Welcome, Guest. Please login or register.

Author Topic: Re: NeDi 1.0.4  (Read 7929 times)

MacBest

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: NeDi 1.0.4
« on: April 15, 2009, 02:05:25 PM »
Just a little Question...

I've just updated to 1.0.4 but now my discovery takes much longer than before.
It take up to 2 between seeing the IP address in the log if if set -v and the appearing of the dns name for this device. If I do a nslookup on the nedi machine I get the name instantly resolved.
Anyone knows what's going on between displaying the ip and displaying the name?
Any debug possibility?
Or is it only the first time?


Greetings

Jürgen
 
:'(

I found the reason but this seems to be a little BUG  :o
I have 4 different readonly communities in my nedi.conf  file.
And as told by Remo # Snmp read communities (most frequent ones first).
they are in the correct order. But I rechecked with the -d option and found, that nedi seems to order these communities another way (not even alphabetic). So I temporarily commented out the one making trouble and now discovery speed is back.

So Remo it seems to be your turn now ;-)
« Last Edit: April 15, 2009, 03:03:21 PM by MacBest »

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2712
    • View Profile
    • NeDi
Re: NeDi 1.0.4
« Reply #1 on: April 15, 2009, 04:49:02 PM »
True, I prepared something for snmp v3 and dropped this prioritization. I'll put it back in, but it should only affect the 1st run...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

Sampson Fung

  • Guest
Re: NeDi 1.0.4
« Reply #2 on: April 19, 2009, 10:55:53 AM »
Thank you making NEDI, it is a Great product! 

I used CentOS 5.3 and the rpmforge reposity.  Everything NEDI requires can be installed by YUM.  Just have to download 1.04 from your site, untar, move dir, link dir, chown, chkconfig, then discovery doing default gateway is done.  (Including to install minimal OS, less than 2 hours it is up and running).

I am given the task to monitor our devices (some 20 c28xx routers plus 30 c37xx POE L3 switches) health (cpu, temperature, routes, traffic, etc) and generate RRD graph on traffic.  {After logon to each router, setting SNMP strings and locations one by one, here I can do something in controlled fashion}

At this stage, my full NEDI discovery requires 200 minutes. 
./nedi.pl -u seedlist.all -Ipordv

In my approach, I want to control IPs will be process on a particular discovery.  So I come up with 3 seedlists:

1.  seedlist.fw (some 19 routers with the same SNMP readonly community string)
2.  seedlist.sw (some 30 L3 switches)
3.  seedlist.wlc (Wireless Controllers & APs)

I want to control the discovery, such that, by using different .conf & seed:
A.  Only the routers are processed. Every 5 minutes

./nedi.pl -U nedi-all.conf -u seedlist.fw  -Idv, it can finish in 1 minutes have ~650 IP processed.

The above command can be finished within 2 minutes for me.  So A is done.  And my boss is happy that:
1/  RDD graph are here
2/  Router Config backup is working (for majority of them) {after doing some input.log/output.log debug for login banners}
3/  Simple CPU/Memory/Temperature report are here (not all of them reporting)

Now I do the same on the Switches Seedlist.

For the same -Idv, it takes 19 minutes, some 2000 IP processed.

Question:  How can I tell, if the RRD graph of my Routers in A has been updated by this Switch discovery or not?

Sorry for the long posting.

Regards,
Sampson

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2712
    • View Profile
    • NeDi
Re: NeDi 1.0.4
« Reply #3 on: April 19, 2009, 12:19:20 PM »
As long as it's informative you don't have to worry about the length of the post ;) And presenting how you make use of the new -U feature is good information. Although 200 minutes seem to be a bit long for your devices. I reckon this should take no more than 15.

At the end of each line, you see how many seconds each device took to discover. A 48 port switch or 2800 router shouldn't take longer than 6-10 seconds (unless you have very slow links?). Leightweight APs should be matching nosnmpdev and not be contacted via SNMP directly...

rrdstep defines the intervall and in your case could be set for routers and switches separately. The way you run it, all nodes calculations will be dodgy as you either process switchport mappings or arp from the routers, but not both at the same time. If you don't care about where a node is connected to, you leave "getfwd" empty to further speed up the switch discovery.
« Last Edit: April 19, 2009, 10:53:21 PM by rickli »
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

Sampson Fung

  • Guest
Re: NeDi 1.0.4
« Reply #4 on: April 19, 2009, 06:08:58 PM »
I must say that my network is not quite normal. 

Per switch stack, there can be 50 to 70 VLANs (our L3 switch is doing the routing between those VLANs), with 5 to 10 member ports per VLAN. 

It has ~3500 nodes and ~150 devices discovered so far. (Some VoIP phones are discovered as DEVs but majority of them as discovered as NODs).  I have nonsnmpdev = ^S[EI]P|AIR-|MAP-

I changed userlogin to "Username:\s", so that majority of CLI sessions will be OK.

I have set SNMP timeout to 1s.

I tried some different parameter and has the time taken summaried below:

1.  19 routers in seedlist, getpwd=cli, -porIdv: 200 minutes
2.  19 routers in seedlist, getpwd=cli, -Idv: 2 minutes
3.  29 switches in seedlist, getpwd=cli, -Idv: 19 minutes
4.  19 r + 29 sw in seedlist, getpwd=cli, -Idv: 21 minutes
5.  19 r + 29 sw in seedlist, getpwd="", -Idv: 15 minutes

I think I will settle for (5.) at the moment, and set a cron job for every 20 minutes, except when (1.) is running.
I will do a (1.) per day with -B to backup config files.   

In the process, I found the following issues:

A.  In some of the switches, I got a lot of some Mf, Fp, Fi, "No response from remote host".
Does it suggest wrong Def files being used?  Or SNMP problem in the Router/Switch side?

B.  In my .conf, I have:

usr<tab>user1<tab>password1
usr<tab>user1<tab>password2

While in discovery, only user1/password2 is being used in CLI.  (I have only 2 device using password2, all other is using password1).  So, can 1.04 handle multi-ple passwords for the same username?

C.  How can I know what actions have been done on the IP addresses processed?
1.  DEV
2.  NOD
3.  Link
4.  RRD
5.  CPU/Temp/Memory, etc

D.  What is the effect of "broader<tab>WAN-router"?

E.  In working on netfiliter, I have
netfilter<tab>192.168.[12].|10.1
The, it will process 192.168.1.0 and 192.168.2.0, 10.1.0.0, as well as 210.123.*, etc.

If I put
netfilter<tab>192.168.[12].|^10.1
It will not process 10.1.0.0 at all.

Where should I start to learn more on the discovery control?

Thanks a lot!

Regards,
Sampson

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2712
    • View Profile
    • NeDi
Re: NeDi 1.0.4
« Reply #5 on: April 21, 2009, 08:05:18 PM »
A ./nedi.pl -h shows legend. Most likely inaccurate .defs
B Nope, username links to password (with that they're only stored in one place)
C Don't understand? You mean node IPs after discovery? ARP gets resolved then DNS lookup and switchport mapping
D Border regexp matching ID (CDP Name, MAC etc) stops discovery
E Strange, what do you want to achieve?
« Last Edit: April 21, 2009, 08:11:25 PM by rickli »
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

rufer

  • Guest
Re: NeDi 1.0.4
« Reply #6 on: April 22, 2009, 01:41:29 PM »
Your netfilter has to be more precise. Escape the dots writing them "\."

Greetings
Rufer

Hinton

  • Guest
Re: NeDi 1.0.4
« Reply #7 on: April 25, 2009, 06:29:42 AM »
I think I'm running into a similar issue as noted above
The nedi 1.0.4 only seems to be using one of the CLI username/password combinations
In my past versions I never had this as an issue
anyone with experience or fixes?

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2712
    • View Profile
    • NeDi
Re: NeDi 1.0.4
« Reply #8 on: April 25, 2009, 11:43:32 AM »
I didn't change much there. Can you be more specific?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

Hinton

  • Guest
Re: NeDi 1.0.4
« Reply #9 on: April 26, 2009, 04:33:33 AM »
It appears in my discovery that nedi is only using the first set of credentials supplied in the nedi.conf file
I normally have about 5 sets that must be used across all our wan - as long as the device uses the first set it pulls everything - green light - other devices that have other credentials are receiving the dreaded red light bulb in the CLI field - I thought on the old forum there was instructions on how to troubleshoot login problems
My credentials are in nedi.conf file with tabs inbetween username and password

thanks again for such a wonderful program

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2712
    • View Profile
    • NeDi
Re: NeDi 1.0.4
« Reply #10 on: April 28, 2009, 06:25:54 PM »
I even wrote the docs now: http://www.nedi.ch/discovery:libcli-sshnet

Not that it would have worked in 1.0, but do you have different usernames?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

Sampson Fung

  • Guest
Re: NeDi 1.0.4
« Reply #11 on: May 14, 2009, 04:31:58 PM »
Just back from office movement.  Sorry for not replying...

For my original Username/Password issue, my problem is:

I have two switches.

Switch 1:  username is user1, password is passwd1
Switch 2: username is user1, password is passwd2

I cannot change them, as it is controlled by local admin.
(I am just a remote Inventory admin, so learning Nedi to help me)

In my fresh discovery (mean re-init the DB before 1st run)
The order of the username/password pair matters.

For me, Nedi only use the last pair.  (I verified this run to change order/do db init).

I can create another VM image to try on that one again, if needed.