Applies To:
Trust Protection Platform 15.x
Symptom:
Network Discovery scans take a long time to complete when multiple ports are being scanned for each IP address.
How to increase performance on Discovery Scans
Cause:
There are couple of reasons we know of:
- During stage 1 of the discovery scan we gather the ports that are listening on the network. In stage 2 we take those results and act like a browser to see if there is a certificate we can pull down. The amount of IPs/Ports we can process during stage 2 is determined by an attribute called "Maximum Threads". Currently the default is 5, which is underutilizing the hardware of the server. See below for recommendation.
- During stage 2 discussed above, there are 3 to 4 DNS lookups per port for a single address. If you were scanning 1,000 ports on a single address that comes to 3,000 to 4,000 DNS lookups per IP. See below for recommendation.
More Information:
Problem #1:
Note: Please contact support to obtain a support license to modify the value found below.
- Login to Webadmin.
- Go to Platforms Tree > Discovery Server > Discovery Service >Support Tab.
- Add the Attribute "Maximum Threads" with a value of 150.
Note: this value could technically be anything. 150 threads generally averaged 2 mbps. Don't go above 200. - Restart the VED service on the server.
Problem #2:
The resolution to this issue requires a code change. The new code change caches to the DNS result for that IP address and use a cache for the remaining DSN requests on that IP address. The resolution to this will be in TPP 15.2.4, 15.3.2 and 15.4. Please upgrade to the appropriate version to obtain the fix.
More Information:
For one of our customer the performance increased from 10,000 ports per hour to 10,000 ports every 30 seconds.
Comments