Hi all I'm considering trying to come up with some means to automatically detect a networks topology and draw pretty pictures. This is somewhat boring though if a network isn't well arranged with VLANs and q-tag trunk routers and so on (It will just look like a big cloud of junk connected off an assumed switch). Is there any kind of cunning trick to detect standard layer2 switches along a path without stuff like STP?
On Wed, 15 Oct 2008, Colin Alston wrote: > I'm considering trying to come up with some means to automatically detect > a networks topology and draw pretty pictures. InterMapper. http://dartware.com/network_monitoring_products/intermapper/index.html -Bill
And another one, that I believe is a commercial product: http://www.solarwinds.com/products/lansurveyor/ On Oct 15, 2008, at 12:29 PM, Bill Woodcock wrote:
On Wed, 15 Oct 2008, Colin Alston wrote:
I'm considering trying to come up with some means to automatically detect a networks topology and draw pretty pictures.
InterMapper.
http://dartware.com/network_monitoring_products/intermapper/index.html
-Bill
On 2008/10/15 06:29 PM Bill Woodcock wrote:
InterMapper.
http://dartware.com/network_monitoring_products/intermapper/index.html
-Bill
Whoa, quite a serious looking piece of software. Will check it out. Was kinda hoping to write my own software though, but perhaps I can craftily learn something from it :)
On 15 Oct 2008, at 17:52, Colin Alston wrote:
On 2008/10/15 06:29 PM Bill Woodcock wrote:
InterMapper. http://dartware.com/network_monitoring_products/ intermapper/index.html -Bill
Whoa, quite a serious looking piece of software. Will check it out.
Was kinda hoping to write my own software though, but perhaps I can craftily learn something from it :)
If you have SNMP access pull:- 1) Is it a bridge or a router? 2) ARP Table 3) MAC forwarding table 4) Interfaces with MAC and IP addresses 5) Netmasks from each such router or bridge in the network. Use the information from one to help you discover the others recursively. Have a termination condition that stops this process walking off your network and attempting to discover the whole Internet. That's enough to figure out both logical and physical topology. Without SNMP (or similar) access it's nigh impossible to figure out. If you only have access to a subset of the routers and bridges in the network you MAY have enough to figure out the topology - 50% is enough if it's the right 50%. Ian
On 2008/10/15 06:29 PM Colin Alston wrote:
Is there any kind of cunning trick to detect standard layer2 switches along a path without stuff like STP?
Apparently there isn't. Lots of people mentioned other tools, the problem there is they have one thing in common which is polling SNMP. I think it scales badly in general. I was hoping to find a more intelligent way of, I guess, doing an ARP/MAC based traceroute by checking LLC 802.2 headers or something. Yes, it might have been easier if I hoped for it to rain money :) Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path... Problem is I think even then the simple devices won't bother to support it.
Colin Alston wrote:
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path... Problem is I think even then the simple devices won't bother to support it.
I have been away from it for ma while and in truth don't know the answer--but-- To the best of my knowledge, "Layer two Switches" in fact operate as multi-port bridges. If that is true, then they ought to be transmitting BDUs which should be detectable and used for mapping. If the switches are all from the same manufacturer, there is a chance that the manufacture has a proprietary mapping tool. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs
If the switches are Cisco, then Cisco Works has a L2 STP forwarding path graphical display which can be used in cases where the L3 path is a logical abstraction overlaid on the underlying L2 topology. -----Original Message----- From: Larry Sheldon [mailto:LarrySheldon@cox.net] Sent: Wednesday, October 15, 2008 11:49 AM Cc: NANOG list Subject: Re: Network topology [Solved] Colin Alston wrote:
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path... Problem is I think even then the simple devices won't bother to support it.
I have been away from it for ma while and in truth don't know the answer--but-- To the best of my knowledge, "Layer two Switches" in fact operate as multi-port bridges. If that is true, then they ought to be transmitting BDUs which should be detectable and used for mapping. If the switches are all from the same manufacturer, there is a chance that the manufacture has a proprietary mapping tool. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs
On 2008/10/15 08:49 PM Larry Sheldon wrote:
Colin Alston wrote:
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path... Problem is I think even then the simple devices won't bother to support it.
I have been away from it for ma while and in truth don't know the answer--but--
To the best of my knowledge, "Layer two Switches" in fact operate as multi-port bridges.
If that is true, then they ought to be transmitting BDUs which should be detectable and used for mapping.
Ahh, you are correct sir (as well as the off list responses :)) Found this rather quickly http://www.geocities.com/milicsasa/Tools/l2trace/index.html as well as http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configu... Not sure why I didn't Google "layer 2 traceroute" before... Oh well, live and learn, and work shorter hours. Thanks :)
On Wed, Oct 15, 2008 at 08:35:33PM +0200, Colin Alston wrote:
Apparently there isn't. Lots of people mentioned other tools, the problem there is they have one thing in common which is polling SNMP. I think it scales badly in general. I was hoping to find a more intelligent way of, I
I don't know what scaling parameters you're looking for. The tool I wrote to recursively traverse Cisco CDP caches via SNMP, from ~7 seed routers, autodetected the interconnections of a ~100 node network (back in 1998) in just seconds (I think it was 3, but that was ten years ago). Using SNMP. It didn't strain our P90 it was running on, nor the network. People often do SNMP wrong (one PDU per packet, single-threaded transmitters, etc).
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path... Problem is I think even then the simple devices won't bother to support it.
Or if they do, they'll do it wrong. They can't even get ifDescr right. -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
On Oct 15, 2008, at 1:35 PM, Colin Alston wrote:
On 2008/10/15 06:29 PM Colin Alston wrote:
Is there any kind of cunning trick to detect standard layer2 switches along a path without stuff like STP?
Apparently there isn't. Lots of people mentioned other tools, the problem there is they have one thing in common which is polling SNMP. I think it scales badly in general.
What is your reasoning behind this claim? I would claim quite the opposite compared to CLI or TL1.
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path
I've written a cruddy script that given a seed bridge, scrapes L2 information obtained via CDP (I guess it could do LLDP, too) and does a breadth-first search through a network. Then I just dump that into gnuplot format. Getting the data is easy compared to visualization. A coworker of mine has written script to ask Rapid-STP speaking switches about their current topology and builds a graph again in gnuplot format. A more challenging approach would be to scrape the mac forwarding tables and stitch things together. This would have to be done per-vlan. I think this approach (or similar) might be done by Openview's L2 featureset. Dale -- Dale W. Carder - Network Engineer University of Wisconsin / WiscNet http://net.doit.wisc.edu/~dwcarder
I know Carlos did a bunch of work to build this into Netdot, i.e. discover L2, draw usable graphs. Here's a link to the last NANOG presentation: http://www.nanog.org/meetings/nanog49/presentations/Tuesday/Vicente-netdot-p... John Kemp On 10/15/08 7:18 PM, Dale W. Carder wrote:
On Oct 15, 2008, at 1:35 PM, Colin Alston wrote:
On 2008/10/15 06:29 PM Colin Alston wrote:
Is there any kind of cunning trick to detect standard layer2 switches along a path without stuff like STP?
Apparently there isn't. Lots of people mentioned other tools, the problem there is they have one thing in common which is polling SNMP. I think it scales badly in general.
What is your reasoning behind this claim? I would claim quite the opposite compared to CLI or TL1.
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path
I've written a cruddy script that given a seed bridge, scrapes L2 information obtained via CDP (I guess it could do LLDP, too) and does a breadth-first search through a network. Then I just dump that into gnuplot format. Getting the data is easy compared to visualization.
A coworker of mine has written script to ask Rapid-STP speaking switches about their current topology and builds a graph again in gnuplot format.
A more challenging approach would be to scrape the mac forwarding tables and stitch things together. This would have to be done per-vlan. I think this approach (or similar) might be done by Openview's L2 featureset.
Dale
-- Dale W. Carder - Network Engineer University of Wisconsin / WiscNet http://net.doit.wisc.edu/~dwcarder
Ah, sorry. Resurrected an old one there... ;-/ /jgk On 11/15/13 2:41 PM, John Kemp wrote:
I know Carlos did a bunch of work to build this into Netdot, i.e. discover L2, draw usable graphs.
Here's a link to the last NANOG presentation:
http://www.nanog.org/meetings/nanog49/presentations/Tuesday/Vicente-netdot-p...
John Kemp
On 10/15/08 7:18 PM, Dale W. Carder wrote:
On Oct 15, 2008, at 1:35 PM, Colin Alston wrote:
On 2008/10/15 06:29 PM Colin Alston wrote:
Is there any kind of cunning trick to detect standard layer2 switches along a path without stuff like STP?
Apparently there isn't. Lots of people mentioned other tools, the problem there is they have one thing in common which is polling SNMP. I think it scales badly in general.
What is your reasoning behind this claim? I would claim quite the opposite compared to CLI or TL1.
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path
I've written a cruddy script that given a seed bridge, scrapes L2 information obtained via CDP (I guess it could do LLDP, too) and does a breadth-first search through a network. Then I just dump that into gnuplot format. Getting the data is easy compared to visualization.
A coworker of mine has written script to ask Rapid-STP speaking switches about their current topology and builds a graph again in gnuplot format.
A more challenging approach would be to scrape the mac forwarding tables and stitch things together. This would have to be done per-vlan. I think this approach (or similar) might be done by Openview's L2 featureset.
Dale
-- Dale W. Carder - Network Engineer University of Wisconsin / WiscNet http://net.doit.wisc.edu/~dwcarder
participants (9)
-
Bill Woodcock
-
Brian Feeny
-
Colin Alston
-
Dale W. Carder
-
David W. Hankins
-
Holmes,David A
-
Ian Mason
-
John Kemp
-
Larry Sheldon