VLAN vs Internet root

[kris969]

Is there an existing issue for this?

• I have searched the existing open and closed issues

Is your feature request related to a problem? Please describe

Hi,

To introduce:
This is not formally a feature request but a request for comment on the subject here exposed.

Context:
When using a multiple VLAN network topology, it's necessary to deploy several NetAlertX node instances to have each one collecting devices info for each broadcast subnet. All of this staff have to be regroup to a NetAlertX Hub instance.

For each instance, a root node is mandatory to have the software working, because the software needs it, and especially for network architecture drawing. When summing all of data at the hub level instance, multiple root device are taken in account.

Are they, on this, some recommendations on howto well configure the overall, and so, if some practice mustn't be done?

Thanks

Describe the solution you'd like

void

Describe alternatives you've considered

void

Anything else?

void

Am I willing to test this? 🧪

• I will do my best to test this feature on the netlertx-dev image when requested within 48h and report bugs to help deliver a great user experience for everyone and not to break existing installations.

Can I help implement this? 👩‍💻👨‍💻

• Yes
• No

[jokob-sk]

Hi,

The target hub will only contain one root node (the MAC field needs to be unique). That means that the Internet nodes from the various node instances are not brought over. That is by design as of now.

I'm happy to hear opinions on how to improve this further.

Thanks,
j

[kris969]

Hi jokob-sk,

You're welcome!

you wrote:
The target hub will only contain one root node (the MAC field needs to be unique).
ok, then on the target hub, because the root node is Internet, in this case the unique MAC field value must be Internet.

Let me know, if I'm right?
Something I don't know for sure : if I have understood, the software needs one root device for each instance. What's happening if for nodes we don't use (activate) Internet plugin (I haven't tried this)? In such case how is defined the root device for each node?

My goal is to try to understand how must be the appropriate configuration for a complex configuration such as the one I use. Then to be able propose, of course after your validation, a howto guide that could be given for anyone of NetAlertX users.

You have understood, I have switched to the lastest release, I haven't seen major issue up to now.

Thanks

[jokob-sk]

Hi @kris969 ,

I didn't test all edge cases, but if I remember correctly the Internet device is created by the INTRNT plugin if not available in the DB. I think the default DB might contain an Internet entry already.

if I have understood, the software needs one root device for each instance.

Yes - mostly for the Network diagram setup

Glad to hear the latest stable release works fine,
j

[kris969]

Hi jokob-sk,

Thanks for these precisions. I'll try to test not all but major cases to understand how it works in details.
I also need to understand how status are updated. Up to now, I haven't found in documentation an overall description on the topic I will address here. I expose here after, my understanding and interrogations. Could you please confirm and/or complete the following cases:

• INTERNET-CHECK is dedicated to check internet connectivity, it materialize this a specific device with virtual MAC address with value; Internet. It set internet device status at each pooling. It's out of the scope of this discussion.

• ARPSCAN, proceed to arp scan at ISO level 2 to find all devices and get MAC addresses and relative IP addresses.

• AVAHISCAN, is working at OSI level 2 only, it use avahi-browse to browse all mDNS request to get name resolution.

• NSLOOKUP, is working at OSI level 3, it try to get name resolution based on each IP address previously found by ARPSCAN. remark: NSLOOKUP will be replaced in the next future with DIG, you will have to plan to switch on.

• ICMP, is working at OSI level 2.5, it looks witch devices are alive based on on each IP address previously found.

Among all of these plugins, witch one are used to actualize devices status, and what is the general rules, let's say if one of them get status UP it's enough to rise device status UP or is it necessary to get all plugins result UP to rise device status UP?
Another way to think above it: If ICMP is activated for a complete subnet (eg. 192.168.1.0/24) is it finally the ICMP results that are prevalent for device status?

Thanks

[jokob-sk]

Hi @kris969 ,

I think all of your assessments are correct.

If a device is detected by any method in the same scan cycle (e.g. in the 5 minute schedule set by default), it's marked as online. If not, it's marked as offline.

ICMP is mostly for meant for DUMMY devices, devices not detectable otherwise and to limit false negatives (false offline status) if they occur in a network.

For a complete list of plugins please check:

https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md

Hope this helps,
j