Visio Enabled Solution: One-Click Switched Network Vision

Visio Enabled Solution: One-Click Switched Network Vision

Alan Delwiche, Senior Software Engineer March 2001

Applies to:

All Microsoft Visio 2002 Editions All Microsoft Visio 2000 (SR1) Editions All Microsoft Visio 5.0 Editions

Summary: Two step-by-step guides illustrate how Fluke Networks applies Microsoft Visio Automation

technology to the automatic discovery and mapping of switched networks.

Introduction

The recent growth of switched networks has outpaced the development of tools needed to provide vision into those networks. The lack of visibility into the flat switched network topology has resulted in reduced performance, elevated complexity, and increased strain on the IT professional.

This article discusses Fluke Networks application of Microsoft® Visio® Automation technology to the automatic discovery and mapping of switched networks. It introduces Fluke Networks LAN MapShot software and discusses how IT professionals can apply this technology to the discovery, mapping, trouble-shooting, and vision of their switched Ethernet networks. Two step-by-step guides illustrate how to obtain port level detail and trace port routes through switches.

The Switched Network Vision Problem

Why Switched Network Vision Is Needed

The constant change in network topology increases the probability of failure, configuration error, and performance degradation. More than ever, there is a need to:

• Troubleshoot effectively • Locate equipment

• Communicate network design changes to colleagues • Plan for expansion

IT professionals managing switched networks require tools that are optimized for their particular needs, are easy to use, and yet produce fast, detailed, and reliable results.

Visio Enabled Solution: LAN MapShot

Fluke Networks has migrated its handheld network test instrument expertise to the Microsoft Windows desktop and partnered with Microsoft Visio to create LAN MapShot. This solution realizes powerful switched network vision by combining exceptional ease of use with detailed discovery.

IT personnel can now:

• Discover switched networks with a single mouse click

• Map switches, servers, routers, printers, hosts, and even hubs • View device connectivity down to slot:port level detail • Drill down from the broadcast domain to a single switch port

As shown in Figure 1, the LAN MapShot application interface is well laid out and easy to understand and use. When the Start Discovery button is pressed, the application begins looking for devices on the network. Once discovery is complete, a default map is drawn. You can then select any one of six different maps from the Network Maps drop-down menu.

Works with Microsoft Visio

LAN MapShot utilizes the Automation interface in Visio to programmatically draw the results of its network discovery. While this solution should work with any version of Visio supporting the 5.0

Automation interface, Fluke Networks has tested and supports LAN MapShot with Microsoft Visio 2002, as well as the following Microsoft Visio 2000 (Service Release 1) English products:

• Standard Edition • Technical Edition • Professional Edition • Enterprise Edition

Minimum System Requirements

• Microsoft Visio 2000 English, Service Release 1 (SR1)

• Microsoft Windows® 2000, Windows NT® version 4.0 (Service Pack 5 or later), Windows® 98, or Windows® Millennium Edition

• Microsoft TCP/IP stack • Microsoft WinSock2

• 200 MHz Pentium class processor, IBM or compatible • 64 MB RAM

• 150 MB virtual memory • 100 MB hard disk space

Network Requirements and Limits

• Ethernet TCP/IP switched network • 10MB, 100MB, or 1GB speeds

Switched Network Discovery

Introduction

Several components are utilized in order to provide automatic network maps. First, the network needs to be discovered. Each network device needs to be identified by address, both Media Access Control (MAC) address and Internet Protocol (IP) address, by Domain Name Server (DNS) name if available, and possibly by network basic input/output system (NetBIOS) name. In addition, device capabilities and

characteristics need to be identified to the extent possible. Second, the topology of the network needs to be determined. It is necessary to determine the connectivity of all discovered switches and to

determine where the other discovered devices connect to the switches. Finally, it is necessary to utilize a drawing tool to present this information in a map.

Network Discovery

Network discovery is accomplished using both passive and active methods.

Passive Discovery

Passive discovery consists of observing the packets on the network. By analyzing the packets, it is possible to determine the addresses of nodes on the network. In addition, it is possible to infer

additional information regarding what type of nodes they are by analyzing the protocol headers of these packets. For example, if a Routing Information Protocol (RIP) routing update packet is detected on the network, it can be concluded that the source of the packet is a router.

There are some limitations associated with passive discovery that make it ineffective for consistent network discovery. First, there is no guarantee the packets observed during one period of time will be observed during a subsequent discovery period. Second, in a switched network, the packets observed will be limited to broadcast packets, multicast packets, and unicast packets that are transmitted or received by other devices on the same switch port. In other words, discovery will be limited to those devices on the network that transmit a broadcast or unicast packet during the discovery period, and to active devices connected to the same switch port as the discovery agent.

Active Discovery

IP Device Discovery

Initially, a broadcast Internet Control Message Protocol (ICMP) echo request message is transmitted on the network. This is followed by a broadcast to the User Datagram Protocol (UDP) echo port. As ICMP and UDP echo, the discovery agent receives replies and the packets are parsed. The source IP address is extracted from each reply packet and added to a list of candidate nodes.

An Address Resolution Protocol (ARP) message is transmitted for each IP address in the list of candidate nodes. If a reply is received for an ARP, the MAC address is extracted from the ARP reply packet and added to the entry for that IP address in the node list. This technique typically will discover 70-80% of the IP nodes in a broadcast domain.

Another technique is used to discover more IP nodes. After all the candidate nodes have been validated as described above, additional ARP requests are transmitted to identify the other nodes.

Router and IP Server Discovery

Both active and passive techniques are used to identify which of the discovered nodes are routers and servers. Multicast or broadcast Open Shortest Path First (OSPF) and RIP router updates are received and parsed. The IP addresses are extracted and the appropriate IP nodes are marked as routers.

Discovering Node Detail

After IP nodes have been discovered and validated, attempts are made to discover additional information for each device. If a DNS server is available, a DNS name query is attempted on each IP address.

Another approach used to discover device detail is to converse with the node with a variety of Simple Network Management Protocol (SNMP) queries. The discovery agent retrieves the SNMP system group from the node, which contains system name, system description, device location, contact information, and system Object Identifier (sysOID). Additional queries are used to determine whether the device is a switch, printer, managed hub, or Remote Network Monitoring (RMON) device.

Information regarding the interfaces and ports on the device is determined by querying the interfaces through the device’s Management Information Base (MIB). Number of interfaces, types of interfaces, interface speeds, interface state, Maximum Transmission Unit (MTU) size, and slot:port numbers are discovered on devices that have standard MIB-2 implementations.

Private MIBs

Determining Switch and Device Connectivity

In a switched network environment, the topology of the network can be determined by querying the switch’s bridge forwarding tables.

Figure 2. 3-switch network

In a single switch environment, you can determine the devices that are connected to each switch port by retrieving the forwarding table. Unfortunately, in a multi-switch environment, determining the

connectivity is a far more complex problem to solve.

For example, in the 3-switch network illustrated by Figure 2, a Host with MAC address 00ao12345678 is connected to Port 6 of Switch B. Also, Switch B is connected to Port 3 of Switch A and Switch A is connected to Port 7 of Switch C. In Switch B’s forwarding table, there will be an entry for Host 1’s MAC address showing it connected to Port 6. Also in Switch A’s forwarding table, there will be an entry showing Host 1’s MAC address on Port 3, and in Switch C’s forwarding table, there will be an entry showing Host 1’s MAC address on Port 7. This illustrates the fact that it is difficult to determine whether a device is connected to a specific port on a specific switch in a multi-switch environment by looking at a single switch. Fluke Networks network monitoring tools use a patented process to determine the switch topology and device connectivity of a network.

Discovering Non-IP Detail

The previous discussion describes the methods utilized to discover the IP devices on the network and to determine their IP characteristics. Additional information about the devices can be discovered using other protocols. NetWare and NetBIOS protocols can be used to discover information such as Novell server type, NetBIOS name, and server type.

A variety of queries are utilized to discover NetBIOS names and server types. Any replies to these queries will provide the MAC address of the associated device, and possibly provide additional information regarding whether or not the device is a master browser, primary domain controller, or backup domain controller.

Switched Network Mapping

After discovery has completed, LAN MapShot launches Visio automatically and the default network map begins to draw. The correct page size and orientation is computed, and devices are added to the page in a layered, well-spaced layout. Both American National Standards Institute (ANSI) and International Standards Organization (ISO) page formats are available, and large format drawings up to ANSI ‘E’ and ISO ‘A0’ can be produced.

Devices are labeled with their Best Name and all associated IP addresses. For increased accuracy, any managed or unmanaged hubs needed to connect the devices are also drawn.

Device Connections

Devices are connected with lines of varying weight indicating the port speeds, from less than 10MB/sec to greater than 1GB/sec. Device connection links are labeled with their slot:port numbers, and any source/destination port speed mismatches are flagged on the suspect link.

Connectivity summaries are provided below each switch showing the number of directly connected servers, routers, switches, printers, and hubs. This information is useful for load balancing networks.

Drilling into Detail

Network details can be viewed by double-clicking on shapes in the network maps. A top-level view of the network is available by drawing a Broadcast Domain map. Double-clicking on the local broadcast domain shape in the map causes a Switch (Spanning Tree) Diagram to be automatically generated. Then, double-clicking on any switch in that map will generate a Single Switch Detail map. Any one of the following three Switch Detail maps can be drawn:

• Routers, Servers, and Switches • Printers

• Hosts

Each map shows discovered devices directly connected to the selected switch, including the slot:port number and port speed (as indicated by line thickness).

Adding Devices to a Map

Discovered devices can be automatically connected to the latest map. Selecting the Add Device… to Map button will display a list of all discovered devices. Double-click any device in the list to add it to the map. The selected device is added to the last drawn map, annotated, and then automatically connected to the correct switch or hub (assuming the required switch exists in the diagram). This feature can be used to create visual trace switch routes between devices.

Map Descriptions

The following network maps are provided: • Broadcast Domains

Broadcast Domains

The Broadcast Domains map details router connections between local and remote broadcast domains. The computer running LAN MapShot is always part of the local broadcast domain.

Note A broadcast domain is the subset of a network that receives MAC layer broadcasts or

multicast frames.

Figure 3. Broadcast domains map

The map shows the following information: • Local broadcast domain

• Discovered subnets in the local broadcast domain • All discovered routers on your network

• Local IP addresses for each router • Remote broadcast domains

Switch (Spanning Tree) Diagram

The Switch (Spanning Tree) Diagram map shows the interconnection of switches as determined by the switch forwarding tables.

Figure 4. Switch (spanning tree) diagram map

The map shows the following information: • Switches on the network

• Hubs needed to connect the switches • Connections between the switches • Speeds of the connections shown

• Summary of the devices connected to each switch

Server Connections in a Switched Network

The Servers in a Switched Network map shows the interconnection of switches as determined by the switch forwarding tables, and shows all servers connected to each switch.

Figure 5. Servers in a switched network map

The map shows the following information: • Switches on the network

• Servers on the network

• Hubs needed to connect the servers and switches • Connections between the servers and switches • Speeds of the connections shown

Router Connections in a Switched Network

Figure 6. Routers in a switched network map

The map shows the following information: • Switches on the network

• Routers on the network

Printer Connections in a Switched Network

The Printers in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all printers connected to each switch.

Figure 7. Printers in a switched network map

The map shows the following information: • Switches on the network

• Printers on the network

• Hubs needed to connect the printers and switches • Connections between the printers and switches • Speeds of the connections shown

Fluke Tool Connections in a Switched Network

The Fluke Tool Connections in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all Fluke Networks handheld tools connected to each switch.

Figure 8. Fluke tool connections in a switched network

The map shows the following information: • Switches on the network

Single Switch Detail

The Single Switch Detail map focus on devices directly connected to a selected switch. Three views of the directly connected devices are available:

• Routers, Switches, and Servers • Printers

• Hosts

Figure 9. Single switch detail map

The map shows the following information:

• All the chosen device types (depending on the map selected) directly connected to the selected switch

• Hubs needed to connect the selected devices and the switch • Connections between the devices and the switch

• Speeds of the connections shown

• Summary of the devices connected to each switch • SNMP information for the selected switch

Step-by-Step Guides: Applying LAN MapShot

The following step-by-step guides show how to apply LAN MapShot to create helpful views of a switched network. The first guide illustrates how to drill into port level detail, and the second guide shows how to trace port routes through switches.

Drilling into Port Level Detail

1. Start by creating a top-level view of the network by generating a Broadcast Domains map. On the

Discover/Maps menu, select the Network Maps dialog box, then select Broadcast Domains from the

drop-down list, and click Draw New Map.

Figure 10. Generating a broadcast domains map

2. A few seconds later, a Broadcast Domains map is generated. Double-click the gray local Broadcast

Domain shape to generate a Switch (Spanning Tree) Diagram of that local broadcast domain.

3. When the Switch (Spanning Tree) Diagram completes, double-click any switch of interest to bring up the single Switch Detail Diagram dialog box.

Figure 12. Switch (spanning tree) diagram

4. Select the type of single Switch Detail Diagram to create, and then click Draw Map.

Figure 13. Switch Detail Diagram

5. Repeat steps three and four for all switches of interest to complete the switch detail documentation.

Figure 14. Single switch detail (routers, switches, and servers)

Note Zooming in reveals the map detail. Port connections are labeled and port speed is

indicated by the connecting line thickness. Device name, IP address, and type are shown. Even connections via managed and unmanaged hubs are included. Use this information to create hierarchical views of a flat switched network.

Tracing Port Routes Through Switches

You can reach a remote device by selectively adding devices to a Switch (Spanning Tree) Diagram and viewing the port level route through the switches.

1. Start by creating a map of the network’s switch “backbone.” On the Discover/Maps menu, select the

Network Maps dialog box, then select Switch (Spanning Tree) Diagram from the drop-down list,

and click Draw New Map.

Figure 15. Creating a map of the network’s switch backbone

2. After the network’s switch backbone is drawn, notice the Add Device to Map button is no longer grayed out. Click the Add Device to Map button to display a list of all discovered devices.

Figure 16. Adding a device to Switch (Spanning Tree) Diagram map

3. Select a device, then click the Add to Map button. Add as many devices as desired, and then click

Close.

Figure 17. Adding network devices

Note The device list may be sorted by name, IP address, or MAC address by simply clicking the

column title bar. Also, the device list view may be filtered by device type (such as printers) using the Only Show button.

Figure 18. Switch (spanning tree) diagram with two devices added

Note The map shows the route from host DHS through four switches to server Lament. Use this

Conclusion

Utilizing active and passive discovery techniques and sophisticated analysis, LAN MapShot provides detailed (slot:port) connectivity vision into switched networks. When discovery completes, Fluke Networks utilizes Visio’s Automation interface to automatically draw detailed, port level device connectivity maps from the network data.

For More Information

Consult the Visio Developers Reference included in Microsoft Visio Help, or visit the links below for more code samples and automation tips:

http://www.microsoft.com/technet/visio/ http://msdn.microsoft.com/visio/ Visit Fluke Networks on the web at: http://www.FlukeNetworks.com/MapShot