Saucepan

User Tools

Site Tools

Trace: about doh_dot migration ntp user-id ssh ecs adp dns ztp
infoblox_nios:discovery_vdiscovery

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:discovery_vdiscovery [2023/07/12 09:53] – [NTP Issues] bstaffordinfoblox_nios:discovery_vdiscovery [2024/04/04 09:33] (current) bstafford
Line 1: Line 1:
-====== Network Discovery ======+====== vDiscovery ======
 For NIOS vDiscovery to work with ESXi and to add DNS names to discovered objects, we need the Cloud Network Automation licence and the NIOS Grid must have the DNS zones added (even if the zones are not assigned to any appliance and even if Infoblox is not actually used for DNS). Otherwise, we just detect if the IP addresses are in use or not. We also need to create the networks in advanced. If we don't, the data doesn't get added. For NIOS vDiscovery to work with ESXi and to add DNS names to discovered objects, we need the Cloud Network Automation licence and the NIOS Grid must have the DNS zones added (even if the zones are not assigned to any appliance and even if Infoblox is not actually used for DNS). Otherwise, we just detect if the IP addresses are in use or not. We also need to create the networks in advanced. If we don't, the data doesn't get added.
  
 The current vDiscovery feature supports tenants, networks, and compute VMs only. It does not support data that is retrieved from load balancer networks, load balancer VMs, Kubernetes platform VMs, application gateways, service VMs, SQL VMs, or any other VMs that are created using cloud services such as Kubernetes service or analytics service, where the IPAM is handled by the respective orchestration engines of the cloud provider. Note that if the vDiscovery job retrieves unsupported data from AWS, Azure, or GCP, then it impacts the performance of the vDiscovery process. The current vDiscovery feature supports tenants, networks, and compute VMs only. It does not support data that is retrieved from load balancer networks, load balancer VMs, Kubernetes platform VMs, application gateways, service VMs, SQL VMs, or any other VMs that are created using cloud services such as Kubernetes service or analytics service, where the IPAM is handled by the respective orchestration engines of the cloud provider. Note that if the vDiscovery job retrieves unsupported data from AWS, Azure, or GCP, then it impacts the performance of the vDiscovery process.
  
-[[https://docs.infoblox.com/display/NAZIG/Performing+vDiscovery+on+VNets|Discovery in Azure]]+[[https://docs.infoblox.com/space/vniosazure/37486690/Performing+vDiscovery+on+VNets|Discovery in Azure]]
  
 +===== Performance =====
 +TE-2215 with NIOS 8.6.3 (where new AWS sync engine was released) can syn thousands of zones across hundreds of different VPCs.
 +
 +===== Best Practice =====
 +Infoblox also recommends that you select “The tenant’s network view” as the network views for both public and private IP addresses. [[https://docs.infoblox.com/space/vniosazure/37781576/Adding+vDiscovery+Application+as+a+New+User|source]]
 +
 +Azure [[https://learn.microsoft.com/en-us/azure/virtual-network/concepts-and-best-practices|best practice says]] to not have a subnet match its VNet CIDR.
 +  * Your subnets shouldn't cover the entire address space of the virtual network. Plan ahead and reserve some address space for the future.
 +
 +===== VMware =====
 +  * You can run vDiscovery against VMware VCentre
 +  * If you run vDiscovery against VMware where a VM is powered off, the powered off VM will be ignored.
 +  * If you run vDiscovery against VMware where a VM does NOT have VMware Tools installed, VMware won't be aware of the VM's IP address and vDiscovery will ignore the VM with error message ''VM: <serial number> (name: <name>) has been ignored''
 +
 +===== DNS Variables =====
 +There is a [[https://docs.infoblox.com/space/nios90/280273510/Configuring+vDiscovery+Jobs|documented list]] of available variables for use with DNS naming
 +  * vm_id
 +  * vm_name
 +  * discovered_name
 +  * tenant_id
 +  * tenant_name
 +  * subnet_id
 +  * subnet_name
 +  * network_id
 +  * network_name
 +  * vport_name
 +  * ip_address
 +  * ip_address_octet1 or 1
 +  * ip_address_octet2 or 2
 +  * ip_address_octet3 or 3
 +  * ip_address_octet4 or 4
 ===== Troubleshooting ===== ===== Troubleshooting =====
 +==== SSL Issues ====
 +<code>SSL error ([SSL failure]: SSL Certificate verification failed)</code>
 +Either the root CA and intermediate CA certificates have not been imported into NIOS (e.g in internal, VMware environments using internal PKI) or the root CA and intermediate CA certificates do not follow RFC 5280 which demands keyUsage extension MUST be present.
 ==== NTP Issues ==== ==== NTP Issues ====
 The following error messages were seen when the NIOS system was 15+ minutes out of date. The following error messages were seen when the NIOS system was 15+ minutes out of date.
Line 45: Line 79:
   * Server: ''httpd[]''   * Server: ''httpd[]''
   * Message: <code>2023-07-12 09:49:23.686Z [bstafford]: Called - VDiscoveryControl: Args action="START",task=VDiscoveryTask:ESXi</code>   * Message: <code>2023-07-12 09:49:23.686Z [bstafford]: Called - VDiscoveryControl: Args action="START",task=VDiscoveryTask:ESXi</code>
 +
 +
 +
 +==== Overview of AWS Discovery Log Flow ====
 +  * Facility: ''User''
 +  * Level: ''Info''
 +  * Server: ''cdiscovery_executor[]''
 +  * Message: <code>Start discovering for task name: AWS-London; driver type: AWS; FQDN or IP: ec2.eu-west-2.amazonaws.com; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
 +  * Message: <code>Complete discovering for task name: AWS-London, result: DISCOVERY_COMPLETE</code>
 +
 +  * Facility: ''User''
 +  * Level: ''Info''
 +  * Server: ''cdiscovery_aggregator[]''
 +  * Message: <code>Start processing discovered data for task name: AWS-London; driver type: AWS; FQDN or IP: ec2.eu-west-2.amazonaws.com; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
 +  * Message: <code>Network: 10.10.10.0/24 (network view: default) has been updated</code>
 +  * Message: <code>Number of NETWORK has been processed : Created: 0; Updated: 10; Deleted: 0; Ignored: 2; Tags skipped due to missed EAs: [u'Name']</code>
 +  * Message: <code>Number of IP has been processed : Created: 0; Updated: 0; Deleted: 0; Ignored: 0</code>
 +  * Message: <code>Number of VM has been processed : Created: 0; Updated: 0; Deleted: 0; Ignored: 0</code>
 +  * Message: <code>No tags. return.</code>
 +  * Message: <code>Number of TENANT has been processed : Created: 0; Updated: 1; Deleted: 0; Ignored: 0</code>
 +  * Message: <code>Finish synchronize DNS for events: Created: 0; Updated if needed: 0; Deleted: 0; Ignored: 0</code>
 +
 +  * Facility: User
 +  * Level: Info
 +  * Server: cdiscovery_aggregator[]
 +  * Level: Warning
 +  * Message: <code>Ignoring object Network: 10.11.11.0/25 (network view: default) : The network 10.11.11.0/24 must not have any active IP address outside the network you are creating.</code>
 +  * Message: <code>Processing discovered data completed with warnings for task name: AWS-London; driver type: AWS; FQDN or IP: ec2.eu-west-2.amazonaws.com; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
 ===== Troubleshooting ===== ===== Troubleshooting =====
  
 +
 +[[https://support.infoblox.com/s/article/8916|KB article with error explanations]]
 When you see an error message, the GUI may not say what has gone wrong. Get the support bundle  When you see an error message, the GUI may not say what has gone wrong. Get the support bundle 
  
infoblox_nios/discovery_vdiscovery.1689155609.txt.gz · Last modified: by bstafford