Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

Update existing dhcp range in a network container with Microsoft DHCP server and set dns and router

Techie
Posts: 9
1958     0
Need to be an API call to update an existing DHCP range with a given Microsoft DHCP server and then set the ranges dns servers and Router dhcp options.

Re: Update existing dhcp range in a network container with Microsoft DHCP server and set dns and rou

Techie
Posts: 9
1959     0
I’ve been able to find various API calls to either create a network range but doesn’t allow me to set router or dns.
I’ve been able to find an API call that allows me to create Network with DHCP options but no range is listed as options.
Seems like I can do either or but not create network container would smaller subnets that each have a range that has MS server as dhcp resolver along with router and dns servers

Re: Update existing dhcp range in a network container with Microsoft DHCP server and set dns and rou

Moderator
Moderator
Posts: 287
1959     0

Networks and Ranges are different object types.  The network is what's "on the wire" from the router.  The range is the pool of dynamic addresses within that network.   Ranges must be in a network, they cannot be directly under a network container.

 

Best practices are to place all DHCP options at the highest level possible.  Generally I recommend only setting options at the grid, member, or network level, and not at the container or range or fixedaddr level.  There may be exceptions of course.  It's just easier to manage over time when things are consistent.

 

When I am trying to automate something I usually start by creating somethign manually, and then use API to get the object with all the important fields.  Then I turn that into an API call to create one.

 

For example this call:

 

curl -k1 -u admin:infoblox -X GET 'https://192.168.1.2/wapi/v2.11/network?_return_fields%2b=members,options'

returns lots of networks including this one:

   {
        "_ref": "network/ZG5zLm5ldHdvcmskMTAuMjAwLjEyOS4wLzI0LzA:10.200.129.0/24/default", 
        "comment": "Sanitation Dept", 
        "members": [
            {
                "_struct": "dhcpmember", 
                "ipv4addr": "10.100.16.214", 
                "name": "ddi.example.com"
            }
        ], 
        "network": "10.200.129.0/24", 
        "network_view": "default", 
        "options": [
            {
                "name": "dhcp-lease-time", 
                "num": 51, 
                "use_option": false, 
                "value": "43200", 
                "vendor_class": "DHCP"
            }, 
            {
                "name": "domain-name-servers", 
                "num": 6, 
                "use_option": true, 
                "value": "10.200.128.6,10.200.129.6", 
                "vendor_class": "DHCP"
            }, 
            {
                "name": "routers", 
                "num": 3, 
                "use_option": true, 
                "value": "10.200.129.1", 
                "vendor_class": "DHCP"
            }
        ]
    }, 

Turn that around and create a new network.

 

Repeat the same workflow for creating the range:

 

curl -k1 -u admin:infoblox -X GET 'https://192.168.1.2/wapi/v2.11/range?_return_fields%2b=member,failover_association,server_association_type'

returns:

 

    {
        "_ref": "range/ZG5zLmRoY3BfcmFuZ2UkMTAuMjAwLjEyOS4xMDAvMTAuMjAwLjEyOS4xOTkvLy8wLw:10.200.129.100/10.200.129.199/default", 
        "end_addr": "10.200.129.199", 
        "member": {
            "_struct": "dhcpmember", 
            "ipv4addr": "10.100.16.214", 
            "name": "ddi.example.com"
        }, 
        "network": "10.200.129.0/24", 
        "network_view": "default", 
        "server_association_type": "MEMBER", 
        "start_addr": "10.200.129.100"
    }

 

Note that some fields belong to the original example, or are not needed for the creation, so the new one can be simplified a bit.

 

Create a new network:

 

curl -k1 -u admin:infoblox -X POST 'https://192.168.1.2/wapi/v2.11/network' -H "Content-Type: application/json" -d \
'{
	"comment": "New WAPI Network", 
	"members": [
		{
		    "_struct": "dhcpmember", 
			"name": "ddi.example.com"
		}
	], 
	"network": "10.200.130.0/24", 
	"network_view": "default", 
	"options": [
		{
			"name": "dhcp-lease-time", 
			"num": 51, 
			"use_option": false, 
			"value": "43200", 
			"vendor_class": "DHCP"
		}, 
		{
			"name": "domain-name-servers", 
			"num": 6, 
			"use_option": true, 
			"value": "10.200.128.6,10.200.129.6", 
			"vendor_class": "DHCP"
		}, 
		{
			"name": "routers", 
			"num": 3, 
			"use_option": true, 
			"value": "10.200.130.1", 
			"vendor_class": "DHCP"
		}
	]
}'

returns the object ref if successful:

 

"network/ZG5zLm5ldHdvcmskMTAuMjAwLjEzMC4wLzI0LzA:10.200.130.0/24/default"% 

Now create the range:

 

curl -k1 -u admin:infoblox -X POST 'https://192.168.1.2/wapi/v2.11/range' -H "Content-Type: application/json" -d \
'{
	"end_addr": "10.200.130.199", 
	"member": {
		"_struct": "dhcpmember", 
		"name": "ddi.example.com"
	}, 
	"network_view": "default", 
	"server_association_type": "MEMBER", 
	"start_addr": "10.200.130.100"
}'

returns the object ref if successful:

 

"range/ZG5zLmRoY3BfcmFuZ2UkMTAuMjAwLjEzMC4xMDAvMTAuMjAwLjEzMC4xOTkvLy8wLw:10.200.130.100/10.200.130.199/default"%                                                                                      

Re: Update existing dhcp range in a network container with Microsoft DHCP server and set dns and rou

Techie
Posts: 9
1959     0
Hey! Thanks for the reply…

So this is what I have so far..

This creates the IPAM Network container for the larger remote site prefix in this case 10.19.0.0/16
# Create Infoblox IPAM Network
url = "https://172.18.*.*/wapi/v2.7/network?_return_fields%2B=network"
supernet_network = "10.19.0.0/16"
comment = "US-City-State"
payload = json.dumps({"network": supernet_network, "comment": comment})
ib_headers = {'Authorization': 'Basic ****************************'}
response = requests.request("POST", url, headers=ib_headers, data=payload, verify=False)
# ##############################################################################################

The UI then would have a new object created such as this…
[Graphical user interface, application Description automatically generated]

The following is then called to create the smaller site prefixes that will live UNDER this 10.19.0.0/16 network…. Along with creating the individual subnets, it assigns the windows DHCP server as the member and apparently sets the default gateway for each subnet. (This code is referencing functions from the Infoblox_client SDK)

# Create Infoblox IPAM Subnets with Windows DHCP
opts = {'host': '172.18.*.*', 'username': 'Username', 'password': 'password'}
conn = connector.Connector(opts)
object_mgr = InfobloxObjectManager(conn)
ms_servers = ms_server = [
{'name': 'ms-dhcp-servername.company.com', '_struct': 'msdhcpserver', 'ipv4addr': 'ms-dhcp-servername.company.com'}]

clean_ip_address_list = supernet_network.replace(' ', '').split('.')
site_id = clean_ip_address_list[1]
vlan97 = '10.' + site_id + '.2.0/24'
vlan100 = '10.' + site_id + '.1.0/24'
vlan101 = '10.' + site_id + '.32.0/20'
vlan102 = '10.' + site_id + '.0.0/24'
vlan103 = '10.' + site_id + '.3.0/24'
vlan104 = '10.' + site_id + '.8.0/24'
vlan105 = '10.' + site_id + '.5.0/24'
vlan106 = '10.' + site_id + '.6.0/24'
vlan110 = '10.' + site_id + '.16.0/20'
vlan111 = '10.' + site_id + '.12.0/22'
vlan130 = '10.' + site_id + '.130.0/24'
vlan131 = '10.' + site_id + '.131.0/24'
vlan148 = '10.' + site_id + '.48.0/20'


def add_ib_subnets(ib_subnet, ib_gateway_ip):
ib_subnets = InfobloxObjectManager(conn)
return ib_subnets.create_network(net_view_name='default',
cidr=ib_subnet,
nameservers=['dns-server-1', 'dns-server-2'],
members=ms_server,
gateway_ip=ib_gateway_ip)


ib_subnet_list = [vlan97, vlan100, vlan101, vlan102, vlan103, vlan104, vlan105, vlan106, vlan110, vlan111, vlan130,
vlan131, vlan148]
comment_dict = {vlan97: 'ATT MPLS',
vlan100: 'SD-WAN Transport A',
vlan101: 'Wired Data',
vlan102: 'SD-WAN Transport B',
vlan103: 'Server',
vlan104: 'Wired Guest',
vlan105: 'Management',
vlan106: 'Security_Network',
vlan110: 'VoIP',
vlan111: 'ig-employee',
vlan130: 'ig-guest',
vlan131: 'Solstice',
vlan148: 'ig-corp'}

for ib_subnet in ib_subnet_list:
clean_ip_address_list = ib_subnet.replace(' ', '').split('.')
clean_ip_address_list[3] = '1'
ib_gateway_ip = '.'.join(clean_ip_address_list)
ib_subnet_response = add_ib_subnets(ib_subnet, ib_gateway_ip)
print(ib_subnet_response)

The UI then would have new subnet objects created such as this with the following server assigned (From this, you can see the network type has been assigned to a Microsoft based member.
[Graphical user interface, application Description automatically generated]
As you can see in the following image, each of these subnets DOES have the Microsoft member assigned correctly however, no DHCP options are available to configure at this point.
[A picture containing text, screenshot, indoor Description automatically generated]

After each subnet has been set within the Network Container, the following code is ran to then create the DHCP ranges for each subnet.

def add_ib_dhcp_range(ib_range_prefix, ib_subnet):
ib_subnets = InfobloxObjectManager(conn)
return ib_subnets.create_ip_range(network_view='default',
start_ip=ib_range_prefix + '100',
end_ip=ib_range_prefix + '245',
network=ib_subnet,
disable=False,
range_extattrs=None)


for ib_subnet in ib_subnet_list:
clean_ip_address_list = ib_subnet.replace(' ', '').split('.')
clean_ip_address_list.pop(3)
clean_ip_address_list.append('')
ib_range_prefix = '.'.join(clean_ip_address_list)
ib_range_response = add_ib_dhcp_range(ib_range_prefix, ib_subnet)

From the UI, you can see that DHCP networks have been created and each have a range as defined in the code above. Note however the range doesn’t have the Microsoft server selected NOR does it have the router and dns servers set.
[Graphical user interface, application, table Description automatically generated]
This is the range set for the 10.19.0.0/24 subnet
[cid:image005.png@01D8BDDE.6E8551D0]
No Member assigned thus no options for network router or DNS options.
[Graphical user interface, application Description automatically generated]


The issue im running into is that I cant find a network RANGE API that can set a RANGE, along with a MS server ALONG with the router and DNS options..

Its either this: which you can see I CAN set a router and DNS servers

dhcp_options_payload = {"network": ib_subnet,
"options":
[{"name": "domain-name-servers",
"num": 6,
"use_option": True,
"value": "172.18.104.224",
"vendor_class": "DHCP"},
{"name": "routers",
"num": 3,
"use_option": True,
"value": ib_gateway_ip,
"vendor_class": "DHCP"}],
"use_options": True}

Or this: which I can only set a range, but no dns or routers due to not being able to specify the MS-Server member…

ib_range = (network_view='default',
start_ip=ib_range_prefix + '100',
end_ip=ib_range_prefix + '245',
network=ib_subnet,
disable=False,
range_extattrs=None)

If I try to run the dhcp options payload after the ib_range with a PUT, I get a error that says the subnet already exists….

I hope this wasn’t too confusing 😊

Anyways, thanks for the help here!



"To learn more about how we collect, keep, and process your private information, please review Insight Global's Privacy Policy <> "

Re: Update existing dhcp range in a network container with Microsoft DHCP server and set dns and rou

Techie
Posts: 9
1959     0

Re: Update existing dhcp range in a network container with Microsoft DHCP server and set dns and rou

Moderator
Moderator
Posts: 287
1959     0

When you modify an existing obhect, you need to "PUT" to the object's reference.

 

For example:

 

curl -k1 -u admin:infoblox -X PUT 'https://192.168.1.2/wapi/v2.11/network/ZG5zLm5ldHdvcmskMTAuMjAwLjEzMC4wLzI0LzA:10.200.130.0/24/default'  -H "Content-Type: application/json" -d \
'{
	"options": [
		{
			"name": "dhcp-lease-time", 
			"num": 51, 
			"use_option": false, 
			"value": "43200", 
			"vendor_class": "DHCP"
		}, 
		{
			"name": "domain-name-servers", 
			"num": 6, 
			"use_option": true, 
			"value": "10.200.128.6,10.200.129.6", 
			"vendor_class": "DHCP"
		}, 
		{
			"name": "routers", 
			"num": 3, 
			"use_option": true, 
			"value": "10.200.130.1", 
			"vendor_class": "DHCP"
		}
	]
}'

Re: Update existing dhcp range in a network container with Microsoft DHCP server and set dns and rou

Techie
Posts: 9
1959     0

Yea, this issue wasnt around the request method being used but more so around in correct value type. 

 

apparently when specifying the following: 

"ms_server": {"_struct": "msdhcpserver",
"ipv4addr": "192.168.1.5"},

That ipv4addr was acutally looking for the DNS name NOT an IP address...

 

Anyways, its working now! 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You