Hi all
I'm considering trying to come up with some means to automatically detect a networks topology and draw pretty pictures. This is somewhat boring though if a network isn't well arranged with VLANs and q-tag trunk routers and so on (It will just look like a big cloud of junk connected off an assumed switch).
Is there any kind of cunning trick to detect standard layer2 switches along a path without stuff like STP?
And another one, that I believe is a commercial product:
Whoa, quite a serious looking piece of software. Will check it out.
Was kinda hoping to write my own software though, but perhaps I can craftily learn something from it 
Apparently there isn't. Lots of people mentioned other tools, the problem there is they have one thing in common which is polling SNMP. I think it scales badly in general. I was hoping to find a more intelligent way of, I guess, doing an ARP/MAC based traceroute by checking LLC 802.2 headers or something. Yes, it might have been easier if I hoped for it to rain money
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path... Problem is I think even then the simple devices won't bother to support it.
Colin Alston wrote:
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path... Problem is I think even then the simple devices won't bother to support it.
I have been away from it for ma while and in truth don't know the answer--but--
To the best of my knowledge, "Layer two Switches" in fact operate as multi-port bridges.
If that is true, then they ought to be transmitting BDUs which should be detectable and used for mapping.
If the switches are all from the same manufacturer, there is a chance that the manufacture has a proprietary mapping tool.
If the switches are Cisco, then Cisco Works has a L2 STP forwarding path
graphical display which can be used in cases where the L3 path is a
logical abstraction overlaid on the underlying L2 topology.
Ahh, you are correct sir (as well as the off list responses :))
Found this rather quickly
http://www.geocities.com/milicsasa/Tools/l2trace/index.html
as well as
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/l2trace.pdf
Not sure why I didn't Google "layer 2 traceroute" before... Oh well, live and learn, and work shorter hours.
Thanks
If you have SNMP access pull:-
1) Is it a bridge or a router?
2) ARP Table
3) MAC forwarding table
4) Interfaces with MAC and IP addresses
5) Netmasks
from each such router or bridge in the network. Use the information from one to help you discover the
others recursively. Have a termination condition that stops this process walking off your network and
attempting to discover the whole Internet.
That's enough to figure out both logical and physical topology.
Without SNMP (or similar) access it's nigh impossible to figure out. If you only have access to a subset
of the routers and bridges in the network you MAY have enough to figure out the topology - 50% is enough
if it's the right 50%.
Ian
Apparently there isn't. Lots of people mentioned other tools, the problem
there is they have one thing in common which is polling SNMP. I think it
scales badly in general. I was hoping to find a more intelligent way of, I
I don't know what scaling parameters you're looking for. The tool
I wrote to recursively traverse Cisco CDP caches via SNMP, from ~7
seed routers, autodetected the interconnections of a ~100 node network
(back in 1998) in just seconds (I think it was 3, but that was ten
years ago).
Using SNMP.
It didn't strain our P90 it was running on, nor the network.
People often do SNMP wrong (one PDU per packet, single-threaded
transmitters, etc).
Maybe there should be something (I mean like, someone should come up with a
standard :P) to trace switches in a path... Problem is I think even then
the simple devices won't bother to support it.
Or if they do, they'll do it wrong. They can't even get ifDescr
right.
Is there any kind of cunning trick to detect standard layer2 switches along a path without stuff like STP?
Apparently there isn't. Lots of people mentioned other tools, the problem there is they have one thing in common which is polling SNMP. I think it scales badly in general.
What is your reasoning behind this claim? I would claim
quite the opposite compared to CLI or TL1.
Maybe there should be something (I mean like, someone should come up with a standard :P) to trace switches in a path
I've written a cruddy script that given a seed bridge, scrapes
L2 information obtained via CDP (I guess it could do LLDP, too)
and does a breadth-first search through a network. Then I just
dump that into gnuplot format. Getting the data is easy compared
to visualization.
A coworker of mine has written script to ask Rapid-STP speaking
switches about their current topology and builds a graph again
in gnuplot format.
A more challenging approach would be to scrape the mac forwarding
tables and stitch things together. This would have to be done
per-vlan. I think this approach (or similar) might be done by
Openview's L2 featureset.
Dale
I know Carlos did a bunch of work to build this
into Netdot, i.e. discover L2, draw usable graphs.
Here's a link to the last NANOG presentation:
http://www.nanog.org/meetings/nanog49/presentations/Tuesday/Vicente-netdot-presentation-nanog49.pdf
John Kemp
Ah, sorry. Resurrected an old one there...
;-/
/jgk