The Men & Mice Blog

Staying the path: lessons from Microsoft Ignite 2019

Posted by Greg Fazekas on 11/14/19 8:55 AM

Ah, Microsoft Ignite. Good times have been had, but also important lessons were learned.

Anyone who attends trade shows like Ignite can tell you: the long hours and dizzying pace of conversations yield results. Not only in terms of sales leads, which are always welcome, but also in getting a pulse reading for the industry.

ignite2019-2

We’re doing the right thing…

Of course we believe we’re on the right track, otherwise we wouldn’t be on it. But it’s an incomparable feeling to be validated by both customers (who are very happy with using the Men&Mice Suite) and visitors (who were impressed by our demo).

The landscape of networks and IP infrastructure management is changing. It used to be that you had to keep up with the latest hardware and software trends. Buy the next server; upgrade to the next version. However, increasingly it seems today’s (and tomorrow’s) task is keeping up with change itself.

Men&Mice has been building its products around that task for decades. And people are recognizing and appreciating it more and more.

… but there’s room to improve

When change is your only constant, it goes without saying that work is never done. As much as we pride ourselves on our ability for predicting change instead of catching up with it, we’re always looking for feedback.

Every trade show we visit offers plenty of opportunities to learn what ails the people running networks. We listen to people asking for support for a particular hardware or software and see an incredible yearn for automation. And we're glad to be able to tell them 'yes.'

The Men&Mice Suite has been supporting a multitude of different platforms — including our competitors! — and we’re constantly working on adding more. And our fully featured REST and SOAP APIs always get people excited: “Are we really able to do all that with a single API layer?Yes!

Onward!

All in all: with a new release of the Men&Mice Suite just around the corner, Microsoft Ignite was a great opportunity for self-reflection.

We have an awesome product, positioned right, and a growing and loyal customer base. Improvements are implemented consistently, and based on the feedback we’re focusing on the right things.

We’ll attend one more event in 2019, the Gartner IT Infrastructure, Operations & Cloud Strategies Conference in London. Our CEO Magnús Björnsson will speak about network management in this hybrid and multicloud world, and how it changes the need for DevOps, automation, and changing the way we see networks.

After that? 2020. We feel good about what’s coming next year.

Topics: DDI, IPAM, DNS, DHCP, Microsoft Ignite

IPv6 cheat-sheet, part 3: IPv6 multicast

Posted by Greg Fazekas on 10/18/19 8:56 AM

3_IPv6-cheat-sheet

Now that we’ve familiarized ourselves with the IPv6 header and the IPv6 address space, let’s take a look at multicast.

Unicast, anycast, multicast

IPv6 packets can be sent, depending on the intended purpose, in a variety of ways:

  • unicast: used for 1-to-1 communication; it sends the packet to a specific node. (Certain unicast addresses within the IPv6 address space are reserved. See the previous post for details.)
  • anycast: used for 1-to-1-of-many communication; it sends the packet to multiple nodes but only intended to the closest on its route.
  • multicast: used for 1-to-many communication; it sends the packet to multiple nodes.

We’re not covering anycast in detail at this moment, but we can — do let us know if that’s something of interest to you!

IPv6 multicast

IPv6 multicast works by nodes* joining multicast groups by sending Multicast Listener Discovery (MLD) report messages.

(*Little terminology from IETF: node is an interface enabled for IPv6. Router is any node that forwards IPv6 packets that are not expressly addressed to it. Host is any node that’s not a router.)

Multicast groups aren’t constrained by local or global (network) geography. Whether the host is on the local network or on the internet, as long as it’s signaling to join a multicast group, it can receive multicast packets sent to that group.

Any host can be a sender, whether it’s part of the multicast group or not. Only hosts part of the multicast group are receivers. Hosts can join or leave multicast groups dynamically at any time.

IPv6 multicast addresses: FF00::/8

All IPv6 multicast addresses share the prefix of FF00::/8.

  • The first octet is FF (1111 1111). This way you can tell at a glance if an IPv6 address is intended for multicast or not.
  • The second octet defines:
    • the lifetime (0 for permanent multicast; 1 for temporary)
    • and scope (1 for node, 2 for link, 5 for site, 8 for organization, and E for global scope).

The multicast address ends with the interface ID.

Well-known IPv6 multicast addresses

Many IPv6 multicast addresses are well-known to software implementing IPv6, to simplify common routing needs.

ff02::1

all nodes

ff02::2

all routers

ff02::5

all OSPF (Open Shortest Path First) routers

ff02::6

all OSPF DRs (OSPF Designated Routers)

ff02::9

all RIP (Routing Information Protocol) routers

ff02::a

all EIGRP (Enhanced Interior Gateway Routing Protocol) routers

ff02::d

all PIM (Protocol Independent Multicast) routers

ff02::f 

UPNP (Universal Plug and Play) devices

ff02::11

all homenet nodes

ff02::12

VRRP (Virtual Router Redundancy Protocol)

ff02::16

all MLDv2-capable routers

ff02::1a

all RPL (Routing Protocol for Low-Power and Lossy Networks) routers (used in Internet of Things (IoT) devices)

ff02::fb

multicast DNS IPv6

ff02::101

network time (NTP)

ff02::1:2

all DHCP agents

ff02::1:3

LLMNR (Link-Local Multicast Name Resolution)

ff02:0:0:0:0:1:ff00::/104

solicited node address

ff02:0:0:0:0:1-2:ff00::/104

node information query

ff05::1:3

all DHCP server (site)

ff05::101

all NTP server (site)

(Did we or did we not promise a veritable smorgasbord of acronyms?)

More IPv6 coming up!

Next time we’ll be taking a look at IPv4-IPv6 tunneling and the particularities of migrating from IPv4 to IPv6.

After that, we have one last post to cover the remaining sections on our cheat-sheet, including useful Linux commands.

As always, do let us know if there’s a particular part of IPv6 (whether covered in here or not) you’d like to know more about!

Topics: IPv6, IPAM, IP address management

IPv6 cheat-sheet, part 2: the IPv6 address space

Posted by Greg Fazekas on 10/11/19 8:52 AM

2_IPv6-cheat-sheet

Now that we know how an IPv6 packet header looks, let’s take a look at where it goes.

A word (or 2^128) on IP addresses

One of the primary advantages of IPv6 is that its address space is vastly larger than IPv4.

IPv4 has about 4 billion addresses available (mathematically, the practical limit is of course lower) and we’re running out of them, fast. Granted, who would’ve thought back in the day that people would want to assign IP addresses to their toasters. (And even if they didn't, 4 billion addresses don't even cover one device per human being on the planet right now by a long shot.)

IPv6, on the other hand, has a mathematical limit of 2^128 IP addresses. That’s a lot. To be exact, it’s 340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand and 456.

Say that four times fast!)

To put that into perspective: if you took all the atoms on the surface of Earth, you could assign about a hundred(!) IPv6 addresses to each(!).

Okay, it’s a lot. Is there a point to this math trivia?

Yes!

The IPv6 address pool is impossibly large. Even with the reservations and practical limits, it’s mind-blowingly huge. And smart people at IETF came up with some navigation shortcuts to help our brains cope with managing it, as well as reserving a bunch for specific purposes.

Let’s have a look at those.

Common & reserved prefixes in IPv6 addresses

Because of the huge amount of possible IPv6 addresses, and since the format of IPv6 is 16 hexadecimal values (grouped in eight 16-bit groups) instead of IPv4’s more simple 4 decimal groups, developers of the standard came up with ways to shorten them.

One way is to use ‘::’ when a 16-bit group is all zeroes. Note that when there are multiple groups with zeroes, only the first group will get shorthanded to ‘::’. (Reason for this is the need for shortened IPv6 addresses to be reproduced in their full forms.)

Another useful “trick” is the reservation of special structures for specific purposes:

::/0 default route  
::/128 unspecified address All 128 bits are set to zero. (Like 0.0.0.0 in IPv4.) Used only when a device is first looking for an IP address assignment.
::1/128 loopback address Equivalent to 127.0.0.1 in IPv4. When set as a destination the packet will get immediately routed back to its source and never exits the host. Loopback is useful for testing.
::ffff:0:0/96 IPv4-mapped address Used to help the deployment of IPv6. The last 32 bits contain the IPv4 address, with FFFF (following 5 groups of zeroes) in the preceding group.
2001:1::1/128 port-control-protocol anycast Using this will route the packet to the closest device for address translation. (Such as NAT64 or NAT44.)
2001:1::2/128 Traversal Using Relays around NAT (TURN) anycast The IPv6 address block for use with TURN (a protocol allowing host behind NAT to receive data over TCP or UDP). Known as 192.0.0.10/32 in IPv4.
2001:db8::/32 documentation prefix Used to indicate resources such as RFCs, documentation, books, etc.
2620:4f:8000::/48 AS112 DNS sinkhole servers Used in environments where private IP addresses (ie, not globally unique) may originate DNS reverse lookups to these addresses. While best practices dictate to resolve these queries locally, sometimes they are directed at public DNS, which cannot answer the queries. To resolve this issue, and relieve pressure on the authoritative servers, the AS112 project was created, and this reservation ensures its compatibility with IPv6.
fc00::/7 Unique-Local Addresses (ULA) Prefix to local IPv6 unicast addresses generated with a pseudo-random global ID.
fe80::/10 link-local unicast Equivalent to the 169.254.0.0/16 block in IPv4. Used when the host doesn’t have an IPv6 address assigned either manually or through DHCP.
fec0::/10 site-local addresses (deprecated)

While not an exhaustive list by far, it covers the most often used cases.

More IPv6 coming up!

For sake of simplicity, we’ve split this topic into two parts. The second part, common multicast IPv6 addresses, will be out next week. (And if you thought there were too many acronyms in this one, you’re in for a surprise!)

After that, we have one last post to cover the remaining sections on our cheat-sheet, including IPv4-IPv6 tunneling, and covering useful Linux commands.

In the meantime, let us know if there’s a particular part of IPv6 you’d like to know more about!

 

Topics: IPv6, IPAM, IP address management

IPv6 cheat-sheet, part 1: the IPv6 header & EUI-64

Posted by Greg Fazekas on 10/4/19 9:59 AM

IPv6 is increasingly not an option but a fact of life. We’ve talked about it a lot (and some more and more) but this time we don’t want to discuss the merits or pitfalls of IPv6.

Instead, let’s take a closer look at the IPv6 protocol itself. 

We’ll use our famed IPv6 cheat-sheet (also available as a lens cleaner — visit us at events to score one) as a guide, and examine each section in depth.

Let’s start with, just like an IPv6 packet does, the header.

The IPv6 header

When discussing the IPv6 header it’s inevitable to compare it to what came before:

(Image credit: Wikipedia.)

This is of course the IPv4 header. It’s smaller in size: IPv4 uses 32 bit binary numbers whereas IPv6 uses 128-bit binary numbers. Size matters not, however. Or at least matters less.

IPv6 headers are much less complex:

The IPv6 header is more streamlined: it contains 8 fields, compared to IPv4’s 14 fields.

  • version: 4 bits long, and corresponds to IPv4’s field of the same name. It indicates the receiver the IP version to expect. In case of IPv6 that is of course 6, making this field’s binary value 0110.
  • traffic class: 8 bits long, and replaces IPv4’s ‘type of service’ field. The first 6 bits contain the differentiated services (DiffServ) designation of the packet, and is called differentiated services code point (DSCP). DSCP classifies the type of traffic carried by the packet for quality of service (QoS) purposes. For example, streaming media like video and audio on a conference call can enjoy lower latency than non-critical traffic, such as web browsing. The last two bits are for optional explicit congestion notifications (ECN). ECN can be used to signal congestion on the network by marking it in the IPv6 header. (Instead of dropping packets.)
  • flow label: 20 bits long, and new to IPv6. Useful for real-time applications, it signals the receiving node (routers or switches) to keep packets on the same path as to prevent them from being reordered.
  • payload length: 16-bits long. Contains the size of the payload in octets (remember those?) and can include extension headers. (Extensions headers replace the ‘options’ field known from IPv4.) It’s set to zero when the packet carries a jumbo payload.
  • next header: 8-bits long. It shares its function (and values) with IPv4’s ‘protocol’ field, and as the name suggests specifies the type of the next header.
  • hop limit: 8-bits long, formerly known in IPv4 as ‘time-to-live’. Decremented by one passing each node, and the packet is discarded when the value of hop limit reaches zero.
  • source address: 128 bits long, same function as in IPv4. Contains the IPv6 address of the node originally sending the packet.
  • destination address: 128 bits long, same function as in IPv4. Contains the IPv6 address of the destination node for which the packet is intended.

MAC to EUI-64 conversion

Extended Unique Identifier (EUI-64, because it’s 64-bits long) is a new method with which IPv6 hosts can be automatically configured in DHCP. The conversion is needed because hardware MAC addresses are 48-bits long.

This process is done in three steps:

  1. First the 48-bit MAC address needs to be separated into two 24-bit parts: C0:A1:B2:C3:D4:E5 becomes C0:A1:B2 C3:D4:E5.
  2. Then insert FF:FE between them, making it C0:A1:B2:FF:FE:C3:D4:E5.
  3. Lastly, invert the 7th bit: convert the first byte (C0 in this case) to binary (resulting in 11000000), check the 7th bit (0) and flip it (to 1) and translate it back to hexadecimal (binary 11000010 becomes C2).

The final EUI-64 version of the MAC address C0:A1:B2:C3:D4:E5 thus becomes C0:A1:B2:FF:FE:C3:D4:E5.

More IPv6 coming up!

In the next blog post we’ll continue the examination and explanation of the Men&Mice IPv6 cheat-sheet, and take a good look at the IPv6 address space and the things you can do with it.

In the meantime, let us know if there’s a particular part of it you’d like to know more about!

Topics: IPv6, IPAM

VMworld US 2019: all aboard for multicloud

Posted by Men & Mice on 9/12/19 10:46 AM

The guiding word for San Francisco between 25th and 29th August was ‘cloud.’ Everything revolved around it, from storage solutions to innovations in computing performance, just about every vendor  came set to showcase how their products provide distinct advantages in a cloud environment.

The verdict is clear: cloud adoption in one form or another is not an ‘if’, but a ‘when'. Those coming to VMworld whose companies haven’t yet invested in some kind of cloud offering, came prepared to explore all options.

Pitfalls and best practices

Cloud adoption is a complex task. And it is especially true in the area of our expertise: networks.

The show floor was abuzz with the newest advancements in technologies like storage for big data (in the cloud) and computing performance in service of machine learning (in the cloud).

Meanwhile, the stalwart Men & Mice team had a field day as scores of people came to us to learn how to do cloud better. We chatted with people running multiple data centers, on-prem, in the cloud or hybrid and multicloud, looking for better management solutions. We debated the merits of appliance-based approaches vs. overlays. (Overlays are better, of course). And we had a blast discussing the power of cloud DNS. (If you’re utilizing cloud DNS, you don’t need anything else. You’re already using the best there is. You just need to make it more transparent and compatible with your existing systems and processes.)

Cloud adoption, coupled with migration of data and existing systems, can bring with it a host of pitfalls to avoid, as well as a score of best practices to study and apply. But how do you get your network ready for cloud, or multicloud, adoption? 

On this subject, our North American Director of Sales Operations, Paul Terrill,  gave a talk at VMworld's Solutions Exchange Theater in San Francisco on future-ready network best practices. Take a look:

Cloud is a multiple choice question

We’ve arrived in an era where one cloud is not necessarily the best answer. The differentiation between services and their respective ecosystems has grown beyond simply executing similar processes along the same concept.

The quality of tools and depth of services between different cloud providers can vary considerably, and your needs may be best served by more than one. Every company has to evaluate what works for them. Networking best practices, as discussed by Paul Terrill in the above-mentioned talk, might help you decide what matters most to you. 

In this vibrant and varied landscape of the cloud market, solutions that provide a connective layer between the disparate offerings provide lasting value and position networks well for a rapidly changing network management landscape.

The Men & Mice Suite is such a solution, developed to provide an abstraction layer for cloud (and on-prem!) networks that can work with any underlying technology or service. From VMware to Azure to AWS, NS1 and Akamai -- it doesn’t matter what’s in your networks; what matters is how you see (and manage) it.

And because it’s a software-defined and API-first solution, the Men & Mice Suite can be deployed non-disruptively (no more re-buying appliances every five years) while offering advanced automation and customization tools to save valuable resources across network teams.

In short, with the Men & Mice Suite you don’t need to adapt your network to  to conform to our solution. You can continue to use the platforms you have, or want, to build the future-ready network you need. 

Get connected

IMG_6575We’ve had a great time in San Francisco (as illustrated) and answered a lot of questions from interested parties. We were also delighted to meet up with current customers and hear their success stories with the Men & Mice Suite.

From the latter, we’ll be bringing you deployment studies, white papers, and more technical content on the blog and in our podcast in the coming weeks and months.

For the former, our doors are always open for a chat, or delve deeper with a free demo.  Feel free to reach out to us and we’ll be happy to answer your questions and show you how we can help you change the way you see, and manage, your networks.

Topics: Men & Mice Suite, IPAM, DNS, DHCP, "cloud dns", vmworld

Men & Mice Sensible IPAM Part 4: Managing Everyday DHCP, DNS, and IPAM

Posted by Greg Fazekas on 12/17/18 5:06 AM

We’re continuing our series on implementing sensible solutions to rein in scattered network resources, specifically IP infrastructure management such as DNS, DHCP and IPAM (DDI). In this post, we examine how to simplify day-to-day IP infrastructure operations, in-house or in the field, by rethinking priorities and streamlining the interface between you, your engineers and the network.

This Playbook series consists of five parts:

Each part of the blog series presents real-world scenarios that Men & Mice has helped solve.

When response time > features (agility)

Imagine that you are:

  • An infrastructure director of an enterprise company that’s recently experienced a merger. You’re evaluating newly acquired resources, and how to integrate them into the network. For the moment, however, you simply need to keep everything running smoothly while you evaluate how to merge the network resources. You need to quickly see network resource usage statistics, identify overlaps and bottlenecks, and monitor network health.

  • A network administrator delegating day-to-day management across teams and offices distributed over multiple international geographies. To minimize manual changes, cut network overhead and mitigate misconfiguration errors, you have to automate processes and set up local access controls that complement your network security strategy, in tandem with helping your team have the autonomy they need to operate unencumbered.

The integrity of enterprise IP infrastructure (DNS, DHCP, IPAM), factors heavily towards the business’s ability to execute on operations and even generate revenue. Yet, there’s very little knowledge, outside of core IT departments, about the functions and responsibilities of the company’s network. Likewise, IT operators don’t always have the full scope of understanding about how network complexities can hinder business efficiencies. What is known, however, is that agility is becoming more important as networks scale or adapt to meet changing demand, with speed and simplicity proving equally valuable to the robustness of the DNS, DHCP and IP address management solution.

What You Need from your DNS,DHCP and IPAM

How not to approach IP infrastructure management (2)

Instead of lugging the proverbial kitchen sink everywhere you go, or retro-fitting your network needs into a uniform solution (especially when doing so creates greater hurdles), that, well, doesn’t actually serve your needs, choose a lightweight overlay solution that lets you resolve common issues and manage network functions quickly, every day and provides the visibility necessary to maintain the network’s integrity.

As Elias KhnaserSenior Director Analyst, Gartner, pointed out in a recent Gartner IOCS talk entitled,“Technical Insights: Top AWS and Microsoft Azure Mistakes You’ll Want to Avoid,”  3rd party solutions (eh em) should be used to bridge gaps between on-prem and cloud for hybrid / multicloud environments. Likewise Bob Gill encouraged the use of overlays “to bring order to the chaos.” (Thanks, Bob! We agree.)

This will enable you to simplify workflow and minimize the complexities between you and the network, no matter which area of the network you are focused on any given day and no matter the underlying architecture behind it. Complete visibility helps you make informed decisions. Coupled with the flexibility to quickly maneuver, the solution you choose must enable you to adapt to changing needs without disruptions in network functionality.

Where Men & Mice Can Help with day-to-day IP infrastructure managment

With the robust and complete feature set of the Men & Mice Suite and the built-in visibility it offers,  you can tackle large projects and deep (re)organization all while getting a much clearer view of IP infrastructure management holistically. The newest version of the Men & Mice Suite, introduced a few months back, delivers the management power and day-to-day operational functionality through our light-weight overlay software, neatly packaged with an improved web application.  

The web application is designed specifically for day-to-day operations where speed and agility is paramount. For example, you can quickly organize and manage DNS zones and records or  IP address ranges, DHCP scopes and IP addresses. Its features are streamlined, to manage the most common tasks performed through the Men & Mice Suite with additional Quick filters and Quick command to further cut down time. If you need to deep dive into the guts of your network operations, fear not, you have the Windows management console as well.

Engineers overseeing various areas of your network can quickly respond to and solve IP allocation issues, move DNS zones and DHCP scopes, remove bottlenecks locally and experiment with moving more workloads to the cloud, without sacrificing the ever important visibility.

Automating and delegating tasks that are defined through fine-grained access controls within the Men & Mice Suite helps alleviate IT overhead and affords some localized autonomy in everyday scenarios, making day to day network management more efficient.

Infrastructure directors overseeing fragmented networks can get greater visibility and operational functionality. 

Men & Mice Suite distills powerful DDI capabilities into a non-disruptive software package, complete with an agile tool for day-to-day management, offering compatibility with Unix/Linux, Windows, and Cisco IOS as well as functionality across Azure DNS, Amazon Route 53, Dyn, NS1, Akamai Fast DNS, and IPAM in AWS, Azure and OpenStack.  Manage, sync and automate network changes and authorizations, filter and record changes through unified audit trails and get comprehensive insight into large-scale networks through one unified dashboard. 

In the last part of our playbook series, we’ll take a closer look at how to reinforce IP infrastructure security and prepare for DDoS mitigation and defense against other threats.

Topics: IPAM, IP address management, network security, ip infrastructure, multicloud, hybrid dns, hybrid ipam, network management, day-to-day IT

Men & Mice Sensible IPAM Part 2: Scaling your IP Infrastructure

Posted by Greg Fazekas on 11/21/18 6:13 AM

Continuing our series on creating a sensible strategy to consolidate management of your scattered network resources, we take a look at what happens when new resources need to be added to your network.

This Playbook series consists of five parts:

Each part presents real-world problems that Men & Mice have experience in solving.

Scaling existing configurations

Imagine that you are:

  • an MSP Infrastructure Server Admin, using Microsoft. Your business utilizes Virtual Machines to handle client workloads, but without an efficient handling of IP addresses, your DNS doesn't get updated fast enough. Customers complain about lags.
  • a Product Manager for a SaaS company seeing an uptick in customer numbers. You have the system set up just right, but to handle all the demand, you are looking at pulling in dynamic resources using multi-cloud accounts. You also don’t want to add more team members to handle it, but automate instead.
  • a Director of Operations overseeing a large network spanning several locations. At the start, you used to have spreadsheets to track IP addresses, and kept configuration files practically in your head. Surely there must be a better way.

It makes no sense to start from scratch unless you have no other option. Any business that's been around for a while will have their workflows and configurations set up for the most part. And with the array of affordable cloud resources in services like AWS and Azure, moving on-prem configurations to cloud infrastructure becomes a viable option.

From smaller networks to large, from on-prem to cloud, from manual spreadsheets to automation: it’s just a matter of scaling.

What You Need

heterogenerous_IPinfrastructure

A DNS, DHCP, and IPAM solution to pull data unobtrusively from your existing configurations. You may have been using spreadsheets for tracking IP addresses, and a local library with DNS configuration files. Whatever they may be, you need to plug them into the new solution.

In addition, it needs to replicate and automate provisioning for new resources. Bonus points for a holistic approach, where various vendors can be brought in without the accompanying overhead, special training or new personnel. In short, you want to use an API-driven solution to control and manage all others.

Where Men & Mice can help

Men_Mice_DDI-1

A software-based, API-driven, and back-end agnostic solution, the Men & Mice Suite was developed to simplify core management of IP infrastructure in heterogeneous environments.

The Men & Mice Suite is a single-pane-of-glass overlay for your entire IP infrastructure, current, and future. Adding new resources, regardless of platform or vendor, isn’t hindered with compatibility problems since the software takes care of communicating with various on-prem solutions and cloud services through powerful, reliable APIs.

Overseeing multiple locations and resource allocations for different teams or projects can be done elegantly and easily. Already tested configurations can be deployed swiftly in new environments, extending oversight and reducing time for onboarding.

Once in place, configurations can be scaled and replicated easily and automatically. Copy or extend DNS zones and DHCP scopes, and deploy user authentication (including MS Active Directory) for new locations.

Spawning new virtual machines on cloud infrastructures is supplemented by IP address assignments that are reflected in all DNS servers. Once those IPs are released, the changes are automatically propagated through the network at once.

You and your team can reduce project time and cost significantly through more quickly responding to the changing needs of your business, without the need to set up lengthy processes each time.

Multi-cloud environments can be plugged into the Men & Mice Suite. Automated through a single API layer, and secured with role-based access control the network can scale out to any size and into any platform to accommodate workload, and scaled back once resources become unnecessary.

Plus, with Men & Mice, you can manage and migrate workloads to, from and between your on-prem and whichever best-in-class cloud service make sense for you. We'll cover hybrid and cloud-native solutions specifically in our next post.

 

Topics: IPv6, IPv4, IPAM, IP address management

Men & Mice Sensible IPAM Part 1: IP Conflict Resolution

Posted by Greg Fazekas on 11/9/18 7:56 AM

Picking up on the deep dive into sensible management for your scattered network resources, this Playbook blog series consists of five parts (plus the overview we've published previously) that are:

Each part of this blog series presents real-world problems that Men & Mice have experience in solving. This week’s focus is on Conflict Resolution.

Addressing IP overlaps and DNS conflicts

Imagine that you are a:

  • CIO with several geolocations but lacking a core network management solution, whose company just got acquired. You're looking for a solution that would be a good fit for the merged environments.
  • CTO of a solutions provider for companies. One of your customers, operating two data centers and building another for cloud services, needs an IPAM solution that can bridge between on premises and cloud.
  • Consultant, advising with a project involving the merger of two environments. You're looking for a single automation platform that can resolve the issues arising from overlapping network spaces.

The number one obstacle is resolving conflicts between services, applications, network environments and geolocations, at the IP address, DHCP and DNS levels.Conflict resolution increases security, efficiency and availability. 

What You Need

dns_dhcp_ipam_analysis

An overlay solution deployed on top of your IP infrastructure. A complete overview of every asset you have, and a convenient (preferably automated) way to resolve existing conflicts between them. (And, of course, prevent further ones.)

At the first step you need an easy way to analyze data from across network components. Longer term, one that helps ensure that new IP address assignments, DNS zones, and DHCP scopes are not created without cross-checking for conflicts throughout the entire network environment, including your on-prem and cloud (and multi-cloud as is often the case now).

How Men & Mice Can Help

DNS_DHCP_IPAM

A software-based and API-driven solution, the Men & Mice Suite was developed to simplify core management of IP infrastructure in heterogeneous environments.

Software-based means nominal performance impact on your hardware and cloud resources, and easier deployment because there are no physical appliances to implement. The Men & Mice Suite works on top of any environment(s) you have without impeding performance or disrupting operations.

API-driven design creates convenient ways to manage and automate your DHCP, DNS, and IP Address Management. It also collates various platforms into a single control mechanism through a central interface. The Men & Mice Suite boasts a backend-agnostic API that plugs into network components seamlessly.

You and your team can reduce project time and cost significantly through more quickly identifying overlaps and conflicts, which are visible in the Men & Mice Suite, as well as  more quickly identifying means for resolving them. Resources, be they related to DNS, DHCP, or IP Address management, can be replaced, upgraded, or expanded without the need to start over from scratch. Plus, with Men & Mice, you can capitalize on and migrate to/from whichever best-in-class cloud services make sense for you (Azure, AWS…).

DNS, DHCP and IPAM Demo

Topics: IPAM, IP address management, multi-cloud

Men & Mice Suite 9.1: cloud-ready network management for DNS, DHCP and IPAM

Posted by Men & Mice on 7/11/18 7:47 AM

Changing the way the world sees LI

Our commitment to efficient network management has a new number! The Men & Mice Suite 9.1 is a feature release with a host of cloud-ready enhancements plus the usual suspects (bug fixes and improvements).  

Network Management just got easier

Transparency, responsiveness, and ease-of-use are all core principles of Men & Mice for keeping networks healthy and safe from DDoS attacks and other DNS network failures.

The 9.1 release continues our mission to simplify network management without sacrificing features. Included in Men & Mice Suite v9.1:

  • A new web-based Men & Mice Suite management application
  • Optimized and enhanced cloud support
  • Improved xDNS Redundancy read-only zones for hybrid and multi-cloud networks
  • DNS software on appliances upgraded to BIND 9.11 with DNSTAP support
  • NTP functionality for virtual appliances
  • Various improvements and bug fixes

5 Things You’ll Love About Men & Mice Suite v9.1

Men & Mice Suite v9.1 focuses on features and refinements gleaned from customer feedback and engagement as well as refinements of previously introduced functionality. Here's what you will find in the new release: 

Web-based management application

The new web-based management application serves as an alternative to the Men & Mice Suite Windows-based management console. It’s designed to make performing day-to-day tasks, management functions and generating reports related to DNS and DHCP operations easier. The application features three sections: DNS, Networks and Reporting.

  • The DNS section makes all your DNS zones accessible from a single place.
  • The Networks section gives you instant access and overview of your networks.
  • Reporting lets you quickly find and run existing reports.

men_and_mice_quick_command-1

Its Quick Command functionality cuts down time on common tasks such as finding and working with DNS zones or records, IP address ranges, DHCP scopes and IP addresses.

Read-only zones in xDNS Redundancy groups

xDNS Redundancy, which can be used to synchronize DNS zones hosted with multiple cloud providers, now includes support for Active Directory-hosted zones. Zones in a redundancy group can be assigned to read-only mode, so that changes made to a DNS zone outside of the Men & Mice Suite will not be replicated to all other zone instances.

Optimized and enhanced Cloud support


Version 9.1 streamlines the migration and management of a large number of DNS zones with Azure DNS and Amazon Route 53 by utilizing cloud-native features to monitor changes to DNS made outside of the Men & Mice Suite, greatly improving synchronization of DNS data from the cloud providers.

Men & Mice virtual appliances upgraded to BIND 9.11 with 

DNSTAP support

DNS software on Men & Mice virtual appliances has been upgraded to BIND 9.11, which supports various new features as well as DNSTAP. Details on DNS queries received and DNS replies sent by the Men & Mice virtual appliances can now be logged for further processing by enabling and utilizing the powerful DNSTAP feature with minimal performance impact on the appliances.

NTP functionality for virtual appliances

The virtual appliances can also now function as NTP (Network Time Protocol) servers and be served by the same network infrastructure as DNS and DHCP.  Currently this functionality is manual and can be implemented per request with our support team. 

Nearly 30 years of DNS experience in one solution

The Men & Mice Suite v9.1 represents our commitment to enabling customers to adapt their infrastructure to be more software-enabled, cloud-ready and redundant, with increased visibility, control, security and automation.” --Magnús Björnsson, CEO of Men & Mice.

Complex enterprise network infrastructure can — and should — have the same elegant simplicity and responsiveness as IT professionals expect from customer-grade solutions. In the new release, Men & Mice has combined its nearly 30 years of expertise in developing DNS, DHCP and IPAM solutions with modern UX best practices to deliver a compelling, enjoyable management interface on top of a best-in-class, robust software-based DDI product.  

 If you want to try Men & Mice Suite v9.1 for free just click the button below. 

DNS, DHCP & IPAM Software Trial

Not ready? Read more about the Men & Mice Suite, or get an online demo.

DNS, DHCP and IPAM Demo

Topics: IPAM, DNS, DHCP, Redundant DNS, DDoS, IP address management, hybrid cloud, hybrid network, "cloud dns"

Version 8.3 – Faster, Leaner, Fitter DHCP

Posted by Johanna E. Van Schalkwyk on 1/11/18 11:16 AM

Doing DHCP

The beauty of DHCP is the speed at which it functions. Basically, DHCP (Dynamic Host Configuration Protocol) does what administrators can do manually, but DHCP just does it automatically, more efficiently, and in a fraction of the time.

Size can trump speed

Yet the bigger a network gets, the more DHCP servers and scopes are needed to dynamically assign, or lease, IP addresses and related IP information to network clients. The number of servers and scopes and the way the load is distributed and processed affect the speed at which networks can keep DHCP data fresh and IP leases available for use. On large networks, how efficiently DHCP lease data is documented, processed and synchronized becomes just as important as the initial matchmaking between DHCP clients and servers.

The relationship between DHCP client and server

DHCP does the hard work of handling communication between servers on a network, and client computers trying to access that network. If the series of messages between a DHCP server and a client computer would be illustrated as a conversation, it would probably look something like this.

DHCP conversation.png

Mind you, at any given moment on a large network, hundreds, or even thousands, such conversations can be occurring simultaneously. On top of that, the client computer sends its DHCPDISCOVER broadcast packet to all available servers, and all available servers can respond with a DHCPOFFER. The client is not programmed to be picky and always accepts the first offer it receives. Once they detect that their offers were not accepted, the other DHCP servers will withdraw their offers. In short, there’s a whole lot of to-and-fro action behind the scenes that is invisible to network administrators and users, but still finds its way into DHCP servers’ lease history. 

To complicate matters – or simplify it – these DHCP client-server relationships, or leases, are mostly temporary arrangements. Both parties know it will end. The server will revoke the lease once it’s expired. The client, on the other hand, can attempt to keep the lease by renewing it, or start looking for another IP address lease if the one they had had expired.

Apart from doing matchmaking between clients and servers, DHCP also ensures that each network client has a unique IP address and appropriate subnet masks. If two clients were to try and use the same IP address, neither of them would be able to communicate on the network.

These rotating relationships make the way DHCP lease data is documented, processed and synchronized so much more critical. If this is not done fast and efficiently, the whole process of dynamically assigning IP addresses can become slowed down, leaving DHCP clients, servers and ultimately network users, frustrated and ineffective.

Making DHCP management faster, leaner and fitter

Once networks run to hundreds, or thousands of DHCP scopes and servers, one needs to re-assess the way DHCP data is processed, and develop ways to improve speed and efficiency. This is exactly what Men & Mice developers set out to achieve in Version 8.3 of the Men & Mice Suite.

DHCP optimizations in Version 8.3 include:

  • Reduced network traffic, especially between the Central server and a DHCP server controller 
  • Improved database performance when processing data from a DHCP server
  • Reduced load on a DHCP server while it is being synced

Optimizing processes in these areas has resulted in lightening the often heavy load on DHCP servers, making DHCP server management considerably faster and more efficient – and more pleasurable for the people in charge of keeping it all going, all the time.

To dig into the more technical aspects of these enhancements and get the lowdown on what this boost in DHCP performance and scalability could mean for you or your network, get in touch with one of our sales engineers to walk you through the details.

 

Topics: Men & Mice Suite, IPAM, DHCP, CLOUD, Akamai, Performance

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all