Automatic Discovery

Networks are ever-changing, and expanding. Manual tracing of network devices and layer 2 connectivity is no longer a feasible option for most organizations. With technologies like virtualization making addition of new devices infinitely easier, it is imperative for automatic discovery of network devices, for better visibility, easier troubleshooting and enhanced security.

Network management solutions use Simple Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP) or Secure Shell (SSH) technologies as a part of their automatic discovery process. For instance, WhatsUp Gold uses SNMP in its ARP Cache Discovery method; ICMP in its Ping Sweep Discovery method; and SSH for discovering Linux/UNIX/Apple devices.

SNMP is the predominantly used network management protocol, with a majority of network devices and management software being SNMP-enabled. The SNMP manager software, present in the network management solution, uses UDP polling to identify SNMP-enabled devices in the network. This is done by identifying replies sent by the SNMP agent software installed on all SNMP devices. Additionally, using UDP avoids the traffic overload of a full-blown TCP poll, and has minimal impact on network performance. Further queries are sent to these devices to identify them (as a router, switches, hubs, firewalls and so on). Device-related data are stored in SNMP-enabled devices as Object Identifiers (OIDs) – varying as per the device; printers would have data on ink levels and so on; switches would provide port in/port out data; routers might provide forwarding data, NAT table information etc). These OIDs, stored in Management Information Bases (MIBs), are exchanged between SNMP agent software and the manager software for automatic discovery of network devices and their attributes.

Ping is another network discovery tool – by sending ICMP echo queries, and subsequently discovering echo replies, network management software can discover devices on a network. This method is used by WhatsUp Gold’s Ping Sweep Discovery method for automatic discovery of devices responding to ICMP requests.

Address Resolution Protocol maps IP addresses to the corresponding Layer 2 MAC address. By using SNMP to query the ARP cache of a device, the network management software can build its own database of routing and subnet information (layer 3) as well as interface information (layer 2) of the device’s neighbors. This process is continued with the neighboring devices until the entire network is discovered.

While Layer 3 identifies devices, layer 2 connectivity is essential for identifying the physical topology between devices. LLDP is one such vendor neutral one-way protocol, working at Layer 2 to facilitate exchange of device information between directly connected devices. Each LLDP enabled device transmits device information including device type/ID, port ID and so on to its directly connected neighbors, which then store this information on management information databases (MIBs). Network management software ideally uses these MIBs to collect device information, moving on from neighbor to neighbor until the entire network topology is mapped out.