Hey,

I want to be clear from the start, so this may save you some time: In cases like these, all options are indeed reasonable.

I personally prefer to use an IPAM (explicit definition) for the subnet import. This has one major reason: Some routers are not well configured. During the router discovery you are importing the routing table from a router. I have encountered instances, where these routers were placed behind firewalls in small, virtual networks. And because of that, they were setup to just route everything (as the placement behind the firewall was already restricting all the traffic coming in and out). So we discovered routers with 0.0.0.0/0 definitions. Trusting this data will always generate unsound subnet records.

The IPAM on the other hand will give you an explicit definition of subnets. Any subnet, which is not defined in the IPAM, is not routed (as in not reachable). This data is more accurate & also trustable. It is complete as well. To answer your question to operationalize it, short example from the past:

At a manufacturer we integrated the IPAM. Each subnet had a location tag in the IPAM. Based on the location we imported the subnet definition and per location generated a discovery schedule with the subnets as IP ranges. This was kept up-to-date by the import. Now we did not import these subnet definitions into the CMDB at that stage, because we did not have any use for that.

Now your use-case may vary, but when it comes to consistent & complete & accurate subnet definitions, i'd always trust an IPAM over the routing table of routers/switches.

That said, i highly recommend discovering routers as well. Partially because of pure inventory, but also because the routing table holds information a IPAM does not: Devices routed through the router. This will complete your infrastructure dependencies on a network level. Now again, I had cases where the routing tables in routers were just junk. But we used that to assign a task to the owner of the router to clean up their routing tables.

As for the duplicates on subnets: Both sources can be run through the IRE for subnet records. If you have well defined identifiers, you will be fine with the duplicates (as in there souldn't be any).

Because of the routing table contents being ambivalent, i would not recommend creating schedules for the discovery for all subnet records in the CMDB. Rather, whenever you review that table and notice subnets you are missing from your IP ranges, then use that functionality on-demand/in bulk. If you already haven an IPAM integrated, use that for your IP ranges.

Because I don't have direct experience with the SGC, i cannot comment on that.

Hope this helps.

Regards

Fabian