What can I discover?
Leverage Lumeta to discover routes, routers, inter-connectivity of the network, the nature of external connections, your network's edge, the core of your network, hosts, devices attached to your network (as well as their characteristics), and the anomalies of your network (e.g., whether a device is leaking, whether a device is answering on TCP ports that are unexpected, unknown networks or connections).
How do I know what my network is?
Lumeta is the means to knowing what your network is. It provides you with an authoritative understanding of your network is: the assets that comprise it, its perimeter, its forwarders, what traffic is coming in and going out of it, and the IP addresses and CIDRs that compose it.
What parameters do I set for Lumeta to know what to scan?
You'll configure a Zone and Collectors to begin acquiring an understanding of your network. Collectors may be set up to execute one or more of the following discovery types:
Which parameters you set depends on what you are trying to learn about your network. See Configuration by Objective for more.
What is active discovery?
Active discovery is network exploration that continuously incorporates data uncovered via passive listening techniques and via targeted discovery spaces. This information is analyzed against network norms and policies to identify components that require further assessment, ensuring that shadowy corners and suspicious configurations on your network do not go unexamined.
What parameters need to be set for active scanning?
You need to configure your collector(s) in a particular zone(s) before beginning your active scanning. The following parameters need to be set for active scanning to occur (per collector):
You also need to designate Zone Network(s).
What is passive scanning?
Passive discovery involves the monitoring of broadcast packets via ARP, DHCP, and ICMPv6, and passively participating in OSPF to discover routing topology.
What parameters need to be set for passive scanning?
The following parameters need to be addressed before you can begin passive scanning (per collector):
What is the optimum configuration needed to run a scan?
In order to run a scan, you will need to have at least three collectors configured in at least one zone. This collector has to have at least one of the following parameters activated:
What is the difference between Zone Network and Collector Discovery Space?
The Collectors operate within space under the allotted Zone Network Space. Configuration changes made on the Zone level are applied across any/all collectors configured in that zone. Collector Discovery Spaces control what is, and what is not, discovered at the collector level.
Since Lumeta is always scanning, and has configurable rescan intervals, it's important to be aware of the impact of your configuration on the network. In Lumeta collectors are the equivalent of a scan configuration in IPsonar, and each zone (similar to a report/SDG) can have multiple collectors. Each collector has its own rescan interval and target list. When configuring path discovery or host discovery to scan a large target list or discovered routes, that collector should use a longer rescan interval to avoid continuously scanning the network. To check the status of already discovered IPs or SNMP discovered IPs, another collector can be configured with a short rescan interval and no target list. Regardless of rescan interval, whenever a new device or target is discovered, it is immediately scanned and is not affected by the rescan interval.
How many collectors do I need to configure?
Best practice is to configure 3 collectors - passive, path, and host discovery. Insert picture.
How frequently should each collector discover?
The frequency of discovery for each collector is a decision best made by you. It is, however, ideal that you enable each collector while you can observe its discoveries. If your collector is only performing passive keep is short, 10 minutes is good enougu. If doing path medium 30 minutes or more. SNMP - 45 minutes. long. SNMP data doesn't change that often, so no need to scan so repetitively. Dynamic gets captured more frequently.
What is the best practice for configuring collectors?
There are a few practices you can use to maximize the efficiency of your collectors:
What separates two zones?
Zones vary in their individual rules and policies. They can be as simple or as complex as defined by an organization and can be comprised of logical networks and subnets. So, the variations of these networks and/or subnets in the zones, as well as variations in their rules and policies firmly establishes each of them as separate from one another.
What network space do I need to set for zones?
There are additional Zone Networks at the Zone level:
Note that the only option in Zone Network that controls or limits discovery within collectors is the Eligible List; the other two (Known Internal are for post-discovery reporting and analysis.
Recently, the focus of the overall Lumeta Discovery Process has shifted to a "task oriented" methodology. This is a change from IPsonar Classic's scanning or phase focus in concept and positioning with the market. Being a continuous product Lumeta shifts the linear approach of scanning to a "what do you want to do" approach. As an example, no longer will we discuss Network Discovery as a scanning phase, but switch to a mind set of the "client wants to discover their network". Although this task oriented approach may seem like a minimal change, it does have a significant impact on how we describe how, what and why clients use the product.
Active discovery of targeted networks which provides accurate coverage at the edges of the network
Passive discovery using routing protocols which provides instantaneous network updates and broadens understanding of the core of the network
Targeted System Inquires using SNMP which provides rich data gathered from the network equipment