IPAM & DHCP: Cisco Prime Network Registrar & Cygna Labs IPControl

Available Languages

Download Options

  • PDF
    (765.2 KB)
    View with Adobe Reader on a variety of devices
Updated:July 25, 2022

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (765.2 KB)
    View with Adobe Reader on a variety of devices
Updated:July 25, 2022
 

 

Introduction: IPAM within a PNR environment

IP addresses are a fundamental requirement in allowing subscribers, servers, and routers to communicate on IP-based networks.

DHCP was introduced in the early 1990s as a replacement for BOOTP, bringing improved capabilities for dynamic IP address assignment and the ability to expire and renew the assignments based on lease times. For these networks, Cisco’s Prime Network Registrar (PNR) product has been an indispensable component providing the DHCP server functions.

IPAM is a set of tools designed to work cooperatively with the DHCP and DNS infrastructures. PNR delivers real-time assignment of the IP addresses, whereas IPAM provides tools to enable end-to-end planning and monitoring of the IP address infrastructure.

In the context of this paper, we will discuss specifically the Cygna Labs IPControl offering used in conjunction with our Cisco Prime Network Registrar product.

Cygna Labs IPControl and Cisco PNR

Figure 1.            

Cygna Labs IPControl and Cisco PNR

As illustrated in Figure 1, IPControl provides centralized management of IPv4 and IPv6 address space and corresponding PNR DHCP and DNS configuration information. This centralized management layer allows management of distributed PNR DNS and DHCP services throughout your network. The IPControl Executive can be replicated for redundancy, and the Sapphire Executive Monitoring Appliance (EMA) provides automated failover in the event of an IPControl Executive outage. Automation of IPAM functions, including those relating to PNR DHCP and DNS configurations, may be performed using the Cloud Automation Appliance from Cygna Labs. For example, when reserving an IP address for a specific need, IPControl can capture the instance IP address and DNS name and update PNR DNS via IPControl.

As global vendors, Cisco and Cygna Labs interoperate with a multitude of products from other vendors. For example, just as Cisco® PNR can interoperate with IPAM from other vendors besides Cygna Labs, it is likewise true that Cygna Labs IPControl interoperates also with DHCP and DNS from other vendors. It is a multivendor world. This only adds to the strength of the two offerings.

Cisco PNR: Rich services for DHCP and DNS

The Cisco Prime Network Registrar (PNR) product offers customers powerful core network services that are indispensable for the proper provisioning, initialization, and navigation for network devices from infrastructure, cloud, Internet of Things (IoT), industry-specific, and end-user devices. These core network services comprise the Dynamic Host Configuration Protocol (DHCP) and the Domain Name System (DNS). Cisco PNR supports DHCP and DNS (both authoritative and caching) for IPv4 and IPv6 networks, which provides automated IP address assignment and simple user and device navigation.

The Cisco PNR DHCP server offers a comprehensive feature set for client reservations, client classes, lease queries, prefix allocation, and more. These capabilities give administrators full control of assignment policies for IPv4 and IPv6 addresses as well as IPv6 prefixes. As a powerhouse for controlling IP address assignment via a potentially expansive landscape of scopes (each scope is a sequential pool of IP addresses that a DHCP server can use to fulfill an IP address request from a DHCP client depending on its location in the network), PNR provides considerable capabilities for policy-based decisions. For example, PNR can control the assignment of DHCP options, including those for facilitating zero touch provisioning of clients based in defined polices. For even more flexible decision logic, PNR’s powerful Extensions interface can be used to apply inline processing of DHCP requests and responses. All this while providing carrier-class performance and supporting failover for DHCP and DHCPv6, resulting in nonstop resiliency and high scale.

From the DNS perspective, the Cisco PNR DNS server provides standards-compliant authoritative and caching DNS support. The server also provides extensive security features including TSIG, DNSSEC support, DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS firewall support to allow or block DNS responses based on administrator policies. DNS security functions are critical ingredients of an organization’s overall network security strategy. Other DNS features include DNS64, DNS views for mapping zones available for client sets, E.164 number mapping (ENUM), Internationalized Domain Names in Applications (IDNA), and NXDOMAIN redirect, among others.

Cygna Labs IPControl: Centralized discovery, planning, and management

Armed with the power, extensibility, and performance of Cisco PNR, administrators can configure and manage each server utilizing its setup wizards, status dashboards, search, alerting, and configuration support provided by the PNR user interface. IPControl supercharges this by providing a centralized ability to map from its planning tools to distributed deployments of several PNR servers, with a common user interface. IPControl software from Cygna Labs Diamond IP provides native integration to PNR based on years of interoperating.

Centralized management

IPControl is a centralized IP Address Management (IPAM) solution that supports full DHCP-DNS-IPAM (DDI) support for Cisco PNR DHCP/DHCPv6, Authoritative DNS, and Caching DNS. Use of IPControl within the control plane to manage distributed Cisco PNR DHCP and DNS servers affords the efficiencies and benefits of a “software-defined” architecture. The centralized IPControl system complements the scalability, visibility, configurability, and data collection for Cisco PNR.

IPAM centralization supports not only multinetwork perspective, spanning cloud, data center, remote sites, etc., it also enables the deployment of policies to distributed elements — PNR DHCP and DNS servers in this case. Monitoring of DHCP address pools provides early warning of pending address capacity depletion, which can prevent user access to the network. Monitoring of DNS events likewise can help prevent capacity issues and enable detection of anomalous events or vulnerabilities. Centralized IPAM enables a broad perspective with the ability to pinpoint potential issues and to rectify them before they affect users.

PNR and IPControl: Integration and interoperability

The Cygna Labs product suite brings centralized management across IPAM, DHCP, and DNS and offers also additional components for automation of the IPAM services. Integrating with Cisco PNR over the PNR Software Development Kit (SDK), IPControl provides:

For DHCP:

      Provisioning of Client Classes to identify DHCP clients by type and location and associate them with PNR servers, IP subnets, and IP pools

      Provisioning of policies

      Provisioning of DHCP options including user-definable options

      Collection of lease data over time to allow viewing from the IPControl GUI in addition to utilization tracking, forecasting, and alerting

For DNS:

      Provisioning of DNS zones and resource records

      Provisioning of PNR DNS options

IPControl works with PNR failover both for DHCP and DNS in supporting each of the PNR pairs. When you declare your PNR DHCP servers in IPControl, you can define its failover peer. Then when you deploy/push DHCP configs to the PNR DHCP server, an option is provided to also update the failover server. When choosing this option, IPControl will stage the configuration on both servers.

Additional failover within the IPAM layer is provided directly by their IPControl product with their Sapphire EA Executive Monitor Appliance. The end result: High Availability across all layers of the integration.

Simplified operations

Without the use of an IPAM system, operations and IT personnel would have to manage the IP address space manually before properly configuring the PNR DNS and DHCP services deployed in each location. This can be an error-prone process without the use of additional tools.

An IPAM system integrates IP address planning with DHCP and DNS configuration, so a multistep process is greatly condensed. Organizing IP address space, subnets, IP assignments, DHCP pools, and DNS domain information together enables single entry of common data with deployment to distributed PNR DHCP and DNS services.

PNR and IPControl both offer visual user interfaces for monitoring existing deployment. The PNR dashboards are covered in depth in a separate whitepaper on that subject and provide visibility into existing PNR-based IP address deployment and usage. This is, of course, specific only to IP addresses assigned by PNR, as in the following example PNR dashboards.

IP address assignment can further be tracked by subnet and scope.

PNR DHCPv4 subnet utilization dashboard

Figure 2.            

PNR DHCPv4 subnet utilization dashboard

Clicking on the History icon for a scope shows the timestamped changes that led to the above snapshot:

PNR Utilization History dashboard

Figure 3.            

PNR Utilization History dashboard

IPControl takes this further, allowing the operator to bridge between planned IP addressing and monitoring of actual deployed usage. Also, with integrated discovery features, IPControl can include usage information for IP addresses that were assigned outside of PNR, whether it be from manual configuration or from other assignment sources. Any example of this would be manually assigned IP addresses for interfaces on core routers.

The discovery features in IPControl provide a pulse on the network to identify any rogue devices, to verify proper provisioning, and to assure the accuracy of your IPAM repository for network auditing, reporting, and monitoring. Within a block, an operator can be presented with simple visual cues of their IP address matrix, detailing type of usage:

IPControl Subnet Quick View

Figure 4.            

IPControl Subnet Quick View

Within each address block, the usage levels across address block are easily visible:

Related image, diagram or screenshot

Figure 5.            

IPControl Address Block Details view

Want to know this information relative to each PNR DHCP cluster? IPControl can show this. By navigating from the IPControl Management tab to the DHCP Servers/Services tab, one can see a list of DHCP servers, each of which links to a table of assigned subnets, pools, and addresses (reservations). There is also a Management -> DHCP Utilization view that lists each server and a link to each scope by utilization. In the container view, which provides a logical network topology, as you drill into subnets, you can navigate to the pool level as well.

Viewing the historical trend for an address block provides insights into the growth within that area, so the operations team can validate forecasts and adjust based on the observed trend.

Related image, diagram or screenshot

Figure 6.            

IPControl Block History view

Reduced costs

IPControl helps reduce costs through the integration of IP address planning and PNR DHCP and DNS processes and automating these processes in the context of broader cloud, IT, and operations initiatives. Jointly, these solutions facilitate deployment of agile, adaptive, and automated IP networks to improve efficiencies and reduce overall operations costs.

Leveraging automation for IPAM, DHCP, and DNS

Cygna Labs offers additional products within the IPAM umbrella that they have found to be of high interest to customers. Their Sapphire CAA product is one such example. The Sapphire CAA product enables cloud-based automation for the IP address and DNS infrastructure.

Sapphire CAA provides a Node-Red graphical interface to defined workflows to automate DDI. Admins can drag and drop nodes to create a workflow flowchart. Included are canned flows to interface to multiple DDI infrastructures, including Cisco PNR, so customers can provision subnets and automatically update IPControl from a common point.

Conclusion

Cisco Prime Network Registrar is a scalable, high-performance, extensible solution that provides DHCP and DNS services. These services are foundational to every IP device’s entry to the network and to every user’s ease of use of the network. Centralizing the management of sets of Cisco PNR DHCP and DNS services enables administrators to fully harness the power of Cisco PNR while efficiently and effectively managing their pan-network DHCP and DNS services and IP address space. IPControl from Cygna Labs Diamond IP enables customers to apply an equally powerful management solution in the control plane to support your scalable, robust, and resilient network.

IPControl from Diamond IP has a long history of integration and interoperability with our Cisco Prime Network Registrar (PNR) product. IPControl and the Sapphire products are sold directly by Cygna Labs. Customers interested in these products for use with Cisco PNR will need to contact Cygna Labs directly. Cisco is not involved in the sales, distribution, or support of the Cygna Labs products.

About Cygna Labs (from the Cygna Labs website):

Cygna Labs is a software developer and one of the top three global DDI vendors. Many Fortune 100 customers rely on Cygna Labs’ DDI products and services, in addition to its industry-leading security and compliance solutions to detect and proactively mitigate data security threats, affordably pass compliance audits, and increase the productivity of their IT departments.

For information about the Cisco PNR product, consult your Cisco Account Manager or any of the following sources available at Cisco.com:

      Cisco.com Landing Page: www.cisco.com/c/en/us/support/cloud-systems-management/prime-network-registrar/series.html#~tab-models

      Documentation: www.cisco.com/c/en/us/support/cloud-systems-management/prime-network-registrar-11-0/model.html

ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS DOCUMENT ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY INFORMATION IN THIS DOCUMENT.

THIS DOCUMENT IS PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

 

 

 

Learn more