Discovery "IP address range" vs "IP network"
						
					
					
				
			
		
	
			
	
	
	
	
	
 
					
				
		
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-30-2020 09:36 PM
Hi,
I've just stumbled on the following documentation from ServiceNow re entering addresses within Discovery Schedules.
https://docs.servicenow.com/bundle/orlando-it-operations-management/page/product/discovery/reference/discovery-ip-address-configuration.html
There seems to be some pretty significant issues being mentioned there regarding limitations or downsides to using IP Address Ranges, when it comes to ServiceNow not automatically ignoring network and broadcast address. This is making me question where it WOULD be appropriate to use IP Address Ranges...
A clear example might be a very small subset of addresses, such as:
192.168.1.20 - 192.168.1.50
But is anyone able to tell me... in any and all cases where the range is crossing subnets, e.g.
192.168.140.0 - 192.168.170.255
Is it not recommended to take this approach?
Even entering the range as:
192.168.140.1 - 192.168.170.254
The documentation seems to indicate that the enclosed addresses (e.g. 192.168.150.0, 192.168.165.255, etc) would still potentially cause "Significant errors" with the Discovery.
In a case like this, is the correct/recommended way of approaching this more along the lines of entering all of the individual subnets as IP Networks? e.g.
192.168.140.0/24, 192.168.141.0/24, 192.168.142.0/24 .......... 192.168.170.0/24
Any and all advice appreciated! 🙂
Thanks.
- Labels:
- 
						
							
		
			Discovery
 
					
				
		
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-01-2020 12:32 AM
Hi,
What we usually do is enter a IP network as a subnet so its easy to manage. If you have few IP address in that subnet to be ignored then we exclude them from discovering. 
So servicenow will automatically handle this and ignore the IP mentioned in this list. Same goes with IP Address Range set. You can still ignore few IP address.
Now why we do this is because in future people may add remove devices in this subnets/range and we dont want to maintain that Scheduled now and then. We want it to be as automated as possible.
Thanks,
Ashutosh
 
					
				
		
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-03-2020 03:16 PM
Thanks Ashutosh, but the question is more around the specific issues with IP Addresses Ranges and when you would use them (other than for very small ranges - i.e. < 254 within a subnet).
192.168.140.1 - 192.168.170.254
Is a good specific example. How does ServiceNow recommend handling an address range like this? Should I create these as 30 individual IP Network entries? Or is it safe to enter it as shown (as an IP Address Range) given those notes in the documentation that seem to very strongly discourage doing that?
I've just created a UI Action to convert IP Address Ranges to IP Networks, but maintaining 30 records vs 1 (again using the example above) definitely needs some thought before we put it in place.
I'm personally not against the idea of individual IP Networks, as each one is very clear in its purpose, easily searchable, etc. Though in one of the real-life examples I'm looking at, we'd be converting 25 IP Address Ranges into approx. 700 IP Networks, so that's getting a little extreme.
(of course in this case we should be questioning why so many ranges are sitting in a single Discovery Schedule in the first place).
 
					
				
		
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2020 04:38 AM
Hi,
This decision will also have impact on your MID Server performance and discovery timing.
1) How many MID are used to this whole Network range : THis will decide how quickly you can discover the whole network.
2) Do you have clusters in place.
3) Do you use behaviors?
4) Do you know which devices are in which subnet if yes then that will help you alot because you can make use of behaviors.
5) Credential alias is one point as well, because you dont want security incident to be raised if wrong credentials are used for your discovery.
6) Divide this schedules and run them through out the week.
Thanks,
Ashutosh
