4 Replies Latest reply on Jun 3, 2016 6:38 AM by john.ta

    SolarWinds NPM Deployment in Large Networks with Conflicting Subnets

    uno.okon@dexcent.com

      Hello Experienced Users

       

      I am presently developing design recommendation for the deployment of solarwinds NPM/SAM/NTA in a large network environment with conflicting subnets.

       

      DETAILS

      1. The network comprise of multiple zones - each with exact same IP Schema (same subnet addresses)

      2. SolarWinds Orion NPM server will reside in a "central network" with a subnet that is distinct from the zones mentioned above

      3. Option #1 - Subnet where the Orion NPM server resides would tie back to each zone using a Firewall

      4. Option #2 - The Orion NPM server would have multiple NICs that taps into the network in each zone

      NOTE: I am aware with Option #1, NAT could be used to make the subnet in each zone appear different to the Orion NPM server

       

      QUESTIONS

      1. Is there any means of making NPM installation manage devices that have same IP addresses? (Sounds strange!)

      2. If I position additional polling engine in each zone - does this help?

      NOTE: I am assuming that it is only the polling functions that requires unique IPs? So if additional polling engines are placed in each zone they poll their respective zones simultanously without issues. After polling the devices, the polling engines will pass collected information across to the SQL database. Does the SQL database uniquely identifies each device using configured "names" OR "IP address"? If it is using configured names, then the SQL database should be fine - despite conflicting IPs (not sure!). Though I am thinking they may be issues with report generation.

       

      Kindly send me your thoughts. I would like to get to get your experienced counsel/opinion before ruling this possibility out and requesting for Firewalls (as per Option #1 above)

       

      Best Regards

        • Re: SolarWinds NPM Deployment in Large Networks with Conflicting Subnets
          john.ta

          Strictly from a networking perspective, you cannot have conflicting subnets on the same network.  If you were to have two nodes with IP 10.1.1.1 how would Solarwinds know which 10.1.1.1 you were talking about in a given instance?  It would send the packet to gateway and gateway would look in routing table and can only have one place to send 10.1.1.1.  In an advanced configuration you could have Solarwinds server with multiple NICs attached to different networks, but you would have same problem where server could only send it one place.  Ultimately, you don't have a Solarwinds issue but a networking issue requiring a networking answer - which is NAT.  You will need to choose which network to keep as-is and which one to NAT to different IP space.  As per your last comment this function doesn't need to be performed by a firewall, just a router would do.  Once you have NAT in your environment then that would solve your Solarwinds issue as well.  Hope that makes sense!

          • Re: SolarWinds NPM Deployment in Large Networks with Conflicting Subnets
            sean.martinez

            We have built in logic where our software will state that the same IP address is already being managed. You would have to have different IPs for each system. You can use multiple NICs, I do this already, so you could in create a Management VLAN with management IPs for the systems that are the duplicate IPs.

             

            Only the IP Address Manager has the capability to monitor Duplicate IP subnets, but this is because we are contacting the DHCP server for the data and not actually contacting the devices.

            • Re: SolarWinds NPM Deployment in Large Networks with Conflicting Subnets
              RichardLetts

              You can do this with additional polling engines -- one per zone with each APE has a network card in the 'zone', and another network card that can talk back to the main polling engine and central SQL server.

              [you may have to play around with routing tables under windows to get this working perfectly]

               

              you can have multiple nodes with the same IP address on different polling engines, and NPM will work properly on polling.

              (I use this for pulling data from specific VRFS that is not in the common part of the MIB)

               

              I have not tested if syslog and trap handling work correctly (i.e. if the trap reciver on an APE uses the API engine ID and the IP address pair correctly -- that would be a bug and support case if not)