I do not believe discovery can work unless you can get at least 1 ping
through the firewall. If you watch your ping queue (netmon -a 12 and
tail /usr/OV/log/netmon.trace) you will see nodes that have been
detected through the discovery algorithm, appear on the ping queue.
However, NetView won't put nopdes into the object database unless he has
done a siuccessful ping. The "poll via SNMP" mechanism only seems to
cut in ONCE the node is in the database.
I have 2 solutions, neither ideal:
1) Negotiate a "discovery window" with your fiirewall guys when they
open up ping on the firewall (I have been successful with this,
particularly if you are trying to manage a DMZ - you may find they are
prepared to disconnect from the Internet for a window and enable ping
for you. I suggest you have a good seedfile ready to speed up your
doscovery).
2) Manually add all devices beyond the firewall - if the number of
devices is small, this isn't prohibitive.
A third option I haven't tried but which might work is to add into the
database using loadhosts. With all of these, I assume you have SNMP
polling setup in your seedfile for the relevant nodes.
If you try to get around this with MLM, you find exactly the same thing
- MLM discovers nodes, tells NetView, but again NetView doesn't add to
the database until he has got a ping through.
Has anyone else got any input to this?? I have now seen the same
requirement with a number of customers and we are so close to having a
good solution. If the discovery algorithm might be tweaked to no longer
mandate a successful ping before entry into the database, particularly
if nodes are designated SNMP-poll or discovered via MLM.
Cheers, Jane
--
Tivoli Certified Enterprise Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2001 Jane Curry <jane.curry@skills-1st.co.uk>. All rights
reserved.
|