Sorry if this has been answered before: did some searches with certain patterns, and could not find a good answer, so here it goes:
Could someone please point me to the right place (RTFM) that describes in detail the methodology used by IPAM, for discovery, for each option available? I have three major concerns, prior to launching this process "against" a very large network:
- performance on the appliance(s) running the discovery, themselves
- how far could the IPAM "discover" the network, on its own (if at all), beyond what I define to be used (e.g. could it pull routing tables and move/traverse the network?)
- if the method of some discovery option(s) is similar to nmap, then certain end points could suffer their own performance problems (happened previously, when certain combination of parameters have been used with nmap)
10-14-2015 01:11 PM
There are two methods of discovery in NIOS - what I would term the "standard" discovery, and then the "enhanced" discovery methods. Standard is built into the platform and you can find the details in the NIOS 7.2 admin guide page 595 "Chapter 14 IP Discovery and vDiscovery". Essentially it uses a combination of ping sweeps, netbios scans and tcp port scans on the networks that you select for discovery. In other words, it doesn't automatically crawl through subnets as defined by boundaries. You need to specify what networks you want to discover.
The enhanced version uses Network Insight (NI) and that uses a combination of snmp/cli to extract info from network devices to discover a subnet. With NI you can define boundaries for it to discover and it will go ahead and do just that. You can also select whether you want to perform nmap fingerprinting on end hosts or not.
I suspect NI will fulfill most of your requirements.
10-14-2015 01:52 PM
Thank you for your quick reply. Running version 6.12.8.
Hmmm ... I need to look further into the options, to try and find what you mentioned here. I want to control the discovery to the point that I feed it a set of subnets, with different boundaries, and it limits itself to ICMP. No SNMP, no NetBIOS, no...