Monday, November 10, 2014

DNS Configuration Best Practices for Network Management

In my previous post, "Why DNS is vital for Network Management success - Part 1" I've described the importance of a solid DNS system for successful network management.

In this post I will present the Best Practices of DNS configuration for Network Management


Typically, Microsoft servers and workstations are capable of self-registration to a DNS server which is part of an Active Directory server. Other IT assets may not have such functionality, therefore it is important to add a DNS record(s) for each IT asset that needs to be managed.

DNS Configuration Best Practices:


1. A device with a single network interface with a single IP address needs 2 record types:
  •     A record (also known as Forward Lookup) - from a hostname to an IP address
  •     PTR (also known as Reverse Lookup) from an IP address to a hostname
Example: A network switch that has no routing enabled (Layer 2 only)

Below is an example of how to configure both of the records for a new device via the Microsoft DNS
configuration tool:

2. A device that has multiple IP addresses (also called multi-homed) but communicates with the management system via only one of them - same as above.
Example: A server with several IP addresses.

3.  A device that has multiple IP addresses and communicates with the management system via several IP addresses (not advisable, but can happen) requires 2 record types for each IP address that is communicating with the management station.

Example: A router or firewall that uses one IP address for responding to SNMP queries but sends Syslog alerts and/or SNMP traps via another IP address.

How DNS can help with network troubleshooting ?

Some network engineers configure unique names for interfaces of routers to have a more read-able trace route output.

In cases where unique naming required per each IP address of a router, it is very common to use forward and reverse records for the main IP address (normally the loopback) and configure only reverse lookup (PTR) records for other interfaces that point to the name of the router.
Example:

Hop    (ms)    (ms)    (ms)             IP Address        Host name
1       17           0          0             8.9.232.73         8-1-18.ear1.dallas1.level3.net 
2       122       122       122          4.69.145.126     vlan70.csw2.dallas1.level3.net 
3       120       120       120          4.69.151.146     ae-73-73.ebr3.dallas1.level3.net 
4       *             *          *              - 
5       120       120       120          4.69.132.86      ae-2-2.ebr1.washington1.level3.net 
6       122       121       121          4.69.134.142    ae-91-91.csw4.washington1.level3.net 
7       121       121       121          4.69.134.157    ae-92-92.ebr2.washington1.level3.net 
8       120       120       121          4.69.137.61      ae-44-44.ebr2.paris1.level3.net 
9       120       120       120          4.69.143.141    ae-47-47.ebr1.frankfurt1.level3.net 
10     120       125       120          4.69.140.6        ae-71-71.csw2.frankfurt1.level3.net 
11      121       121       121          4.69.154.72     ae-2-70.edge4.frankfurt1.level3.net 
12     122       122       122          212.162.5.162   



Why would you need to configure 2 records for each IP address?

Most network management software systems insist on using reverse lookup to verify the IT asset names and IP addresses. Failing to have both records per device, can lead to the network management software performance issues such as long discovery and polling times, delays in processing SNMP traps etc.

Yigal Korolevski, KMC Technologies http://www.nms-guru.com

Friday, November 7, 2014

How Network Discovery Works - Part 1

How Network Discovery works - Part 1

In the early 90's, HP Network Node Manager has been one of the pioneers in utilizing a network discovery algorithm to identify network nodes and their topology. The discovery algorithm has been registered as a US Patent by HP.

Basically, in NNM 3.0 till NNM 7.x the discovery algorithm used to work as follows:
  • The NNM server own IP configuration was used to determine the discovery targets ( based on IP
    address, subnet mask and default gateway).
  • A ping sweep has been initiated to identify all responding IP addresses
  • All responding addresses were queried via SNMP to make sure they can communicate with NNM
  • All the nodes that responded to SNMP were queried for interesting tables:  System, ARP, Interfaces.
  • Node types and their vendor have been identified according to their response to SNMP system ObjectID (Router, Bridge, Computer) 
  • Nodes that were identified as Routers were queried for their routing tables.
  • Then the process of identifying new devices was repeated for any additional IP segment discovered by the previous step
Network administrators could control the network discovery by placing filters and various
limits to ensure it would not run forever and discover the entire Internet
(in 1995 it was still possible :) ).

The NNM map used to look like the picture below:

As networks became more complex and new technologies and protocols were added, this algorithm has been modified and adapted to handle VLANs, CIDR and various Layer 2 technologies, however it became too limited to handle newer technologies such as virtual interfaces and multi-link protocols (EtherChannel, 
MLT, SMLT etc) and also it was quite challenging to display the new topology using the outdated map based on old X/Motif technology (later ported to Windows as well).

In "How Network Discovery Works - Part 2" I will discuss the latest advances in this field

Yigal Korolevski, KMC Technologies http://www.nms-guru.com