MeshOptixIQ
Platform Pricing Docs About Sign Up
Chapter 1

Introduction & Architecture

Quick Start

New to MeshOptixIQ? Three commands get you from zero to a live topology graph: docker pull meshoptixiq/meshoptixiq:latest → configure Neo4j → open http://localhost:8000. Jump to Chapter 3 — Installation to get running in under 10 minutes.

1.1 Product Overview

MeshOptixIQ is a vendor-agnostic network intelligence platform that automatically collects live operational state from your network devices, normalises it into a canonical graph model, and exposes the result for query, visualisation, and AI-assisted reasoning — all without agents, proprietary protocols, or months of integration work.

Most network teams spend hours correlating data across CLI sessions, spreadsheets, and NMS dashboards just to answer a single question: "If this device goes down, what breaks?" MeshOptixIQ answers that question in seconds. It builds a persistent, queryable graph of your entire network — topology edges, endpoint locations, IP addressing, firewall policies, BGP peering, and flow telemetry — and makes it accessible through a REST API, a React web UI, and a natural-language MCP interface for AI assistants like Claude.

The result is a single source of truth that reduces mean time to understand (MTTU) for incidents, eliminates manual pre-maintenance research, and gives security teams point-and-click policy analysis across every firewall in the estate.

Who Should Read This Guide

This guide is written for network engineers, systems administrators, and DevOps teams deploying MeshOptixIQ in production environments. Familiarity with Linux system administration, SSH, and basic IP networking concepts is assumed. For a quick command-line reference, see Appendix B — CLI Reference.

1.2 Key Capabilities

Topology Graph

  • Automatic neighbour discovery via CDP/LLDP data
  • Interface-level connection mapping
  • Interactive Cytoscape.js topology viewer
  • Full-text device and interface search

Endpoint Intelligence

  • Locate hosts by IP or MAC address
  • Trace physical path to upstream switch port
  • ARP/MAC table correlation across vendors

Blast Radius Analysis

  • Impact scope for device, interface, VLAN, or subnet outage
  • Endpoint count and list per scenario
  • Pre-maintenance change impact report

Firewall Policy Intelligence

  • Collect security policies from PAN-OS, JunOS, FortiOS, ASA
  • Zone-pair rule analysis
  • Source-to-destination path analysis with permit/deny verdict

1.3 System Architecture

MeshOptixIQ is composed of four logical layers:

  1. Collection layermeshq collect connects to devices over SSH using Netmiko, retrieves CLI output, and writes raw text to a local cache directory.
  2. Normalisation layermeshq parse reads the raw cache and produces vendor-agnostic Pydantic models (devices, interfaces, IPs, MACs, VLANs, endpoints, firewall rules, address objects, service objects).
  3. Graph layermeshq ingest writes the normalised models into Neo4j or PostgreSQL. The graph schema represents devices as nodes, connections as relationships, and all other facts as node properties or related nodes.
  4. Query layer — A FastAPI service exposes 42 named queries via /queries/. The same queries are available via the MCP server (meshq-mcp) for AI-assistant integration. A React/Vite single-page application provides the web interface.
Network Devices (SSH) meshq collect cache/ meshq parse Pydantic meshq ingest graph write Neo4j / PG FastAPI :8000 Web UI MCP stdio

1.3.1 Graph Model

The normalised data is stored as a property graph with the following node types and key relationships:

Device Interface Endpoint IPAddress Subnet VLAN MAC Zone FirewallRule AddressObject ServiceObject HAS_INTERFACE ARP HAS_IP IN_SUBNET CONTAINS_MAC HAS_FIREWALL_RULE Topology nodes Address nodes Layer 2 nodes Firewall nodes Relationship (dashed) Key rels: CONNECTED_TO, HAS_INTERFACE, HAS_IP, IN_SUBNET, HAS_FIREWALL_RULE, BELONGS_TO_ZONE, ARP, CONTAINS_MAC, HAS_ADDRESS_OBJECT

1.4 License Plans

Network Infrastructure Devices Only
The max network devices limit applies to network infrastructure devices only — switches, routers, and firewalls. Endpoints (laptops, mobile phones, IoT sensors, and other hosts discovered via ARP/MAC tables) are not counted against this limit and are unlimited across all plans.
FeatureCommunityStarterProEnterprise
Installations115Unlimited
Network devices scanned1100750Unlimited
Query API & Web UIWeb UI only
POST /queries/*/execute403403
MCP Server (meshq-mcp)
Firewall queries
What-if simulation
NetBox sync
Redis clustering
RBAC access control
PostgreSQL backend
Data export (CSV / Ansible)
Audit logging
OIDC/SSO
SOAR webhooks
Custom parsers
SupportCommunityCommunityEmailDedicated
Query Execution Gating
Community and Starter plans receive HTTP 403 Forbidden on POST /queries/{name}/execute. Only Pro and Enterprise plans may execute queries. Use the demo mode (MESHOPTIXIQ_DEMO_MODE=true) for evaluation without a license.
72-Hour Grace Period
If the licensing server is unreachable, MeshOptixIQ continues operating for 72 hours. Connectivity is checked every 24 hours; the grace period resets on successful validation.