This invention relates to the field of network analysis, and in particular to a method and system that discovers network devices automatically, using incremental and/or targeted techniques that improve the discovery process.
Maintaining an accurate inventory of devices in a network is a fundamental task for effective network management. In a small network, or a highly stable network, this task can be easily performed manually; but as changes are introduced, or the size of the network grows, it becomes increasingly difficult to determine the specific devices on the network, and how they are interconnected. Without an accurate inventory, routine network analysis tasks, such as the evaluation of proposed changes via simulation, creating dedicated network paths, diagnosing poor performance, and the like cannot reliably be performed.
Tools and techniques are commonly available to facilitate automatic discovery of network devices, typically based on the device's ability to respond to SNMP (Simple Network Management Protocol) queries, as well as queries using other protocols, such as ICMP (Internet Control Message Protocol), TELNET (Teletype Network), SSH (Secure Shell), and so on. For ease of understanding, the examples provided herein are based on SNMP capabilities, although the invention is not limited to SNMP-capable devices.
FIG. 1 illustrates a simplified example of a typical auto-discovery process. The auto-discovery process is typically initiated with a ‘seed’ list of devices 101 that are believed to be on the network. At 110, the first/next device in the list is read, and a series of queries is sent on the network to the device, at 120, until a response is received, or the series is exhausted. If, at 130, a response was received, the device is added to a list of discovered devices, at 140; otherwise, the device is added to a list of undiscovered devices, at 150. If the device is undiscovered, the next device on the list is subsequently processed, at 110.
When a device is discovered, it is queried for its capabilities, at 160, and based on these capabilities, other queries are sent to identify neighbors of the device, at 170. The new neighbors are added 180 to the list of devices 101 believed to be on the network, and these devices will subsequently be queried 120 to determine whether they are actually on the network (discovered—150), or not (undiscovered—140).
As can well be appreciated, the simplified example of FIG. 1 can be a never-ending process, as the search expands to neighbors of neighbors of neighbors, ad infinitum, and as the search identifies already processed devices as neighbors of their neighbors. Most, if not all, auto-discovery processes have means for terminating the auto-discovery process, limiting the scope of the neighbor discovery, and so on. Common auto-discovery programs maintain a list of previously-processed devices, and either avoid adding the device to the list 101 or avoiding the discovery process 120-150 if the device has previously been processed.
Preferably, the network administrator is provided the opportunity to create explicit lists for inclusion and/or exclusion based on the address of the device, the type of device, the vendor of the device, the protocol used, and so on. These lists may be enforced as each device is received from the list 101, or before each neighbor device is added to the list 101.
The scope of neighbor discovery process is also typically controlled by specifying a hop-limit relative to a specified device or set of devices, a hop being a logical connection between two devices, without an intervening logical device. Neighbors beyond the hop limit from the specified device are excluded from the list 101, or excluded from the discovery process 120-150.
Although avoiding duplicate processing and using inclusion/exclusion lists and hop limits substantially improves the performance of an auto discovery process, such a process can often require hours or days for medium to large scale networks, and the results are rarely complete. Often, when traffic demands are high, responses to SNMP queries are not sent, because providing a response to an SNMP query is typically given a fairly low priority among the tasks that a device is expected to perform. Thus, not every device on the undiscovered device list may, in fact, be absent from the network.
In like manner, the identification of each of a device's neighbors is also not a determinative process. In some cases, the search for a neighbor of a device includes using vendor-proprietary neighbor discovery protocols that ignore devices provided from other vendors. Similarly, neighbors identified in routing tables and the like may be based on stale or inaccurate information.
Repeatedly running the auto-discovery process will not necessarily improve the accuracy or completeness of the resultant discovered and undiscovered lists, as the causes of the errors, such as lack of response due to traffic demands, or the use of outdated information will vary over time, affecting different devices at different times.
It would be advantageous to be able to improve the accuracy and completeness of the results of the auto-discovery process. It would also be advantageous to be able to achieve this improvement in an efficient manner. It would also be advantageous to be able to customize the improvement process for different types of networks. It would also be advantageous to be able to target the discovery process to particular segments of a network.
These advantages, and others, can be realized by a method and system configured to improve the results of an auto-detection of network devices based on the causes of detection failures in preceding runs of the auto-detection process. As each device that is believed to be in the network is found to be undiscovered, the identification of the device and information regarding the cause(s) of non-discovery are stored. Prior to the next auto-detection run, one or more of the discovery parameters are modified, based on the causes associated with the undiscovered devices. The extent to which the discovery parameters are modified is preferably based on the apparent stability of the network, or upon the detection of changes to the network.
Throughout the drawings, the same reference numerals indicate similar or corresponding features or functions. The drawings are included for illustrative purposes and are not intended to limit the scope of the invention.