servers
Cloud-based visualization of analytics across DDI architecture
Manage multi-vendor cloud DNS servers centrally
RIR Declaration Management and Automation
Automated network device configuration and management
Centralized visibility over all your clouds
A single source of truth for your network automation
Why DDI is an Obvious Starting Point
DNS Threat Intelligence for proactive defense
Intelligence Insights for Threat Detection and Investigation
Adaptive DNS security for service continuity and data protection
Improve Application Access Control to prevent spread of attacks
Protect users and block DNS-based malware activity
Carrier-grade DNS DDoS attack protection
Optimize application delivery performance from the edge
for Proactive Network Security
Visibility, analytics and micro segmentation for effective Zero Trust strategy
Enable work from anywhere by controlling access, security and data privacy
Simplify management and control costs across AWS, Azure and GCP environments
Risk-free migration to reduce DDI complexity and cost
Move risk-free to improve performance, security and costs
Automate management, unify control and strengthen security of connected devices
Protect your network against all DNS attacks, data exfiltration and ransomware
Enable zero touch operations for network management and security
Improve resiliency, deployment velocity and user experience for SD-WAN projects
Integrated DNS, DHCP, IPAM services to simplify, automate and secure your network.
Simplify design, deployment and management of critical DDI services for telcos
Optimize administration and security of critical DDI services for healthcare
Simplify and automate management of critical DDI services for finance
Simplify and automate management of critical DDI services for higher education
Simplify and automate management of critical DDI services for retail
Simplify Management and Automation for Network Operations Teams
Elevate SecOps Efficiency by Simplifying Threat Response
Open architecture for DDI integration
Technology partnerships for network security & management ecosystems
Extend security perimeters and strengthen network defenses
Submit requests for temporary licenses
Submit access requests for EfficientIP knowledge platforms
Submit membership requests for EfficientIP Community
Strengthen Your Network Protection with Smart DNS Security
Customer-centric DDI project delivery and training
Acquire the skills needed to manage EfficientIP SOLIDserverโข
Identify vulnerabilities with an assessment of your DNS traffic
Test your protection against data breaches via DNS
Dedicated representation for your organization inside EfficientIP
Explore content which helps manage and automate your network and cloud operations
Read content which strengthens protection of your network, apps, users and data
Learn how to enhance your app delivery performance to improve resilience and UX
Why Using DNS Allow Lists is a No-Brainer
This enterprise-grade cloud platform allows you to improve visibility, enhance operational efficiency, and optimize network performance effortlessly.
Who we are and what we do
Meet the team of leaders guiding our global growth
Technology partnerships for network security and management ecosystems
Discover the benefits of the SmartPartner global channel program
Become a part of the innovation
The latest updates, release information, and global events
November 24, 2021 | Written by: Surinder Paul | DDI, IPAM, Network Automation
APIDDIDDI ManagementDDI ServicesDDI SolutionsDHCPDNSDNS FilteringDNS ManagementDNS SolutionIP Address ManagementIPAMIPAM RepositoryIPv6Network AutomationNetwork Source of TruthSOLIDserverTerraform
Ansible is a great open source software for managing server fleets with regards to their installation and configuration. With Ansible able to exchange with a DDI solution (DNS, DHCP and IPAM), the compute teams can use automation to keep the global repository up to date, and use it for all the valuable data in the IP plan and associated metadata. This collaboration between DDI and Ansible raises automation of compute resources and helps ops teams globally to better serve their customers.
Complementary to Terraform, which is very good at infrastructure as code, Ansible excels in configuration management and has the ability to keep a large number of servers up to date in order to run a coherent configuration set (e.g. performing upgrades, applying patches, changing global security parameters). More recently, Ansible has been extended to perform configuration actions on specific devices like networking components. Most of the time the Ansible playbooks have to use and manipulate IP information such as subnets, addresses and DNS records. This can potentially be done using separated repositories, but when you need to manage a large set of assets it is recommended to use a central IP repository which can act as the โsource of truthโ.
The concept of Network Source of Truth is well supported by the DDI solution once it can be easily integrated through API and can extensively use actionable metadata. Since Ansible is now able to manage not only servers but also a vast variety of networking and security components using their API, it makes sense for the DDI central repository to be included in the global configuration process. This is the purpose of Ansible collections for EfficientIP SOLIDserver. This Ansible collection is now proposed as an open source module that anyone may improve, use and fix whenever it is required.
The current module covers the management of IP addresses within the IPAM, for both versions IPv4 and IPv6. You can therefore create, list, change and delete IP addresses and take advantage of DDI automation for maintaining DNS records related to the modified networks. Creation of an IP address in the IPAM can be a task that is performed before starting a server, we then will assign the reserved address to the server. The action can also be performed after the creation of the server in order to reflect the IP address used by the server. The first solution eases organization of the IP plan by the usage of subnets and pools in which the network objects will be correctly picked. Provisioning the IP plan in the IPAM is performed in advance as part of overall planning and eases all future deployments.
The Ansible Collection is currently in process of being integrated as a default component of the Ansible product. In the meantime, we make it accessible to anyone directly on our repository.
We will see some few examples of the Ansible playbook grammar that can be used to exchange with the SOLIDserver. It generally requires just a simple task to add to any running playbook in order to use or update the IPAM.
The main use case for such a playbook is to ask the IPAM for a free IP address that would be used afterwards to be assigned to a server (started in a cloud environment for example).
- name: add dynamic IP address in the IPAM community.efficientip.solidserver_ipam_ip: space: Local subnet: 192.168.16.0/23 pool_name: test-servers hostname: test-crm-db-secondary ip: dynamic class_parameters: ticket: 9245 app: crm owner: qa-john update: true state: present provider: "{{ solidserver }}"
Here we specify both the IPAM space (Local) and the network subnet (192.168.16.0/23) in which we would like to have the IP address, as well as the pool (test-servers) used to organize the IP plan. A pool is a subset of a network range without the need to be aligned to a power of 2, it is very useful to organize one network structure but even more so on a template applied to multiple networks.
You can also see that we asked for some metadata (ticket, owner and app) to be applied to the requested IP address. That would ease filtering and searching in the IPAM afterwards. As for any task executed in an Ansible playbook, we can extract from the result valuable information to be used in the following tasks, in this case we would extract the IP address that is associated with this resource (test-crm-db-secondary).
In this scenario, the Ansible playbook has performed some tasks to create an instance in a specific cloud and this instance has been associated with an IP address. The purpose of this task is to update the IPAM accordingly in order to keep the information.
- name: add IP address 192.168.1.4 to the IPAM community.efficientip.solidserver_ipam_ip: space: Local subnet: 192.168.1.0/24 hostname: test-crm-fo ip: 192.168.1.4 class_parameters: ticket: 9245 app: crm owner: qa-john update: true state: present provider: "{{ solidserver }}"
Here, the address is known from another process or Ansible task and we directly ask for the creation of the IP address (192.168.1.4) in the IPAM with the specific metadata (mentioned in the class_parameters section). We specify the space and the subnet, since we can have multiple independent spaces with the same IP plan and multiple imbricated subnets that may contain the specified IP address. The setting of the update parameter to true allows the IP address to be updated if already present in the IPAM. That means we can have multiple tasks in the same playbook on the same object without any issue.
Deletion of the resource in the IPAM is a very important task to perform at the same time that the compute instance is effectively decommissioned. This allows the repository to stay accurate and resources to be reused if needed.
- name: delete IP address 192.168.1.4 to the IPAM community.efficientip.solidserver_ipam_ip: space: Local subnet: 192.168.1.0/24 hostname: test-crm-fo ip: 192.168.1.4 state: absent provider: "{{ solidserver }}"
In order to suppress an IP address (or any information) from the IPAM, we just need to use the state field in the task associated with the information and set it to “absent”. If the information is found in the IPAM it will be deleted. If it is not present, nothing will be done.
These simple examples have been extracted from the source repository where you can find the Ansible collection for EfficientIP SOLIDserver, we will add new ones each time we add a new feature to the module.
Ansible has some interesting features and provides a lot as an automation and configuration management tool. Having it plugged to the EfficientIP’s DDI solution will help all IT teams to better understand what has been deployed, how it is configured (thanks to extensible metadata) and how the IP network is being used. The addition of a simple task to any playbook is not a complex action and thus very easy to perform by compute teams. It can indirectly serve the global automation of many other teams’ tooling systems where the IP address is a key – like a SIEM or a security solution – thanks to event automation and ease integration of the SOLIDserver to its ecosystem.
In general, using Ansible with IPAM tasks included will provide:
When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.
Explore content highlighting the value EfficientIP solutions bring to your network
We use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site.
