Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Netdisco 2 release ? (?ern? Lubom?r (UNP-SSC))
2. Re: Netdisco 2 release ? (Oliver Gorwits)
3. Re: ND2 strange node behaviour (Nikolaos Milas)
4. Dealing with VLANs (Simon Hobson)
5. Checkpoint Firewall - No ARP cache polling since upgrade from
IPSO to GAiA OS (Tobias Gerlach)
6. Re: Checkpoint Firewall - No ARP cache polling since upgrade
from IPSO to GAiA OS (Tobias Gerlach)
7. Improving PostgreSQL performance with Netdisco 2 (Oliver Gorwits)
8. Re: Dealing with VLANs (Oliver Gorwits)
--- Begin Message ---
Hi folks.
Is there any ND2 release available ? Or still there is no public release ?
Thx.
Lubomír Černý
--- End Message ---
--- Begin Message ---
On 2014-03-21 06:37, Černý Lubomír wrote:
Hi folks.
Is there any ND2 release available ? Or still there is no public
release ?
The release is public, here: https://metacpan.org/pod/App::Netdisco
We support and actively develop ND2, so please go ahead and install it.
However ND2 is not yet the "official" version on netdisco.org. We still
have a small number of items to finish off, before that.
I hope that answers the question?
regards,
oliver.
Thx.
Lubomír Černý
--- End Message ---
--- Begin Message ---
On 20/3/2014 10:17 μμ, Nikolaos Milas wrote:
I have confirmed exactly the same behavior on a cisco / 296024TT.
In the meantime, I confirmed the same issue on practically all our
switches (35 Cisco switches of various types) monitored by ND2. (ND1
works fine.)
Nick
--- End Message ---
--- Begin Message ---
Up till now it's not been an issue as the only site I had using VLANs (and
Netdisco) was a "all VLANs go to all switches" setup and the map for that bit
of the network just looks like a star with the core switch/router in the
middle. But, I'm just looking at our own office where things are somewhat more
complicated.
At present we've got several networks - all with their own separate sets of
switches with no VLANs in use.
Because of a change that's just happened, and one coming up, I'm now looking at
adding VLANs into the mix - but it makes the map into a bit of a mess. For
starters, there's a switch which is outside of our border routers, and I've
split it so management is on the internal network (for now, I'll probably add a
dedicated management LAN sometime). So now the net map shows a topology that
doesn't really reflect reality (in terms "where can traffic flow"), and when I
get a few more changes done will be very confusing with lots of loops.
So what do others do ? And does Netdisco 2 change any of this ?
I suppose, for some things, a "show me only VLAN X" option would be good.
--- End Message ---
--- Begin Message ---
Hello,
we have a lot of Checkpoint Firewalls in our network and we need to
upgrade all of them from old IPSO to new GAiA OS.
After the update the sysObjectID changed in GAiA to generic
NET-SNMP-MIB::netSnmpAgentOIDs:
netdisco@server:/usr/local/netdisco$ snmpwalk -v2c -c community
<firewall> sysObjectID
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
Netdisco classifies that device now as SNMP::Info::Layer3::NetSNMP,
which is from NDs point of view probably right, and not
longer as a SNMP::Info::Layer3 device. Arpnip skipped now for that
SNMP::Info class:
"arpnip: status done: Skipped arpnip for device 4.3.2.1/32 without OSI
layer 3 capability"
It is mandatory for us to still receive that ARP cache informations.
arpnip on an IPSO OS:
netdisco@server:/usr/local/netdisco$ netdisco-do arpnip -D -d <firewall>
[22770] info @0.000011> arpnip: started at Wed Mar 26 15:55:25 2014
[22770] debug @0.308176> [1.2.3.4] try_connect with ver: 2, class:
SNMP::Info::Layer3, comm: community
[22770] debug @3.563709> [1.2.3.4] check_mac - HSRP mac
[00:00:0c:07:ac:01] - skipping
[22770] debug @3.607635> resolving 222 ARP entries with max 50
outstanding requests
[22770] debug @4.834284> resolving 0 ARP entries with max 50
outstanding requests
[22770] debug @5.033101> [1.2.3.4] arpnip - found subnet 10.1.0.0/24
[22770] debug @5.033640> [1.2.3.4] arpnip - found subnet 10.2.0.0/24
[22770] debug @5.034073> [1.2.3.4] arpnip - found subnet 10.3.0.0/24
[22770] debug @5.043985> [1.2.3.4] arpnip - found subnet 10.4.0.0/24
[22770] debug @6.300389> [1.2.3.4] arpnip - processed 222 ARP Cache entries
[22770] debug @6.300689> [1.2.3.4] arpnip - processed 0 IPv6 Neighbor
Cache entries
[22770] debug @6.404250> [1.2.3.4] arpnip - processed 28 Subnet entries
[22770] info @6.408395> arpnip: finished at Wed Mar 26 15:55:31 2014
[22770] info @6.408656> arpnip: status done: Ended arpnip for 1.2.3.4
netdisco@server:/usr/local/netdisco$ snmpwalk -v2c -c community
<firewall> sysObjectID
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.94.1.21.2.1.146
netdisco@server:/usr/local/netdisco$
arpnip on an GAiA OS:
netdisco@server:/usr/local/netdisco$ netdisco-do arpnip -D -d <firewall>
[22759] info @0.000012> arpnip: started at Wed Mar 26 15:52:37 2014
[22759] debug @0.320897> [4.3.2.1] try_connect with ver: 2, class:
SNMP::Info::Layer3::NetSNMP, comm: community
[22759] info @0.992697> arpnip: finished at Wed Mar 26 15:52:38 2014
[22759] info @0.993051> arpnip: status done: Skipped arpnip for
device 4.3.2.1/32 without OSI layer 3 capability
netdisco@server:/usr/local/netdisco$
Any ideas to fix that issue?
Thanks a lot in advance!
Regards Tobias
--- End Message ---
--- Begin Message ---
Meanwhile I got an official statement from Checkpoint regarding this
not nice sysObjectID behavior:
"Check Point operating systems (SecurePlatform/Gaia) do not provide a
sysObjectID as it appears in the RFC 1213.
Per RFC 1213, sysObjectID OID is "The vendor's authoritative
identification of the network management subsystem contained in the
entity. This value is allocated within the SMI enterprises subtree
(1.3.6.1.4.1) and provides an easy and unambiguous means for
determining 'what kind of box' is being managed.")
When sending an SNMP Query to Check Point machine with OID
.1.3.6.1.2.1.1.2, the machine returns a reply based on the operating
system used."
I'm not really satisfied with their statement because it makes it much
more difficult for network monitoring tools to identify and discover
Checkpoint devices fully correct.
2014-03-26 16:23 GMT+01:00 Tobias Gerlach <tobi...@gmail.com>:
> Hello,
>
> we have a lot of Checkpoint Firewalls in our network and we need to
> upgrade all of them from old IPSO to new GAiA OS.
> After the update the sysObjectID changed in GAiA to generic
> NET-SNMP-MIB::netSnmpAgentOIDs:
>
> netdisco@server:/usr/local/netdisco$ snmpwalk -v2c -c community
> <firewall> sysObjectID
> SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
>
> Netdisco classifies that device now as SNMP::Info::Layer3::NetSNMP,
> which is from NDs point of view probably right, and not
> longer as a SNMP::Info::Layer3 device. Arpnip skipped now for that
> SNMP::Info class:
>
> "arpnip: status done: Skipped arpnip for device 4.3.2.1/32 without OSI
> layer 3 capability"
>
> It is mandatory for us to still receive that ARP cache informations.
>
> arpnip on an IPSO OS:
> netdisco@server:/usr/local/netdisco$ netdisco-do arpnip -D -d <firewall>
> [22770] info @0.000011> arpnip: started at Wed Mar 26 15:55:25 2014
> [22770] debug @0.308176> [1.2.3.4] try_connect with ver: 2, class:
> SNMP::Info::Layer3, comm: community
> [22770] debug @3.563709> [1.2.3.4] check_mac - HSRP mac
> [00:00:0c:07:ac:01] - skipping
> [22770] debug @3.607635> resolving 222 ARP entries with max 50
> outstanding requests
> [22770] debug @4.834284> resolving 0 ARP entries with max 50
> outstanding requests
> [22770] debug @5.033101> [1.2.3.4] arpnip - found subnet 10.1.0.0/24
> [22770] debug @5.033640> [1.2.3.4] arpnip - found subnet 10.2.0.0/24
> [22770] debug @5.034073> [1.2.3.4] arpnip - found subnet 10.3.0.0/24
> [22770] debug @5.043985> [1.2.3.4] arpnip - found subnet 10.4.0.0/24
> [22770] debug @6.300389> [1.2.3.4] arpnip - processed 222 ARP Cache entries
> [22770] debug @6.300689> [1.2.3.4] arpnip - processed 0 IPv6 Neighbor
> Cache entries
> [22770] debug @6.404250> [1.2.3.4] arpnip - processed 28 Subnet entries
> [22770] info @6.408395> arpnip: finished at Wed Mar 26 15:55:31 2014
> [22770] info @6.408656> arpnip: status done: Ended arpnip for 1.2.3.4
> netdisco@server:/usr/local/netdisco$ snmpwalk -v2c -c community
> <firewall> sysObjectID
> SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.94.1.21.2.1.146
> netdisco@server:/usr/local/netdisco$
>
> arpnip on an GAiA OS:
> netdisco@server:/usr/local/netdisco$ netdisco-do arpnip -D -d <firewall>
> [22759] info @0.000012> arpnip: started at Wed Mar 26 15:52:37 2014
> [22759] debug @0.320897> [4.3.2.1] try_connect with ver: 2, class:
> SNMP::Info::Layer3::NetSNMP, comm: community
> [22759] info @0.992697> arpnip: finished at Wed Mar 26 15:52:38 2014
> [22759] info @0.993051> arpnip: status done: Skipped arpnip for
> device 4.3.2.1/32 without OSI layer 3 capability
> netdisco@server:/usr/local/netdisco$
>
> Any ideas to fix that issue?
> Thanks a lot in advance!
>
> Regards Tobias
--- End Message ---
--- Begin Message ---
Hi list,
A couple of users of Netdisco 2 have reported slow poller performance
and high system load.
It seems this is probably caused by the PostgreSQL database not
performing well in the server's default configuration, but it can easily
be addressed.
There is a useful tool which will tune your PostgreSQL configuration
file:
https://github.com/elitwin/pgtune
"pgtune takes the wimpy default postgresql.conf and expands the
database server to be as powerful as the hardware it's being deployed
on. There is no need to build/compile pgtune, it is a Python script."
I hope this helps,
regards,
oliver.
--- End Message ---
--- Begin Message ---
Hi Simon,
On 2014-03-25 15:56, Simon Hobson wrote:
So what do others do ? And does Netdisco 2 change any of this ?
I suppose, for some things, a "show me only VLAN X" option would be
good.
On Netdisco 2's netmap you can filter by VLAN so only devices and links
carrying that VLAN are shown. You can also filter by depth (e.g. show
only four hops from centre device). The map is drawn dynamically for the
device you are looking at, so there's no longer the concept of static
"root" device like in Netdisco 1.
What we would also very much like to do is support "Device Domains"
whereby you can assign devices to logical domains under your management,
perhaps by IP subnet or tagging them in the UI. This feature is still on
the whiteboard but if you want to help us by describing your use case in
more detail, please comment on this tracker item:
https://sourceforge.net/p/netdisco/netdisco2/27/
regards,
oliver.
--- End Message ---
------------------------------------------------------------------------------
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
