An Intelligent SelfLearning Algorithm for IP Network Topology Discovery

1
An Intelligent Self-Learning Algorithm for IP
Network Topology Discovery

• Presentation by
• Zohaib Najeeb
• Bachelors Student
• National University of Science and Technology
  (NUST), Pakistan
• At 14th IEEE Workshop on Local and Metropolitan
  Area Networks, LANMAN 2005
• September 19, 2005

2
Contents

• Introduction
• System Architecture
• Intelligent Algorithms for Generation of IP
  Ranges
• Network Element Interconnections
• Implementation and Evaluations

3
Introduction

• Network Topology refers to the characterization
  of the physical connectivity and the
  relationships that exist among entities in a
  communication network.

4
Introduction

• Importance
• Aids in analysis and visualization of networks
• Interpolation of new H/W in network
• Prerequisite to many critical network management
  tasks including
• Reactive and proactive resource management
• Server Settings
• Root-cause Analysis
• Grid Computing

5
Introduction..

• Objectives of the research work are to
• Discover network topology with minimum use of
  SNMP.
• Rely mainly on existing and widely deployed
  protocols ( e.g. ARP, ICMP and SNMP).
• Intelligent and efficient topology discovery
• 0 level user interaction.

6
The Problem

• Commercial network management tools have
  typically concentrated on either
• discovering layer-3 topology alone ignoring
  connectivity of layer-2 elements
• Totally SNMP based.

7
Our Proposition

• We propose an algorithm that requires
  installation of SNMP only on routers, switches
  and network printers, which usually take less
  portion of the network.

8
System Architecture
9
Active Probing Layer

• Chose a range of IP addresses that would have a
  higher probability of being assigned an IP
  address.

10
IP Generation Layer

• Read ARP cache of the gateway router to get list
  of IP addresses.
• Create a thread pool.
• Initiate all other layers so that they run in
  parallel.

11
Device Status Check Layer

• Ping the IP addresses recommended by the IP
  Generation and Active Probing Layer.
• Purpose
• Check status of device.
• Get IP to MAC mapping of the active hosts.
• Result
• IP to MAC address mapping entries will accumulate
  at the NMS.

12
IP to MAC Mapping Layer

• Store the IP to MAC mapping of the active hosts
  in a Data Structure.

13
Device Type Check Layer

• Checks the device type ( i.e. router, switch or
  printer)
• Send SNMP requests to the IP addresses stored in
  the IP to MAC data structure.
• The Data Store Fill Layer is responsible to store
  all the information in appropriate data strures.

14
Intelligent Algorithm for Generation of IP Ranges

• Not feasible to ping all possible IP addresses in
  a network. Class A address scheme will have more
  than 16 million addresses.
• So we propose an intelligent and efficient
  algorithm for generating a list of IP addresses
  having a high probability of being assigned to
  devices in the network.

15
Intelligent Algorithm for Generation of IP
Ranges.

• Steps
• Retrieve gateways ARP cache via SNMP
• Run FOD algorithm on each of these IP addresses
• Run TOEA algorithm on these IP addresses

16
Fourth Octet Discovery (FOD) Algorithm

• Searches for active hosts by changing values in
  the fourth octet of IP addresses.
• It scans the fourth octet in a way that would
  yield quick initial response.

17
10.10.25.93
10.10.25.94
10.10.25.114
.
X 20 L 10 S X N N 1,2,3
.
10.10.25.124
10.10.25.125
10.10.25.126
.
.
10.10.25.135
10.10.25.155
10.10.25.156
18
Third Octet Expeditious Analysis (TOEA) Algorithm

• Searches for active hosts by changing values in
  the third octet of IP addresses.

19
D 8 F 10 C 3
10.10.22.1
..10.10.22.10
10.10.22.32
.
.
10.10.24.32
10.10.24.1
10.10.24.10
10.10.25.125
10.10.26.1
10.10.26.10
10.10.24.32
.
.
10.10.28.1
..10.10.26.10
10.10.24.32
20
Completion Phase

• Ping all remaining possible IP addresses.

21
Multi-Subnet Discovery

• Query routers to get IP addresses of its
  interfaces along with their subnet masks.
• The IP Generation Layer will execute for all the
  subnets in the same manner.
• The only difference will be that IP to MAC
  mapping (ARP cache) will have to be acquired from
  the corresponding router via SNMP.

22
Network Element Interconnections

• Switch to Switch Connection
• Switch to Router Connection
• Switch to Host Connection
• Router to Router Connection

23
Switch to Switch Connections-DCT
D
W
B
Y
Switch 1
Switch 2
C
Z
S(S1) A,B,C,D Set of Ports of switch
1 S(S2) W,X,Y,Z Set of Ports of switch
2 MAC visible at Port W V(W) A,B,C,D MAC
visible at Port D V(D) W,X,Y,Z S(N)
A,B,C,D,W,X,Y,Z If ( V(D) Ú V(W) S(N) And
V(D) ? V(W) ø ) Then the Two Switches are
connected
24
Switch to Router Connection

• If the IP addresses of the switches are in the
  range of IP address of a router, then it will be
  considered that these switches are connected to
  that particular router.
• Also if MAC address of a router is in the AFT of
  a switch, then that switch is connected to the
  router.

25
Switch to Host Connection
Host Discovered
IP
MAC
IP
MAC
IP
MAC
Host Store
IP To Mac Mapping
Get Switch From SS
Matching Engine
26
Router to Router Connection

• Next Hop, Default Gateway and Trace Route
  information can help to determine Router to
  Router Connection.

27
Implementation and Evaluation

• System has been implemented and tested in the
  labs of NUST Institute of Information Technology,
  Pakistan.
• The results of 4 test cases are shown.

28
Comparison of 4 Test Cases
29
(No Transcript)
30
Summary

• Use ARP cache of router to start discovery. Then,
  using heuristics of network administrators,
  perform discovery more efficiently.
• Majority of discovery is done using widely
  deployed protocols like ICMP and ARP.
• SNMP installed only on routers, switches and
  printers.

31

• Q
• A

32
Screen Shots
Network Computer
Network Router
Network Switch
Network Printer
Port to MAC Mapping
33
Flow Diagram to Discover Network Devices
Resource Found
Service L2
A
No
Yes
Printer MIB
No
Host
Yes
Service L3
No
Layer 2 Switch
Yes
Network Printer
Yes
Forwarding ?
Switch MIB ?
Yes
Yes
L3 Switch
Printer
Host
No
At Switch L3
No
Router
start/stop
Service L7
At NMS
No
Router With No Routing
At Router
At Switch L2
A
34
(No Transcript)