Smarts IP: Use of Shadow IP addresses for compatibility with OI, NPM and MPLS domains
search cancel

Smarts IP: Use of Shadow IP addresses for compatibility with OI, NPM and MPLS domains

book

Article ID: 331730

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:


With IP Tagging, the IP domain will associate a device IP with a tag at the end.   For example a device with IP 172.123.120.24 with after getting an IP tag will show as 172.123.120.24/<Tag>  This IP Tag will also be synced with OI, NPM and MPLS domains.  However these domain types are not fully compatible with an IP/tag format.

Without a shadow IP address, the SNMP traps are will be dropped by the OI trap receiver.  The IP address of the trap is still the source IP and not the tagged IP address.  So you will receive the message that the IP address is not matched by the trap processor

One can have the option to enable shadow IP (EnableShadowIP) to true.  However, devices that also have Virtual IP addresses will not get shadow IP addresses.



Environment

VMware Smart Assurance - SMARTS

Cause

When DisableOverlappingIP flag is set to FALSE it enables IP-tagging probes. These probes identifies certain IP addresses as VPN IP addresses. The shadow IP address creation has checks to exclude the VPN IP addresses.
 

Resolution

In Version 9.4.2 Patch 26, and 9.5.1 a new parameter was introduced, EnableShadowIPForVPNIP.   For this and newer version of Smarts customers to be able to use IP Tagging along with creating a shadow IP address for compatability with OI and NPM and MPLS will need to do the following:
 
  1. Add new flag "EnableShadowIPForVPNIP TRUE" - ~/local/conf/discovery/tpmgr-param.conf file
  2. Disable flag "DisableOverlappingIP FALSE" - ~/local/conf/discovery/tpmgr-param.conf file
See notes for a more detail explanation to introduce IP tagging

Additional Information

1. To enable IP tagging you need to mark flag "DisableOverlappingIP FALSE" in tpmgr-param.conf this is must.
//Description:
# DisableOverlappingIP(Enable/Disable Overlapping IP Feature).
# Controls whether the IP Manager discovers MPLS-related VPN routing and forwarding (VRF) IP
# addresses and performs IP tagging:
#            A value of TRUE indicates that the IP Manager does not discover VRF IP addresses and thus does not
#              perform IP tagging.
#            A value of FALSE indicates that the IP Manager discover s VRF IP addresses and performs IP
#         tagging.
#            When DisableOverlappingIP = FALSE, all discovered VRF IP objects are subject to IP tagging.
 
2. Now above flag only enables IP tagging feature but to make that tagged IP available to satellite domains like OI, MPLS we need to create SHADOW IP. To process a trap, OI domain looks for this shadow IP(without "[SHADOW]" keyword) and entertain the traps. Hence to make shadow IP available for satellite domains we need to enable flag "EnableShadowIP TRUE" in tpmgr-param.conf
//Description:
# This flag is used to create Shadow IP objects whenever the User uses
# Tagging to tag IP objects. This is used for Backwards Compatibility
# so that the current IP product would work with the satellite servers(NPM etc)
# without change of code in them
#            A value of TRUE indicates that shadow objects are created.
#            A value of FALSE indicates that shadow objects are not created.
#
# Default Value = TRUE
 
3. Now comes the last flag EnableShadowIPForVPNIP, this flag is recently introduced. When this flag is set shadow IP is created for all the IPs. This flag basically skips the IP objects creation logic that is there in VPN IP creation rule and creates the IP in the normal flow which is the intended. The normal flow should create the shadow IP.