Network Automation via Infrastructure as Code
Although experienced network engineers have always scripted with appliance -specific CLIs, the approach isn’t scalable enough to tackle today’s enterprise-wide challenges. Treating network infrastructure as code (IaC) changes the traditional device by device management approach to automating networking tasks. Instead of configuring each device separately each time by running a script – network engineers create software files that define consistent ways of provisioning, configuring and deploying infrastructure, for example:
An entire environment can be templatized for rapid provisioning using declarative approach to describe what is needed (e.g., to move this workload to a cloud infrastructure it needs a virtual network with two public subnets, a compute instance on one of them, on the other a compute instance with an attached block volume).
Network engineers can define and automate step-by-step deployment procedures as code with tools such as Chef and Ansible.
Configuration drift across multiple devices can be prevented by using provisioning tools like Terraform to treat every configuration change as a new deployment.
Version control becomes easier
Every change in infrastructure configuration can be tracked using software version control tools. The actual state of network configurations can be logged, tracked, and audited. This simplifies verification that changes were implemented as planned.
Additionally, changes to automation artifacts (i.e. configuration templates, policies, deployment scripts, etc.) can also be tracked. This means no more accidentally overwritten configuration files or forgetting to update file names with new dates and times. It is easier to review changes made by multiple people before the automation is triggered to run on production networks. If there is an issue, reverting to an earlier version of the code is also much easier.
APIs power IaC
Infrastructure as Code (IaC) is made possible through application programming interfaces (APIs). APIs are simply how software on one system communicates with software on another system. In other words, the capabilities made available through the infrastructure’s API give us the ability to configure and manage the infrastructure as code. Therefore, a more comprehensive API gives you more flexibility in managing infrastructure as code.
Driving Automation with NS1 APIs
NS1 APIs drives network automation that empowers multiple groups to rapidly obtain appropriate changes to core network services (i.e. DNS, DHCP, IPAM). With NS1’s API-first architecture enables network, application, and cloud teams to treat DNS, DHCP, and IPAM infrastructure and records as code.
Comprehensive Catalog of all APIs
With NS1’s comprehensive catalog of APIs, teams have more automation flexibility to deliver a range of business value:
Create networks, configure IP ranges, and manage IP allocations.
Create and manage DNS zones and records, including large zone imports, record QPS reporting, and configuring DNS record metadata to incorporate traffic steering policies, global load-balancing requirements, and real-time infrastructure conditions.
Automate service discovery by ingesting data from microservices and/or cloud environments (e.g. Consul DNS, Kubernetes, etc.) to maintain a single source of truth about IP allocations and DNS records.
Automatically assign IPs to new devices by managing DHCP scopes, scope groups, leases and IP reservations for new devices (e.g. printers, VoIP phones, etc.) as part of the provisioning template for new branch locations.
Automate deployment of lightweight, local DHCP and DNS server containers at branch or remote locations for on-going IP assignments for employee laptops and mobile devices.
Use APIs to streamline network service workflows
NS1 APIs can also update DNS metadata with information about the back-end infrastructure that results in superior reliability and resilience. Without APIs it is very difficult to bring together the DNS/IP administration and change management tasks with the global traffic load balancing tasks to improve end-to-end application performance. For example, to automate infrastructure awareness, you would have to write a script to alert you that the destination infrastructure is overloaded. Then you’ll need more scripts to automate what happens when that alert is received. In this case, scripts are needed to update the DNS metadata and change DNS answers to steer incoming traffic around the problem.
NS1 streamlines this workflow, changing the steps into configuration data that can be automatically updated. Through our integrations, NS1’s APIs can be used to:
Feed telemetry directly from servers, load balancers, servers, and other infrastructure monitoring tools
Update DNS metadata so that our FilterChain technology automatically adjusts query responses to reflect real-time infrastructure conditions
Send alerts and information to operations dashboards and workflows of the conditions and changes made
The shift to using APIs to automate deployment, manage changes, and improve application performance means that API performance becomes an increasingly important criteria for success. APIs exposed to large numbers of requests will have the same requirements for scalability and performance as any web applications. Therefore, simply bolting on a set of RESTful APIs to legacy DNS-DHCP-IPAM appliances (or their virtualized equivalents) does not guarantee a positive automation experience.
NS1 is built using a modern approach using microservices. As a result, our platform processes REST API calls (read and writes) ten times faster than traditional DNS-DHCP-IPAM solutions.
Another significant benefit of having a high-performance API is that DNS, DHCP, and IPAM capabilities can become infrastructure-aware. For example, metadata updates (such as latency, up/down status of load-balancing) can be made in real-time, thereby dramatically reducing the time it takes for DNS responses to reflect real-time conditions.
Enterprises are developing, deploying, and updating applications faster and more efficiently than ever before. Network automation is critical to ensure DNS, DHCP, and IPAM changes are rapidly made in a repeatable manner that is fully observable by network teams. NS1’s API and integrations are designed to be performant and scalable to meet enterprise automation needs. It allows 1300+ people at a large bank to get access to accurate IP address information without manual intervention from a network engineer. It empowers various DevOps teams at a large technology firm to deploy application changes into production without errors introduced by manual update of DNS records. It enables large teams of Developers and Network Engineers to successfully collaborate to deliver business value – usually in the form of new innovative applications and services for prospective customers.
Are you in the process of automating your network infrastructure? If you are ready to go with an API-first DNS-DHCP-IPAM solution that is performant and comprehensive, please let us know so that we can promptly reach out to you.