When you perform a discovery, you can choose any or all of the following discovery methods:
These methods actively scan predefined networks and probe IP addresses. The appliance listens for responses from the IP addresses as proof of activity. The IP discovery scans through the specified network ranges and probes IP addresses (except for the network, broadcast, and multicast address types) in each network, including the /31 and
/32 subnets. Note that addresses in the /31 and /32 subnets can be used only as source addresses for point-to-point links and loopbacks. In these cases, no broadcast or network addresses exist in the /31 and /32 subnets, and the appliance can discover source addresses in these subnets.
Infoblox does not recommend using vendor default SNMP credentials on network devices. Should you need to use vendor defaults for a given device type, you enter those values in the list of SNMP credentials on the Grid Master.
Network Insight supports discovery of devices and networks through SNMPv1/v2c and through SNMPv3 protocols. Discovery acquires information from standard SNMP MIB object IDs (OIDs) to correctly identify and catalogue devices. You enter or import lists of SNMP credentials with which the appliances query devices on the network to perform discovery.
SNMPv1 and SNMPv2c protocols are combined into a set termed SNMPv1/v2 for discovery. SNMPv1/v2 discovery requires standard read community strings to be stored on the Grid Master.
Accounts using SNMPv3 use a standard suite of authentication and security protocols. If Network Insight uses SNMPv3 to collect data from devices supporting the protocol, you can define specific user credentials with combinations of authentication and protocol support, and the unique keys for each protocol. Network Insight also supports multiple entries for the same username string, enabling checking of similar SNMPv3 credentials that use different authentication and security protocols.
Some devices found by discovery may not have known SNMP credentials or credentials that are entered into the sets of SNMP credentials defined for discovery.
SNMP Credentials from the Grid or from the Member credential list are always tried in the specified order unless a credential is associated with a host, fixed address or reservation being discovered.
CLI is optional for discovery but is required for all Port Control operations. Discovery can perform CLI data collection to collect information for specific device types. SNMP is required for all device discovery.
Network Insight enables the use of dynamically created and closed Telnet and SSH command-line sessions to log in, query, and configure ports using each device's command-line syntax. Network Insight does so without requiring extensive configuration from the user. You need to provide known admin account login information and any Enable passwords for devices in the networks to be discovered. CLI credentials are required for port reservation and port configuration operations under Grid Manager. You enter CLI credentials under Grid Discovery Properties (Grid –> Grid Manager –> click Edit –> Grid Discovery Properties) to be inherited by discovery Probe members, and as necessary for each discovery Probe member. You can also override them for individual IPAM objects (fixed addresses, hosts and IPv4 reservations) and test the CLI credentials against devices for correctness. For more information, see Testing SNMP and CLI Credentials.
Discovery uses different variations of Ping traces to perform higher-performance, brute-force device discovery. ICMP is the last resort when devices do not support SNMP management protocols or an SNMP credential is lacking.
The ICMP Smart Ping Sweep option enables brute-force subnet Ping sweeps on IPv4 networks. Subnet ping sweeps are used as a last resort in the discovery process. A subnet ping sweep is performed if Network Insight is unable to identify any network devices in a given subnet. Subnet ping sweeps are performed no more that once per day, and will end the ping sweep on a given subnet once Network Insight discovers a network device and is able to collect data from it. You can configure the timeout value (Ping Sweep Timeout) and the number of attempts (Ping Sweep Attempts).
Smart subnet ping sweeps are not performed on subnets larger than /22. Ping sweeps of any kind do not apply on IPv6 networks because of the greater scale of network addresses in the IPv6 realm.
Complete Ping Sweep differs from the Smart Subnet ping sweep in the following ways:
Discovery also performs automatic Ping traceroutes when needed for path collection. Path collections run without user intervention or configuration.
TCP scanning probes each active host on a list of TCP ports using TCP SYN packets. This method detects all active hosts that generate SYN ACK responses to at least one TCP SYN. The discovery can determine the OS on a host by analyzing how the host reacts to the requests on opened and closed ports. It then uses the TCP fingerprints to guess the OS. To obtain a TCP fingerprint, IP discovery provides two scanning techniques, SYN and CONNECT.
When you use the SYN technique, the discovery sends a TCP SYN packet to establish a connection on a TCP port. If the port is open, the host replies with a SYN ACK response. The discovery does not close the port connection.
The CONNECT technique is a three-way TCP handshake. The discovery starts with the same process as the SYN technique by sending the TCP SYN packet. A response containing a RST flag indicates that the port is closed. If the host replies with a SYN ACK response, discovery sends a RST packet to close the connection. If there is no reply, the port is considered filtered. TCP scanning is a deliberate and accurate discovery method, enabling detection of all active hosts on a network provided that there are no firewalls blocking TCP packet exchanges.
You can choose the TCP ports and the TCP scanning technique in the Grid Discovery Properties editor. This method returns the following information for each detected host:
To use the TCP discovery method, the TCP port and a specific set of ports between the Probe member and the discovered networks must be unfiltered. The default set of ports is defined by the factory settings.
By enabling port scanning, Network Insight probes the list of TCP ports enabled in the Advanced tab, to determine whether they are open. You can control some settings for port scanning behavior, including the choice of a TCP scanning technique.
The Profile Device option uses the editable list of TCP protocol ports from the Grid Discovery Properties –> Polling –> Advanced tab as its profile, and polls each of the ports enabled in that list, using the configured timeout value and the number of polling attempts for each port.
For more information, see Defining Seed Routers for Probe Members.
Should you disable Port Scanning, discovery attempts no port probes other than SNMP on any device.
The NetBIOS method queries IP addresses for an existing NetBIOS service. This method detects active hosts by sending NetBIOS queries and listening for NetBIOS replies. It is a fast discovery that focuses on Microsoft hosts or non-Microsoft hosts that run NetBIOS services.
NetBIOS discovery returns the following information for each detected host:
To use the NetBIOS discovery method, ports 137 (UDP/TCP) and 139 (UDP/TCP) between the Grid member performing the discovery and the target networks must be unfiltered.
The following table summarizes the supported discovery methods:
|Discovery Type||Returned Data||Guideline||Mechanism|
|Apply on known subnetworks on which no devices are readily found. Limited to networks of /22 and smaller.||ICMP echo request and reply.|
|Complete Ping |
Last resort for discovery. Use ICMP for a rough and fast discovery. Enables path tracing.
|ICMP echo request and reply, ICMP traceroute.|
Use NetBIOS for discovering Microsoft networks or non-Microsoft networks that run some NetBIOS services
NetBIOS query and reply.
|TCP||Use TCP for an accurate but slow discovery||TCP SYN packet and SYN ACK packet.|
|Port Scanning/ |
|Disabled by default, use for non-SNMP devices.||Scans specified list of TCP ports, using TCP SYN packet.|
|Most important protocols for discovery. Ensure you have the SNMP credentials necessary for probing devices using SNMP.||Queries and collects system OIDs such as SysDescr and sysUpTime.|
|CLI (Device Command-Line by Telnet or SSH)|
Requires correctly defined admin login tuples and Enable passwords where needed for device types.
You may test credentials against devices and assign CLI credentials to individual objects, overriding Grid-level and Network-level credential settings.
|Uses standard device-language scripts and configured Telnet or SSH connection settings to collect discovery data.|
|vDiscovery||Add the VMware vSphere servers on which you want to perform the vDiscovery.|
For information about how execute a vDiscovery, see Configuring vDiscovery Jobs.
The appliance communicates with the vSphere servers to collect discovery data on virtual machine instances.
This page has no comments.