6.2.2 Creating auto-discovery rules
- Organization of this subsection
(1) Configuring auto-discovery rules
When you configure auto-discovery rules, you specify the following:
Auto-discovery rule ordering
What devices to exclude from discovery
Whether to use Ping sweep
What discovery seeds, if any, to use
(2) Auto-discovery rule ordering
The value of an auto-discovery rule's Ordering attribute affects discovery ranges in the following ways:
IP address ranges
If a device falls within two auto-discovery rules, the settings in the auto-discovery rule with the lowest ordering number apply. For example, if an auto-discovery rule excludes a set of IP addresses, then no other auto-discovery rules with higher ordering numbers process those nodes and the nodes within that range of addresses are not discovered unless they are listed as discovery seeds.
System object ID ranges
- If no IP address range is included in an auto-discovery rule, then the system object ID settings apply to all auto-discovery rules with higher ordering numbers.
- If an IP address range is included in an auto-discovery rule, the system object ID range applies only within the auto-discovery rule.
(3) Excluding devices from discovery
To prevent discovery of certain object types, you can create an auto-discovery rule with a low ordering number that ignores the system object IDs that you do not want discovered. Do not include an IP address range in this rule. By giving such an auto-discovery rule a low ordering number, the discovery process quickly passes by the objects that satisfy this rule.
The Ignored by rule setting for an IP address range or a system object ID range affects that auto-discovery rule only. The devices included in an ignored range are available to be included in another auto-discovery rule.
The addresses listed on the Excluded IP Addresses tab of the Discovery Configuration form apply to all auto-discovery rules. Unless they are configured as discovery seeds, these addresses are never added to the NNMi topology. (Discovery seeds are always discovered.)
- Note
Some networks use routing protocols such as Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) to provide router redundancy. When routers are configured in a router redundancy group (RRG), the routers in the RRG share a protected IP address (one active and one standby). NNMi does not support discovery and management of multiple RRGs configured with the same protected IP address. Each RRG must have a unique protected IP address.
(4) Ping sweep
You can use Ping sweep to locate devices within the IP address ranges of the configured auto-discovery rules. For initial discovery, you might want to enable Ping sweep for all rules. Doing so provides enough information to NNMi discovery that you do not need to configure discovery seeds.
- Note
Ping sweep works for subnets of 16 bits or smaller, for example, 10.10.*.*.
Ping sweeps are especially useful for discovering devices across a WAN that you do not control, such as an ISP network.
Because firewalls often regard Ping sweeps as attacks on the network, a firewall might block all traffic from a device that emits Ping sweeps.
- Tip
Enable Ping sweep for small discovery ranges only.
(5) Discovery hints from SNMP traps
NNMi processes the source IP addresses of received SNMP traps as hints to auto-discovery rules. For details about SNMP trap incidents, see NNMi Help for Administer.
(6) Discovery seeds for auto-discovery rules
Provide at least one discovery seed per auto-discovery rule. The options for providing the seeds are listed below. Specify one or a combination of these discovery seeds.
Enter seeds on the Discovery Seed form by clicking Seeds under Discovery in the Configuration workspace.
Use the nnmloadseeds.ovpl command to load information from a seed file.
Enable Ping sweep for the rule, at least for initial discovery.
Configure a device to send SNMP traps to the NNMi management server.
(7) Best practices for auto-discovery rules
Because NNMi automatically manages all discovered devices, use IP address ranges that closely match the areas of the network that you want to manage.
- You can use multiple IP address ranges within an auto-discovery rule to restrict discovery.
- You can add a large IP address range to an auto-discovery rule and then exclude from discovery some IP addresses that are within that rule.
The system object ID range specification is a prefix, not an absolute value. For example, the range 1.3.6.1.4.1.11 is the same as 1.3.6.1.4.1.11.*.
(8) Examples
- Discovery rule overlap
Figure 6-1 shows two discovery ranges that overlap. The circle on the left represents an IP address range or a system object ID range to be ignored by NNMi discovery. The circle on the right represents an IP address range or a system object ID range to be discovered and included in the NNMi topology. The overlapping region might be included or ignored by discovery, depending on the ordering of the auto-discovery rules.
Figure 6‒1: Overlapping discovery ranges - Limit device type discovery
To discover all HP devices in your network that are not printers, create one auto-discovery rule with a range to include the HP enterprise system object ID (1.3.6.1.4.1.11). In this auto-discovery rule, create a second range to ignore the system object IDs of HP printers (1.3.6.1.4.1.11.2.3 9). Leave the IP address range unset.