Page tree

Typically, multiple Lumeta zones comprise your enterprise network. Lumeta will help you to manage each zone as a unit and will also enable you to explore, discover, and index that space––defining which elements belong to a particular zone, which routes traverse it, and where one zone ends and opens into unknown space such as the Internet. 

An itemized list of IPs and subnets/CIDRs comprising the managed elements of a zone, which you may want to think of as your zone's definition or identity, is listed in Internal.

The Zone Networks tab displays labeling and control information associated with each of your zones. The labeling information is, in essence, how you tell Lumeta what network assets are yours.  This information is used by the reporting, mapping, and data analysis capabilities of of Lumeta.  The controlling information influences how and where Lumeta collects information from your network infrastructure.  The Zone Network settings apply to all of the collectors operating in a zone. 

Click the Zone Networks tab to display a selected Zone's CIDRs.



To prepare for discovery, you'll need select a zone, which describes the relationship of other elements and routes in the galaxy of network devices to itself in terms of the following:

  • Internal Zone Networks - Subnets in a zone that your organization owns and manages. Internal subnets are those belonging to the zone. Lumeta uses the list of Internal subnets to specify which of several internal IPs should be used by the system as the reference IP.  You can purposely add IPs to the Internal list to force them to be used as the reference IP. The Internal Zone Networks list enables you to define and label devices via associated CIDR blocks as "Internal" for the purposes of reporting, mapping, and analysis. The Internal list affects reporting only and not discovery. By interrogating your Internal list, you can be apprised when an element in your zone goes inactive. Lumeta-discovered subnets (those are the ones your organization didn't know about originally) your organization approves for further investigation by Lumeta. As you come to understand these subnets better, you will take ownership of some of them by labeling them as Internal Zone Networks.
  • Eligible Zone Networks - The Eligible list is the set of networks you give Lumeta permission to probe. If an Lumeta collector discovers an IP or CIDR that is not included on the Target list, it then checks the Eligible list. If the element is on the Eligible list, it is interrogated; otherwise, it proceeds to the Avoid list. If it is not included on the Avoid list, the element is interrogated. If a network you didn't know about was discovered via SNMP, for example, you might choose to add that network to the Eligible list to ensure that it is included in subsequent explorations. When you enable TargetDiscoveredRoutes in Host Discovery,  Lumeta discovers all devices within the Eligible Zone Network list. When you enable TargetDiscoveredRoutes in Path Discovery, Lumeta traces to all of the Eligible networks and can display the findings in a map. Discovery types SNMP, Port, Profile, and Leak can be configured to run on Eligible discovered subnets.
  • Known Zone Networks -  IPs and CIDRs that you recognize and are aware of are recorded in your Known list. These are subnets about which your are superficially acquainted. You do not own them or manage them. You may or may not want more information about them. The Known list enables you to define and label devices via associated CIDR blocks as "known" for reporting and analysis purposes. Think of the Known list as "networks your company knows about and is aware of." When you change the designation (i.e., label) of a network element from unknown to known, it is a good practice to add that element to your Eligible list, so that all collectors from that point forward will interrogate it. The Known list has a limited role in Path Discovery, where you can specify how many hops into the "unknown" a path trace will go before stopping. Every IP added to the Known list expands the trace by however many hops you specified.

Configuring Discovery Spaces

Discovery Spaces is a list of the CIDR blocks you want to monitor via Lumeta. A collector will perform discovery operations using the scope represented this Discovery Space list. CIDR blocks listed here must belong to your network and must define the space you intend to monitor. Be sure to validate the content of your Discovery Space list and reach out for your technical consultant if you need help with this. 

When you click on a collector, and then the Discovery Spaces tab, the Collector's Discovery Spaces display. These are further delineated:

  • Target - Used for Host Discovery and Path Discovery. When Lumeta discovers IPs or CIDRs included in the Target list, it interrogates them. 

  • Avoid - IPs and CIDR ranges on this list of CIDRs are not targeted during active discovery. Network space that should not be interrogated (e.g., perhaps because it is network space that belongs to a business partner or affiliate)  is included on the Avoid list. Space that is considered sensitive, contains restricted data, or for whatever reason must not be interrogated, is recorded to the Avoid list. 

  • Stop - Path Discovery aborts a trace when a hop responds with an IP included on this discovery space. The Stop list is only referenced when an Lumeta collector is performing Path Discovery. The stop list is your network's perimeter/edge. 

At the collector level, scope coordinates are located in the Discovery Spaces tab. Collectors go to their Targets, skip over their Avoids, and go one hop past their Stops. Think of IP/CIDR lists as "coordinates" within which discovery activities take place. You can expect the number of these IP and CIDR coordinates to increase quickly once discovery begins. 

 To prepare for discovery, define your scope of interest. 

    1. Select a zone, a collector, and then the Discovery Spaces tab. 
      The IP/CIDR coordinates for your selected collector only display.

    2. Ensure that the default Target tab is active, and then select Add to input manually or Upload to import a text file of the information. 
      The requirements for Target list entries are as follows:
      • Flat ASCII format, one CIDR block per line followed by a text label, separated by a space
      • A text label, with a maximum of 50 characters. Labels may contain letters, numbers and underscores.
      • Single IP addresses are permitted; list these as a /32 CIDR block (e.g. 10.4.65.7/32)
      • Overlapping CIDR blocks are permitted (e.g. including 10.10.0.0/16 and 10.10.24.0/24) 

         Example:  10.210.0.0/16 North America
                           10.230.0.0/16 EMEA
                           10.250.0.0/24 Australia

       
    3. Click the Avoid tab and then select Add to input manually or Upload to import a text file of the information.
      The requirements for Avoid list entries are as follows:
       
      • A text label, with a maximum of 50 characters. Labels may contain letters, numbers and underscores.
      • Single IP addresses are permitted; list these as a /32 CIDR block (e.g. 10.4.65.7/32)
      • CIDRs in this list may overlap fully or partially with the Target list.

      Example:     10.10.0.0/24 Servers
                           10.30.0.0/28 Partner Network 
                           10.50.0.0/30 Customer Network 


    4. Click the Stop tab and then select Add to input manually or Upload to import a text file of the information.
      The requirements for Stop list entries are as follows:

      • A text label, with a maximum of 50 characters. Labels may contain letters, numbers and underscores.
      • Single IP addresses are required; list these as IP addresses, NOT in CIDR notation
        (e.g. 10.4.65.7)
      • IP addresses in this list may be contained within the Target list.

       Example:     10.10.10.10 Gateway to Server
                            10.30.40.50 Partner Gateway
                            10.50.60.70 Customer Gateway

    5. Input the coordinates of the selected collector's target discovery space.
      For each of the three lists, enter IP and/or CIDR information manually by typing or pasting it in, or import text files containing the information.

    6. In the CIDR field, type or paste one or more addresses, delimited by line breaks. Or, if you are uploading, import the same information in the form of a TXT file.
      Sample entries:
      10.7.0.0/24
      10.7.50.0/24
      10.7.96.0/19
      10.7.100.0/24
      10.8.0.0/24
      10.100.10.0/24
      10.100.50.0/24
      10.200.0.0/24
      10.201.0.0/24
      65.198.68.0/24
      65.246.240.0/21
      172.18.1.0/24
       
    7. Click Create to save your entries to the active list.
      The results display in the Discovery Spaces grid. The active list type button --Target, Avoid, or Stop–indicates which type of list is displayed.

      You've successfully defined your discovery zone.  

 


  • No labels