41 views

Symptoms


Servers from one region are showing IP connection::IP connection with multiple different switches and routers that does not seem to be valid.

  • One server  has IP Connection :: IP connection relationship with more than 100 routers.
  • Most of these routers are located in a different region when compared to servers

 

Release


Kingston, Jakarta

Cause


If you look at the SNMP-Routing input, You can see the following input from the switch. From this we create a router interface with dest_ip_network as 10.0.0.0/8

<ipRouteEntry instance=".10.0.0.0"> 
<ipRouteIfIndex type="SnmpInt32">76</ipRouteIfIndex> 
<ipRouteDest type="SnmpIPAddress">10.0.0.0</ipRouteDest> 
<ipRouteMask type="SnmpIPAddress">255.0.0.0</ipRouteMask> 
<ipRouteNextHop type="SnmpIPAddress">0.0.0.0</ipRouteNextHop> 
<ipRouteType type="SnmpInt32">3</ipRouteType> 
</ipRouteEntry>

 

-when discovery completes it will generate a discovery device complete event. Then, that event will trigger a script action, which will call the script include, which is the "L3 Mapping script". In that logic, it will search the dscy_route_interface table for hi_ip and lo_ip.


-So, if you are scanning any computers or servers that fall with in these ranges, you will get these "IP connection::IP connection" relationships created between those devices to this switch accordingly.

-In some cases, this may be a valid route on the switch because of the configuration of the switch. You can ignore this by making some modifications to L3 Mapping script include.

Resolution


If you would like to ignore this dest_ip_network, please add the following line in L3 Mapping script include to ignore the dest_ip_network 10.0.0.0/8 as it will have huge range(10.0.0.1-10.255.255.255). As said above, if you are scanning any server which is in range (10.0.0.1-10.255.255.255), it will create a IP connection::IP connection with the router. 

Please add the following to ignore this dest_ip_network

after below line (around 98): 

var gr = new GlideRecord("dscy_route_interface"); 

add: 
gr.addQuery("dest_ip_network","!=","10.0.0.0/8");

 

Article Information

Last Updated:2018-08-31 16:47:29
Published:2018-08-31