Scope.

special for ITNM link Removal

Lab Example by Ken Stone
(December 8, 2010)
IBM Software Services for Tivoli

Introduction:
Online definition
The special table defines management IP addresses. A management
address is an IP address on a device whose only role is to manage the
device. Management addresses do not handle network traffic.

This definition lacks a good example. This STE will cover the
loading of a discovery cache in the lab, visualization in TIP and
review of simple RCA scenario. The removal of a link and how
RCA and visualization can change.

IBM Software Services for Tivoli

3.8 online documentation for scope.special

Link to 3.8 online documentation for scope.special parameters

m_Zones
m_AddressSpace
m_Protocol
m_OutOfBand
m_IsManagement
m_IsValidVirtual

IBM Software Services for Tivoli

Lab Setup:
Collected a discovery failover, and place the files in
$NCHOME/var/precision
Technote for collecting files from running discovery
domain_create.pl to create a test domain if necessary
Set m_UseFailover = 1 in DiscoSchema
$PRECISION_HOME/bin/itnm_start

IBM Software Services for Tivoli

Discovery is complete
Run the stitcher to move the topology from scratchTopology to
model. Depending on the size of the topology, model then sends
the topology to ncim.
Once complete you can view the topology in TIP.

IBM Software Services for Tivoli

./ncp_oql -username admin -latency 444444 -domain NCOMS -service disco

ncp_oql ( IBM Tivoli Network Manager OQL Interface )
Copyright (C) 1997 - 2008 By IBM Corporation. All Rights Reserved. See
product license for details.
IBM Tivoli Network Manager Version 3.8 (Build 56) created by vbenmarq at
09:30:26 Thu Mar 11 GMT 2010
Password:
|voltron0:1.> select count(*) from scratchTopology.entityByName;
|voltron0:2.> go
.
{
Count=2284;
}
( 1 record(s) : Transaction complete )
|1.> insert into stitchers.actions (m_Name) values ('SendTopologyToModel');
|voltron0:2.> go
.
( 0 record(s) : Transaction complete )
|voltron0:1.>

The visualization

In review, the topology sent to model and pushed to ncim.

W e're going to connect to TIP and take a look a simple hopview with
layer 2 connectivity.
W e'll review the components in our test environment.
Review the connectivity that exists
Introduce some polling

IBM Software Services for Tivoli

The components
NcpServerEntity Configured in NcoGateSchema, the IP address
configured for RCA
FW A firewall
Router A router
Review of connectivity

IBM Software Services for Tivoli

|> select * from fullTopology.entityByNeighbor where m_Name like 'Router';

|> go
.
{
m_NbrName='FW1';
m_Name='Router[ GigabitEthernet0/0 ]';
}
{
m_NbrName='FW';
m_Name='Router[ GigabitEthernet0/1 ]';
}
( 2 record(s) : Transaction complete )
|>

ScratchTopology review the links

|> select * from scratchTopology.entityByName where EntityName
like 'Router';
|.> go

IBM Software Services for Tivoli

12

{
RelatedTo=['FW1'];
Status=1;
Address=['','E0:E0:E0:E0:E0:E0','192.180.0.65'];
IsActive=1;
EntityOID='1.3.6.1.4.1.9.1';
EntityName='Router[ GigabitEthernet0/0 ]';
ExtraInfo={
m_SubnetMask='255.255.255.240';
m_RouterLinks=['FW1'];
m_IfDescr='GigabitEthernet0/0';
....
EntityType=2;
}

{
RelatedTo=['FW'];
Status=1;
Address=['','E0:E0:E0:E0:E0:E0','10.10.10.10'];
IsActive=1;
EntityOID='1.3.6.1.4.1.9';
EntityName='Router[ GigabitEthernet0/1 ]';
ExtraInfo={
m_SubnetMask='255.255.255.0';
m_RouterLinks=['FW'];
m_IfDescr='GigabitEthernet0/1';
....
EntityType=2;

SnmpLinkState Poll enabled

The link at FW , connecting to the router goes down. It becomes a
Severity = 5, red, root cause.
In out attempt to use the SnmpLinkState poll against the same link
from the standpoint of the router, the event is yellow, and not found
to be a symptom. On closer examination, it is found to an Snmp
Poll failure, because the main IP address of the router has become
unreachable.
This outage on FW (connecting link to Router) should make the
Router event a symptom

IBM Software Services for Tivoli

15

SnmpLinkState Poll enabled

The NcpServerEntity clearly has another path to the Router. W e
have seen the links in fullTopology, and scratchTopology.
Unseen to us, one of the links is a management link, one carries
actual network traffic. The SnmpLinkState poll can only travel
across the management link.
This explains how the Router is unreachable to the polling station,
yet ITNM topology appears to have an alternate path.

IBM Software Services for Tivoli

17

{
RelatedTo=['FW1'];
Status=1;
Address=['','E0:E0:E0:E0:E0:E0','192.180.0.65'];
IsActive=1;
EntityOID='1.3.6.1.4.1.9.1';
EntityName='Router[ GigabitEthernet0/0 ]';
ExtraInfo={
m_SubnetMask='255.255.255.240';
m_RouterLinks=['FW1'];
m_IfDescr='GigabitEthernet0/0';
....
EntityType=2;
}

insert into scope.special

(
m_Zones,
m_Protocol,
m_IsManagement,
m_OutOfBand,
m_IsValidVirtual
)
values
(
[
{
m_Subnet="192.180.0.65",
m_NetMask=32
}
],
1,
1,
1,
0
);

|> select * from translations.ipToBaseName where m_IpAddress =

'192.180.0.65';
|.> go
.
{
m_WorkAddress='11.11.11.11';
m_InScope=1;
m_Protocol=1;
m_BaseName='Router';
m_IpAddress='192.180.0.65';
m_BaseAddress='11.11.11.11';

Restitch lab, not restart

There is a stitcher that will update translations.ipToBaseName with
the scope.special details.
For purposes of this lab, we'll update translations so we can instantly
view the results of what scope.special can do.
To move this into production, edit DiscoSchema.cfg

IBM Software Services for Tivoli

21

| |> update translations.ipToBaseName set m_IsOutOfBand = 1 where

m_IpAddress = '192.180.0.65';
|> go
|.> select * from translations.ipToBaseName where m_IpAddress =
'192.180.0.65';
|.> go
.
{
m_WorkAddress='11.11.11.11';
m_InScope=1;
m_Protocol=1;
m_BaseName='Router';
m_IpAddress='192.180.0.65';
m_BaseAddress='11.11.11.11';
m_IsOutOfBand=1;
}
( 1 record(s) : Transaction complete )
|>

How will the topology change when restitched?

W e'll disable the polling, and delete these specific poller events from
the objectserver.
insert into stitchers.actions (m_Name) values
('CreateAndSendTopology');
> go

IBM Software Services for Tivoli

23

The link has been removed after restitch

|voltron0:1.> select * from fullTopology.entityByNeighbor where
m_Name like 'Router';
|voltron0:2.> go
.
{

m_NbrName='FW ';
m_Name='Router[ GigabitEthernet0/1 ]';

For lab purposes, kill ncp_f_amos and ncp_ncogate so each will

pick up the updated topology, after ncp_model is updated.

IBM Software Services for Tivoli

25

{
RelatedTo=['FW1'];
Status=1;
Address=['','E0:E0:E0:E0:E0:E0','192.180.0.65'];
IsActive=1;
EntityOID='1.3.6.1.4.1.9.1';
EntityName='Router[ GigabitEthernet0/0 ]';
ExtraInfo={
m_SubnetMask='255.255.255.240';
m_RouterLinks=NULL;
m_IfDescr='GigabitEthernet0/0';

The link has been removed after restitch

With the SnmpLinkState polling enabled, and the non
management link removed, NcpServerEntity can find only one
path to the Router
A clear root cause, and symptom event can be seen, RCA can
now work as expected.

IBM Software Services for Tivoli

28

In Review what is known

Discovery cache can be loaded, sent to model and visualized
in ncim and TIP.
Can test RCA both before and after changes to scope.special.
A simple example exists applied to the lab on what the change
would look like in DiscoSchema.cfg.

IBM Software Services for Tivoli

29

Review items for consideration

A future discovery enhancement?
An entire subnet is management?
Is this better served with two domains?

IBM Software Services for Tivoli

30

Switch or Firewall agent

Whereas discovery agents could not detect this, perhaps this
management link and network link could be modeled
differently in the future.

IBM Software Services for Tivoli

31

/24 or even more

This example was simple /32 IP address link removed. It's
more logical to assume that a network would consist of a very
large management network where various scope.special
statements are needed to remove the entire management
network.

IBM Software Services for Tivoli

32

Two domains are better than one

Discover the network as before within a single domain. That
domain can be visualized within TIP, but not used for polling.
Discover the same network again with scope.special in place
and this network is responsible for polling and RCA.

IBM Software Services for Tivoli

33

Questions, and perhaps some answers!

IBM Software Services for Tivoli

34