With the ever-increasing scope of networks, engineers often need tools to help manage the workload. IPAM systems can organize your address space and DNS, while a network traffic analytics solution like Scrutinizer can help watch all activity. These systems are powerful on their own, but together they are even better. This post outlines how to pull in the IP Groups you created in Infoblox into Scrutinizer for improved reporting.
What is IPAM?
IPAM is an acronym for Internet Protocol Address Management. It allows network staff to quickly view and manage IP information across their network and helps them plan for the future. IPAM ties together DNS, DHCP, and IP information to allow for visibility into the hosts connected to your network. For example, if a host is given an IP from DHCP, the DNS is immediately aware of these actions. If you want to know who had a specific IP at any given time on your network, then IPAM is the right tool.
Creating Network Groups in Infoblox DDI
Infoblox DDI is a popular IPAM system that can be integrated with Scrutinizer. In this solution, segments of your network can become network group objects to allow for better management. These are created on the Data Management tab of Infoblox under the IPAM network view. After clicking Add, a wizard will help you define a network group, prompting for subnet and a comment that names your group. Now it’s time to automate the process of pulling these IP groups into Scrutinizer on a routine basis.
Integrating Infoblox and Scrutinizer
The network groups defined in Infoblox are a great starting point for building IP groups in Scrutinizer. This integration uses the API to pull in the defined network ranges and comment field found in Infoblox. Setup for this integration is minimal; you will only need the IP address and login credentials for your Infoblox instance.
Next, load our integration script onto your Scrutinizer appliance. In the variable section of the script, enter your Infoblox information as the ip_ipam and auth_ipam variables.
Once configured, you can run the script with the command:
First, a REST call is made to Infoblox to retrieve all of the network group records:
When a connection is made to your Infoblox instance, the message ‘Connection Successful’ will be displayed. (Alternatively, if a message is displayed reading ‘Authentication Failure’, check your connection values entered into the variables section of the script.)
Once the group records have been accessed, they are formatted for consumption by Scrutinizer. At this stage, deduplication and aggregation of group records is performed.
Finally, the records are imported into Scrutinizer’s IP groups and are now available for the creation of reports, alerts, and dashboard gadgets. To see a quick example of the integration working, you can run a report in Scrutinizer by going to the Status tab, selecting an interface > Source Reports > IP Groups.
The same integration shown above is used when displaying alarms in Scrutinizer as well.
Integrating Network Management & Network Traffic Intelligence
With Scrutinizer, flows and metadata are quickly collected, analyzed, and reported in a format that was configured in Infoblox. The network traffic intelligence of Scrutinizer combined with the work that was done in the IPAM provides visibility into the traffic we know you care about.
Once your network has been organized by an IPAM tool like Infoblox, your Scrutinizer integration has already begun! When creating and populating network segments, macro-management of your domain becomes possible. By using the API offered by Infoblox we can pull IPAM network groups into Scrutinizer that represent your network exactly as you expect. Now you can gain insight into network activity per group. To discuss integrating Scrutinizer with your Infoblox installation, contact us at Plixer technical support!
UPDATE 8/17/17—Importing Network Groups from Infoblox to Scrutinizer:
Script Download Link (V2 8-17-17): https://filemonster.plixer.com/repository/support/Infoblox/Infoblox_V2_8-17-17.zip
This script allows you to import IPGroups from Infoblox by querying their REST API.
Currently, it will add any IPAM networks that do not have a comment into a group of “Uncategorized.”
Once it runs through, it will dump a file (./ipgroups.import), which is then automatically imported by scrut_util.exe.
For this script to work properly you will need Python 2.7 with the following modules:
*These are default Python modules and should be installed by default (as of Scrutinizer 17.5, these come pre-installed with appliances.)
On the Infoblox side, we will need a service account with Admin privileges to allow us to do the API Call.
Since this is a Python script, it can be run without the need to be compiled:
- Simply open the script in your favorite text editor
- Change lines 11-18 to match the customer/prospect install
ip_ipam= Infoblox server IP address
- Place the script in the /home/Plixer/scrutinizer/files/ directory of your Scrutinizer server.
- Next, we can run the script by issuing the following command:
This will run through the script and issue “Connection Succesful…” if the API call works.
A file, ip_groups.import, will be created, which will then be imported by scrut_util.exe.
*If you encounter any issues in this process, contact Plixer support at (207)-324-8805 x4.