Network topology discovery

1
Network topology discovery

• Ziyang Wang
• Zhongtang Cai

2
Overview

• Background
• Introduction
• Challenge
• solution
• Products
• General algorithm
• products

3
Introduction of Network Mapping

• When you moved to a new neighborhood, how do you
  find out the map of it?
• Walk /drive around
• Talk to your new neighbor
• Go to leasing office get a map
• Go to mapquest.com find out map around you
• More

4
Introduction of Network Mapping

• 2 basic step in mapping
• 1. Collection information
• 2. Understand the information and construct map.
• Leverage between availability and processing time

5
Collect Information

• Information source
• MIBs in router and gateways
• ICMP
• DNS

6
What information can we get from MIB-II?

• System group
• sysServices
• interfaces group
• ifNumber
• ifTable
• ip group
• ipAddrTable
• ipRouteTable
• ipNetToMediaTable

7
How to get topology information in MIB-II?

• System group
• sysServices if a network device provide layer 3
  service, it could be router.
• interfaces group
• ifNumber -total interface of the node
• ifTable
• ip group
• ipAddrTable -find all the IP address of a router
• ipRouteTable -find reachable subnet and
  directly connected subnet
• ipNetToMediaTable find network devices in a
  subnet

8
Availability and process time

• Data got from MIB is well processed, the process
  time small
• Although MIB II is widely implemented in current
  network environment, most of them are not open to
  public community.

9
What information can we get from ICMP?

• Messages in ICMP which is related to topology
  are
• 0/8 Echo Reply/request
• 3 Destination Unreachable
• 9/10 Advertisement/ Solicitation
• 11 Time Exceeded
• 15/16 Information Request/Reply
• 17/18 address mask request message/reply

10
How to get topology information from ICMP?

• 0/8 Echo Reply/request
• Using the message pair Echo Reply/request we
  build ping program to determine whether the
  device is alive or not.
• 3 Destination Unreachable, 11 Time Exceeded
• Using message 3, 11 we can build the traceroute
  program to get the pass between 2 nodes.

11
How to get topology information from ICMP?

• 9/10 Advertisement/ Solicitation
• use Advertisement/ Solicitation we can determine
  the default router for local network.
• 17/18 address mask request message/reply
• Use the mask request/reply we can get the network
  mask, and combined with IP we can know the
  subnetID of the device.

12
Availability and process time

• ICMP is integrated with IP, so any place have IP
  it will also have ICMP. But no all the ICMP
  message will be implemented.
• Most are indirect information about topology.

13
Challenge

• All the information source are not completely
  reliable
• Not all the MIB II information is accessible to
  us. For security reason, accessibility limited to
  special community
• Not all the ICMP message is implemented.
• 1. Echo message is always implemented.
• 2. Time exceed message is widely implemented but
  not always.
• 3. Advertisement/ Solicitation only
  implemented in few routers.
• 4. address mask is implemented in some host
  

14
Challenge

• Information got from the source are mainly layer
  3 information, but layer 2 is the real physical
  connection of network
• In the groups MIB II have, IP group, TCP group,
  UDP group they are all group above layer 3.
• ICMP protocol, itself is a layer 3 protocol, so
  no layer 2 information can get from ICMP.
• Layer 2 elements are completely transparent in
  the layer 3 protocol.

15
Solution

• Add the vendor-specific extensions to SNMP MIBs
• this partially solved the layer 2 problem. But
  it make the availability problem more serious.
• Vendor specific MIB will meet problem in
  heterogeneous network

16
Strategy

• Minimal assumption of availability.
• Optimize the using of information.
• So we will try to query information source with
  priority
• Current priority
• vendor specific MIB
• MIB II
• ICMP

17
Project Octopus

• S. Keshav and Rosen Sharma, Cornell.
• Domain Topology Discovery
• -Determine the topology of a network within the
  domain.
• Backbone Topology Discovery
• -Determine the topology of the backbone
  network. Currently work is being done to
  determine the Internet backbone's topology.
• Network Statistics Discovery
• -Determine some statistics about a link or a
  router such as link bandwith, queuing delay,
  propogation delay, etc.

18
Domain Topology Discovery Algorithms

• To discover the topology of an existing network
  given little or no information.
• Four algorithms that determine network topology.
• All of them have the same general strategy
• Come up with a temporary set of hosts in the
  network that may or may not exist
• Go through each host and determine whether they
  really do exist. If they exist
• Add to permanent set.
• Use some heuristics on those hosts to find more
  hosts which are added to the temporary set. Go
  back to step 1.

19
Project Octopus-Domain Topology Discovery

• -Output the topology in the same hierarchical
  format
• List of hosts
• Name information
• SNMP information
• List of routers
• Name information
• SNMP information (route table, etc.)
• List of subnets
• Net mask
• List of hosts and routers within the subnet.

20
Algorithms
Temporary Set
Heuristic
Permanent Set
21
Algorithm 1
DNS ls
DNS ls is a simple query to a name server that
returns a list of all the hosts it thinks is in a
domain
Ping is when you send a special packet sent to a
machine. If it is alive, it will send a response
ping
Permanent Set
Broadcast ping is a ping packet addressed to an
entire subnetwork. All hosts on that network
should reply to the message
Broadcast Ping
22
Algorithm 1 Analysis

• Strengths
• Relatively weak assumptions
• Weaknesses
• It is quite slow. Subnet guessing for each host
  is quite expensive in time.
• Ping broadcast is not supported in many domains

23
Project Octopus-Domain Topology Discovery
Figures out default router of machine algorithm
is run
Algorithm 2
Ping hosts and add to permanent set
ping
Permanent Set
SNMP allows us to talk to a machine and ask it
about connected routers and hosts.
SNMP Query
24
Project Octopus-Domain Topology Discovery

• -Algorithm 2
• SNMP Algorithm
• -Find the default router of the host the
  algorithm is running on first.
• -From there it issues SNMP queries to determine
  routers and hosts the default router is connected
  to.
• -The algorithm recursively goes through all the
  routers and hosts until it reaches a host that is
  outside the domain specified.
• Benefit Can find other network information such
  as packets dropped, link bandwidth, utilization,
  etc.
• However, the network must support SNMP.

25
Project Octopus-Domain Topology Discovery

• Algorithm 2 Analysis
• Strengths
• Returns the most information
• Fast
• Quite simple
• Weaknesses
• Has the strongest assumption of all of the
  algorithms. Many domains restrict access to SNMP
  due to security reasons.

26
Project Octopus-Domain Topology Discovery

• -Algorithm 3
• Random Guess Traceroute Probing Algorithm
• No DNS ls requirement in that it uses random
  guessing to find IP addresses
• Then traceroutes These IP addresses. Probing is
  used to find further IP addresses in the subnet.
  This way, it can get most of the routers and some
  hosts within an IP range.

27
Project Octopus-Domain Topology Discovery

• -Algorithm 4
• Ping Broadcast Subnet Guessing Algorithm
• This algorithm is a way to find out the subnet
  given a host within the subnet and ability to
  perform at least weak ping broadcast.
• Define strong ping broadcast support as if a ping
  broadcast is sent to a subnet, then all hosts
  within the subnet respond. In weak ping
  broadcast, only the router responds.
• First assuming that the subnet mask length is 31
  bits long.
• Then broadcast address is broadcast and replies
  are recorded.
• If replies set is not empty, then the broadcast
  was a valid broadcast and thus the subnet is
  correct (note if only weak broadcast is
  supported, the two replies would be the ones of
  the same router).
• Otherwise, try guessing with a 30 bit net mask
  (and so on). 

28
Project Octopus-Domain Topology Discovery

• -Algorithm Status
• These algorithms have been run on the following
  networks
• CUCS Network (Cornell Computer Science
  Department)
• Cornell Network
• Berkeley Network
• Stanford Network
• The CUCS Network supported all of the algorithms
  above.
• The Cornell Network did not support Ping
  Broadcast (only traceroute and SNMP algorithms
  worked).
• The Stanford Network did not support strong
  broadcast nor DNS ls but allowed weak broadcast
  and traceroute.

29
Project Octopus-Backbone Topology Discovery

• Probe points constantly run traceroutes (probes)
  to various nodes in the network and send the data
  (via UDP) to the master.
• The backbone master then compiles the information
  and occasionally sends feedback to the probe
  points for more information on a particular node
  or link.
• If information about a particular domain is
  needed, the Domain Master finds the proble with
  the fewest hops to a domain and tells it to
  initiate a domain probe on that particular
  domain. The results are streamed back to the
  Domain Master and into the file system. The
  Domain Master is an independent part of the
  discovery engine.

 
 
 
30
Project Octopus-Backbone Topology Discovery

• Backbone topology discovery
• The general idea is to traceroute to as many
  domains as possible and find all the intermediary
  links and routers.
• This method should return most of the routing
  nodes in the backbone, and all of the important
  ones.
• However some intermediary and redundant links may
  not be found.
• The middle node may be used by Domain A to
  contact Domain B will not be found.

 
 
 
31
CISCO - NETWORK CONNECTIVITY MONITOR
 
 
 
32
CISCO - NETWORK CONNECTIVITY MONITOR

• The Discovery Process
• The discovery process creates a representation of
  a network topology within the domain manager's
  repository.
• Data is collected by SNMP
• NCM domain manager uses both standard and
  proprietary MIBs to probe a device and determine
  its connectivity and components.

 
 
 
33
Peregrine Systems, Inc. -InfraTools Network
Discovery

• InfraTools Network Discovery
• provides a real-time, fully web-based network
  discovery, mapping and management solution for
  the enterprise.
• Key capabilities
• Complete View of Networked Assets, Automatically
  Detecting Moves and Changes
• Real-Time View of the Infrastructure
• Root Cause Diagnosis
• Predictive Analysis
• Business Intelligence
• Some awards
• Network Computings 2001 Well-Connected Award
  (Enterprise Network Management Systems)
• Network Computings Editors Choice award
  (network management software)InfraTools  
• NetworldInterOps Best of Show (May 2000)

 
 
 
34
Doxpara Research-Paketto Keiretsu Advanced
TCP/IP Toolkit

• Paketto Keiretsu is a collection of tools that
  use new and unusual strategies for manipulating
  TCP/IP networks.
• It includes Scanrand, an unusually fast network
  service and topology discovery system
• Quick scan of local network bash-2.05a
  scanrand 10.0.1.1-254quick
• UP 10.0.1.3880 01 0.003s
• UP 10.0.1.110443 01 0.017s
• UP 10.0.1.254443 01 0.021s
• UP 10.0.1.57445 01 0.024s
• UP 10.0.1.59445 01 0.024s
• UP 10.0.1.3822 01 0.047s
• ...

 
 
 
35
Questions?
 
 
 
...