Skip to end of banner
Go to start of banner

How opAddress discovers information

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

 

  • Summary of opAddress information collection

 

opAddress is designed to collect and build your IP address management information dynamically with little manual input required.  It does this by importing information about your network and networked devices from NMIS and/or Open-Audit Enterprise on a daily basis.  It makes use of the interface information from these devices (IP address, mask etc) to build a list of known subnets and known IP addresses and known hosts, gateways etc. 

The administrator or users can also manually add subnets or edit discovered subnets to complete the picture.

The complete list of subnets allows opAddress to scan your networks every thirty minutes.  A list of all possible IP addresses is created from the subnet information and once added to the address table these addresses are then pinged (ICMP) to see what IPs are in use/live, this scan/ping also enables opAddress to retrieve "fresh" MAC address information from your router's ARP tables via NMIS and SNMP.  The MAC address from the ARP tables and NMIS interface information creates a table of Endpoints and these endpoints are dynamically associated with the known addresses.  We now have a dynamic picture of the addresses, which are/not currently in use (reachbale or unreachable) and we know which endpoint (MAC / host) is using them and we also have a history of addresses used by each endpoint (if the endpoint changes address e.g. a laptop moving between office LANs or to and from WiFi areas). 

The final part of the network scan action is to do a DNS lookup for any live IP addresses found.  We do a PTR (reverse) Record lookup to find a DNS name from an IP address.  Obviously for this to work your DNS services needs to have PTR records recorded. This uses the servers native DNS services to complete this action so DNS needs to be configure on your OS and it needs to be able to access suitable DNS services in your organisation.  If you have windows servers providing DHCP services in your organisation then they should provide dynamic PTR records for DHCP leases which is very useful, so make sure your server can access these DNS resources.

 

  • Daily Information Imported from OAE and NMIS

    • Interface listing for each host

      • IP address
      • Subnet Mask
      • interface details such as type and speed
    • Subnet information which is inferred from the above which also creates all those included IP addresses in the subnet
    • Device name
    • Location information
    • Gateways - if the device has two or more interfaces and has location information it is added a gateway for it's subnets.

NOTES \ CAVEATS

for OAE / NMIS imports (as of release 1.0.5)

    • The time and frequency of the import is controlled through cron (/etc/cron.d/opaddress) the default being at 01:11 and 01:21. 
    • OpenAudit must be Enterprise edition as we make use of the API feature for import
    • Gateways are only added if they have a location
    • NMIS import is only known to work with localhost not remote hosts (it may operate for opHA enabled servers but not currently tested ver1.0.5)

  • 30 minute interval subnet_scan process

    • Every IP address in every known subnet is pinged

      • This is done in batches of 50 addresses to limit impact
      • At the start of each subnet scan the ARP tables of the gateways for that subnet are queried for MAC addresses and created as endpoints
    • If a live IP is found 

      • The address "Operational Status" is changed to "reachable"

      • The address "Administrative Status" is changed - what it changes to is configurable in opCommon.nmis  / 'opaddress_default_address_state'.  I recommend changing this to "allocated" from the default undef/"unkonwn"

      • The address is associated with a MAC address from the endpoint table if an ARP entry is available for it

    • At the end of the subnet_scan the DNS lookups are completed for the live IPs to attempt to find a name.  

    • NOTES:

      • The subnet will only be scanned if it's "admin status" is "allocated" or "unallocated" 
        • auto added subnets default to Allocated
        • manually added subnets default to unknown or rather the dropdown when adding subnets manually defaults to unknown.
        • If you do not want an automatically added subnet to be scanned then change the admin status to something such as delegated or unmanaged.
      • An IP address will NOT be pinged if the address has had it's "administrative status" changed to "unmanaged", "delegated" or "reserved"
  • Manually Entered data

    • Subnets (typically those not found by import from OAE and NMIS) are the primary information one would manually add.
      • You must at this time enter the subnet in CIDR notation (x.x.x.x/y) for both the NAME field and the Subnet field.
      • You should change the subnets administrative status from "unknown" to "allocated" or "unallocated" if you would like it to be scanned else if you do not want it scanned change it to "delegated" or "unmanaged" or leave it as "unknown"
      • The adding of a subnet will create it;s addresses in the address table.
    • You can add IP address information manually

 

 

 

  • No labels