Connected networks do not match across cluster members-linux-False

error
health-checks
false
linux
Connected networks do not match across cluster members-linux-False
0

#1

Connected networks do not match across cluster members-linux-False

Vendor: linux

OS: False

Description:
Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.

Remediation Steps:
Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.

How does this work?
By running the command “netstat -rn” the routes are retrieved.

Why is this important?
It is important that the connected interfaces is configured the same, for all cluster members of the same cluster. Otherwise there can be downtime in the event of a failure.

Without Indeni how would you find this?
An administrator could login and manually run the command.

linux-os-netstat_rn

#! META
name: linux-os-netstat_rn
description: Get routing table using "netstat -rn"
type: monitoring
monitoring_interval: 1 minute
requires:
    or:
        -
            linux-based: "true"
        -
            linux-busybox: "true"
    and:
        -
            vendor:
                neq: "checkpoint"
        -
            vendor:
                neq: "f5"

#! COMMENTS
static-routing-table:
    why: |
        It is important that the routing is configured the same for all cluster members of the same cluster. Otherwise there can be downtime in the event of a failover.
    how: |
        By running the command "netstat -rn" the routes are retrieved.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: true
    can-with-syslog: false
    vendor-provided-management: |
        Listing static routes is only available from the command line interface or via SNMP.

connected-networks-table:
    why: |
        It is important that the connected interfaces is configured the same, for all cluster members of the same cluster. Otherwise there can be downtime in the event of a failure.
    how: |
          By running the command "netstat -rn" the routes are retrieved.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: true
    can-with-syslog: false
    vendor-provided-management: |
        Listing routes for directly connected interfaces is only available from the command line interface, or SNMP.

#! REMOTE::SSH
${nice-path} -n 15 netstat -rn

#! PARSER::AWK

# Function to calculate number of binary 1s in a decimal number
function count1s(N) {
	r = ""                    # initialize result to empty (not 0)
	while(N != 0){            # as long as number still has a value
		r = ((N%2)?"1":"0") r   # prepend the modulos2 to the result
		N = int(N/2)            # shift right (integer division by 2)
	}

	# count number of 1s
	r = gsub(/1/,"",r)
	# Return result
	return r
}


# Function to convert a subnetmask (example: 255.255.255.0) to subnet prefix (example: 24)
function subnetmaskToPrefix(subnetmask) {
	split(subnetmask, v, "\\.")
	prefix = count1s(v[1]) + count1s(v[2]) + count1s(v[3]) + count1s(v[4])
	return prefix
}


# 10.11.2.0       0.0.0.0         255.255.255.0   U         0 0          0 eth1
/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}/ {
	destination = $1
	mask = $3
	subnetprefix = subnetmaskToPrefix(mask)
	flags = $4
	gateway = $2
	
	# If its a direct connected network route
	if (gateway == "0.0.0.0") {
		iDirectRoute++
		
		directRoutes[iDirectRoute, "network"] = destination
		directRoutes[iDirectRoute, "mask"] = subnetprefix
	}

	# If its not a directly connected network
	if (gateway != "0.0.0.0") {
		iStaticRoute++
		
		staticRoutes[iStaticRoute, "network"] = destination
		staticRoutes[iStaticRoute, "mask"] = subnetprefix
		staticRoutes[iStaticRoute, "next-hop"] = gateway
	}
}

END {
	writeComplexMetricObjectArrayWithLiveConfig("static-routing-table", null, staticRoutes, "Static routes")
	writeComplexMetricObjectArrayWithLiveConfig("connected-networks-table", null, directRoutes, "Directly Connected Networks")
}

connected_tables_comparison_vsx

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, SnapshotComparisonTemplateRule}
import com.indeni.server.common.data.conditions.{Equals => DataEquals}

/**
  *
  */
case class connected_tables_comparison_vsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "connected_tables_comparison_vsx",
  ruleFriendlyName = "Clustered Devices: Connected networks do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.",
  metricName = "connected-networks-table",
  applicableMetricTag = "vs.name",
  metaCondition = DataEquals("vsx", "true"),
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same directly connected networks. Review the differences below.",
  baseRemediationText = "Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Ensure all of the required interfaces are configured accordingly on all cluster members.
      |2. Consider to suspending this alert in case of orphan ports configured to one of the vPC peer switches.""".stripMargin
)

case class connected_tables_comparison_nonvsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "connected_tables_comparison_nonvsx",
  ruleFriendlyName = "Clustered Devices: Connected networks do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.",
  metricName = "connected-networks-table",
  metaCondition = !DataEquals("vsx", "true"),
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same directly connected networks. Review the differences below.",
  baseRemediationText = "Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
       |1. Ensure all of the required interfaces are configured accordingly on all cluster members.
       |2. Consider to suspending this alert in case of orphan ports configured to one of the vPC peer switches.""".stripMargin
)