Monday, November 5, 2012

OM12: Network Device Recursive Discovery & Include Filters

When one use OM12 for monitoring network devices there are two different types of Discovery, Explicit and Recursive. This posting is about the last type of Discovery and some things I bumped into in different OM12 environments, regardless of their UR (Update Rollup) level.

But before I start, let’s make clear what a Recursive Discovery is all about. A Recursive Discovery is actually a type of Discovery which uses the network devices specified in the Devices list as a jumping board to discover other network devices which are connected to those very same devices.

But there are certain things to reckon with.

01 - Where are my SNMP v3 network devices?
When a Recursive Discovery is used SNMP v3 devices won’t show up. Yes, SNMP v3 devices can be discovered and monitored by OM12. No questions there. Only know these four potential caveats:

  1. Explicit Discoveries must be used in order to discover SNMP v3 devices;
  2. A Recursive Discovery can discover SNMP v3 devices ONLY when they’re explicitly specified in the Devices list;
  3. In the same Recursive Discovery, only SNMP v1/v2 devices connected to the SNMP v3 device will be discovered;
  4. When SNMP v1/v2 devices are specified in the Devices list, only SNMP v1/v2 devices connected to them will be discovered as well.

02 – I have excluded a network device in the Exclude Filter, but it keeps being discovered!
Have seen this behavior many times. And until now it looks like an issue with the Include Filter. When you specify a range of IP addresses in the Include Filter, and the IP address of that device you don’t want to be discovered is the start address of that very same range, that device will be discovered over and over again, even when you have specified that same IP address in the Exclude Filter.

Include Filter contains an IP Address Range like this one:
In this case the Discovery will only pick up devices starting with IP address and ending with IP address

The Exclude Filter contains this address:

When the Discovery runs, changes are the device with IP address will be discovered – thus monitored – none the less.

The best way to go about it is to adjust the Include Filter in such a manner isn’t listed anymore, like this:

Now you can safely delete the device from the Exclude List Glimlach.

03 – How do IP Address Ranges for Network Device Filtering work?
Ah, the real magic starts here. I can imagine when Recursive Discoveries are being used, you don’t want ALL connected network devices to be monitored. In huge environments it can have some unwanted side effects (in cases like this it’s perhaps better to use an Explicit Discovery instead).

But when running a Recursive Discovery in a big environment, it’s better to use IP address Ranges for Network Device Filtering. It makes the potential loose canon more restricted and brings the control back to you.

  1. How to get there?
    When using the Include Filters, select the second option (Discover only network devices within the specified IP address ranges). Hit the Add button and this screen will be shown to you:
  2. ‘IP Address Range’ field
    This field accepts more than you might think. When you want to know more about the input it accepts and the required input, simply click on the link displayed on the same screen (How to format IP address ranges). A help file will be opened, telling you all you need to know:
  3. ‘Included device types’ field
    This is a neat one. It enables to scope your discoveries down to a specified type of network devices. Like firewalls, routers and bridges:
  4. ‘Include only network devices with the following system attributes (OIDs)’ fields
    Haven’t tried this one fully, only the Object ID (OID): field with mixes results. But there are many many network devices out there in the wild and one can’t expect OM12 to cover it all Glimlach.

Wrapping up
As you can see, Recursive Discoveries are powerful and offer many options to turn a potential loose canon into a more controlled discovery mechanism without loosing the functionality of a Recursive Discovery which is basically Set & Forget. When you spend a bit more time for the ‘Set’ part of it all, you can really forget about it afterwards and monitor the required set of network devices as well.

No comments: