nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: network management - netview - detecting rogue routers

from [Don Sykes] [Permanent Link][Original]
To: nv-l@lists.tivoli.com
Subject: Re: network management - netview - detecting rogue routers
From: "Don Sykes" <Don.Sykes@bcbsnc.com>
Date: Mon, 19 Feb 2001 17:35:05 -0500 
My first thought on this is "It Depends".  I don't find NetView to be well 
suited for determining when a router or device acting like a router is 
"misbehaving" unless you experience a communications outage to something you 
monitor (or ping to be more specific). NetView is very good at marking a device 
down when it is no longer reachable.  We use additional software to aid in the 
fault analysis and get a better view as to where the problem might be. (Tavve's 
EventWatch to be exact)  Your ISP may give you an address to ping (ie. the 
ISP's router interface to your network usually works well).  You are not likely 
to be able to get SNMP information but that may be OK for ensuring your 
Internet link is up and traffic is flowing.  You will have to do some research 
depending on your individual situation.

I do have a suggestion for troubleshooting the router problem.  Nortel Routers 
(and I assume Cisco and others) show you where a given router was learned in 
the route table.  Use this information to your advantage. If you know where a 
router learned its route to a network, you only have to shut down 1 interface 
(or maybe none if you can locate the offending system easily)  If this is a 
widespread problem, you could go so far as to implement route filters to drop 
all route packets from sources not involved in the route process.

Hope this helps....


Don Sykes
Blue Cross and Blue Shield of North Carolina
Innovative health care designed around you!


>>> "Donald Mahler" <dmahler@telcordia.com> 02/19/01 04:40PM >>>


Does netview v6 have any ability to detect a misbehaving router?     one
that is sending out erroneous routing packets?    we have had a few
occurences of someone putting a device on the network that starts
advertizing itself as a router,  with routes out to the internet.      a
sun workstation with "routed "enabled and 2 interfaces cards can do this.
hard to protect ourselves.

can netview detect this?   I suspect not.

has anyone else had this happen to them?   and if so, what tools can help
you prevent it, detect it, or diagnose it quicker.    there has to be a
better way than systematically shutting down other router interfaces to
wait for the problem to go away .  ugh


any ideas?



Don Mahler
Telcordia

_________________________________________________________________________
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  network management - netview - detecting rogue routers, Donald Mahler
Next by Date:  Re: Events from NetView to T/EC, James_Shanks
Previous by Thread:  network management - netview - detecting rogue routers, Donald Mahler
Next by Thread:  Modifying slot values with rulesets, Prod1234
Indexes:  [Date] [Thread] [Top] [All Lists]

Archive operated by Skills 1st Ltd

See also: The NetView Web