«

»

Aug 17

Infoblox, IPAM tools, SDN and FUD

I ran across an blog opinion piece last night around Infoblox and their product suite — specifically proclaiming that both were headed for the graveyard, due to those two magical and overused terms, “cloud” and “SDN”.

It’s an interesting article, weaving together an apparent direct correlation between their stock price, and the relevance of generic IPAM tools.  I found it mostly speculative, which is strange because I usually find EtherialMind an ok read.  My article centres around his comments on IPAM and DNS (not their other stuff).

Based on what?

Firstly, I find a few blind presumptions from the author to be wrong or baseless:

    1. Not everyone is going to the cloud — yes, sorry to shock, but it isn’t the solution for every, single, infrastructure problem.  Confusion reigns from non-tech folk that it is the silver bullet (“Awesome, no more bare metal costs!”), and “architects” (I use that term very loosely these days) are just following the crowd to appear cutting edge, or to job-protect.  This appears to me to be a very US-centric view, due to the nature of “the internet” being centralised or hubbed there.  Here are three reasons why it doesn’t always suit:
      1. Not everyone lives in the US, close to major backbones.  Unfortunately, scientists haven’t managed to increase the speed of light, so network latency matters
      2. Yes, there are datacentres all over the globe, but (particularly in Australia at least), they’re considerably more expensive to run, or to host cloud services at
      3. Data sovereignty.  A majority of customers I’ve dealt with over the years, particularly multi-national and government types, care very, very much about where their data lives; the “cloud” just isn’t good enough, and reasons are varied but usually based around sound company policy, or local laws
    2. Not everyone is going down the SDN path.  There are a multitude of reasons, but this is just fact.  Like anything, different options for different purposes.  The presumption that everyone is doing it is just plain false

The presumption that everyone is doing it is just plain false

  1. DevOps is changing the entire IT landscape, and doing it well — in my experience, nothing could be further from the truth.  For DevOps teams to work, they must be filled with excellent, experienced people, and not “router guys” installing Linux at home on a weekend and rolling out puppet in the enterprise the following Monday, or a “server guy” installing GNS3/Dynamips.  It’s as painful as watching someone fumble around in vi who claims to be a Linux admin.

The market

So, firstly, his linking between the stock price fall equating to customers running to the hills, away from IPAM.  Investment reports indicate two things for the two falls this year — profit falls, and CEO departure.  Profit falls could be any number of things, and drawing a conclusion that less sales = bad or unneeded product is silly.  They may just have bad salespeople!  Investors in stock are mostly just that — investors, not tech people.

A CEO departure affects almost any company, and has nothing to do with the quality or necessity of a product.  It usually resolves around company performance or culture.

The key quote from Citigroup analyst Jeremy David was this:

 

IT organizations appear to be prioritizing other IT projects ahead of DDI projects, compounding the already-known issue of a weak sales pipeline.

This is cyclical, like anyone long enough in the industry should know.  Projects are driven by budget, need, and realignment of culture/processes/market.  Sometimes an awesome project is sidelined for no other reason than availability of money or resources.

And now, the tech

So lets begin with some inline quoting and retorts:

 

The long term viability of this product is effectively zero.

With what evidence?  Your own opinion?  Simply saying that SDN and orchestration removes any need for an IPAM tool is wrong.  Even if I were to end up in some utopian world of cloud, and SDN, and click-to-build, I’d still want to track my IP address usage, VLAN information, etc.

 

Who needs IPAM as a standalone product ?

Anyone who’s been around a while, and knows that usually, the best tools are ones that do a small set of functions, and do them well, instead of some all-in-one, universe-changing SUPER tool where the mantra is “near enough is good enough.”  Infoblox integrates with vCenter Orchestrator (possibly amonst others), which covers the main issue around specialist tools — isolation.

 

The DNS Load balancing products are better handled using a SaaS product like Amazon’s Route 53. In the current security environment, running your own DNS server is a high risk option. People are slow to change on this idea but momentum is inexorable.

Huh? Since when is this smart?

Huh?  Since when is this smart?  Since when is running your own infrastructure and applications less secure (with the right people behind them)?!?  The outsourcing of DNS to some third party (one especially in other legal jurisdictions) based on the belief that it’s more secure is, to me, insane.  Not to mention all the issues these services can and do have, including downtime.

 

Two years ago, a network engineer was not permitted to operate a server. That was the responsibility of the server team.  The result was that engineers turned to appliances that looked like network devices to provide the software

Again, since when?  Since when does a network guy look after DNS?  I’ve never seen it.  I wouldn’t approve of it.  Anyone who is serving DNS from a network device instead of a server needs a talking to.

 

Tools like IPPlan, GestoIP and many others are free but mostly a good opportunity to build skills in software (the future of networking). Who wants to buy Infoblox when you can do it yourself and improve your career ?

There is always the real risk of abandonware

This statement demonstrates a clear lack of experience in dealing with open source tools.  Most are good, but never meet the mark.  There is always the real risk of abandonware.  There are always bugs, which are usually only addressed due to demand, or someone making the effort to fix it.  Yes, one gains valuable software experience, but usually loses a ton of time fighting the tool, due to the very “when time permits” nature of it.

Who wants to buy Infoblox (or any commercial offering)?  Anyone that wants support, almost-assured updates, and time back to use on more important things.

 

Infoblox products are eye-wateringly overpriced

This I cannot disagree with — but I wouldn’t be so dramatic about it.  A loose comparison against other, bug-ridden commercial offerings from large virtualisation vendors puts things into perspective quickly.

 

And most people are moving to cloud services because of DNS flood attacks. Why would you buy this product ?

(Context: DNS Firewalls, not IPAM)  They are?  Since when?  I can see two reasons why — DDoS style bandwidth abuse, and volume-based internet links (yes, some of us still suffer this).  Last I checked, most cloud providers charge using a volume-based model, or you pay a hefty price for “unlimited”.  So, the only net benefit is removing the headache of a hosed net link, which is fair enough in itself, but doesn’t convince me to hand over all of my DNS resolution work to a third party.

Conclusion

I get that the article was an opinion piece, just as this is… but obviously, a fair few points irked me.  I always react to such broad, sweeping statements and predictions; every situation is different.  In the context of networking and the cloud, a global view needs to be maintained — not just a localised one.

About the author

Jason

I love technology, and have been involved with it for over thirty years. I'm a IT manager, a seasoned network, storage, Unix and virtualisation guy. I love to code (mmm, sweet sweet Python), and I django, SQLalchemy, Eve and pytest when I'm behaving. I'm also a DJ, and photographer.

4 comments

Skip to comment form

  1. Jim

    Hi Jason, does the move to the cloud (AWS) obviate the need for tools like Infoblox? That is, can you rely on AWS to handle DDI for you instead of Infoblox?

    1. Jason

      Hey Jim,

      I don’t think so. For me, it comes down to “Do you trust a third party to track?” Of course there’s probably little real-world risk, but I would still be tracking things out-of-band.

      One could even use APIs to sync between the two, to make things easier I guess.

      I’m one to strictly run my own DNS server and infrastructure as well, again not relying on third parties, and of course, Infoblox does this as well, all integrated.

  2. Andrew Joe

    Hi Jason,

    Interesting piece – we just released a new IPAM offering so I certainly hope it’s not dying! If you’re interested in giving it a spin send me an email – we’re trying to get as much feedback as we can. I’m one of the developers so I’d love to hear your thoughts. The product is at http://ipam.lightmesh.com. Thanks!

    1. Jason

      Howdy Andrew!

      I might just do that – always looking for good solutions. Looks pretty snazzy!

      My first comment, without digging deeper, would be “how can an existing user of Infoblox migrate?” Or, I guess, from any other major solution out there.

      One of my gripes about Infoblox is the pretty average CSV export/import. A bit cumbersome and incomplete, and was a fair challenge when migrating from our old open source tool, and BIND.

      Looks like this is an IPAM only app too, right? I see mention of integration to MS tools – your site should go into that deeper… And what about ISC BIND, and DHCP?

      (Make your screenshots clickable/bigger too ;))

Leave a Reply

%d bloggers like this: