AWS VPC data - Adaptive Applications - BlueCat Gateway - 24.1.1

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
24.1.1

The following sections illustrate VPC network data that Cloud Discovery & Visibility (CDV) imports into Address Manager from Amazon Web Services (AWS).

VPC name changes

As of CDV v24.1, if users change the name of a VPC in the AWS infrastructure, CDV does the following:

  • Overlapping BAM Configuration: If users change the name of an overlapping network, CDV will update the corresponding Configuration name in BAM (if one exists).

  • Blocks in BAM IP Space: Names of affected blcoks in IP space in BAM will now reflect its current status in the AWS infrastructure.

These updates occur during both Scheduled Discovery and Visibility Management jobs. Name changes found during Scheduled Discovery jobs are applied only after CDV receives a rerun command. Name changes found during Visibility Management jobs are applied only after CDV receives a message that indicates the name-changing action.

Elastic Network Interfaces (ENI)

If Elastic Network Interfaces is selected in AWS Discovery options, CDV will import ENIs into BAM as devices. These devices will have a Device Subtype of Generic Device and an Instance Type based on the Interface Type of the ENI in BAM.

If ENIs are used with virtual machines, load balancers, private endpoints, or Elastic Kubernetes Services (EKS), ENIs belonging to that device (or to the EC2 device for virtual machines) will be managed by that device.

Example: No overlapping address spaces

In the following example, two Private VPC networks exist on Amazon Web Services (AWS).



When CDV imports this data into Address Manager, it first creates a configuration based on the Virtual Private Clouds (VPCs) within AWS. Within this configuration, CDV adds the block under the IPv4 or IPv6 tabs, within the IP Space tab.

For example, the following example illustrates data in the IPv4 tab:



If (within the AWS Discovery Options settings) you specified that CDV import AWS Public IP Ranges, CDV automatically imports data from any additional public AWS VPCs that have been assigned to virtual machines or load balancers.



The following example illustrates private VPC data imported to the IPv6 tab:



Similarly, if (in the AWS Discovery Options settings) you tell CDV to import the AWS Public IP Ranges, CDV imports any additional public VPCs that have been assigned to virtual machines or load balancers into Address Manager as IPv6 blocks:



Overlapping address spaces

When AWS VPCs are configured with overlapping address spaces, CDV creates new configurations to account for the overlapping ranges. Depending on the AWS Route 53 configurations in AWS, CDV might also create an additional Route 53 configuration. If users change the name of an overlapping network in the AWS infrastructure, CDV will update the configiration name in Address Manager.

Note: CDV will drop networks when forced to import resources into a specific BAM Configuration based on the block level or address space in the cloud. If this occurs, CDV will drop a network only if its CIDRs overlap with an existing block on Address Manager, and if that block has nested children (a child block or network).

For example, here two private VPCs exist on AWS as the networks vpc-1 and vpc-2. They have overlapping address space in the range of 10.0.0.0/16 to 10.0.0.0/18.



When this data is imported into Address Manager, CDV creates two new configurations to account for the overlapping address space: