NetXMS Support Forum

Hi,

I'm new to NetXMS and I'm try to monitor ~20-30 remote sites with network devices (router, switches, access points) mainly from Mikrotik and Unifi (with SNMP enabled).

Each site is connected to Internet and linked to an OpenVPN server for monitoring and remote config. On each site there's a management network with a unique 10.1.X.0/24 subnet, containing networking devices. Users (wired or wireless) are placed in a VLAN using the same private subnet (172.16.0.0/22) on each site. I've attached a schema. 

In NetXMS I've created a container (in infrastructure tab) and a zone for each remote site. Then I add each 10.1.X.0/24 subnet in the network discovery settings (passive + active). Discovery works only if I don't specify a zone for the subnet, but doing so all the devices show up in the same Default zone. So I wrote a nxshell script to move all my device in the right zone after discovery ended.

It works, but I see lots of duplicates devices showing up constantly in netxms (I've already setup the server parameter to merge duplicates and restarted netxms), and I can't do some polls like full configuration polls after a device have been placed in a zone.

In the documentation, it seems like the right way to use zoning is by defining a proxy node in each zone, but in my case I cannot use the mikrotik routers as proxy nodes, because I cannot install the netxms agent on it. I've tried using containers, but it requires a physical opertion on each site, so its not an option right now.

What is the correct configuration to have all of my remote sites in netxms with zoning (or other solution)?

Thanks

With this setup you can monitor routers (via management IP), but not the customers, you'll need zones for that.

I see only two options:
1) add any kind of the device which can run netxms agent inside customer's network (windows, linux, openwrt box, etc.) and setup DNAT (or use agent tunnelling). Then use this device as zone proxy.
2) add agent container to your miktotiks if they support it (I personally use it on RB5009), but yes, if I remember correctly - you need physical access to the device to enable containers.

However, if you are not interested in user devices - you can just reject them in the discovery filter, this way you'll have only routers / switched on the management network.

Thanks for your quick reply, I will continue to test mikrotik agent container as proxy, as both proposed solution needs a physical onsite operation. I'll make a separate post for that.

For now I don't need to manage customers in private networks, but only network devices in 10.1.X.X subnets. So if I understand, in this case I don't need zoning and should leave all my devices in the same "default" zone, and only use folders(containers) to separate nodes?

Or could I use one zone per site (my current config), but without using a proxy node until I find a solution to enable proxy on each site? Because without proxy node enabled on zones, I can't even poll my 10.1.X.X devices (snmp unreachable errors), and there is lot of duplicates nodes coming up.

Yes, correct, since devices in your management network are directly accessible from NetXMS server, there is no need for zoning to monitor them.

Ok thanks, but besides the possibility to monitor unreachable private subnets, is there some other benefit using zoning, like performance?
For example, if I monitor 100 nodes directly from the server in the default zone vs using zoning and a proxy node, will this offload the server (cpu,mem..), or will it be the same? 

Central server is typically can handle thousands of nodes on it's own, so there's no much need in offloading it, but yes, proxies can be used that way. More interestingly - with cache mode on proxy can collect data even if there's no connection to central server. You can have several proxies on a zone - in this case they will be in HA mode, exchange hearthbeat messages and data collection will move to one if another one goes down