RE: Managing Private addresses with Netview

["Painter, Bill" <BPainter@GILATFLORIDA.com>]

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

Thanks Leslie....

-----Original Message-----
From: Leslie Clark/Southfield/IBM [mailto:lclark@us.ibm.com]
Sent: Friday, November 03, 2000 11:42 AM
To: IBM NetView Discussion
Subject: RE: [NV-L] Managing Private addresses with Netview


A) Netview won't create objects with the same IP address.
B) The MLM is not the parent of anything. It is only assigned
responsability
for polling the status of things Netview already knows about. It can do
discovery, but only on its own subnet.

The problems inherent in this sort of scenario are the very reason
there are NATs and CNAT in particular. CNAT translates IP addresses
included in the payload, so you snmp queries as well as their responses
are completely usable by Netview. I think that if you go down this road
far enough you will have developed your own CNAT.


Cordially,

Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit

"Painter, Bill" <BPainter@GILATFLORIDA.com>@tkg.com on 11/03/2000 11:06:32
AM

Please respond to IBM NetView Discussion <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   IBM NetView Discussion <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Managing Private addresses with Netview




Yes  this is the idea,  the question for me is how the object is
represented in  the object database.  I think that the objects would have
the same IP's but  the parent of the object would be different MLM's  not a
problem there.. I  assume that the relationships would be straight from
there as it is for multiple  interfaces on a device.  If the mlm reports a
node down the node will go  red and the corresponding mlm will go yellow.

Anyone  else?
-----Original Message-----
From: Jane Curry  [mailto:jane.curry@SKILLS-1ST.CO.UK]
Sent: Friday, November 03, 2000  10:27 AM
To: IBM NetView Discussion
Subject: Re: [NV-L]  Managing Private addresses with Netview

Hi Bill,
I am  currently pondering a similar scenario to use MLM to manage devices
beyond a  firewall.  Are you suggesting that, for example, your MLM1 will
ping one  set of devices  10.1.1.x, MLM2 will ping a different set of
devices that  also use the 10.1.1.x address space...... and that your MLM
top-level icon  will then allow you to drill into each MLM which, in turn,
will show the  respective 10.1.1.x manged nodes??

If it works, it's a neat idea - my question then would be, what happens
next?  What controls the status of a device inside an MLM submap - info
from the MLM or NetView's reachability info?  If a node 10.1.1.x goes
down, it's respective MLM will notice and can forward the event to NetView
but  how does NetView know WHICH 10.1.1.x has gone down??  If you want
something to happen to correct the problem, again how do you tell an
operator  WHICH 10.1.1.x has gone down.  If you want to do SNMP gets/sets,
same  problem - how do you get back to the right failing node?

You may be able to customise your MLM so that when it forwards traps it
translates the IP address of the real problem node into a pseudo address
space  that NetView recognises but is unique across all your endnode
systems.   This probably nets out at blocking the original trap and
forwarding a new trap  to NetView - but that should be doable.  If you then
had some sort of  look-up table at NetView you could then translate this
pseudo address into the  real and specific 10.1.1.x that the problem
originated from.  I've also  mused on using DNS to help this NetView
look-up mechanism but never got around  to trying it....

Anyone else been down this route??

Regards, Jane


"Painter, Bill" wrote:

Thanks Martin for the information!

I still would like to know if anyone can see a problem with  using the mlm
approach.  If I used public addresses on these devices  and ping them I
would have a root map that consisted only of MLM's   they would in turn
"see" the privately addressed devices and on the network  map show up as
managed by the mlm's.

Anyone have a comment on this?

Thanks,
Bill

-----Original Message-----
From:  Martin Walder [mailto:mw@itmasters.com]
Sent: Friday, November 03, 2000 4:13 AM
To:  IBM NetView Discussion
Subject: Re: [NV-L] Managing  Private addresses with Netview

Bill

Check out the CNAT product at this address:-

 http://www.tivoli.com/products/documents/datasheets/cnat_ds.pdf

--
Martin Walder
Tivoli Certified Enterprise Consultant

IT Masters (UK) Ltd
Unit 5, CNC  House,
Grand Union Office Park,
Packet Boat Lane,
Uxbridge UB8 2GH

Tel:     +44 (0) 1895 909 500
Mobile:  +44 (0) 771 315 8548
Fax:     +44 (0) 1895 909 501
Internet http://www.itmasters.com

"Painter, Bill" wrote:

>
>
> Can Netview  manage a number of duplicate private address  by not
> pinging directly but using only Remote  pingers or MLM type devices?
>
> If anyone knows of documentation that they could direct me to I  would
> appreciate it!
>
> Thanks!>
>
> Bill Painter
> Sr. Network Administrator
>  Gilat-To-Home Latin America, Inc.
> 1560  Sawgrass Corporate Parkway
> Suite # 200
> Sunrise, Fl. 33323
>  Phone: 954-331-1024
> Fax: 954-858-1777
> E-Mail: bpainter@gilatflorida.com
>

_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

--
Tivoli Certified Enterprise Consultant & Instructor
Skills  1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628  782565
Copyright (c) 2000 Jane Curry  <jane.curry@skills-1st.co.uk>.  All rights
reserved.




_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

Thanks Leslie....

-----Original Message-----
From: Leslie Clark/Southfield/IBM [mailto:lclark@us.ibm.com]
Sent: Friday, November 03, 2000 11:42 AM
To: IBM NetView Discussion
Subject: RE: [NV-L] Managing Private addresses with Netview

A) Netview won't create objects with the same IP address.
B) The MLM is not the parent of anything. It is only assigned
responsability
for polling the status of things Netview already knows about. It can do
discovery, but only on its own subnet.

The problems inherent in this sort of scenario are the very reason
there are NATs and CNAT in particular. CNAT translates IP addresses
included in the payload, so you snmp queries as well as their responses
are completely usable by Netview. I think that if you go down this road
far enough you will have developed your own CNAT.

Cordially,

Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit

"Painter, Bill" <BPainter@GILATFLORIDA.com>@tkg.com on 11/03/2000 11:06:32
AM

Please respond to IBM NetView Discussion <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com

To:   IBM NetView Discussion <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Managing Private addresses with Netview

Yes  this is the idea,  the question for me is how the object is
represented in  the object database.  I think that the objects would have
the same IP's but  the parent of the object would be different MLM's  not a
problem there.. I  assume that the relationships would be straight from
there as it is for multiple  interfaces on a device.  If the mlm reports a
node down the node will go  red and the corresponding mlm will go yellow.

Anyone  else?
-----Original Message-----
From: Jane Curry  [mailto:jane.curry@SKILLS-1ST.CO.UK]
Sent: Friday, November 03, 2000  10:27 AM
To: IBM NetView Discussion
Subject: Re: [NV-L]  Managing Private addresses with Netview

Hi Bill,
I am  currently pondering a similar scenario to use MLM to manage devices
beyond a  firewall.  Are you suggesting that, for example, your MLM1 will
ping one  set of devices  10.1.1.x, MLM2 will ping a different set of
devices that  also use the 10.1.1.x address space...... and that your MLM
top-level icon  will then allow you to drill into each MLM which, in turn,
will show the  respective 10.1.1.x manged nodes??

If it works, it's a neat idea - my question then would be, what happens
next?  What controls the status of a device inside an MLM submap - info
from the MLM or NetView's reachability info?  If a node 10.1.1.x goes
down, it's respective MLM will notice and can forward the event to NetView
but  how does NetView know WHICH 10.1.1.x has gone down??  If you want
something to happen to correct the problem, again how do you tell an
operator  WHICH 10.1.1.x has gone down.  If you want to do SNMP gets/sets,
same  problem - how do you get back to the right failing node?

You may be able to customise your MLM so that when it forwards traps it
translates the IP address of the real problem node into a pseudo address
space  that NetView recognises but is unique across all your endnode
systems.   This probably nets out at blocking the original trap and
forwarding a new trap  to NetView - but that should be doable.  If you then
had some sort of  look-up table at NetView you could then translate this
pseudo address into the  real and specific 10.1.1.x that the problem
originated from.  I've also  mused on using DNS to help this NetView
look-up mechanism but never got around  to trying it....

Anyone else been down this route??

Regards, Jane

"Painter, Bill" wrote:

Thanks Martin for the information!

I still would like to know if anyone can see a problem with  using the mlm
approach.  If I used public addresses on these devices  and ping them I
would have a root map that consisted only of MLM's   they would in turn
"see" the privately addressed devices and on the network  map show up as
managed by the mlm's.

Anyone have a comment on this?

Thanks,
Bill

-----Original Message-----
From:  Martin Walder [mailto:mw@itmasters.com]
Sent: Friday, November 03, 2000 4:13 AM
To:  IBM NetView Discussion
Subject: Re: [NV-L] Managing  Private addresses with Netview

Bill

Check out the CNAT product at this address:-

 http://www.tivoli.com/products/documents/datasheets/cnat_ds.pdf

--
Martin Walder
Tivoli Certified Enterprise Consultant

IT Masters (UK) Ltd
Unit 5, CNC  House,
Grand Union Office Park,
Packet Boat Lane,
Uxbridge UB8 2GH

Tel:     +44 (0) 1895 909 500
Mobile:  +44 (0) 771 315 8548
Fax:     +44 (0) 1895 909 501
Internet http://www.itmasters.com

"Painter, Bill" wrote:

>
>
> Can Netview  manage a number of duplicate private address  by not
> pinging directly but using only Remote  pingers or MLM type devices?
>
> If anyone knows of documentation that they could direct me to I  would
> appreciate it!
>
> Thanks!>
>
> Bill Painter
> Sr. Network Administrator
>  Gilat-To-Home Latin America, Inc.
> 1560  Sawgrass Corporate Parkway
> Suite # 200
> Sunrise, Fl. 33323
>  Phone: 954-331-1024
> Fax: 954-858-1777
> E-Mail: bpainter@gilatflorida.com
>

_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

--
Tivoli Certified Enterprise Consultant & Instructor
Skills  1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628  782565
Copyright (c) 2000 Jane Curry  <jane.curry@skills-1st.co.uk>.  All rights
reserved.

_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l