Shulou(Shulou.com)06/01 Report--

With regard to network topology self-discovery, this technology is already a very old topic. As early as 2008, predecessors put forward relevant algorithms. According to the pitfalls of my predecessors, this article summarizes and condenses the method of using snmp protocol to complete network topology self-discovery, because snmp builds the corresponding mib library information according to rfc1213 standard. However, the way of collecting routing table, Mac and port forwarding table by using command cli will encounter the problem of adaptation of low-level commands in heterogeneous products. It will be a challenge for data formatting, data processing and data presentation. All right, let's not say much nonsense, so let's briefly analyze the process of topology discovery.

The main purpose of this function module is to realize the self-adaptation and self-discovery of network topology in network environment.

It is mainly divided into three parts:

Network layer topology discovery

Link layer topology discovery

Host layer topology discovery

Network topology discovery

The main purpose of network topology discovery is to obtain and maintain the existence information of network nodes and the connection relationship information between them, and draw the whole network topology diagram on this basis. Network managers quickly locate the fault nodes on the basis of the topology diagram.

Layer 2 network topology

The layer 2 network topology is the layer 2 network topology in the OSI reference model, which is called the link layer network topology. Network topology discovery is the basic work of network management. From the bottom, it is the connection between switches. Only the physical topology can accurately locate the faults in the network and accurately determine the performance and status of a location.

Layer 3 network topology

Layer 3 network topology is the third layer of the OSI reference model, which describes the connection relationship between routers and subnets.

OID

Object identification (Object identifier-OID) assigns a unique representation number to each object.

SNMP

SNMP is a standard protocol for managing network nodes in IP networks. SNMP enables network administrators to manage network performance, identify and resolve network problems, and plan network growth. By receiving random messages through SNMP, the network management system learns that there is a problem with the network.

Based on layer 2 / layer 3 network topology discovery (network layer and link layer topology discovery)

Step 1: generate a layer 3 network topology

This algorithm collects equipment information, which can be collected by SNMP or logging in to the device, and SNMP acquisition is preferred (table)

Lists the OID points where the required information is collected with SNMP). When the device does not support SNMP acquisition, log in to the device for collection.

Each entry in the routing table contains ipRouteDest, ipRouteIfIndex, ipRouteNextHop, ipRouteType, and ipRouteMask. Where ipRouteDest represents the destination address of the route, ipRouteMask represents the subnet mask of the routing destination address, bitwise ipRouteDest and ipRouteMask with the subnet in which the routing destination address can be obtained, ipRoutelflndex represents the index value of the routing local interface, and layer 3 devices forward IP packets with destination address ipRouteDest through this interface. IpRouteType indicates the type of route. When the value of the route type is 3 (direct), it means that the layer 3 device is directly connected to the subnet where the route destination address is located. When the route type value is 4 (indirect), it means that the layer 3 device is not directly connected to the subnet where the route destination address is located, but must go through the other layer 3 devices, that is, the ipRouteNextHop in the routing table. In this case, the layer 3 device is directly connected to the next hop layer 3 device through the local interface ipRoutelflndex.

Take the cisco 3750 (10.95.32.10) core switch as an example:

IpRouteDest OID

1.3.6.1.2.1.4.22 ARP table

1.3.6.1.2.1.4.20 IP address table

1.3.6.1.2.1.4.24 IP routing table

Each entry in the routing table contains ipRouteDest, ipRouteIfIndex, ipRouteNextHop, ipRouteType, and ipRouteMask. Where ipRouteDest represents the destination address of the route, ipRouteMask represents the subnet mask of the routing destination address, bitwise ipRouteDest and ipRouteMask with the subnet in which the routing destination address can be obtained, ipRoutelflndex represents the index value of the routing local interface, and layer 3 devices forward IP packets with destination address ipRouteDest through this interface. IpRouteType indicates the type of route. When the value of the route type is 3 (direct), it means that the layer 3 device is directly connected to the subnet where the route destination address is located. When the route type value is 4 (indirect), it means that the layer 3 device is not directly connected to the subnet where the route destination address is located, but must go through the other layer 3 devices, that is, the ipRouteNextHop in the routing table. In this case, the layer 3 device is directly connected to the next hop layer 3 device through the local interface ipRoutelflndex.

Step 2: generate a layer 2 link layer network topology

Through the first step, the layer 3 network topology is calculated, and all interfaces are divided into two categories:

Peer-to-peer network, the two interfaces are directly interconnected

Multipoint-to-multipoint network, with three layers in the same network segment, needs to be interconnected in this step.

Layer 2 network topology calculation, according to the MAC address of the device, the router checks the ARP table, the switch checks the MAC address

Based on the SNMP protocol algorithm to collect equipment information, you can collect through SNMP or log in to the device to collect, give priority to SNMP collection. When the device does not support SNMP acquisition, log in to the device for collection. Collect interface IP address, mask and other information of all devices:

Example API information collection:

[root@localhost] # snmpwalk-v 2c-c 1qazine WSX @ 100.100.100.1 1.3.6.1.1.31.1.1.1

IfName ifDescr ifOperStatus

In my real environment, the user accesses the network through the access switch, and the access switch is connected to the router through the aggregation switch, so if only one port in the address forwarding table of a switch contains the mac of other switches, then the switch must be the access switch and that port must be the uplink port. According to this condition, the switch can be divided into two groups: the access switch and the aggregation switch. the connection between the access switch and the aggregation switch can be judged first, and the comparison times can be reduced when judging the connection between the aggregation switch and the aggregation switch.

Through SNMP acquisition or login device acquisition, you can collect the ARP table of the router or the MAC address table of the switch. Get the following table, which means the MAC address of one device, which appears on an interface of another device, as shown below.

The direct connection relation table can be obtained from the equipment layer 2 connection relation table, which can be obtained by "removing the end method". Definition: "end device". In the device layer 2 connection relationship table, there is only one interface connected to other devices in the table, which is called "end device".

Theorem 2: in the device layer 2 connection table, if device An is an "end device", and an interface of device B is only connected to device A, not to other devices, then device B is directly connected to device A.

Flow chart of operation method:

Get the device layer 2 direct connection relation table

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.