Visio Enabled Solution: One-Click Switched Network Vision Tim Wittwer, Senior Software Engineer Alan Delwiche, Senior Software Engineer March 2001 Applies to: All Microsoft Visio 2002 Editions All Microsoft Visio 2000 (SR1) Editions All Microsoft Visio 5.0 Editions Summary: Two step-by-step guides illustrate how Fluke Networks applies Microsoft Visio Automation technology to the automatic discovery and mapping of switched networks. Introduction The recent growth of switched networks has outpaced the development of tools needed to provide vision into those networks. The lack of visibility into the flat switched network topology has resulted in reduced performance, elevated complexity, and increased strain on the IT professional. This article discusses Fluke Networks application of Microsoft Visio Automation technology to the automatic discovery and mapping of switched networks. It introduces Fluke Networks LAN MapShot software and discusses how IT professionals can apply this technology to the discovery, mapping, trouble-shooting, and vision of their switched Ethernet networks. Two step-by-step guides illustrate how to obtain port level detail and trace port routes through switches. The Switched Network Vision Problem In switched networks, each switch s internal forwarding table contains entries for every other switch, server, router, printer, host, and managed hub it sees on the network. Since every switch can know of the existence of every other networked device, the hierarchy inherent in routed network architectures is absent in switched networks. This lack of hierarchy causes switched networks to be referred to as flat. These flat networks are difficult to document since the actual physical location of connected devices is hard to determine by just reviewing the switch forwarding tables. Furthermore, visiting equipment closets to note actual port connections is time consuming, tedious, and error prone. To make matters worse, once the data is finally collected, it must then be translated into some meaningful map or report. Exasperation results when the map or report is complete, only to be rendered obsolete a few days later by constant network change. Page 1 of 21
Why Switched Network Vision Is Needed The constant change in network topology increases the probability of failure, configuration error, and performance degradation. More than ever, there is a need to: Troubleshoot effectively Locate equipment Communicate network design changes to colleagues Plan for expansion IT professionals managing switched networks require tools that are optimized for their particular needs, are easy to use, and yet produce fast, detailed, and reliable results. Visio Enabled Solution: LAN MapShot Fluke Networks has migrated its handheld network test instrument expertise to the Microsoft Windows desktop and partnered with Microsoft Visio to create LAN MapShot. This solution realizes powerful switched network vision by combining exceptional ease of use with detailed discovery. IT personnel can now: Discover switched networks with a single mouse click Map switches, servers, routers, printers, hosts, and even hubs View device connectivity down to slot:port level detail Drill down from the broadcast domain to a single switch port As shown in Figure 1, the LAN MapShot application interface is well laid out and easy to understand and use. When the Start Discovery button is pressed, the application begins looking for devices on the network. Once discovery is complete, a default map is drawn. You can then select any one of six different maps from the Network Maps drop-down menu. Figure 1. LAN MapShot main application interface Page 2 of 21
Works with Microsoft Visio LAN MapShot utilizes the Automation interface in Visio to programmatically draw the results of its network discovery. While this solution should work with any version of Visio supporting the 5.0 Automation interface, Fluke Networks has tested and supports LAN MapShot with Microsoft Visio 2002, as well as the following Microsoft Visio 2000 (Service Release 1) English products: Standard Edition Technical Edition Professional Edition Enterprise Edition Minimum System Requirements Microsoft Visio 2000 English, Service Release 1 (SR1) Microsoft Windows 2000, Windows NT version 4.0 (Service Pack 5 or later), Windows 98, or Windows Millennium Edition Microsoft TCP/IP stack Microsoft WinSock2 200 MHz Pentium class processor, IBM or compatible 64 MB RAM 150 MB virtual memory 100 MB hard disk space Network Requirements and Limits Ethernet TCP/IP switched network 10MB, 100MB, or 1GB speeds 50 switches (max per broadcast domain) 2000 nodes (max per broadcast domain) Page 3 of 21
Switched Network Discovery Introduction Several components are utilized in order to provide automatic network maps. First, the network needs to be discovered. Each network device needs to be identified by address, both Media Access Control (MAC) address and Internet Protocol (IP) address, by Domain Name Server (DNS) name if available, and possibly by network basic input/output system (NetBIOS) name. In addition, device capabilities and characteristics need to be identified to the extent possible. Second, the topology of the network needs to be determined. It is necessary to determine the connectivity of all discovered switches and to determine where the other discovered devices connect to the switches. Finally, it is necessary to utilize a drawing tool to present this information in a map. Network Discovery Network discovery is accomplished using both passive and active methods. Passive Discovery Passive discovery consists of observing the packets on the network. By analyzing the packets, it is possible to determine the addresses of nodes on the network. In addition, it is possible to infer additional information regarding what type of nodes they are by analyzing the protocol headers of these packets. For example, if a Routing Information Protocol (RIP) routing update packet is detected on the network, it can be concluded that the source of the packet is a router. There are some limitations associated with passive discovery that make it ineffective for consistent network discovery. First, there is no guarantee the packets observed during one period of time will be observed during a subsequent discovery period. Second, in a switched network, the packets observed will be limited to broadcast packets, multicast packets, and unicast packets that are transmitted or received by other devices on the same switch port. In other words, discovery will be limited to those devices on the network that transmit a broadcast or unicast packet during the discovery period, and to active devices connected to the same switch port as the discovery agent. Active Discovery In active discovery, the discovery agent systematically transmits request packets to stimulate nodes on the network to send a reply. This method is the primary method utilized by Fluke Networks network monitoring tools to discover the devices on a broadcast domain. Unique active discovery methods are utilized to discover IP, NetBIOS, and Internet Packet Exchange (IPX) devices on the network. Page 4 of 21
IP Device Discovery Initially, a broadcast Internet Control Message Protocol (ICMP) echo request message is transmitted on the network. This is followed by a broadcast to the User Datagram Protocol (UDP) echo port. As ICMP and UDP echo, the discovery agent receives replies and the packets are parsed. The source IP address is extracted from each reply packet and added to a list of candidate nodes. An Address Resolution Protocol (ARP) message is transmitted for each IP address in the list of candidate nodes. If a reply is received for an ARP, the MAC address is extracted from the ARP reply packet and added to the entry for that IP address in the node list. This technique typically will discover 70-80% of the IP nodes in a broadcast domain. Another technique is used to discover more IP nodes. After all the candidate nodes have been validated as described above, additional ARP requests are transmitted to identify the other nodes. Router and IP Server Discovery Both active and passive techniques are used to identify which of the discovered nodes are routers and servers. Multicast or broadcast Open Shortest Path First (OSPF) and RIP router updates are received and parsed. The IP addresses are extracted and the appropriate IP nodes are marked as routers. Discovering Node Detail After IP nodes have been discovered and validated, attempts are made to discover additional information for each device. If a DNS server is available, a DNS name query is attempted on each IP address. Another approach used to discover device detail is to converse with the node with a variety of Simple Network Management Protocol (SNMP) queries. The discovery agent retrieves the SNMP system group from the node, which contains system name, system description, device location, contact information, and system Object Identifier (sysoid). Additional queries are used to determine whether the device is a switch, printer, managed hub, or Remote Network Monitoring (RMON) device. Information regarding the interfaces and ports on the device is determined by querying the interfaces through the device s Management Information Base (MIB). Number of interfaces, types of interfaces, interface speeds, interface state, Maximum Transmission Unit (MTU) size, and slot:port numbers are discovered on devices that have standard MIB-2 implementations. Private MIBs For some SNMP devices that have private MIB implementations, additional queries of tables in their private MIBs are utilized to determine interface and port detail. Page 5 of 21
Determining Switch and Device Connectivity In a switched network environment, the topology of the network can be determined by querying the switch s bridge forwarding tables. Figure 2. 3-switch network In a single switch environment, you can determine the devices that are connected to each switch port by retrieving the forwarding table. Unfortunately, in a multi-switch environment, determining the connectivity is a far more complex problem to solve. For example, in the 3-switch network illustrated by Figure 2, a Host with MAC address 00ao12345678 is connected to Port 6 of Switch B. Also, Switch B is connected to Port 3 of Switch A and Switch A is connected to Port 7 of Switch C. In Switch B s forwarding table, there will be an entry for Host 1 s MAC address showing it connected to Port 6. Also in Switch A s forwarding table, there will be an entry showing Host 1 s MAC address on Port 3, and in Switch C s forwarding table, there will be an entry showing Host 1 s MAC address on Port 7. This illustrates the fact that it is difficult to determine whether a device is connected to a specific port on a specific switch in a multi-switch environment by looking at a single switch. Fluke Networks network monitoring tools use a patented process to determine the switch topology and device connectivity of a network. Discovering Non-IP Detail The previous discussion describes the methods utilized to discover the IP devices on the network and to determine their IP characteristics. Additional information about the devices can be discovered using other protocols. NetWare and NetBIOS protocols can be used to discover information such as Novell server type, NetBIOS name, and server type. The discovery agent broadcasts a series of IPX Service Advertising Protocol (SAP) discovery requests and Network Control Program (NCP) requests. Replies are analyzed to identify file servers, print servers, and Novell Directory Services (NDS) servers. Page 6 of 21
A variety of queries are utilized to discover NetBIOS names and server types. Any replies to these queries will provide the MAC address of the associated device, and possibly provide additional information regarding whether or not the device is a master browser, primary domain controller, or backup domain controller. Switched Network Mapping After discovery has completed, LAN MapShot launches Visio automatically and the default network map begins to draw. The correct page size and orientation is computed, and devices are added to the page in a layered, well-spaced layout. Both American National Standards Institute (ANSI) and International Standards Organization (ISO) page formats are available, and large format drawings up to ANSI E and ISO A0 can be produced. Devices are labeled with their Best Name and all associated IP addresses. For increased accuracy, any managed or unmanaged hubs needed to connect the devices are also drawn. Device Connections Devices are connected with lines of varying weight indicating the port speeds, from less than 10MB/sec to greater than 1GB/sec. Device connection links are labeled with their slot:port numbers, and any source/destination port speed mismatches are flagged on the suspect link. Connectivity summaries are provided below each switch showing the number of directly connected servers, routers, switches, printers, and hubs. This information is useful for load balancing networks. Drilling into Detail Network details can be viewed by double-clicking on shapes in the network maps. A top-level view of the network is available by drawing a Broadcast Domain map. Double-clicking on the local broadcast domain shape in the map causes a Switch (Spanning Tree) Diagram to be automatically generated. Then, double-clicking on any switch in that map will generate a Single Switch Detail map. Any one of the following three Switch Detail maps can be drawn: Routers, Servers, and Switches Printers Hosts Each map shows discovered devices directly connected to the selected switch, including the slot:port number and port speed (as indicated by line thickness). Adding Devices to a Map Discovered devices can be automatically connected to the latest map. Selecting the Add Device to Map button will display a list of all discovered devices. Double-click any device in the list to add it to the map. The selected device is added to the last drawn map, annotated, and then automatically connected to the correct switch or hub (assuming the required switch exists in the diagram). This feature can be used to create visual trace switch routes between devices. Note Devices cannot be automatically added to a broadcast domains map. Page 7 of 21
Map Descriptions The following network maps are provided: Broadcast Domains Switch (Spanning Tree) Diagram Servers in a Switched Network Routers in a Switched Network Printers in a Switched Network Fluke Tools in a Switched Network Single Switch Detail Map Page 8 of 21
Broadcast Domains The Broadcast Domains map details router connections between local and remote broadcast domains. The computer running LAN MapShot is always part of the local broadcast domain. Note A broadcast domain is the subset of a network that receives MAC layer broadcasts or multicast frames. Figure 3. Broadcast domains map The map shows the following information: Local broadcast domain Discovered subnets in the local broadcast domain All discovered routers on your network Local IP addresses for each router Remote broadcast domains Discovered subnets in remote broadcast domains Page 9 of 21
Switch (Spanning Tree) Diagram The Switch (Spanning Tree) Diagram map shows the interconnection of switches as determined by the switch forwarding tables. Figure 4. Switch (spanning tree) diagram map The map shows the following information: Switches on the network Hubs needed to connect the switches Connections between the switches Speeds of the connections shown Summary of the devices connected to each switch Spanning Tree does not in any way indicate the status of STP (Spanning Tree Protocol) on the network. The switch summary information (the box of information below each switch) is a count of the devices that are connected directly, or through a hub, to that switch. Page 10 of 21
Server Connections in a Switched Network The Servers in a Switched Network map shows the interconnection of switches as determined by the switch forwarding tables, and shows all servers connected to each switch. Figure 5. Servers in a switched network map The map shows the following information: Switches on the network Servers on the network Hubs needed to connect the servers and switches Connections between the servers and switches Speeds of the connections shown Router Connections in a Switched Network The Routers in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all routers connected to each switch. Page 11 of 21
Figure 6. Routers in a switched network map The map shows the following information: Switches on the network Routers on the network Hubs needed to connect the servers and switches Connections between the servers and switches Speeds of the connections shown Page 12 of 21
Printer Connections in a Switched Network The Printers in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all printers connected to each switch. Figure 7. Printers in a switched network map The map shows the following information: Switches on the network Printers on the network Hubs needed to connect the printers and switches Connections between the printers and switches Speeds of the connections shown Summary of the devices connected to each switch Page 13 of 21
Fluke Tool Connections in a Switched Network The Fluke Tool Connections in a Switched Network map diagrams the interconnection of switches as determined by the switch forwarding tables, and shows all Fluke Networks handheld tools connected to each switch. Figure 8. Fluke tool connections in a switched network The map shows the following information: Switches on the network Fluke Networks handheld devices on the network Hubs needed to connect the servers and switches Connections between the servers and switches Speeds of the connections shown Page 14 of 21
Single Switch Detail The Single Switch Detail map focus on devices directly connected to a selected switch. Three views of the directly connected devices are available: Routers, Switches, and Servers Printers Hosts Figure 9. Single switch detail map The map shows the following information: All the chosen device types (depending on the map selected) directly connected to the selected switch Hubs needed to connect the selected devices and the switch Connections between the devices and the switch Speeds of the connections shown Summary of the devices connected to each switch SNMP information for the selected switch Draw a Single Switch Detail map by double-clicking any switch in a previously drawn network map. Single Switch Detail maps are a bonus feature for registered LAN MapShot users. Page 15 of 21
Step-by-Step Guides: Applying LAN MapShot The following step-by-step guides show how to apply LAN MapShot to create helpful views of a switched network. The first guide illustrates how to drill into port level detail, and the second guide shows how to trace port routes through switches. Drilling into Port Level Detail 1. Start by creating a top-level view of the network by generating a Broadcast Domains map. On the Discover/Maps menu, select the Network Maps dialog box, then select Broadcast Domains from the drop-down list, and click Draw New Map. Figure 10. Generating a broadcast domains map 2. A few seconds later, a Broadcast Domains map is generated. Double-click the gray local Broadcast Domain shape to generate a Switch (Spanning Tree) Diagram of that local broadcast domain. Figure 11. Broadcast domains map Page 16 of 21
3. When the Switch (Spanning Tree) Diagram completes, double-click any switch of interest to bring up the single Switch Detail Diagram dialog box. Figure 12. Switch (spanning tree) diagram 4. Select the type of single Switch Detail Diagram to create, and then click Draw Map. Figure 13. Switch Detail Diagram 5. Repeat steps three and four for all switches of interest to complete the switch detail documentation. 6. The Result. In this case, the routers, switches, and servers directly connected to switch Barney were drawn. Directly connected printers and host can be drawn in a similar fashion by doubleclicking the switch shape and again choosing the type of single Switch Detail Diagram desired. Page 17 of 21
Figure 14. Single switch detail (routers, switches, and servers) Note Zooming in reveals the map detail. Port connections are labeled and port speed is indicated by the connecting line thickness. Device name, IP address, and type are shown. Even connections via managed and unmanaged hubs are included. Use this information to create hierarchical views of a flat switched network. Tracing Port Routes Through Switches You can reach a remote device by selectively adding devices to a Switch (Spanning Tree) Diagram and viewing the port level route through the switches. 1. Start by creating a map of the network s switch backbone. On the Discover/Maps menu, select the Network Maps dialog box, then select Switch (Spanning Tree) Diagram from the drop-down list, and click Draw New Map. Figure 15. Creating a map of the network s switch backbone Note The Add Device to Map button is grayed out until a map is drawn. Page 18 of 21
2. After the network s switch backbone is drawn, notice the Add Device to Map button is no longer grayed out. Click the Add Device to Map button to display a list of all discovered devices. Figure 16. Adding a device to Switch (Spanning Tree) Diagram map 3. Select a device, then click the Add to Map button. Add as many devices as desired, and then click Close. Figure 17. Adding network devices Note The device list may be sorted by name, IP address, or MAC address by simply clicking the column title bar. Also, the device list view may be filtered by device type (such as printers) using the Only Show button. 4. The result. In this case, two devices were added to the starting Switch (Spanning Tree) Diagram - the host DHS and the server Lament. Page 19 of 21
Figure 18. Switch (spanning tree) diagram with two devices added Note The map shows the route from host DHS through four switches to server Lament. Use this information to isolate issues to the specific devices and ports involved. For example, this map reveals that access to Lament is limited to 10MB even though the other switch paths can run at up to 100MB speeds. Page 20 of 21
Conclusion Utilizing active and passive discovery techniques and sophisticated analysis, LAN MapShot provides detailed (slot:port) connectivity vision into switched networks. When discovery completes, Fluke Networks utilizes Visio s Automation interface to automatically draw detailed, port level device connectivity maps from the network data. For More Information Consult the Visio Developers Reference included in Microsoft Visio Help, or visit the links below for more code samples and automation tips: http://www.microsoft.com/technet/visio/ http://msdn.microsoft.com/visio/ Visit Fluke Networks on the web at: http://www.flukenetworks.com/mapshot Tim Wittwer and Alan Delwiche are Senior Software Engineers at Fluke Networks, where they are both key members of the LAN MapShot development team. Page 21 of 21