I work for ADN Telecom Ltd, an ISP in Bangladesh. Like any ISP, there are times when we need to push bulk updates to customers, so we decided to go for automation. However, as we began automating, we realized that we had two separate inventories — one for automation and one for the database — and these inventories were not synchronized or regularly updated. This issue led us to look for a solution, which I’ll describe in this post.
Why spreadsheets don’t scale
For many ISPs, spreadsheets are the initial tool used for managing IP addresses and VLANs. While this method works well for smaller networks, it quickly reveals its limitations as the scale increases.
For example, searching for a single IP conflict in a large spreadsheet can be incredibly time-consuming, making it difficult to manage effectively. Additionally, without relational mapping, linking IP addresses, VLANs, devices, and customers becomes cumbersome and error-prone. Another significant drawback is the absence of an audit trail, which makes it challenging to track who made a change and when it occurred. As a result, collaboration across teams often leads to version conflicts and outdated data, further complicating network management.
Enter phpIPAM as the Source of Truth (SoT)
Open source IP Address Management (phpIPAM) provides a solution to these challenges by offering a centralized database that is accessible via an API. This tool is specifically designed to manage critical network data, including IP addresses and subnets, VLANs and L2 domains, devices along with their associated metadata, and custom fields with tagging capabilities. By centralizing this information, PHPIPAM enables better organization and accessibility, which is essential for efficient network management.
With phpIPAM, it became possible to establish a structured, easily searchable database. This structured data now serves as the network’s SoT — a reliable foundation for network automation.
Ansible + phpIPAM = automation at scale
Once we had our network inventory structured in phpIPAM, we could leverage Ansible to automate network configuration at scale. Here’s how the workflow looks:
- Store network data (devices, IPs, VLANs) in phpIPAM.
- Retrieve structured data via phpIPAM’s REST API.
- Automate the device configuration process using Ansible playbooks.
This combination allowed us to move from manual configuration to fully automated, repeatable network deployments.
Fetching device data from phpIPAM
The first step is to query phpIPAM for device information. Here’s how we use Ansible to pull that data:
- name: Fetch device data from PHPIPAM
uri:
url: "{{ phpipam.api_url }}/{{ phpipam.app_id }}/devices/"
method: GET
headers:
token: "{{ phpipam.token }}"
validate_certs: no
return_content: yes
register: phpipam_devicesFiltering Mikrotik devices
Once we retrieve the list of devices, we can filter the Mikrotik devices by their hostname and extract their IPs:
- name: Extract Mikrotik IPs by device_type
set_fact:
mikrotik_ips: >-
{{ phpipam_devices.json.data | selectattr('hostname', 'contains', 'Mikrotik') | map(attribute='ip') | list }}Pushing configuration to devices
Next, we loop through the filtered Mikrotik IPs and apply configuration changes:
- name: Add simple queue to Mikrotik device
community.routeros.command:
commands:
- /queue/simple/add name=FTP-Server target=192.168.100.100/32 max-limit=100M/100M
loop: "{{ mikrotik_ips }}"
loop_control:
label: "{{ item }}"VLAN configuration for Cisco Devices
Similarly, we can apply VLAN configurations to Cisco devices that lack certain VLANs:
- name: Add VLANs to Cisco device if not present
ios_config:
lines: >-
{%- for vlan in cisco_vlan_list if vlan['number'] not in existing_vlans.stdout_lines -%}
vlan {{ vlan.number }}
name {{ vlan.name }}
{%- endfor -%}Overcoming challenges
While the benefits of this automation are clear, there were challenges along the way:
- Data accuracy: Cleaning up years of inconsistent IPAM data was crucial to ensuring accurate automation.
- Device-specific quirks: Each device may have unique configuration syntax, which requires us to create tailored templates.
- Debugging playbooks: Silent failures in playbooks posed difficulties, requiring thorough testing.
- SSL/API setup: Securing the phpIPAM API and ensuring seamless communication with Ansible took significant effort.
Best practices for success
Through trial and error, we established best practices to ensure successful automation:
- Clean data: Start with accurate, well-structured data to ensure effective automation.
- Modular playbooks: Break playbooks into reusable, modular tasks to reduce complexity.
- Version control: Track and version all configuration changes to ensure consistency.
- Testing: Always test playbooks in a controlled environment before deploying to production.
The impact: Real results
We achieved several benefits by automating network configuration with Ansible and phpIPAM. First, we were able to implement real-time configuration changes across over 500 devices, streamlining network management and ensuring quicker adjustments. This automation also reduced downtime during network migrations, allowing us to transition services with minimal disruption. Additionally, the automation facilitated faster rollouts of new services, improving overall efficiency. Lastly, the solution provided us with an auditable, centralized log of configuration changes, enhancing visibility and accountability within the network management process.
Final thoughts
The combination of Ansible and phpIPAM revolutionized our network operations, shifting us from manual processes to fully automated workflows. The key takeaway? The future of ISP operations lies not in spreadsheets, but in structured data, APIs, and automated solutions. By cleaning up your IPAM data and embracing automation, you can streamline network management and improve efficiency.
Explore our demo and code examples at GitHub.
Watch Abu Sufian’s APRICOT 2025 presentation on this topic.
Abu Sufian is an Assistant General Manager for ADN Telecom Limited and an APNIC Community Trainer interested in networks, systems and security.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.