Cygna Labs
Book a Demo
shield

Cygna Labs launches its DNS Security Resource Center

DDI Solutions for SDWAN Engineers

Download Free Trial
DDI Solutions for SDWAN Engineers

Dump the outdated grid approach and manage your software defined network DDI deployment with a modern IPAM control plane to manage DDI in your data plane

SD-IPAM for SD-WAN
SD-IPAM for SD-WAN

Software-defined wide area networks (SD-WANs) enable organizations to partially or entirely supplant private network services such as Multi-Protocol Layer Switching (MPLS) in order to improve network performance, centralize provisioning, simplify operations, and reduce costs. The deployment of a comprehensive software-defined IPAM solution such as that offered by Diamond IP accentuates these benefits to the enterprise.

Control plane SD-IPAM
Control plane SD-IPAM

SD-WAN seeks to offer better network performance and therefore improved user experience over traditional routed networks. This benefit stems from the cross-WAN perspective offered under SD-WAN with a centralized SD-WAN Controller which monitors the status of SD-routers and associated links, as opposed to the individual router perspective garnered via routing protocol updates.

Centralized with broad perspective
Centralized with broad perspective

The SD-WAN Controller may trigger changes in SD-router configurations to reshape traffic as necessary in terms of routing, quality of service, and network selections. Considering the first step in any IP communications prior to router processing is a DNS query to identify the IP address mapping to the domain name to which a connection is desired. This “first hop” in IP communications affords an opportunity to steer IP traffic according to a device’s proximity to cloud POPs.

Internet breakout expands the edge
Internet breakout expands the edge

For example, Microsoft recommends deployment of a local DNS server in each Internet breakout site in order to resolve the closest accessibility point to the Microsoft Global Network. Thus, IPAM and DNS in particular arm the application with the closest server location which the SD-WAN router on site shall route optimally in accordance with deployed policies.

Local DNS at Internet breakouts
Local DNS at Internet breakouts

Deployment of local DNS servers to each Internet breakout site may seem onerous due to the added expense and administration required to properly configure each DNS server. Each server must be configured to forward queries for internal hosts to internal authoritative DNS servers, typically via the enterprise network, while recursing queries to Internet DNS servers to resolve hosts reachable via the Internet such as cloud applications.

Modern DDI approach
Modern DDI approach

Unlike competing grid-based systems, the Diamond IP architecture mirrors that of SD-WAN in supporting a centralized perspective on the enterprise’s IP address space, distributed DHCP and DNS servers, and corresponding server configurations. Configuration of distributed virtualized DNS services is vastly simplified through centralized administration, which enables application of common policies, such as forwarding to internal DNS servers to any number of distributed DNS servers deployed at each site.

IPAM is not an afterthought
IPAM is not an afterthought

Our IPControl solution integrates IP address planning with DHCP and DNS configuration so an otherwise multi-step process is greatly condensed. Cloud IPAM automation features supported by the Sapphire CAA, which complement an SD-WAN implementation are also critical. Integration of the IP and DNS assignment during the instantiation of virtualized network functions within and around SD-WAN streamlines overall network and compute process automation.

Don’t let Internet breakout become Internet break-in
Don’t let Internet breakout become Internet break-in

SD-WAN offers many benefits for IT organizations. Managing your IP address space, including that deployed across sites interconnected via SD-WAN is critically important for inventory and asset tracking. Tracking IP addresses is also crucial for securing your SD-WAN network, particularly for Internet breakout sites. After all, you don’t want your Internet breakout to enable an Internet break-in. While Internet breakout greatly improves cloud application performance, it increases points of entry compared to the legacy DMZ-based Internet access strategy.

Flexible deployment with rich security
Flexible deployment with rich security

Deploying Diamond IP Sapphire virtualized DNS (and DHCP) appliances within your Internet breakout sites (even on SD-WAN router orchestration platforms if desired), can help you secure these sites and your network as a whole. Sapphire DNS appliances offer a rich set of security features to help secure these sites including ACLs, rate limiting, anycast addressing, DNS tunneling detection and DNS firewalling. Deploy Diamond IP Sapphire DNS at your SD-WAN Internet breakout sites and throughout your network to maintain a highly performing, highly secure network.

Next steps

See what Diamond IP can do for you and your organization. Request a Diamond IP demo tailored to your needs to learn more about IP address management insights.