The present invention generally relates to the management of network systems, and more specifically to determining a physical topology of network devices in a network.
A computer network generally includes a number of devices, including switches, routers and hubs, connected so as to allow communication among the devices. The devices within a network are often categorized into two classes: end stations such as workstations, desktop PCs, printers, servers, hosts, fax machines, and devices that primarily supply or consume information; and network devices such as gateways, switches and routers that primarily forward information between the other devices.
Network devices ordinarily operate on a continuous basis. Each device has one or more circuit boards, a microprocessor and a memory, and runs a control program. In general, networks often include several different types of data switching and routing devices. These network devices may have different physical characteristics. New devices, with characteristics that are presently unknown, are constantly being developed. In addition, the characteristics of many network devices may change over time. For example, characteristics of the network devices change when subsystems like boards, network interface modules, and other parts are added or removed from a device.
Many networks are managed, supervised and maintained by a network administrator or network manager. To properly maintain a network, the network administrator needs to have up-to-date information available about the devices in the network and how the devices are interconnected. The OSI network reference model is useful in classifying network management information. Information about what devices are in the network is generally called Layer 3 information, and information about how the devices are physically connected within the network is called Layer 2 information. In combination, this information may be used to by the network administrator to understand the physical topology of the network. The topology is a mapping that indicates the type of devices that are currently included in the network and how the interfaces of these devices are physically linked.
In addition, as an enterprise grows, a network administrator may be required to add new devices to a network or to upgrade devices in the network. To determine how and where to add or upgrade a particular device, the administrator needs to have a clear understanding of the topology of the network.
Different types of network management systems, such as OpenView, commercially available from Hewlett Packard Company of Palo Alto, Calif., may be used to identify the devices that are contained in a particular network in a limited way. In the past, constructing a network topology using automatic methods or means has been awkward or produces incomplete or inaccurate information.
For example, FIG. 1 illustrates an example of the type of graphical display of a network topology that may be produced on a computer display using a network management software program such as OpenView. In this example, graphical view 100 includes a graphical display of devices contained in three (3) separate networks 102, 104, 106, based only on Layer 3 information that has been acquired from the networks. Thus, based on the graphical view 100, the network administrator can identify which devices are connected to which networks.
However, a drawback with this type of network management system is that it shows logical connections of network devices, but not physical connection information. It logically identifies to which network a particular device is linked, based on Layer 3 information, but it does not indicate how individual devices are physically linked together, based on Layer 2 information. Thus, an administrator cannot determine the actual interface links or physical connectivity of each of the devices. This information may be critical in determining how the network can be expanded or upgraded, or in troubleshooting.
Although FIG. 1 illustrates a simple network environment, large enterprises may have thousands of network devices. In a large enterprise network, the foregoing problems become acute.
To address these problems, certain proprietary discovery protocols have been developed to help identify how the interfaces of each device is physically linked within a network, based on Layer 2 information. For example, the Cisco Discovery Protocol (xe2x80x9cCDPxe2x80x9d), which is used in products that are commercially available from Cisco Systems, Inc., is a low-level communication protocol that can help identify how devices are linked in a network. When a device supporting CDP sends a message to another device, the message includes a packet that contains its IP address and an interface descriptor. The interface descriptor represents the logical name of the port from which the message was sent. If the receiving device also supports CDP, the information is recorded at the receiving device and in certain cases may be used to determine how two devices are physically connected.
FIG. 2A illustrates a network 200 that includes devices 202 and 204, each supporting CDP. As illustrated, device 202 includes IP address 206, a CDP record 210 and ports 214, 216. Respectively associated with port 214 and port 216 are logical names 224, 228. Device 204 includes IP address 208, a CDP record 212 and ports 218, 220, 222. Respectively associated with ports 218, 220, 222 are logical names 232, 236, 240.
When a message is sent from device 202 to device 204, device 202 includes a packet of information that contains both its IP address 206 and the logical name of the port that is used to send the message. Upon receiving the message information, device 204 records, in CDP record 212, which port received the message and the IP address and logical name in the information packet. In this case, these values include port xe2x80x9cFA0:3xe2x80x9d and IP address xe2x80x9c172.20.142.147xe2x80x9d. Thus, by querying device 204 for the information in CDP record 212, a network management system can conclude that port 220 is physically connected to a logical port xe2x80x9cFA0:3xe2x80x9d of a device having IP address xe2x80x9c172.20.142.147xe2x80x9d. In addition, by querying the device associated with IP address xe2x80x9c172.20.142.147xe2x80x9d, the management system can conclude that device 202 is configured such that logical name 224 is associated with port 214 and thus port 214 of device 202 is physically linked to port 220 of device 204.
However, a drawback with this approach is that certain devices may not support the discovery protocol. For example, a network may include low-end devices or non-Cisco devices that do not support CDP (xe2x80x9cnon-CDP devicesxe2x80x9d). When a device does not support CDP and receives CDP information, generally it forwards the CDP information on to the next device. Thus, a network management system that relies on CDP for determining physical links of a managed network cannot identify physical links to non-CDP devices.
FIG. 2B illustrates a network 220 that includes devices 202, 204, 250. Device 250 includes IP address 268 and ports 264, 266 that are respectively associated with logical names 254, 258. Assume that device 250 does not support CDP. When a message is sent from device 202 to device 204, device 202 sends a packet of information that contains both its IP address 206 and the logical name 224 of port 214 that is used to send the message. Upon receiving the packet, instead of recording the CDP information and generating a packet based on the port that is used to communicate with device 204, device 250 forwards the packet to device 204. In response to receiving that packet, device 204 stores information in CDP record 212 that indicates that port 220 is physically connected to a logical port xe2x80x9cFA0:3xe2x80x9d of a device having IP address xe2x80x9c172.20.142.147xe2x80x9d. If the network management system queries device 204, it will incorrectly determine that port 220 of device 204 is physically connected to port 214 of device 202.
In addition, many networks include one or more hubs or repeaters that allow multiple devices to be connected within the network. A hub is a shared segment device. Accordingly, even if a hub supports a discovery protocol such as CDP, it will include both the CDP packet information it receives from a sending device and the CDP packet information that it generates when forwarding the message to the receiving device. Thus, as shown by CDP record 212 of FIG. 2C, the receiving device will record incorrectly that it is physically connected to multiple devices on the same port.
Based on the foregoing, there is a clear need for a mechanism that can accurately identify the particular type of devices that are included in a network based on Layer 3 information.
There is also is a clear need for a mechanism that can accurately and completely identify the physical connectivity of devices in a network based on Layer 2 information.
It is also desirable to have a mechanism that can identify the particular type of devices that are included in a network, and that can generate a graphical display of the physical topology of the network based on the Layer 2 and Layer 3 information.
The foregoing needs, and other needs and objects that will become apparent from the following description, are achieved in the present invention, which comprises, in one aspect, a method for determining a physical topology of a network, comprising the computer-implemented steps of discovering a plurality of devices that are located in the network based on each address within a set of network addresses and creating and storing information representing the plurality of devices; determining possible neighboring devices for each device in the plurality of devices; processing the configuration information to eliminate, from among the possible neighboring devices, each device that is not actually a neighbor of the plurality of devices to create information representing true neighboring devices and each link between them; and creating and storing information that represents the topology based on the information representing the plurality of devices and the information representing the true neighboring devices and each link.
One feature involves eliminating, from among the information representing the plurality of devices, information associated with each device that is incorrectly identified as a known device. Another feature involves receiving Layer 2 and Layer 3 configuration information from each device in the plurality of devices. Still another feature relates to determining possible neighboring devices includes the step of sending information requests to collect Layer 2 and Layer 3 configuration information from the plurality of devices. A related feature is that the configuration information identifies what network addresses are received on what ports of each device among the plurality of devices.
According to another feature, the method features receiving one or more ranges of network addresses. A related feature relates to receiving one or more ranges of IP addresses, wherein the one or more ranges of IP addresses are associated with IP addresses that correspond to one or more local area networks.
In another feature involves attempting to contact a device at each address within the set of network addresses. A related feature is that the step of attempting to contact a device comprises the steps of pinging each address within the set of network addresses.
In another feature, the step of discovering involves dividing the set of network addresses into a plurality of network address subgroups; assigning separate processes to each of the plurality of network address subgroups; and executing each of the assigned processes in parallel to determine whether a device is associated with each address within a network address subgroup. A related feature involves, in response to contacting a particular device at a particular address, contacting a Simple Network Management Protocol (SNMP) agent in the particular device to receive a device type value is associated with the particular device. Another related feature is that contacting an SNMP agent comprises requesting identification information from the SNMP agent in the device; comparing the identification information to a list of known device data; and based on the comparison, determining whether the device is of a known device type.
According to yet another feature, the method involves determining service layers for which the device operates when the device is not of a known device type; and based on the service layers that are determined, inferring that the device is of a particular device type associated with the service layers. In another feature, the step of processing the configuration information comprises the steps of identifying devices within the plurality of devices that are not an actual device associated with the set of network addresses; and bypassing the configuration information that is based on devices within the plurality of devices that are not actual devices associated with the set of network addresses.
In still another feature, processing the configuration information further comprises identifying three or more potentially neighboring devices that have a single port that appears to be physically linked to multiple neighboring devices; and using the configuration information to determine that the single port is actually physically linked to one or more unidentifiable devices that are in the network but are not among the plurality of devices. Processing the configuration information may also involve identifying an apparent physical link between a first port of a first potentially neighboring device and a second port of a second potentially neighboring device, wherein the Media Access Control (MAC) address associated with the first port is observed at the second port and the MAC address associated with the second port is observed at the first port; determining that a common MAC address is observed by both the first port and the second port; and based on the common MAC address, determining that the first port and the second port of the first potentially neighboring device and the second potentially neighboring device are actually physically linked to one or more unidentifiable devices that are part of the network but are not included among the plurality of devices.
The invention also encompasses a computer-readable medium, a computer data signal embodied in a carrier wave, and an apparatus configured to carry out the foregoing steps.