Welcome, Guest. Please login or register.

Author Topic: Main IP  (Read 4206 times)

gumba

  • Guest
Main IP
« on: September 08, 2009, 02:18:09 PM »
How does Nedi find out what the "main IP" of a device is? Looking at what NeDi discovers, I see some differences with what I would understand to be the devices main IP (like DNS entry, default interface etc.). So by what criteria does NeDi decide whether or not one out of many IP addresses is the "main" one?

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2786
    • View Profile
    • NeDi
Re: Main IP
« Reply #1 on: September 08, 2009, 06:24:04 PM »
libsnmp.pl sub IfAddresses:
# 1.priority, use highest loopback IP
# 2.priority, use virtual
# 3.priority, use ethernet IF (prefer existing IP)

In 1.0.5 duplicate IPs will be avoided...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

steffen1

  • Guest
Re: Main IP
« Reply #2 on: February 10, 2010, 02:08:29 AM »
I have also my difficultis with this self choosing mechanism and in most cases I used NeDi, it will will choose the most public IP at the device - that will be the worst IP for management.

Without -I for ignoring this mechanism, NeDi would be much harder to use for me.

Is there a possibility to set -I as a global default?
How will the Original IP be choosen and what is the meaning?
Is map_ip intended to remap wrong auto-choosen IP to that IP I want for the device?
When I try'd this, it never got working.

If I may do a suggestion for Auto choise of Management (Main) IP, I would do this:
1. strategie: Loopback or Name in nedi.conf
2. If Name, then:
2.1 IP where local sysName retrieved by SNMP will be resolved via DNS or /etc/hosts as well
2.2 if not found, the IP that is DNS or /etc/hosts resolveable
2.3 if more than one is resolveable, the first pingable IP of this

Steffen


rufer

  • Guest
Re: Main IP
« Reply #3 on: February 11, 2010, 09:02:25 AM »
Seems to be very subjective :)
For me personally, it should be like this for Cisco Devices:

1) If Loopback 0 exists and is reachable from Nedi, take this one. Loopback 1... are used for other stuff in my case, as example anycast addresses that are really not suitable for any management

The rest of it works fine, that's the only thing I customized in my nedi install. In fact I switched to the strategy "take the lowest Loopback IP you can find" so it was a very easy change. But this worked for me, it doesn't mean it works for others.

Greetings
Rufer

oxo

  • Guest
Re: Main IP
« Reply #4 on: February 11, 2010, 10:37:47 AM »
I was waiting for rufer to post something on this subject ...
I usually use -I as the db is seeded with the management address and I don't use cdp discovery to populate the db.

I believe that loopback 0 is more often than not the management ip address.
I also believe that usually the sysName is also the management dns ->ip address
- or find an interface that is resolveable.
Failing all else, the non -I can work.

In "Play with Nedi", I have not allowed discovery of management address if the manual or database seed is used
- ie if cdp is in operation, the guess management address algorithm (standard or modified) can be used.

A normal feature of NeDi is that the identify of device starts ok, but when guess management has run, it can guess wrongly.
If the -A option is used, I allways have -I as the db HAS the management address, so don't bother using cpu time to guess it (Need for Speed).

I believe the guess management address was implemented in order to find a correct management address when using a discovery protocol, however it has side effects.

steffen1

  • Guest
Re: Main IP
« Reply #5 on: February 11, 2010, 06:35:35 PM »
The Main-IP guessing seams to be working if you use the Loopback interfaces for management IP's.
But to use Loopback interfaces for management is just a design proposal. if I have luck I will find this in consulting situations, if not I must fix the management IP's after initial discovering by calling like this:

for ip in $all_wrong_guessed_ips
do
   ./nedi.pl -I -a $ip_map{$ip}
done

Depending on how large the network is, it can be a lot of work to get "all_wrong_guessed_ips" and there
belonging routeable and firewall/ACL opened IP's.

So I have this questions:
1. Is there is a possibility to force "-I" in nedi.conf? In networks not using loopback interfaces you will get in trouble if you forget -I when rediscover single devices or -A from DB.
1. How will the Original IP be choosen and what is the meaning?
2. Can I use map_ip in nedi.conf to remap wrong auto-choosen IP?

oxo

  • Guest
Re: Main IP
« Reply #6 on: February 11, 2010, 06:47:59 PM »
Is there is a possibility to force "-I" in nedi.conf? In networks not using loopback interfaces you will get in trouble if you forget -I when rediscover single devices or -A from DB.
- It isn't possible to define it in nedi.conf
- define $opt{I} in the code at the start of neid.pl: this will allways give -I. After getopts() add:
Code: [Select]
$opt{I} = 1;- or go deep into the code, and find where !$opt{I} is and change it to $opt{I} to make -I mean guess IP address:
Code: [Select]
ob@ob-laptop:~/Downloads/nedi/inc$ grep 'opt{I}' *
libsnmp.pl: if ($ippri < 10 and !$main::opt{I}){

How will the Original IP be choosen and what is the meaning?
- the original IP is that given in a manual/database seed, or the ip address found with, for example, show cdp neigbours. So the table col, ip, gets copied to origip and if not using -I, they can be different.

Can I use map_ip in nedi.conf to remap wrong auto-choosen IP?
- maybe: try it, but would be a slow process
- otherwise, for all bad guess device row copy mysql table entry for origip to ip which should be quicker than remap or rediscover (-a).
Remember to post code if you do it in perl for others ... , it could have 2 types of run:
- show where ip != orgip and print the ip's and device name
- for all devices in file, make ip = orgip.
« Last Edit: February 11, 2010, 08:00:12 PM by oxo »

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2786
    • View Profile
    • NeDi
Re: Main IP
« Reply #7 on: February 13, 2010, 09:08:38 PM »
I chose this way because it worked best in that environment. I agree it's a subjective topic. -I could be extended with a precedence pattern in order to match any environment...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo