How to restrict SNMP Polling Distribution to certain Data Collectors within the same IP Domain
search cancel

How to restrict SNMP Polling Distribution to certain Data Collectors within the same IP Domain

book

Article ID: 441043

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

NetOps deployment with 3 data collectors. One of the collectors has the VNA (Versa) plugin installed, while the other two are standard collectors.
Currently:

  • ~5000 SNMP devices are configured
  • All devices are under a single default domain
  • SNMP polling may be distributed across all collectors, including the one running the Versa plugin

The objective is to ensure that SNMP devices are polled only by the two collectors where the Versa plugin is not running but that specific devices be tied to a single specific DC to which they are assigned. However, all DCs are in the single default IP domain and the DC with the Versa plugin should not handle SNMP polling load.

 

Environment

DX NetOps CAPM all currently supported releases

Cause

The load balancing algorithm governing the splitting of devices between Data Collectors (DC) assigned to the same IP Domain does not allow for tying particular devices to a specific DC.

As such, the only way to achieve this is to block a device's IP address at the Firewall level to prevent it from being assigned to any particular DC.

When a DC cannot contact that Device, but another DC can, then the device will be assigned to that DC that can contact it.

Resolution

The best way to do this is to manually move all devices off the DC with VNA Versa onto the other two DCs. Then implement a Firewall to block the VNA Versa DC from being able to reach any device on port 161, effectively blocking SNMP polling.

When devices are allocated to an IP Domain with multiple DCs, the system will allocate those devices to each DC in a way to equalise load sharing, so there is no way to guarantee that the DC with VNA will not get any SNMP polled devices allocated to it unless it is physically blocked.

So first manually move devices across from the VNA Versa DC to the other two DCs:

Then do a rebalance to equalise the load between the two DCs left to discover and poll SNMP devices:

With rebalance complete, system should work as expected - 2 DCs allocated exclusively to SNMP device discovery & polling, 1 DC allocated exclusively to VNA VERSA

Additional Information

To ensure that specific devices are only allocated to specific DCs, enable Firewall rules to block those device's IP addresses from the specified DC.

Powered by Wolken Software