Site Separation
Sites are separated collections of devices. Rule precedence is defined by the order from top to bottom.
A Site can be a branch, a factory, a production floor, a campus, or anything that represents a Site from a your point of view.
By default, a Site consists of the topology of all contiguously interconnected protocols, and the boundary of a Site is formed by the network protocol relation that is not under management using provided authentication credentials. The default separation is good for MPLS networks, where the directly connected routing infrastructure at a Site’s edge is not accessible.
Regular Expression Site Separation
Info
Site distribution cannot be changed manually when regular expression (regex) rules are used. Sites cannot be renamed.
Alternatively, site separation can follow a specific regex, where separation will be performed based on a portion of a device hostname, SNMP location or cloud specific properties.
Check
If you cannot cover the names of the Sites with one regex, you can use a logical or. Use the |
(pipe) operator between regex rules or use the Device Attributes method detailed below.
Hostname Regex
Go to Settings → Discovery & Snapshots → Discovery Settings → Site Separation, select Regex based on hostname, and click + Add rule to create a new rule.
Regular Expression input value is what the hostnames of discovered devices will be tested against.
You can use capturing groups (sections of regular expression in (
and )
brackets), which you can
then refer to in Site Name input value. The capturing groups might be named, using the (?<name>...)
syntax.
Transform hostname operation is applied BEFORE the regular expression is applied:
- UPPER CASE – First hostname
PRAGUE-RTR1
, second hostnameprague-rtr2
→ regular expression is applied onPRAGUE-RTR1
andPRAGUE-RTR2
hostname strings. - lower case – First hostname
PRAGUE-RTR1
, second hostnameprague-rtr2
→ regular expression is applied onprague-rtr1
andprague-rtr2
hostname strings. - None (default) – First hostname
PRAGUE-RTR1
, second hostnameprague-rtr2
→ regular expression is applied on the original hostname strings, i.e.PRAGUE-RTR1
andprague-rtr2
respectively.
Site Name input value is the site to which device will be assigned to in case the name of the device is matching the Regular Expression.
Site Name might be a string value, e.g. prague
, or it might be a template string with ${...}
references to Regular Expression capturing groups, e.g. production-${1}
or staging-${city}
.
If at least one capturing group is detected in the Regular Expression, the Site Name input is disabled and Customize button appears.
Unless you click the button, the value matched in the first capturing group of the Regular Expression is used as the Site Name.
Regex Based on Hostname Using Default Option
The regular expression matches hostnames such as Prague-123
, London-456
, the
resulting Site Names would be PRAGUE
and LONDON
respectively.
If you decide to edit the Site Name, click the Customize button and enter Site Name string.
Use numbered references: ${1}
for the value of the first capturing group, ${2}
for second,
…, or named references, e.g. ${city}
, to refer to named capturing groups of Regular Expression.
You can combine both approaches and construct the site names according to your needs, e.g.
${city}-${street}-${3}
. The compatibility between the Regular Expression and the references
used in the Site Name is checked in UI to prevent any typos or other mistakes.
Regex Based on Hostname Using Customized Site Name
The regular expression matches hostnames such as Prague-Parizska-4
,
London-Downing_street-10
, the resulting Site Names would be parizska-of-prague
and
downing_street-of-london
respectively.
SNMP Location Regex
Go to Settings → Discovery & Snapshots → Discovery Settings → Site Separation, select Regex based on SNMP location, and click + Add rule to create a new rule.
Cloud Resource ID
Go to Settings → Discovery & Snapshots → Discovery Settings → Site Separation, select Cloud Resource ID (Cloud network), and click +Add rule to create a new rule.
This rule uses cloud resource ID (AWS ARN, Azure resource ID, GCP full resource name) to build the site name.
The switch Include also cloud devices discovered via SSH or Vendor API puts network devices into the same site as the relevant cloud resources. E.g. a router or a firewall running as an AWS instance will be placed to the same site as the VPC where it is deployed (instead of being classified by hostname, SNMP or other site separation rules). If this setting is enabled, ensure that site separation rules are placed in the right order (cloud rules should be above on-prem rules in order to work properly).
Regular Expression input value can be found in the table Technology → Cloud → Nodes → Inventory, column Resource Name / ID.
Cloud Resource ID Site Sepatation
This example shows use of named regular expression groups. The result site name would be e.g. AWS:1234567890/eu-north-1
.
Slug
Go to Settings → Discovery & Snapshots → Discovery Settings → Site Separation, select Slug (Cloud network), and click +Add rule to create a new rule.
Currently you can select AWS, Azure and GCP devices to be matched by this rule. Whole slug string is used as a site name. It can be transformed to upper case, lower case or kept as it is set in a specific vendor API configuration in Settings → Discovery & Snapshots → Discovery Settings → Vendors API.
The switch Include also cloud devices discovered via SSH or Vendor API functionality is the same as in Cloud Resource ID site separation rule.
Testing
The UI allows you to edit and test your rules directly in the browser by selecting the Test rule option. Here, you can see a live preview of devices that will match the regex you created.
You can also test SNMP location rules:
Regex Example
We have several locations whose names are logically designed as one letter with one to three numbers.
From the point of view of a regex, such a Site can generally be expressed as ^([a-zA-Z]\d{1,3})
.
Unfortunately, we have two other Sites that do not fit into this schema. These Sites can be defined with their own regex, and these can be added to the original one using the logical operator or.
The following example will match one of three options:
^([a-zA-Z]\d{1,3}\|HWLAB\|static\d{1})
Regex Example – Lookahead
You can match a part of the string, only if it contains, or does not contain, a specific expression afterward, by using lookahead (positive or negative).
In the example below, we want to match the first two letters and one number only if we don’t
see the pattern -dev
afterward. Using this regex:
(^[a-zA-Z]{2}[0-9])(?!.*-dev)
BL1-router01
– the regex will match.PA2-router02-dev
– the regex will not match, as we can see-dev
in the hostname.
Read more about regular expression and assertion at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Assertions#other_assertions.
Device Neighborship
This option will try to define a device based on its neighbor relationship if a device does not match any previous rule. Perhaps you have devices in your environment that do not follow the normal standard, such as those in a DMZ zone or Day 0 devices that have not been fully configured. If that device is connected to a device that did match a rule, IP Fabric will intelligently group it to the correct Site.
Manual Site Separation (Device Attributes)
Manual site separation enables the Device Attributes feature to create manual separation if a device does not follow a standard hostname rule or if the hostname is duplicated in multiple locations.
To configure Device Attributes, first enable the Manual site separation toggle in Settings → Discovery & Snapshots → Discovery Settings → Site Separation, and then select Configure device attributes:
or go to Settings → Discovery & Snapshots → Global Configuration → Device Attributes:
Device Attributes
Serial number
is IP Fabric’s “Unique Serial Number” (API columnsn
). This is not theSerial Number
column, which represents the Hardware SN (API columnsnHw
). Devices discovered via API can also be assigned using Device Attributes.Hostname
is populated by IP Fabric when a device matching theSerial number
is found.Attribute
is the Device Attribute to assign. Since we want to set the Site based on the serial number, set it tositeName
.Value
is the attribute’s value to assign. In this case, we want to split the SiteL35
into separate Sites35COLO
,35PRODUCTION
, and35HEADOFFICE
.
Creating Rules in the UI
You can create rules in the UI by clicking + Add attribute. This will provide you with a form to fill out.
Creating Rules via the API
The API is the preferred method of creating rules as it allows for bulk importing. Use the PUT
method on the endpoint https://<IPF_URL>/api/<IPF_API_VERSION>/attributes/global
. Below is an example of the payload:
Example
{
"attributes": [
{"sn": "<DEVICE SERIAL NUMBER01>", "value": "<SITE NAME>", "name": "siteName"},
{"sn": "<DEVICE SERIAL NUMBER02>", "value": "<SITE NAME>", "name": "siteName"}
]
}
Info
It’s important to specifically use the siteName
attribute to define the Sites in IP Fabric. You can define other attributes as well, but site separation is solely based on siteName
.
Rule Priority
Rule precedence is defined by the order from top to bottom. So, in the example above:
-
Manual site separation (if enabled) will look at the Device Attributes and try to first assign a device based on its serial number if a match is found.
-
Rules you define. In the example above, it will check the following:
- If SNMP Location matches
IPFABRIC, (LAB01)
→ SiteLAB01
. - If Hostname matches
^L21
→ SiteMPLS
. - If Hostname matches
^(L\d{1,2})
→ SiteL2-99
.
- If SNMP Location matches
-
Try to assign devices without sites based on device neighborship (if enabled).
Reporting Rule Matches With python-ipfabric
Package
Please see the example on GitLab: https://gitlab.com/ip-fabric/integrations/python-ipfabric/-/blob/develop/examples/tools/site_separation_report.py.