An idea that came up in discussing DNS automation with @ayounsi is to verify interface names match, and/or automate updating interface names from PuppetDB into Netbox.

If an interface have a v4 and v6 IP, their DNS names should match.
lightweight version of that is to only check a device's primary IPs.

No interface on a network device should be enabled but not connected.

Figure out how to alert on "zombie" hosts, still online, but not in puppet and with a planned/staged state.

See also T253173#6722217
Report servers that either have a missing primary_ipv6 or have a primary_ipv6 without a DNS name set.

Report duplicated interfaces on switches (and switch stack). For example if xe-2/0/18 and ge-2/0/18 are present. Or if xe-2/0/18 exists twice on 2 different VC members.

Report to check for duplicate IPs with different netmasks.
When an IP is marked as VIP for example, Netbox allows to create it duplicated with different netmasks like 10.0.0.0/32 and 10.0.0.0/27.
We should alert if this happens as it's an indication that something has not worked properly.
We set a netmask of /32 (correct one) for all VIPs and not the subnet netmask as Netbox does by default.
See also T273248#6791839

Change 674977 had a related patch set uploaded (by Ayounsi; author: Ayounsi):
[operations/software/netbox-extras@master] Add network report

https://gerrit.wikimedia.org/r/674977

In T222931#5171718, @crusnov wrote:

An idea that came up in discussing DNS automation with @ayounsi is to verify interface names match, and/or automate updating interface names from PuppetDB into Netbox.

I don't remember what we discussed here, could you add details?

In T222931#6646110, @ayounsi wrote:

If an interface have a v4 and v6 IP, their DNS names should match.
lightweight version of that is to only check a device's primary IPs.

Did the lightweight version, as there are devices with multiple IPs/FQDN (eg. restbase).

In T222931#6649371, @ayounsi wrote:

No interface on a network device should be enabled but not connected.

Done

In T222931#6722271, @ayounsi wrote:

See also T253173#6722217
Report servers that either have a missing primary_ipv6 or have a primary_ipv6 without a DNS name set.

Done

In T222931#6790336, @ayounsi wrote:

Report duplicated interfaces on switches (and switch stack). For example if xe-2/0/18 and ge-2/0/18 are present. Or if xe-2/0/18 exists twice on 2 different VC members.

Done

In T222931#6791880, @Volans wrote:

Report to check for duplicate IPs with different netmasks.
When an IP is marked as VIP for example, Netbox allows to create it duplicated with different netmasks like 10.0.0.0/32 and 10.0.0.0/27.
We should alert if this happens as it's an indication that something has not worked properly.
We set a netmask of /32 (correct one) for all VIPs and not the subnet netmask as Netbox does by default.
See also T273248#6791839

Done, let me know if the implementation is correct though.

Change 674977 merged by Ayounsi:

[operations/software/netbox-extras@master] Add network report

https://gerrit.wikimedia.org/r/674977

Any suggestions what we can do about monitoring situation of the reports? Just spent some time cleaning out unhandled Icinga alerts but we always have the netbox alerts there.. see how long they have been CRIT. If it was really CRIT we would not leave them like that for a longer time, right? So they are apparently just WARN. What would you think about changing them to WARN level? Or, alternatively, can we actually fix them?

In T222931#7617721, @Dzahn wrote:

[...]

Cf. T283483