4 Replies Latest reply on Feb 13, 2012 11:56 AM by Dogeron

    Discovery mis some devices

    r6hcmc

      Having a /24 subnet not all active devices comes up with the discovery running every 4 hours. The discovery is set to use ICMP and SNMP with no 'neighbor discovery'.
      I have noticed, if I do a manual PING from any device towards a missing device in the subnet, it is discovered on the next IPAM discovery. Off course this is very annoying giving a wrong picture off 'used addresses' - the reason to use IPAM !

      I have consulted one of our Router guys. He think the problem is, that IPAM sends to many ICMP echo request within a very short time frame. What we see is that devices In the ARP-table will seem to answer, but devices not in the ARP-table may fail to answer and get ‘Transient’, because the Router/Firewall have reached the ‘Maximum Unresolved hosts’ and drops the ICMP echo request.


      Below are the statistics from the Router/Firewall during the IPAM subnet scan. The two last red lines indicates the problem. The number off Unresolved hosts have reached the maximum, so further resolving will be dropped.
      VNOASA# sh arp statistics
              Number of ARP entries in ASA: 588

              Dropped blocks in ARP: 2720894
              Maximum Queued blocks: 111
              Queued blocks: 100
              Interface collision ARPs Received: 0
              ARP-defense Gratuitous ARPS sent: 0
              Total ARP retries: 8393217
              Unresolved hosts: 100
              Maximum Unresolved hosts: 100


      Short after the scan have finished the statistics looks like below. Now I can do a manual ping off one off the ‘Transient’ devices and the Router/Firewall will resolve and put it in the ARP table. Now IPAM also changes the status to ‘Used’ after a new scan:
      VNOASA# sh arp statistics
              Number of ARP entries in ASA: 588

              Dropped blocks in ARP: 2721166
              Maximum Queued blocks: 111
              Queued blocks: 10
              Interface collision ARPs Received: 0
              ARP-defense Gratuitous ARPS sent: 0
              Total ARP retries: 8394348
              Unresolved hosts: 10
              Maximum Unresolved hosts: 100


      I would like to be able to ‘Slow down’ the scannings.