IP Topology Discovery

1
IP Topology Discovery
2

• J. Schonwalder H. Langendorfer, How to Keep
  Track of Your Network Configuration, Proceedings
  of the Seventh System Administration Conference
  (LISA 93), Monterey, California, November, 1993

3
Why do we need topology discovery tool?

• It a very lengthy and tedious task to enter all
  the network information into the editor
• It is a tedious task to to keep network maps
  current if the network topology changes
  frequently

4
Passive monitoring or active probing?

• Passive monitoring
• Put no additional load on the network itself
• It may take a long time gathering enough
  information to derive a complete picture of the
  network.
• Need to have monitoring devices attached to all
  subnetworks
• Active probing
• It is possible to minimize the time needed to get
  a complete map of the network
• One must be aware of the additional load your
  network must carry

5
Use SNMP or not?

• Using SNMP requires that most machines on your
  network are able to support SNMP
• Without using SNMP needs to analyze the
  acquired data
• This paper chooses NOT to use SNMP

6
Tools for gathering data

• Ping
• ICMP mask request/reply
• Traceroute
• DNS
• UDP

7
Identify multi-homed machines

• The Domain Name Service often contains records
  with the same name for each interface of a
  multi-homed host
• Some multi-homed devices respond to an incoming
  packet addressed to one of the remote interfaces
  with a packet containing the IP address of the
  incoming interface.

8
The algorithm

• General steps
• Send probing packets to gather data
• Data analysis

9
The algorithm data collection

• Determine IP addresses in use by sending ICMP
  echo request packets to every address of the
  given address space
• Trace the routes to all IP addresses discovered
  in step one
• Determine the network mask for each IP address
  using the ICMP mask request
• For every IP address, send an UDP packet to an
  unused port and save the source IP address
  contained in the port unreachable reply packet.

10
The algorithm data analysis

• 5. Identify networks and subnetworks.
• Identify networks -- Class A, B and C networks
  are easily recognized by examining the IP
  addresses.
• Identify subnetworks
• First collect all potential subnets based on the
  netmasks returned in step 3.
• Afterwards, check if the majority of all members
  of a potential subnet has reported a suitable
  netmask.

11
The algorithm data analysis

• Identify multi-homed machines based on the traces
  and the address contained in the port unreachable
  reply packet of step four.
• Comparing the Domain Names of the IP addresses
  gives additional hints to multi-homed machines
• Connect IP addresses to the networks identified
  during step five
• Gateways are connected based on the traces.
• Gateways often return a different IP address when
  being traced
• Therefore, the last hop of traces that end at a
  gateway machine is skipped

12
The algorithm data analysis

• Merge the IP addresses of multi-homed machines
• Draw the topology map

13
Sample map