Fluke Networks: One-Click Switched Network Vision
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Published: April 1, 2001
Fluke Networks
Applies to:
All Microsoft Visio 2002 Editions
All Microsoft Visio 2000 (SR1) Editions
All Microsoft Visio 5.0 Editions
Summary: Two step-by-step guides illustrate how Fluke Networks applies Microsoft Visio Automation technology to the automatic discovery and mapping of switched networks.
On This Page
Introduction
Visio Enabled Solution: LAN MapShot
Switched Network Discovery
Switched Network Mapping
Map Descriptions
Step-by-Step Guides: Applying LAN MapShot
Additional Information
Introduction
The recent growth of switched networks has outpaced the development of tools needed to provide vision into those networks. The lack of visibility into the flat switched network topology has resulted in reduced performance, elevated complexity, and increased strain on the IT professional.
This article discusses Fluke Networks application of Microsoft Visio Automation technology to the automatic discovery and mapping of switched networks. It introduces Fluke Networks LAN MapShot software and discusses how IT professionals can apply this technology to the discovery, mapping, trouble-shooting, and vision of their switched Ethernet networks. Two step-by-step guides illustrate how to obtain port level detail and trace port routes through switches.
The Switched Network Vision Problem
In switched networks, each switch's internal forwarding table contains entries for every other switch, server, router, printer, host, and managed hub it sees on the network. Since every switch can know of the existence of every other networked device, the hierarchy inherent in routed network architectures is absent in switched networks. This lack of hierarchy causes switched networks to be referred to as flat. These flat networks are difficult to document since the actual physical location of connected devices is hard to determine by just reviewing the switch forwarding tables. Furthermore, visiting equipment closets to note actual port connections is time consuming, tedious, and subject to error. To make matters worse, once the data is finally collected, it must then be translated into some meaningful map or report. Exasperation results when the map or report is complete, only to be rendered obsolete a few days later by constant network change.
Why Switched Network Vision Is Needed
The constant change in network topology increases the probability of failure, configuration error, and performance degradation. More than ever, there is a need to:
Troubleshoot effectively
Locate equipment
Communicate network design changes to colleagues
Plan for expansion
IT professionals managing switched networks require tools that are optimized for their particular needs, are easy to use, and yet produce fast, detailed, and reliable results.
Visio Enabled Solution: LAN MapShot
Fluke Networks has migrated its handheld network test instrument expertise to the Microsoft Windows desktop and partnered with Microsoft Visio to create LAN MapShot. This solution realizes powerful switched network vision by combining detailed discovery with exceptional ease of use.
IT personnel can now:
Discover switched networks with a single mouse click
Map switches, servers, routers, printers, hosts, and even hubs
View device connectivity down to slot:port level detail
Drill down from the broadcast domain to a single switch port
As shown in Figure 1, the LAN MapShot application interface is well laid out and easy to understand and use. When the Start Discovery button is pressed, the application begins looking for devices on the network. Once discovery is complete, a default map is drawn. You can then select any one of six different maps from the Network Maps drop-down menu.
.gif "Cc722544.1click01(en-us,TechNet.10).gif")
Figure 1: LAN MapShot main application interface
Works with Microsoft Visio
LAN MapShot utilizes the Automation interface in Visio to programmatically draw the results of its network discovery. While this solution should work with any version of Visio supporting the 5.0 Automation interface, Fluke Networks has tested and supports LAN MapShot with Microsoft Visio 2002, as well as the following Microsoft Visio 2000 (Service Release 1) English products:
Standard Edition
Technical Edition
Professional Edition
Enterprise Edition
Minimum System Requirements
Microsoft Visio 2000 English, Service Release 1 (SR1)
Microsoft Windows 2000, Windows NT version 4.0 (Service Pack 5 or later), Windows 98, or Windows Millennium Edition
Microsoft TCP/IP stack
Microsoft WinSock2
200 MHz Pentium class processor, IBM or compatible
64 MB RAM
150 MB virtual memory
100 MB hard disk space
Network Requirements and Limits
Ethernet TCP/IP switched network
10MB, 100MB, or 1GB speeds
50 switches (max per broadcast domain)
2000 nodes (max per broadcast domain)
Switched Network Discovery
Introduction
Several components are utilized in order to provide automatic network maps. First, the network needs to be discovered. Each network device needs to be identified by address, both Media Access Control (MAC) address and Internet Protocol (IP) address, by Domain Name Server (DNS) name if available, and possibly by network basic input/output system (NetBIOS) name. In addition, device capabilities and characteristics need to be identified to the extent possible. Second, the topology of the network needs to be determined. It is necessary to determine the connectivity of all discovered switches and to determine where the other discovered devices connect to the switches. Finally, it is necessary to utilize a drawing tool to present this information in a map.
Network Discovery
Network discovery is accomplished using both passive and active methods.
Passive Discovery
Passive discovery consists of observing the packets on the network. By analyzing the packets, it is possible to determine the addresses of nodes on the network. In addition, it is possible to infer more information about the nodes by analyzing the protocol headers of these packets. For example, if a Routing Information Protocol (RIP) routing update packet is detected on the network, it can be concluded that the source of the packet is a router.
There are some limitations associated with passive discovery that make it ineffective for consistent network discovery. First, there is no guarantee the packets observed during one period of time will be observed during a subsequent discovery period. Second, in a switched network, the packets observed will be limited to broadcast packets, multicast packets, and unicast packets that are transmitted or received by other devices on the same switch port. In other words, discovery will be limited to those devices on the network that transmit a broadcast or unicast packet during the discovery period, and to active devices connected to the same switch port as the discovery agent.
Active Discovery
In active discovery, the discovery agent systematically transmits request packets to stimulate nodes on the network to send a reply. This method is the primary method utilized by Fluke Networks network monitoring tools to discover the devices on a broadcast domain. Unique active discovery methods are utilized to discover IP, NetBIOS, and Internet Packet Exchange (IPX) devices on the network.
IP Device Discovery
Initially, a broadcast Internet Control Message Protocol (ICMP) echo request message is transmitted on the network. This is followed by a broadcast to the User Datagram Protocol (UDP) echo port. As ICMP and UDP echo, the discovery agent receives replies and the packets are parsed. The source IP address is extracted from each reply packet and added to a list of candidate nodes.
An Address Resolution Protocol (ARP) message is transmitted for each IP address in the list of candidate nodes. If a reply is received for an ARP, the MAC address is extracted from the ARP reply packet and added to the entry for that IP address in the node list. This technique typically will discover 70-80% of the IP nodes in a broadcast domain.
Another technique is used to discover more IP nodes. After all the candidate nodes have been validated as described above, additional ARP requests are transmitted to identify the other nodes.
Router and IP Server Discovery
Both active and passive techniques are used to identify which of the discovered nodes are routers and servers. Multicast or broadcast Open Shortest Path First (OSPF) and RIP router updates are received and parsed. The IP addresses are extracted and the appropriate IP nodes are marked as routers.
Discovering Node Detail
After IP nodes have been discovered and validated, attempts are made to discover additional information for each device. If a DNS server is available, a DNS name query is attempted on each IP address.
Another approach used to discover device detail is to converse with the node with a variety of Simple Network Management Protocol (SNMP) queries. The discovery agent retrieves the SNMP system group from the node, which contains system name, system description, device location, contact information, and system Object Identifier (sysOID). Additional queries are used to determine whether the device is a switch, printer, managed hub, or Remote Network Monitoring (RMON) device.
Information regarding the interfaces and ports on the device is determined by querying the interfaces through the device's Management Information Base (MIB). Number of interfaces, types of interfaces, interface speeds, interface state, Maximum Transmission Unit (MTU) size, and slot:port numbers are discovered on devices that have standard MIB-2 implementations.
Private MIBs
For some SNMP devices that have private MIB implementations, additional queries of tables in their private MIBs are utilized to determine interface and port detail.
Determining Switch and Device Connectivity
In a switched network environment, the topology of the network can be determined by querying the switch's bridge forwarding tables.
In a single switch environment, you can determine the devices that are connected to each switch port by retrieving the forwarding table. Unfortunately, in a multi-switch environment, determining the connectivity is a far more complex problem to solve.
.gif "Cc722544.1click02(en-us,TechNet.10).gif")
Figure 2: 3-switch network
For example, in the 3-switch network illustrated by Figure 2, a Host with MAC address 00ao12345678 is connected to Port 6 of Switch B. Also, Switch B is connected to Port 3 of Switch A and Switch A is connected to Port 7 of Switch C. In Switch B's forwarding table, there will be an entry for Host 1's MAC address showing it connected to Port 6. Also in Switch A's forwarding table, there will be an entry showing Host 1's MAC address on Port 3, and in Switch C's forwarding table, there will be an entry showing Host 1's MAC address on Port 7. This illustrates the fact that it is difficult to determine whether a device is connected to a specific port on a specific switch in a multi-switch environment by looking at a single switch. Fluke Networks network monitoring tools use a patented process to determine the switch topology and device connectivity of a network.
Discovering Non-IP Detail
The previous discussion describes the methods utilized to discover the IP devices on the network and to determine their IP characteristics. Additional information about the devices can be discovered using other protocols. NetWare and NetBIOS protocols can be used to discover information such as Novell server type, NetBIOS name, and server type.
The discovery agent broadcasts a series of IPX Service Advertising Protocol (SAP) discovery requests and Network Control Program (NCP) requests. Replies are analyzed to identify file servers, print servers, and Novell Directory Services (NDS) servers.
A variety of queries are utilized to discover NetBIOS names and server types. Any replies to these queries will provide the MAC address of the associated device, and possibly provide additional information regarding whether or not the device is a master browser, primary domain controller, or backup domain controller.
Switched Network Mapping
After discovery has completed, LAN MapShot launches Visio automatically and the default network map begins to draw. The correct page size and orientation is computed, and devices are added to the page in a layered, well-spaced layout. Both American National Standards Institute (ANSI) and International Standards Organization (ISO) page formats are available, and large format drawings up to ANSI 'E' and ISO 'A0' can be produced.
Devices are labeled with their Best Name and all associated IP addresses. For increased accuracy, any managed or unmanaged hubs needed to connect the devices are also drawn.
Device Connections
Devices are connected with lines of varying weight indicating the port speeds, from less than 10MB/sec to greater than 1GB/sec. Device connection links are labeled with their slot:port numbers, and any source/destination port speed mismatches are flagged on the suspect link.
Connectivity summaries are provided below each switch showing the number of directly connected servers, routers, switches, printers, and hubs. This information is useful for load balancing networks.
Drilling into Detail
Network details can be viewed by double-clicking on shapes in the network maps. A top-level view of the network is available by drawing a Broadcast Domain map. Double-clicking on the local broadcast domain shape in the map causes a Switch (Spanning Tree) Diagram to be automatically generated. Then, double-clicking on any switch in that map will generate a Single Switch Detail map. Any one of the following three Switch Detail maps can be drawn:
Routers, Servers, and Switches
Printers
Hosts
Each map shows discovered devices directly connected to the selected switch, including the slot:port number and port speed (as indicated by line thickness).
Adding Devices to a Map
Discovered devices can be automatically connected to the latest map. Selecting the Add Device to Map button will display a list of all discovered devices. Double-click any device in the list to add it to the map. The selected device is added to the last drawn map, annotated, and then automatically connected to the correct switch or hub (assuming the required switch exists in the diagram). This feature can be used to create visual trace switch routes between devices.
Note: Devices cannot be automatically added to a broadcast domains map.
Map Descriptions
The following network maps are provided:
Broadcast Domains
Switch (Spanning Tree) Diagram
Servers in a Switched Network
Routers in a Switched Network
Printers in a Switched Network
Fluke Tools in a Switched Network
Single Switch Detail Map
Broadcast Domains
The Broadcast Domains map details router connections between local and remote broadcast domains. The computer running LAN MapShot is always part of the local broadcast domain.
Note: A broadcast domain is the subset of a network that receives MAC layer broadcasts or multicast frames.
.gif "Cc722544.1click03(en-us,TechNet.10).gif")
Figure 3: Broadcast domains map
The map shows the following information:
Local broadcast domain
Discovered subnets in the local broadcast domain
All discovered routers on your network
Local IP addresses for each router
Remote broadcast domains
Discovered subnets in remote broadcast domains
Switch (Spanning Tree) Diagram
The Switch (Spanning Tree) Diagram map shows the interconnection of switches as determined by the switch forwarding tables.
.gif "Cc722544.1click04(en-us,TechNet.10).gif")
Figure 4: Switch (spanning tree) diagram map
The map shows the following information:
Switches on the network
Hubs needed to connect the switches
Connections between the switches
Speeds of the connections shown
Summary of the devices connected to each switch
Note: Spanning Tree does not in any way indicate the status of STP (Spanning Tree Protocol) on the network.
Note: The switch summary information (the box of information below each switch) is a count of the devices that are connected directly, or through a hub, to that switch.
Server Connections in a Switched Network
The Servers in a Switched Network map shows the interconnection of switches as determined by the switch forwarding tables, and shows all servers connected to each switch.
.gif "Cc722544.1click05(en-us,TechNet.10).gif")
Figure 5: Servers in a switched network map
The map shows the following information:
Switches on the network
Servers on the network
Hubs needed to connect the servers and switches
Connections between the servers and switches
Speeds of the connections shown
Router Connections in a Switched Network
The Routers in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all routers connected to each switch.
.gif "Cc722544.1click06(en-us,TechNet.10).gif")
Figure 6: Routers in a switched network map
The map shows the following information:
Switches on the network
Routers on the network
Hubs needed to connect the servers and switches
Connections between the servers and switches
Speeds of the connections shown
Printer Connections in a Switched Network
The Printers in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all printers connected to each switch.
.gif "Cc722544.1click07(en-us,TechNet.10).gif")
Figure 7: Printers in a switched network map
The map shows the following information:
Switches on the network
Printers on the network
Hubs needed to connect the printers and switches
Connections between the printers and switches
Speeds of the connections shown
Summary of the devices connected to each switch
Fluke Tool Connections in a Switched Network
The Fluke Tool Connections in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all Fluke Networks handheld tools connected to each switch.
.gif "Cc722544.1click08(en-us,TechNet.10).gif")
Figure 8: Fluke tool connections in a switched network
The map shows the following information:
Switches on the network
Fluke Networks handheld devices on the network
Hubs needed to connect the servers and switches
Connections between the servers and switches
Speeds of the connections shown
Single Switch Detail
The Single Switch Detail map focus on devices directly connected to a selected switch. Three views of the directly connected devices are available:
Routers, Switches, and Servers
Printers
Hosts
.gif "Cc722544.1click09(en-us,TechNet.10).gif")
Figure 9: Single switch detail map
The map shows the following information:
All the chosen device types (depending on the map selected) directly connected to the selected switch
Hubs needed to connect the selected devices and the switch
Connections between the devices and the switch
Speeds of the connections shown
Summary of the devices connected to each switch
SNMP information for the selected switch
Draw a Single Switch Detail map by double-clicking any switch in a previously drawn network map. Single Switch Detail maps are a bonus feature for registered LAN MapShot users.
Step-by-Step Guides: Applying LAN MapShot
The following step-by-step guides show how to apply LAN MapShot to create helpful views of a switched network. The first guide illustrates how to drill into port level detail, and the second guide shows how to trace port routes through switches.
Drilling into Port Level Detail
Start by creating a top-level view of the network by generating a Broadcast Domains map. On the Discover/Maps menu, select the Network Maps dialog box, then select Broadcast Domains from the drop-down list, and click Draw New Map.
.gif "Cc722544.1click10(en-us,TechNet.10).gif")
Figure 10: Generating a broadcast domains map
A few seconds later, a Broadcast Domains map is generated. Double-click the gray local Broadcast Domain shape to generate a Switch (Spanning Tree) Diagram of that local broadcast domain.
When the Switch (Spanning Tree) Diagram completes, double-click any switch of interest to bring up the single Switch Detail Diagram dialog box.
Select the type of single Switch Detail Diagram to create, and then click Draw Map.
.gif "Figure 11: Switch detail diagram dialog box")
Figure 11: Switch detail diagram dialog box
Repeat steps three and four for all switches of interest to complete the switch detail documentation.
Result: Routers, switches, and servers directly connected to switch "Barney" were drawn. Directly connected printers and host can be drawn in a similar fashion by double-clicking the switch shape and again choosing the type of single Switch Detail Diagram desired.
.gif "Cc722544.1click12(en-us,TechNet.10).gif")
Figure 12: Single switch detail (routers, switches, and servers)
.gif "Cc722544.1click10(en-us,TechNet.10).gif")
.gif "Cc722544.1click12(en-us,TechNet.10).gif")
Note: Zooming in reveals the map detail. Port connections are labeled and port speed is indicated by the connecting line thickness. Device name, IP address, and type are shown. Even connections via managed and unmanaged hubs are included. Use this information to create hierarchical views of a flat switched network.
Tracing Port Routes Through Switches
You can reach a remote device by selectively adding devices to a Switch (Spanning Tree) Diagram and viewing the port level route through the switches.
Start by creating a map of the network's switch "backbone." On the Discover/Maps menu, select the Network Maps dialog box, then select Switch (Spanning Tree) Diagram from the drop-down list, and click Draw New Map.
Note: The Add Device to Map button is grayed out until a map is drawn.
After the network's switch backbone is drawn, notice the Add Device to Map button is no longer grayed out. Click the Add Device to Map button to display a list of all discovered devices.
Select a device, then click the Add to Map button. Add as many devices as desired, and then click Close.
.gif "Figure 13: Adding network devices to your map")
Figure 13: Adding network devices to your map
Note: The device list may be sorted by name, IP address, or MAC address by simply clicking the column title bar. Also, the device list view may be filtered by device type (such as printers) using the Only Show button.
Result: Two devices were added to the starting Switch (Spanning Tree) Diagram - the host DHS and the server Lament.
.gif "Cc722544.1click14(en-us,TechNet.10).gif")
Figure 14: Switch (spanning tree) diagram with two devices added
.gif "Cc722544.1click14(en-us,TechNet.10).gif")
Note: The map shows the route from host DHS through four switches to server Lament. Use this information to isolate issues to the specific devices and ports involved. For example, this map reveals that access to Lament is limited to 10MB even though the other switch paths can run at up to 100MB speeds.
Conclusion
Utilizing active and passive discovery techniques and sophisticated analysis, LAN MapShot provides detailed (slot:port) connectivity vision into switched networks. When discovery completes, Fluke Networks utilizes Visio's Automation interface to automatically draw detailed, port level device connectivity maps from the network data.
Additional Information
Consult the Visio Developers Reference included in Microsoft Visio Help, or visit the links below for more code samples and automation tips:
https://www.microsoft.com/technet/prodtechnol/visio/default.mspx
https://msdn.microsoft.com/visio/
Visit Fluke Networks on the web at:
https://www.flukenetworks.com/fnet/en-us/
Tim Wittwer and Alan Delwiche are Senior Software Engineers at Fluke Networks, where they are key members of the LAN MapShot and Network Inspector development teams.
All product names mentioned in the LAN MapShot application reports are trademarks of their respective manufacturers. The network maps in this document were created using a laboratory test network, and any mention of a third party company or product does not imply nor suggest endorsement.