Overlapping IP addresses
Many devices have the same IP addresses, particularly in virtualized and cloud environments. In earlier releases BMC Discovery treated the IP addresses space as flat, so duplicate IPs could cause problems such as hosts linked to the wrong subnets, and incorrect communication links.
BMC Discovery uses an identity scope to distinguish between overlapping address spaces. The scope forms a constraint on an IP address that enables duplicate IP addresses to be distinguished. The scope is a simple string with specific meanings for some values that are used by default. For example:
- The empty string means the "global" or "default" scope. In the absence of any other scope, addresses are assumed to be in the global scope.
- The "internet" scope means addresses which are public on the internet, for example, the public IP address of an EC2 instance.
- For endpoints scanned through AWS SSM, the scope is set as the AWS VPC identifier (vpc-xxxxxxxxxx).
Scope is used in exactly the same manner for IPv4 and IPv6 addresses.
In an upgraded system where you have not previously used scope, you should read this information on scope transition mode.
A scope is assigned to an endpoint at the time of discovery by the BMC Discovery appliance or cluster, or BMC Discovery Outpost used to perform the discovery. When you configure a BMC Discovery appliance with a default scope (Administration > Discovery Configuration), then all endpoints discovered directly from that appliance are assigned the appliance's scope. Setting the scope from any cluster member sets the scope for the cluster.
When you configure a BMC Discovery Outpost with a default scope (Manage > Configuration), then all endpoints discovered directly from that BMC Discovery Outpost are assigned its scope.
In some cases, currently for endpoints scanned through AWS SSM, a scope is set (the AWS VPC identifier) by the discovery calls. The BMC Discovery appliance or BMC Discovery Outpost performing the discovery does not overwrite an existing scope applied to an endpoint.
Scope distinguishes between endpoints in different address spaces. You should avoid scanning the same endpoint using appliances or BMC Discovery Outposts in different scopes, otherwise you will have duplicates for that endpoint.
You only need to set a scope on your BMC Discovery appliance or BMC Discovery Outposts if:
- you are scanning overlapping IP addresses.
- the only overlapping IP addresses you are scanning are scanned through AWS Systems Manager.
The following diagram shows the flow of information from endpoints to the user for BMC Discovery and BMC Helix Discovery.