Symantec Management Platform (Notification Server)

Background

For a computer with multiple network adapters there will be multiple IP addresses recorded on table Inv_AeX_AC_TCPIP. We have found that it's pot-luck which (single) IP address is selected to represent a computer in Views such as: vComputer, vCMDBComputer, vITAnalytics_CMDB_ComputerDim etc.

This means when you are using these views to look for computers associated with a network, you won't reliably find computers based upon their primary network interface, because any of the other less significant network adapters may be selected instead of the primary one.

We have a complex network with multiple subnets, and most flavours of OS. Altiris Inventory solution is being used across multiple networks and many of our servers are attached to more than one network (Primary, Backup, ILO etc).

History

We found this to be a problem in Altiris 6.5 and adapted the vcomputer view to use a bespoke method of selecting the IP address according to some criteria we worked out to be about 90% reliable.

Our interim solution, implemented under Altiris 7.1 by copying view vITAnalytics_CMDB_ComputerDim to create a bespoke copy, included the following subquery:

This logic ensures we always get an IP if one exists, but where the adapter in Routable, and/or has a Primary WINS server, it would be the "Top 1" that would be selected in preference to all others.

The Default Gateway issue

To get to 100% reliable we were told by our System Admins that we should use the Default Gateway. Only the primary network adapter will report the default gateway and no more than one network adapter at a time can report as having a default gateway.

When we investigated the data on table Inv_AeX_AC_TCPIP, we found that multiple network adapters for the same computer were reporting as having a default gateway. Having raised this with our assigned engineer, we concluded that the agent would occassionally pick up the default gateway from another adapter and report it up in inventory returns. Each new piece of network adapter inventory suppliments the data already present, but does not remove or replace data that doesn't represent reality at that point in time.

Progress...

With ITMS 7.1 Sp2 MP1 Rollup V3 we received some changes to the way the off-the-shelf DB views addressed this problem. A new view called vTcpIpAddress now exists. It determines the (single?) primary IP address for a computer using some fairly complex SQL with multiple sub-queries. It uses "Routable" and "DHCPEnabled" to prioritise the network adapters.

My Questions

First Question: Can anyone confirm or deny that our information about the Default Gateway is valid? Is it appropriate to expect only one adapter to have a default gateway on a computer with multiple NIC's across all the different flavours of computer OS?

Second Question: Has anyone found a more reliable method of finding the "primary" IP address for any given computer and is prepared to share it?

Third Question: I'm going to do some experiments internally, but can anyone with good sysadmin knowledge comment on the SQL behind the new view and confirm/deny how reliable it is likely to prove?

The 7.5 HF3 vTcpIpAddress views SQL is as follows:

SELECT      tcp._ResourceGuid, [IP Address], [MAC Address]
    FROM  ( SELECT      tip._ResourceGuid,
                        MAX(_id) AS [MaxId]
                FROM  ( SELECT      cip._ResourceGuid,
                                    vip.Routable,
                                    MAX(ISNULL(DHCPEnabled,0)) AS [DHCPEnabled]
                            FROM  ( SELECT    _ResourceGuid,
                                              MAX(ISNULL(Routable,0)) AS [Routable]
                                        FROM  [Inv_AeX_AC_TCPIP]
                                        WHERE [IP Address] IS NOT NULL
                                        AND   [IP Address] NOT IN ( '127.0.0.1', '0.0.0.0', '' )
                                        GROUP BY _ResourceGuid
                                  ) AS                 vip
                            JOIN    [Inv_AeX_AC_TCPIP] cip ON cip._ResourceGuid = vip._ResourceGuid
                                                          AND ISNULL(cip.Routable,0) = vip.Routable
                            WHERE [IP Address] IS NOT NULL
                            AND   [IP Address] NOT IN ( '127.0.0.1', '0.0.0.0', '' )
                            GROUP BY cip._ResourceGuid, vip.Routable
                      ) AS                 mip
                JOIN    [Inv_AeX_AC_TCPIP] tip ON tip._ResourceGuid = mip._ResourceGuid
                                              AND ISNULL(tip.Routable,0) = mip.Routable
                                              AND ISNULL(tip.DHCPEnabled,0) = mip.DHCPEnabled
                GROUP BY tip._ResourceGuid
          ) AS mip2
    JOIN    [Inv_AeX_AC_TCPIP] tcp ON tcp._ResourceGuid = mip2._ResourceGuid
                                  AND tcp._id = mip2.MaxId

If a machine has multiple NIC's, and if those NIC's are connected to a network, I would assume that they would all have a default gateway, as that is part of their TCPIP stack.

You can quickly ascertain if this is the case or not by connecting a laoptop to the LAN and WLAN, so that it then has two IP Addresses.

OK, I have just enabled my NAT NIC on my SMP, and after sending Basic Inventory, I have the following in my database:

SELECT TOP 1000 [_ResourceGuid]
      ,[IP Address]
      ,[MAC Address]
  FROM [Symantec_CMDB].[dbo].[vTcpIpAddress]

IP Address    MAC Address
10.2.6.4        00-0C-29-40-D2-5D

select * from Inv_AeX_AC_TCPIP

MAC Address           IP Address            Subnet Mask     Subnet              Default Gateway  
00-0C-29-40-D2-67    192.168.153.132    255.255.255.0    192.168.153.0    192.168.153.2   
00-0C-29-40-D2-5D    10.2.6.4                255.0.0.0            10.0.0.0            0.0.0.0   

DHCPEnabled   Routable
1                      0
1                      1

As you can see, my custom VMNet NIC no longer has a default gateway, which means that what you have been told is correct.

As the view still only lists the custom VMNet NIC, I would say that it is a good database object to use.

Many thanks for your responses SK, this confirms my confusion :-/

So one of the ways we can detect the definitive IP address to assign to a multi-IP-Address computer is to use the routable flag - only one will be routable, and the one that is routable must be the primary DNS identification for the computer ???

The other way I'm being told by our SysAdmins is to check whether the Default Gateway is assigned (i.e. non zero).

I don't fully understand what you've done when you say you've enabled your NAT NIC, but what it appears you've ended up with on vTcpIpAddress is the entry that has routable set to True, rather than the entry with a Default Gateway assigned.

I don't think these decisions are clear-cut, because different OS's will work slightly differently, but the way I've found to get the best IP Address consistently is to use the following SQL as a sub-query:

My 7.5 SMP has two VM NIC's.  One uses a custom VM network whose subnet holds its DC and clients, etc.  The other is a NAT network so that it can access the internet when I want it to (it is usually disconnected).

You are correct, in that when I connected the NAT NIC, the default gateway was taken away from the custom network NIC; however, that NIC retained its Routable attribute.

I have just disconnected the custom network NIC, sent basic inventory which removed that NIC from the Inv_AeX_AC_TCPIP table; however, it did not give the NAT NIC the routable attribute.  The NAT NIC is now displayed in the vTcpIpAddress view.

After reconnecting the custom NIC and sending basic inventory, it is back in that table with the routable attribute; however, it still does not have a default gateway.  The custom NIC is now displayed in the vTcpIpAddress view.  The NIC still does not have a default gateway.

OK, I messed up here.  As I am sing a custom NIC for the SMP's network, I didnt give it a default gateway which explians why it hasnt got one, sorry.  ;-)

After adding a Router IP to the DHCP scope, I now have a default gateway for the custom NIC in the database.  After connecting the NAT NIC, both NICs have a default gateway in the database as well as via IPConfig, which indicates that you were given wrong information.

As my custom network NIC has always kept the Routable attribute, I would say that its safe to go with that method.

Excellent: So just to confirm my understanding of your tests, when you've switched between NIC's, where both NIC's have an assigned Default Gateway, IPCONFIG describes both NIC's with a default gateway assigned, and the data picked up by the agent accurately reflects that information on the TCPIP table.

The fact that both NIC's return a default gateway via IPCONFIG demonstrates that the SysAdmin that told me only 1 NIC can ever show a default gateway - is incorrect. I'll go and verbally abuse him ;-)

You have demonstrated that the single IP address being selected as the primary by the vTcpIpAddress view is consistently the most appropriate at the time inventory is taken?

Yes, IPCONFIG as well as Basic Inventory reported a default gateway for both NICs.

When both NICs were connected, the custom network NIC was always used by the vTcpIpAddress view; however, when only the NAT NIC was connected, that view then listed that NIC.

The NAT NIC was never given a routable attribute, which is the only difference between them apart from their subnets.

Thanks you - I appreciate your help.