Networks including a number of domains (“layer 2 domains”) interconnected by routers, are known. Within each domain, traffic is forwarded based on MAC (Medium Access Control) addresses (or other data link layer addresses). The routers route traffic based on IP (Internet Protocol) addresses or other network layer addresses. To restrict network connectivity, a network administrator specifies connectivity groups each of which is a group of sub-networks that are allowed to communicate. The administrator also specifies which entities (MAC addresses, ports, or user names) belong to the same group. The entities may be in the same or different domains. A computer system automatically creates access control lists for routers to allow or deny traffic as specified by the administrator. The computer system also creates VLANs (Virtual Local Area Networks) to allow or deny traffic as specified, wherein each VLAN is part of a domain or is a whole domain. Connectivity within each domain is restricted by VLANs and connectivity between domains is restricted by access control lists.
A method and apparatus for determining accurate topology features of a network, including a monitoring system for determining accurate topology features of a network, and methods of operating the monitoring system, are known. In a known embodiment, the system creates an accurate topology map of a given network by: obtaining a list of managed network devices; identifying trunk ports, link channel ports, and trunk channel ports; identifying link port and node ports; determining connections between the ports; storing the collected information; and displaying the network topology. Methods are disclosed for identifying link and node ports. In the preferred method, information regarding the devices, including VLAN/backplane information, router ARP table information, device interface information, and physical address information for machines and devices connected to the network is obtained. Also, the ports and/or devices are logically grouped in order to provide more accurate topology information. Source address table timing information is obtained for each device, and a historical database of source table information is kept. Filters may then be utilized on the source address tables in order to provide more accurate topology results. Connections between nodes are also resolved by utilizing sorting methods. Alternative methods are also disclosed for identifying link ports and determining connections between nodes.
A method of determining computer network topologies that dramatically reduces the computational complexity and greatly increases the accuracy of connection determination, is known. The method involves classifying ports as either up or down. A source address table is compiled for each port of each data-relay device and each port is classified as either up or down. Up ports connect to other data-relay devices which report source address tables while down ports do not. After the classification, each source address in each up port table is replaced by the source address of the data-relay devices containing the down port whose table contains that source address. The tables of pairs of up ports are compared by intersection and minimal intersection defines the most probable connection for each up port. A variety of methods are used to remove invalid source addresses and the addresses of devices that have moved during the collection of the source address tables.
A method and apparatus for interrogating devices in a network are known, including a program suitable for interrogating, in a network, a selected device of a large number of possible devices in respect of at least one functionality of the device (e.g. topology or sizing), using a plurality of directories of elements, each element comprising a module of program code, each directory having a plurality of elements; wherein the program selects from at least one directory those elements which relate to the selected device and the desired functionality and utilizes the selected elements to interrogate the selected device.
A network supervising apparatus, a computer program, and a method of supervising a network, are known. The method includes applying an algorithm to information relating to the devices of the network to provide a stress value, comparing the stress value with a predetermined limit, retrieving graphic symbol signals from a signal store and providing the graphic symbol on a visual display apparatus when the stress value reaches the predetermined limit, manually selecting the graphic symbol and causing said visual display apparatus to provide an image indicating where the stress value has reached the predetermined limit.