Overlapping IP addresses

Many devices have the same IP addresses, particularly in virtualized and cloud environments. In earlier releases BMC Discovery treated the IP addresses space as flat, so duplicate IPs could cause problems such as hosts linked to the wrong subnets, and incorrect communication links. 

Scope

BMC Discovery uses an identity scope to distinguish between overlapping address spaces. The scope forms a constraint on an IP address that enables duplicate IP addresses to be distinguished. The scope is a simple string with specific meanings for some values that are used by default. For example:

• The empty string means the "global" or "default" scope. In the absence of any other scope, addresses are assumed to be in the global scope.
• The "internet" scope means addresses which are public on the internet, for example, the public IP address of an EC2 instance.
• For endpoints scanned through AWS SSM, the scope is set as the AWS VPC identifier (vpc-xxxxxxxxxx).

Scope is used in exactly the same manner for IPv4 and IPv6 addresses.

On upgrade to BMC Discoveryfrom versions before 20.08, all existing discovered devices are considered to be in the default scope. In an upgraded system where you have not previously used scope, you should read this information on scope transition mode.

A scope is assigned to an endpoint at the time of discovery by the BMC Discovery appliance or cluster, or BMC Discovery Outpost used to perform the discovery. When you configure a BMC Discovery appliance with a default scope (Administration > Discovery Configuration), then all endpoints discovered directly from that appliance are assigned the appliance's scope. Setting the scope from any cluster member sets the scope for the cluster.

When you configure a BMC Discovery Outpost with a default scope (Manage > Configuration), then all endpoints discovered directly from that BMC Discovery Outpost are assigned its scope.

In some cases, currently for endpoints scanned through AWS SSM, a scope is set (the AWS VPC identifier) by the discovery calls. The BMC Discovery appliance or  BMC Discovery Outpost performing the discovery does not overwrite an existing scope applied to an endpoint.

You only need to set a scope on your BMC Discovery appliance or BMC Discovery Outposts if you are scanning overlapping IP addresses.

However, if the only overlapping IP addresses you are scanning are scanned through AWS Systems Manager, then you do not need to set a scope manually, as the scope is set automatically to the AWS VPC identifier by the discovery calls.

In consolidating systems, the scope set on any scanning appliance or BMC Discovery Outpost is preserved. All BMC Discovery appliances or BMC Discovery Outposts that are scanning should set a scope, including any consolidator that you use for scanning. 

Change of scope of existing scanned endpoint is not supported

Change of scope of an existing host is not supported. Scope distinguishes between endpoints in different address spaces. Once you have scanned an endpoint using a scope (including the global scope), you should not scan the same endpoint using a different scope. Doing so creates a duplicate for that endpoint in the other scope, and does not update the existing host with the new scope.

For example, if you have scanned host using an incorrect scope, you should delete the resulting host node, and rescan the host using the correct scope.

Deletion of a single duplicate is simple, but scanning using a different scope could create very many duplicate hosts, the removal of which would be a large task.

Illustration

The following diagram shows the flow of information from endpoints to the user for BMC Discovery and BMC Helix Discovery.