More discussions in Orion IP Address Manager Feature RequestsWhere is this place located?
4 Replies Latest reply: Feb 13, 2012 10:56 AM by Dogeron RSS

Discovery mis some devices

r6hcmc
r6hcmc Dec 19, 2011 5:40 AM
Currently Being Moderated

Having a /24 subnet not all active devices comes up with the discovery running every 4 hours. The discovery is set to use ICMP and SNMP with no 'neighbor discovery'.
I have noticed, if I do a manual PING from any device towards a missing device in the subnet, it is discovered on the next IPAM discovery. Off course this is very annoying giving a wrong picture off 'used addresses' - the reason to use IPAM !

I have consulted one of our Router guys. He think the problem is, that IPAM sends to many ICMP echo request within a very short time frame. What we see is that devices In the ARP-table will seem to answer, but devices not in the ARP-table may fail to answer and get ‘Transient’, because the Router/Firewall have reached the ‘Maximum Unresolved hosts’ and drops the ICMP echo request.


Below are the statistics from the Router/Firewall during the IPAM subnet scan. The two last red lines indicates the problem. The number off Unresolved hosts have reached the maximum, so further resolving will be dropped.
VNOASA# sh arp statistics
        Number of ARP entries in ASA: 588

        Dropped blocks in ARP: 2720894
        Maximum Queued blocks: 111
        Queued blocks: 100
        Interface collision ARPs Received: 0
        ARP-defense Gratuitous ARPS sent: 0
        Total ARP retries: 8393217
        Unresolved hosts: 100
        Maximum Unresolved hosts: 100


Short after the scan have finished the statistics looks like below. Now I can do a manual ping off one off the ‘Transient’ devices and the Router/Firewall will resolve and put it in the ARP table. Now IPAM also changes the status to ‘Used’ after a new scan:
VNOASA# sh arp statistics
        Number of ARP entries in ASA: 588

        Dropped blocks in ARP: 2721166
        Maximum Queued blocks: 111
        Queued blocks: 10
        Interface collision ARPs Received: 0
        ARP-defense Gratuitous ARPS sent: 0
        Total ARP retries: 8394348
        Unresolved hosts: 10
        Maximum Unresolved hosts: 100


I would like to be able to ‘Slow down’ the scannings.

  • 201 Views

Actions

More Like This

  • Retrieving data ...