Support Overview

Catalyst Center’s Integration with External IPAM

Cisco Catalyst Center can be configured to communicate with an external IP address manager. When the Cisco Catalyst Center is used to create, reserve, or delete any IP address pool, Cisco Catalyst Center conveys this information to the external IP address manager.

Catalyst Center IPAM integration supports both Infoblox and BlueCat. Integration with other 3^rd party IPAM solutions are possible using APIs.  Attributes are not exchanged between Catalyst Center and IPAMs at this time.

Integration Limitations

As for Catalyst Center 2.3.7.4, the following are the limitations of Catalyst Center - Infoblox integration:

• Only 100% empty pools can be imported from Infoblox to Catalyst Center.  This is a known behavior from third party providers that they don’t have a way to filter empty pools. Therefore, from Catalyst Center side, it fetches all pools from their system and validate what pools are empty to display.
• Catalyst Center integrates with Infoblox Grid Master IP address or FQDN in a HA setup using Infoblox WAPI. If there is IPAM failover, Catalyst doesn’t support failover to next candidate node. In such case you need to bring up the Grid Master node or change the IPAM (IP address or FDQN) in the Catalyst Center IP Address Manager integration page.
• When Catalyst Center and Infoblox are integrated, if an address pool is deleted in Infoblox, Catalyst Center will not know about the deletion of that pool. When another pool is retrieved/imported into Catalyst Center, that original pool still will not disappear from Catalyst Center automatically.
• When Catalyst Center and Infoblox are integrated, if a pool is added or deleted in Catalyst Center at the Global level, the corresponding pool is added or deleted from Infoblox automatically.

 

Catalyst Center & Infoblox Integration Workflow

Workflow Overview

This document outlines the steps using the following workflow.  The steps described cover the these three scenarios:

• IP address pools have been defined in Catalyst Center and are carried into Infoblox upon integration.
• IP address pools are being defined in Infoblox and they are imported into Catalyst Center upon integration.
• Deleting pools in Infoblox and then in Catalyst Center.

This documents describe the steps in both vCenter, Infoblox, as well as Catalyst Center.

 

Testing Methodology

This document covers the installation of Infoblox DDI 60-day evaluation on the VMware ESX virtual appliances.  Installation instructions on Microsoft Hyper-V, and KVM hypervisors, and the licensed Infoblox DDI versions can be found on the Infoblox web site.

 

Tested Versions

The document is written using the following products and versions:

 

Infoblox Installation

Initial Installation

Step 1.         Download the Infoblox DDI OVA for the VMware ESX platform and save to the local hard drive.

Step 2.         Launch vSphere Client, right click on the ESXi host and select Deploy OVF Template.

Step 3.         Click Local file radio button. Select all the files downloaded in the previous step and click Open.

Step 4.         After all the files are uploaded, click NEXT.

Step 5.         Type in the virtual machine name, click NEXT.

Step 6.         Select the ESXi host to host the virtual machine, Click NEXT.

Step 7.         Click NEXT after reviewing.

Step 8.         Read the agreement, click I accept all license agreements and NEXT.

Step 9.         Select the appropriate model under Configuration. Click NEXT.

Step 10.         Select the ESXi storage, click NEXT.

Step 11.         Select the network that the virtual machine uses, click NEXT.

Step 12.         Click NEXT.

Step 13.         Click FINISH.

 

Post-Installation Configuration

Step 1.         Launch vSphere Client, right lick on the ESXi VM host and select Power > Power On.  

Step 2.         Right lick on the ESXi VM host and select Open Remote Console.

Step 3.         Login into the Infoblox console using default credential with the username of admin and password of Infoblox.

Step 4.         Type in set network to configure the IP address, netmask, and gateway. You may leave the VLAN to be untagged and skip the IPv6 settings. After confirming the settings, type in y and y.  The system will restart to get the changes applied.

Step 5.         After the virtual machine comes back from reboot, login in with admin/Infoblox.  Type in set temp_license. Type in 2. Type in y to confirm generating the 60-day temporary license.

Step 6.         Enter y to confirm UI.

Step 7.         Enter y to restart UI.

Step 8.         Login in with admin/Infoblox. Type in set temp_license. Type in 4 to add NIOS license.

Step 9.         Type in 3 to select IB-V815. Type in y to confirm the temporary license.  The system will restart.

 

Infoblox UI Configuration

Step 1.         Use a browser and access the IP address of the VM. Click Advanced and Accept the Risk and Continue.

Step 2.         Login with admin/infoblox.

Step 3.         Click I Accept to accept the license agreement.

Step 4.         Click OK.

Step 5.         You are entering the Grid Setup Wizard.  With Configure Grid Master selected, click Next.

Step 6.         Fill in the information in the Grid Properties screen. Click Next.

Step 7.         After verifying the IP information entered earlier, click Next.

Step 8.         Change the default password by entering and retying the new password. Click Next.

Step 9.         Set Time Zone as needed.  Click Next.

Step 10.         Click Next.

Step 11.         The GUI should enter into the log in screen. If it is not done automatically, log out and log in again with the new credential just entered.

 

Configuration of Certificates

In order to comply with Product Security Baseline (PSB) standards, Catalyst Center certificate validation is used to validate Certs when TLS communication is established between the Catalyst Center & the Infoblox for IPAM integration.

The PSB requirement are as follow:

• Ensure the name or identification information (i.e. FQDN) that is presented in the certificate Subject Name or SAN of the peer being authenticated matches with the peer we are communicating with.
• Ensure that X.509 v3 is recognized by importing a X.509 v3 cert.

Some manual steps are required to "import" the Certificate for the IPAM Server into the Cisco Catalyst Center's Trustpool. The following outline the steps for self-signed certificates. Use appropriate steps for PKI implementations.

Infoblox Certificate Configuration

Step 1.         In the Infoblox page, click Grid > Grid Manager. Click the check mark next to your Infoblox VM.  With the VM checked, in the Toolbar on the right hand side, select Certificates > HTTPS Cert > Download Certificate.

Step 2.         Pay attention to the file name certificate apache_server.crt that is just saved to the local drive. This file will need to be uploaded to Catalyst Center in later steps.

 

 

Catalyst Center Certificate Configuration

Step 1.         Browse to Catalyst Center. Go to the menu System > Settings.

Step 2.         Go to Certificates > Trusted Certificated. Click Import.

Step 3.         Click Choose a file.

Step 4.         Find the .crt file that was downloaded earlier. Click Import.

Note: Earlier versions of Catalyst Center only recognize a file with the extension of .cer during certificate import. Make a copy of apache_server.crt  and renamed the copy to apache_server.cer. If Windows Explorer is used, make sure that File name extensions is checked is extension is viewable.

Step 5.         Certificate should be imported successfully.

 

Catalyst Center & Infoblox Integration

Step 1.         Go to System > Settings > External Services > IP Address Manager.  Fill in the information under IP Address Manager. The username and password should match the Infoblox credential.  Select the Provider as INFOBLOX.  Select the view default.  If the settings entered are correct, the Save button will be highlighted. Click Save.

Step 2.         A message of settings updated successfully will be displayed.  If the Save button is not highlighted, this message will not be displayed.  Correct the entries entered incorrectly.

Note: If one has already defined an IP Address Pool inside Catalyst Center, and that address pool also exists in Infoblox, the integration will fail. The duplicate pool should be removed from either Catalyst Center or Infoblox.

Step 3.         Go to System > System 360 and verify that under IP Address Manager (IPAM), the Infoblox has the green Available status.

Step 4.         If the IP address pools have been configured in Catalyst Center, go to Infoblox, under Data Management > IPAM, all the address pools will be listed.

Creating IP Address Pools in Infoblox

IP address pools can be created in Infoblox. The pools can be imported by Catalyst Center. The steps below outlined the procedures.

Step 1.         Access Infoblox. Go to Data Management > DHCP > Networks > Networks. Click The + icon to create a new pool.

Step 2.         With the Add Network radio button on, click Next.

Step 3.         Fill in the Netmask. Click the + icon to add the subnet.  In the Comment field, type in the name of the IP address pool. This name will appear as the pool name inside Catalyst Center. Click Next.

Step 4.         Click Next.

Step 5.         For any field that you want to enter manually, click the Override and + button. The Override button will turn into Inherit in case one wants to turn back.

Step 6.         Click Next if no assigned VLANs are needed.

Step 7.         Click Next if no extensible attributes are needed.

Step 8.         Click Save and Close to create the IP address pool.

Step 9.         The IP address pool created will appear under Networks. 

 

Import Infoblox Address Pools into Catalyst Center

Step 1.         In Catalyst Center, go to the main menu Design > Network Settings

Step 2.         Click the IP Address Pools tab. Under Import, select Import from IPAM  Server.

Step 3.         Type in the subnet/mask, and click Retrieve.

Step 4.         The pool would appear for selection.  Click the check mark and select the address pool.  Click Import.

Step 5.         Go to Design > Network Settings > Servers.  Under DHCP, Click on the + to add the Infoblox as a DHCP server.  Click Save.

Step 6.         Click the IP Address Pools tab. Click on the check mark next to pool that was just imported. Click Edit.

Step 7.         Under DHCP Server, click the pull down icon, and select the Infoblox server IP address. Click Save.

Note: Normally, DHCP server is designated when a pool is reserved to the site.  In a Fabric environment, the Infoblox IP address as a DHCP server will be pushed down to the Edges as an IP Helper address when the IP address pool is provisioned to the VN.

 

Deleting IP Address Pools

This session studies the impacts of deleting an IP address pool in Infoblox as well as in Catalyst Center when the integration has been established. 

We start by verifying that two pools 192.168.1.0/24 and 192.168.2.0/24 existing in both Catalyst Center and Infoblox.

Address Pool Deletion in Infoblox

Step 1.         In Infoblox, select pool 192.168.2.0/24. Click the trash can icon. Click Yes.

Step 2.         Click Yes to confirm.

Step 3.         Observe pool 192.168.2.0/24 removed from the list in Infoblox.

Step 4.         Observe pool 192.168.2.0/24 still exists in Catalyst Center.

Address Pool Deletion in Catalyst Center

Step 1.         In Catalyst Center, select pool 192.168.1.0/24. Click More Actions > Delete Selected.

Step 2.         Click Yes to confirm.

Step 3.         In Infoblox, observe pool 192.168.1.0/24 removed from the list.

Summary of Pool Deletion

Based on the two sections, it can be concluded that when Catalyst Center is integrated with Infoblox:

• If an address pool is deleted in Infoblox, Catalyst Center will not know about the deletion of that pool.
• If an pool is deleted in Catalyst Center, the corresponding pool is deleted from Infoblox automatically.

 

Event Monitoring

Catalyst Center can perform heartbeat monitoring for IPAM servers to ensure connectivity.  In the steps below, we will configure this feature to get Catalyst Center to send out email notifications in the event that it losses connectivity to Infoblox.  The notifications can also be done via SNMP, Syslog, and REST, Webex, and page duty.

Step 1.         Email destination need to be set up.  Go to the main menu of System > Settings > Destinations. Click on the Email tap.  Fill in the SMTP info.

Step 2.         Scroll down to complete the rest of the form.  Click Save.

Step 3.         Go to the main menu of Platform > Developer Toolkit.

Step 4.         Click the Event Notifications tab and Notifications. Click Create New.

Step 5.         Click Let’s Do it to enter the workflow.

Step 6.         Do not select any site.  Type in IPAM to start a search.  Select External IPAM provider connectivity failure.  Click Next. 

Step 7.         Select EMAIL.  Click Next.

Step 8.         Select Create New Instance. Fill in the form. Click Next.

Step 9.         Type in the name and description. Click Next.

Step 10.         Click Finish after reviewing the summary.

Step 11.         A confirmation screen is shown.

Step 12.         Go to the main menu of System > System 360 > System Health. Observe that the IPAM server is up.

Step 13.         Click on the IPAM server. Additional information is shown.

Step 14.         Remove Infoblox from the network.  An email is received regarding of even of Catalyst losing connectivity of Infoblox.

Step 15.         Catalyst Center shows that Infoblox is not reachable.

 

Reference

Infoblox NIOS Virtual Appliances for VMware

https://docs.infoblox.com/space/NVIG/35786250/About+Infoblox+NIOS+Virtual+Appliance+for+VMware#AboutInfobloxNIOSVirtualApplianceforVMware-SupportedvNIOSforVMwareApplianceModels

Managing Infoblox Certificates

https://docs.infoblox.com/space/nios85/35381871/Managing+Certificates

Infoblox Administration Guide

https://docs.infoblox.com/space/nios85/35384355/Administration

Catalyst Center Administration Guide

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/catalyst-center/2-3-7/admin_guide/b_cisco_catalyst_center_admin_guide_237.html?dtid=osscdc000283

Catalyst Center Release Note

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/catalyst-center/2-3-7/release_notes/b_cisco_catalyst_center_237_release_notes.html

3^rd Party IP Address Management Provider Integration API

https://developer.cisco.com/docs/dna-center/#!ipam-api-introduction/cisco-dna-center---ip-address-management-provider-integration