Best Practices

For the efficient discovery of network devices using the NIOS Network Insight feature, Infoblox recommends that you use the following guidelines:

• Do configuration on the Grid level first and override only when necessary. It is simpler in management and more efficient in resources.
• Perform discovery in phases for simplicity. To catch issues early, start with a small set of devices and ensure credentials, firewall filters, etc. are all correct.

• Configure settings and credentials before starting discovery. This ensures that they are applied and tested beforehand.
• Avoid large networks such as /8 or /16. Larger networks cause longer discovery times when using active polling. This restriction is not about network containers but about networks. When you create networks that are too large, Network Insight needs to discover a huge amount of IP addresses that can appear just as empty records in IPAM. We recommend creating several small networks that contain important devices. You can enable discovery for large containers because Network Insight does not discover the whole IP range of a container, it discovers only networks that are within the container. These networks will inherit the discovery settings of the container. 
• Avoid more than 1,000 networks or exclusions. Each time an address is found, the discovery engine checks to see if it is in an included network, so the more networks, the longer the discovery cycle and the more impact on performance. It is better to merge several networks into larger ones. If they become too large, disable ping sweep and add relevant seed routers.
• It is better to have large networks and seed routers than thousands of small networks. With seed routers, the discovery engine won’t have to rely on active polling to discover most of the devices so a large network becomes less of an issue.
• Use seed routers. Seed routers are discovered quickly and after routing data is collected from them, the discovery engine finds new devices. It is a much quicker way than using active polling.

• Be careful with the use of seed from DHCP routers. Use the default gateways for associated DHCP ranges and networks as seed routers to more quickly discover and catalog all devices (such as endpoint hosts, printers, and other devices). All such default gateways are automatically leveraged by discovery, and no further configuration is necessary unless you wish to exclude a device from usage. If you enable using DHCP seed routers, it will instruct Network Insight to use all of them as seed routers, including those that do not belong to the networks you would like to manage with Network Insight. As they are still discovered and processed, it will add some extra load to the system.
• Select all discovery services such as SNMP, CLI, and other services. All the settings are important for discovery and having one disabled may cause incomplete data. Disable one only if you are sure that this data will not be needed. SNMP Collection is disabled, for example, when you use NIOS for offline assessments. By disabling SNMP Collection before removing the NIOS Poller member performing discovery from the Grid, data can be examined later without any data expiring. You also may want to disable both SNMP and CLI if the network contains only end hosts. You can see what kind of information is collected via SNMP and CLI in the polling frequency table in the Data Collection section.

• Consider discovery blackouts. If you want to release some resources within the network, you can stop discovery for a while by setting blackout periods. That means you can establish times when Network Insight does not talk to devices or networks for discovery. You can disable discovery Grid wide or set blackout periods specifically for traffic or latency-sensitive networks in IPAM. Discovery tasks may already be running when a blackout period takes effect. Current tasks are not interrupted and are complete within their time. However, Network Insight does not activate new discovery tasks during the blackout period.
• Avoid polling the same devices with different probes. The consolidator will take care of duplicates, but as each probe does device polling and data processing separately, it will increase the load on the device and waste processing resources on probes.
• Use Discovery Diagnostic to troubleshoot discovery issues. To open the Discovery Diagnostic dialog box, go to Data Management > IPAM > Discovery Diagnostic. You must be a superuser to perform a discovery diagnostic.

• Map one VRF to one Network View. This will ensure that IP addresses are not overlapping.
• If you have different networks with overlapping address space, ensure that they are handled by different network views.
• Ensure you use a proper unit to discover your network.

If the Network Insight member serves as a probe or single consolidator:

If the Network Insight member serves as a consolidator with multiple probes: