Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Preserve DHCP Networks on Infoblox when Microsoft DHCP server is not reachable

New Member
Posts: 4
4002     0

I use Infoblox Grid Manager as IPAM platform with support of the synchronization module to get info from Microsft DHCP Server.

I understood that when a new scope is created on Microsoft DHCP, The Grid Member will synchronize by creating a network and related DHCP range that matches the Miscrosoft DHCP scope; this is great.

After a Network is created we usually add Extensible attributes such as descriptions, Location, SITE-Code etc..and some times we also configure Infoblox Reservations (Host) in the Network for IP that are out of DHCP range.

 

The problem comes when the DHCP Server have a failure or when we do maintenance on Microsoft DHCP Server.

As soon as the Grid Manager cannot contact the Microsoft DHCP Server it will delete the DHCP RANGE (this is OK) and it will delete also the NETWORK!! With all EA configured and Reservation/Host!!

 

How can I manage to have the Networks not to be deleted when DHCP Server is not Reachable?

 

Thank you

 

 

Re: Preserve DHCP Networks on Infoblox when Microsoft DHCP server is not reachable

[ Edited ]
Moderator
Moderator
Posts: 72
4003     0

Hi Filippo,

The problem comes when the DHCP Server have a failure or when we do maintenance on Microsoft DHCP Server.

As soon as the Grid Manager cannot contact the Microsoft DHCP Server it will delete the DHCP RANGE (this is OK) and it will delete also the NETWORK!! With all EA configured and Reservation/Host!!


1. When your Infoblox managing member can no longer communicate with the configured MS-DHCP server, it will never delete data which has already been synced. Data is preserved in the database. It is deleted, if the MS server configured for sync is deleted from Infoblox. 

 

2. When the sync is disabled and enabled again (or) once the communication to the MS-DHCP server is re-established, the first synchronization is always Read-Only-sync (Regardless of whether the sync configuration is Read-Only or Read-Write). Now after your maintenance, when the communication is re-established, the read-only sync is meant to ensure that we do not push obsolete data from IB to MS. Therefore Additions/Modifications/Deletions performed on MS will take priority over any Additions/Modifications/Deletions on Infoblox. This will cause replacement of obejcts in NIOS based on changes performed on MS (Ideally, only for scopes which has exhibited a change in MS).

 

3. A Microsoft DHCP server understands Subnets as Scopes. A scope includes an IP address range and a subnet mask. An ISC DHCP server such as Infoblox understands Subnets as Network+Range. When you create a new Network in Infoblox and assign it to a Microsoft server, it does not create anything on MS, because it does not have sufficient data to create a scope. You need to define a Network+Range and then assign them to an MS server for the sync to create a scope in MS. 

Therefore MS-Synced DHCP network management does not treat Networks and ranges separately for MS synced Networks+Ranges because such a concept does not exist on MS where they are all scopes. Delete/Readd/Modification of a scope on MS may result in Delete/Readd on the Network+Range on Infoblox for Microsoft managed DHCP entities.

 

 

Best Regards,
Bibin Thomas

Re: Preserve DHCP Networks on Infoblox when Microsoft DHCP server is not reachable

New Member
Posts: 4
4003     0

The problem is that we are really loosing Extensible Attributes of networks when MS-DHCP Server is disconnected.

 

Please see attached imagebelow.

 

Do you think there is a flag somewhere that we need to check to help us avoiding loosing Networks and EA when MS-DHCP is out of service?

 

I don't mind about loosing DHCP-range info when MS-DHCP is out of Service, but we really need to keep Networks and all related EA values.

 

Image below may help understanding our problem:

DHCP NEtworks.png

Re: Preserve DHCP Networks on Infoblox when Microsoft DHCP server is not reachable

[ Edited ]
Moderator
Moderator
Posts: 72
4003     0

Sorry that I never got a chance to revisit this thread.

I understand the scenario and this totally depends on what changes on MS and the Infoblox behavior during MS server disconnect-reconnect.

 

If scopes are removed,recreated or expanded on MS, I do not see how we can prevent the network and its attributes from disappearing from Infoblox as those objects are MS DHCP entities meant to be replaced as required, based on changes on the MS side.

 

I would recommend creating a case with Infoblox Support to review the changes performed on MS side and validate whether the MSsync behavior conforms to funtional specifications.


Best Regards,
Bibin Thomas

Re: Preserve DHCP Networks on Infoblox when Microsoft DHCP server is not reachable

New Member
Posts: 1
4003     0

I think EfficientIP is able to sync leases and ranges from MS DHCP without touching networks. You can define what will be pushed to IPAM.

Infoblox can implement it similar way, or give admins a change to not synchronize networks from MS DHCP.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin