Centralized Address Space Management(CASM) Requirements and Framework

The address space management is an intergral part of any network management solution. The network architectures are rapidally changing with the migration toward private and public clouds. At the same time, application architectures are also evolving with a shift toward micro-services and multi-tiered approach. There is a pressing need to define a new address management system which can meet these diverse set of requirements. Such a system must be built with well defined interfaces so users can easily migrate from one vendor to another without rewriting their network management systems. This document identifies a broad set of requirements and defins a architectural framework that should become the basis to develop a new address management system. We are calling this new system as Centralized Address Space Management (CSAM) system.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Centralized Address Space Management IP Address Management

In order to build CASM, there is a clear need to define a broad set of requirements that must be the basis for defining the architecture framework for CASM. The requirements should be able to meet the various use-cases identified in the draft. This sections identifies the major set of requirements for defining CASM system.

Some requirements are not specific to any particular functiolaity of CASM but applicable to all aspects of CASM system. Multi-tenancy: All interfaces exposed by CASM system must be multi-tenant capable. This is highly desirable for cloud based network management solutions. It may also be applicable for a service provider with different managed services use-case scenario. Autentication and Authorization: All interfaces exposed by CASM system must support an authentication scheme. It also highly desriable to support operational restrictions on certain resources based on identity for security reasons. Audit Logging: All CASM actvities must be logged for auditing or debugging purposes. The system must provide an interface to access these records. Error notification: All interfaces exposed by CASM system must support error handling and user-defined error notification mechanism suh as alert or email. There may also be need to take corrective action for autonomus operation.

The interface to external user must be meta-dat driven as much as possible to meet wider set of use-cases, e.g., instead of requesting an explicit IPv4 address, user should specify an adsress request based on its requirements. The following requirements should be considered for pool management interface defintion. The attributes should be realted to the requestor which could a physical device, virtual machine, container or other entities present in a network. Fucntional attributes such as switch, router, firewall, server, end-point Form-factoral attributes such as physical, virtual Opertional attributes such as management plane, control plane, data plane Network segment identifier, such as VLAN, VxLAN or other user-defined value Network segment type such as point-to-point, multi-point, loopback Addressing scope attributes such as private, public, vpn, unicast, multicast Extensible user-defined attributes

The CASM should support following functionality for it to be adopted for wide varierty of use cases.

A CASM system should allow ability to manage different kind of address pools. The following pools should be considered for implementation; this is not mandatory or exhaustive by any means but given here as most commonly used in networks. The CASM system should allow user-defined pools with any address objects. Unicast address pool: Private IPv4 addresses Public IPv4 addresses IPv6 addresses MAC Addresses Mulicast address pool: IPv4 address IPv6 address

There should be a rich set of functionality as defined in this section for operation of a given pool. Address management: Address allocation either as single or block Address reservation Allocation logic such as mapping schemes or algorithm per pool General management: Pool initializing, resizing, threshold markings for resource monitoring Pool attributes such as used to automatcally create DNS record Pool priority for searching across different pools Pool fragmenetation rules, such as how pool can be sub-divided Pool lease rules for alloation requests

In order to build a complete address management system, it is important that CASM should be able to integrate with other address services. This will provide a complete solution to network operators without requiring any manual or proprietary workflows. DHCP server: Interface to initialize address pools on DHCP server Notification interface whenever an address lease is modified Interface to access address lease records from DHCP server Ability to store lease records and play back to DHCP server on reboot DNS server: Interface to create DNS records on DNS server based on DHCP server events NAT device: Interface to initialize NAT pools Interface to access NAT records from NAT device Ability to store NAT records and play back to NAT device on reboot

Based on the requirements specifed in this document, we propose the following high-level architecture for building CASM. There are three broad categories for CASM interface defintion: Pool management interface: Interface to external user or applications such as SDN controller to manage addresses Log interface: Interface to access log and records such as DHCP, DNS, NAT Integration interface: Interface to address services such as DHCP, DNS, NAT The propsed CASM framework is shown in .

+----------------+ +------+ +----+ +-----+ +-----------------------+ |Interface for | |SDN/ | |OSS/| |ADMIN| |Interface for logs, | |managing address| |Legacy| |BSS | | | |DHCP, DNS, NAT, Address| |space and pools | | | | | | | |allocation records | +--------+-------+ +--+---+ +-+--+ +--+--+ +----------+------------+ | | | | ^ | | | | | | | | | | | | | | | v v v v | +---+------------+-------+-------+---------------+------+ | Address Space Management (IPAM) System | | +-----------+ +----------+ +--------+ | | | Pool | |Address | |Database| | | | Management| |Management| | | | | +-----------+ +----------+ +--------+ | | | +-------------------------+-----------------------------+ | +-----------v------------+ |Address Helper Plug|ins | +----+--+------+-----+---+ +-------------| | | |-------+ | +----+ | | | | | | +--v----+ +-v---+ +----v-----+ +---v----+ +--------+| +-----+| +----------+| +--------+| | DNS || |NAT || | Address || | DHCP || | Servers|| | || | Mapping || | Servers|| | |+ | |+ | Systems |+ | |+ +--------+ +-----+ +----------+ +--------+

This document started from a slide deck authored by Rakesh Kumar and Anil Lohiya.

This memo includes no request to IANA.

TBD