Topology configuration information can be obtained from various sources including the MIBs in routers and gateways, the Internet Control Message Protocol ICMP, the traceroute program,
Trang 1An Algorithm for Automatic Topology Discovery
Hwa-Chun Lin , Shou-Chuan Lai, and Ping-Wen Chen
Department of Computer Science National Tsing Hua University HsinChu, Taiwan, R.O.C
Abstract- A topology discovery algorithm for IP networks is proposed
in this paper Topology configuration information can be obtained from
various sources including the MIBs in routers and gateways, the Internet
Control Message Protocol (ICMP), the traceroute program, the Domain
Name System (DNS), and etc In order to retrieve the MIB information in
a router, the IP address of the router has to be known However, the IP
addresses of the routers in the network of interest may not be known in
advance This paper presents an algorithm for automatic topology discov-
ery under the situation that the IP addresses of the routers are not known
in advance Detailed implementation techniques for bringing pieces of the
information together to produce a topology map are discussed
Keywords-Internet, Network management, topology discovery, SNMP
I INTRODUCTION
HE topology of a computer network is referred to as the
T map of the network consisting of the devices in the net-
work and the connections among them Network topology infor-
mation is useful for network administration and planning For
examples, network problems, traffic bottlenecks, and other im-
portant information can be shown directly on the topology map
such that a network administrator has a clear view of the cur-
rent condition of the network The current topology information
is also important for planning the new configuration when an
expansion is needed
Entering the network topology information manually is a te-
dious task if the number of network devices is large There-
fore, a tool for generating the network topology automatically
is desirable The networks considered in this paper are IP
networks Techniques for automatic topology map generation
for IP networks can be found in [6], [2] A detailed algo-
rithm for discovering the topology maps of IP networks using
the Internet Control Message Protocol (ICMP) was presented
in [6] In the algorithm, the devices in the network are iden-
tified using the ICMP echo request/echo reply mes-
sages The subnets are determined using the ICMP address-
mask request/address-mask reply messages The
connections among the devices are obtained primarily using the
traceroute [ l ] results The connections in the topology map
generated using this algorithm represent the connections that ap-
pear in the results of traceroute program It is possible that
some of the connections are missing A map editor is required
to enter the missing part manually
Mansfield et al [2] described some MIB (Management In-
formation Base) information which can be retrieved using the
SNMP protocol for automatic map generation The information
This research was supported by the National Science Council, Taiwan, R.O.C.,
under grant NSC 87-2622-E-007-002
in the MIB is sufficient to generate the topology map How- ever, essential techniques for bringing pieces of the information together were not given
Topology configuration information can be obtained from various sources including the MIBs in routers and gateways, the
ICMP protocol, the traceroute program, the Domain Name
System (DNS), and etc In order to obtain the MIB information
in a router, the IP address of the router has to be known How- ever, the IP addresses of the routers in the network of interest may not be known in advance In this paper, we develop an algo- rithm for automatic topology discovery under the situation that the IP addresses of the routers may not be known in advance Detailed implementation techniques for bringing pieces of the information together to produce a topology map are discussed The rest of this paper is organized as follows The next section describes the sources where topology configuration information can be obtained The proposed algorithm for automatic topology discovery is given in section 3 The implementation details are discussed in section 4 Some sample topology maps generated using the proposed algorithm are presented in section 5 Finally, some concluding remarks are given in section 6
11 TOPOLOGY CONFIGURATION INFORMATION
Topology configuration information can be obtained from various sources The sources are classified into two parts for ease of presentation: the MIB information and other sources in-
cluding the ICMP, the traceroute program, and the DNS
A Management Information Base (MIB)
A MIB defines a collection of related managed objects A
managed objects is an unit of management information A net-
work manager can monitor the resources at a managed node by reading the values of managed objects in the MIB and can con- trol the resources at the node by modifying these values
The MIB-I1 (RFC-1213) is a standard SNMP MIB which is implemented in most of the routers The MIB-I1 is subdivided into a number of groups The groups of interest in this paper are
system, interfaces, and ip groups The objects that are
useful in generating topology maps are described in the follow- ing
1 The system group There are seven objects in this group, namely, sysDescr,
sysObjectID, sysUpTime, syscontact, sysName, syslocation, and sysservices Most of them are self- explanatory The value of the sysservices object can be
used to determine the types of services the managed node can
Trang 2support The value can be interpreted as a seven-bit code
Each bit corresponds to a layer in the OS1 architecture The
least significant bit corresponds to the physical layer and the
most significant bit to the application layer The value of the
sysservices object can be viewed as a translation of the bi-
nary value into decimal number
2 The interfaces group
The interfaces group contains the object ifNumber,
which indicates the total number of interfaces in the managed
node The rest of the group consists of the ifTable This ta-
ble has one row for each interface The interface type, speed,
and operational status of each interface can be found in this ta-
ble
3 The ip group
Three tables in the ip group are useful in generating topol-
ogy maps, namely, ipAddrTable, ipRouteTable, and
ipNetToMediaTable The ipAddrTable contains the IP
addresses assigned to the interfaces in the managed node
The subnets which are reachable from the managed node can
be determined from the values in the ipRouteDest and
ipRouteMask columns in the ipRouteTable A\,mong
these reachable subnets, the subnets which are directly con-
nected to the managed node can be determined by examining the
values in the ipRouteType column in the ipRouteTdble
If the value of the ipRouteType is “direct”, this subnet is
directly connected to the node Otherwise, the values in the
ipRouteNextHop column can be used to find the next router
to the subnet of interest until a directly connected router is
found
The IP addresses of some of the devices on the subne:ts di-
rectly connected to the managed node can be found in the: table
ipNetToMediaTable These devices are found to be alive
in the subnets within the expiration time of an entry
B Other sources
1 The ICMP
The ICMP (Internet Control Message Protocol) provides; low-
level feedbacks about how the IP network is operating The
ICMP echo request/echo reply messages can bc used
mask request/address-mask reply messages can be
used to determine the subnet mask associated with the subnet
2 The traceroute program
The traceroute program [l], written by Van Jacobson, can
be used to find the sequence of routers through which an IP
packet travels to reach its destination The routers next tc each
other in the result of an ICMP traceroute are direct11 con-
nected
3 The DNS
The Domain Name System (DNS) is a distributed database that
provides mappings between hostnames and IP addresses There-
fore, the DNS can be used to look up the hostname for an IP
address
to test the reachability of an IP address The ICMP addr = S S - I
111 A TOPOLOGY DISCOVERY ALGORITHM
In this section, we propose an algorithm which discovers the
topology maps of IP networks in an Autonomous System (AS)
automatically The input to this algorithm is a range of subnet IDS for an IP network Without knowing the IP addresses of the routers in the network, this algorithm will try to find the
IP addresses of the routers in the network and use the SNMP protocol to retrieve topology configuration information from the MIBs in the routers The algorithm will try to find as many subnet IDS of interest as possible and the connections among them from the MIB information For the rest of the subnet IDS
or IP addresses, the algorithm proposed in [6] is used to identify the existence of each device and the connections to the rest of the network
In the algorithm, three lists, SNMP-SEARCH, ICMP- SEARCH and ROUTER, are used to maintain the IP addresses
to be searched and routers to be processed The SNMP- SEARCH list contains the IP addresses to be searched in the MIBs of the routers Initially, all the IP addresses in the range
of IP addresses of interest are in the SNMP-SEARCH list The ICMP-SEARCH list maintains the IP addresses to be searched using the the algorithm proposed in [ 6 ] The ROUTER list con- tains the IP addresses of the routers to be processed The ICMP- SEARCH and ROUTER lists are initially empty
1) In ascending order of the IP addresses in the SNMP- SEARCH list, find the first network device which is alive Remove the IP addresses which have been searched from the SNMP-SEARCH list If the SNMP-SEARCH list is empty, go
to step 9)
2) For the network device found in step l), identify the ID of the subnet which1 the device belongs to
3) Find the default router of the subnet found in step 2) Add the IP address of the router to the ROUTER list Set FLAG =
“on”
4) Get an IP address from the ROUTER list and remove it from the list If no IP address is found in the ROUTER list, go to step
1)
5 ) Check the SNMP agent on the router to see if the MIB is
accessible If the MIB information in the router cannot be re- trieved and FLAG = “on”, add the IP addresses in the subnet to the ICMP-SEARCH list, remove the IP addresses in the subnet from the SNMP-SEARCH list, set FLAG = “off’, and go to step
4) If the MIB information in the router cannot be retrieved and FLAG = “off”, go to step 4)
6) Find the IDS of all subnets of interest which are directly con- nected to the router Remove the IP addresses in the subnets from the SNMP-SEARCH list Set FLAG = “off”
7) Find all network devices in each of the subnets
8) In the MIB of the current router, find the IP addresses of all the next-hop routers through which at least one of the IP ad- dresses in the SNMP-SEARCH list can be reached Add the IP addresses of the routers which have not been processed before
to the ROUTER list Go to step 4)
9) For the IP addresses in the ICMP-SEARCH list, use the al-
gorithm proposed in [ 6 ] to check the existence of the devices and their connections to the rest of the network
10) Construct the network topology and draw the map
Trang 3I v IMPLEMENTATION DETAILS
The implementation details of the algorithm are discussed in
the following
Determine whether a device is alive
To determine whether a network device is alive, one may send
ICMP echo request messages to the IP address and wait
for ICMP echo reply messages An alternative is to send
thc ICMP echo request messages to a broadcast IP address
However some routers may drop incoming broadcast packets to
reduce the broadcast storm
e Subnet identijication
The purpose for identifying the subnet ID of a subnet in the
proposed topology discovery algorithm is to find the range of
IP addresses in the subnet One can find a number of network
devices which are alive Then, send ICMP address-mask
request messages to these network devices The subnet ID
can be determined from the network masks returned by the net-
work devices From our observations, some routers may report
0 0 0 0 as their network masks If we are facing a routing
subnet (most of the devices in the subnet are routers), we may
treat the network mask as 2 5 5 2 5 5 2 5 5 0 and fix it later
The correct network mask can be retrieved from the MIB in the
router
Finding the default router
The MIB in a router contains valuable topology configuration
information Therefore, it is very helpful if the default router of
the subnet of interest can be found To find the default router of
a subnet, onc can simply send SNMP packets to try to get the
sysservices object in the system group from each net-
work device that is alive in the subnet If a network device pro-
vides layer 3 (internet or network) service, it could be a router
We can check each of the “potential” routers to find the router(s)
which provides the routing information for the subnet of inter-
est An alternative is to trace the routing paths to the network
devices which are alive in the subnet using the traceroute
program In the traceroute results, the IP address that ap-
pears the most number of times in the position next to the last IP
address could be a default router of the subnet
Finding the reachable subnets from a router
If the MIB in a router is accessible, the subnets reach-
able from the router can be determined from the values
of the ipRouteDest, and ipRouteMask objects in the
ipRou t eTab 1 e
Finding the subnets directly connected to a router
The value of the ipRouteType object in the ipRouteTable
can be used to determine whether thc associatcd subnet is di-
rected connected to the router or not If the value of the
ipRouteType object is “direct”, the subnet is directed con-
nected to the router Note that the value of the i foperstatus
object in the ifTable needs to be checked to make sure that
the status of the corresponding interface is “up”
Finding all the IP addresses of a router
Get all the values o f the object ipAdEntAddr from the table
ipAddrTable These values are the IP addresses of all the
interfaces of the router The IP addresses of all the interfaces
of the router are required to remove redundant routers from the
network map
Finding the network devices in a subnet
ICMP echo request messages can be sent to each
of the IP addresses in the subnet to determine whether the device is alive or not An alternative is to re-
trieve the values in the ipNetToMediaNetAddress col- umn in the ipNetToMediaTable The values in the
ipNetToMediaNetAddress column represent all the IP ad- dresses which exist currently in the ARP cache For the IP ad-
dresses not in the ARP cache, ICMP echo request mes-
sages can be sent to determine whether the devices are alive
v S A M P L E TOPOLOGY MAPS
We have implemented the proposed topology discovery al- gorithm based on the Tcl/Tk [31, 141, [5] and Scotty [7] en- vironment Fig 1 shows the topology map of the network
in the National Tsing Hua University (NTHU) discovered by our program The network in the NTHU is a class-B network
(140 1 1 4 0 0) The figure shows the routers and all of the subnets in use in the NTHU
To view the details of a subnet, one can simply move the mouse pointer to the icon of the subnet and double click Fig 2
gives the map of the 1 4 0 I 1 4 2 5 4 0 subnet as an example The figure shows that the subnet is an FDDI ring with 5 routers
To see the subnets directly connected to a router, one can move the mouse pointer to the router and double click Fig 3 shows that two FDDI and ten Ethernet subnets are connected
to the router 1 4 0 11 4 2 5 4 1 Double click on a subnet will show the network devices in the subnet Fig 4 shows the net- work devices in the subnet 1 4 0 1 1 4 6 4 0 If the SNMP agent on a network device is accessible, the device is displayed
in different color
The network topology in the NTHU discovered by our pro- gram is identical to the real network configuration It is faster for the proposed algorithm to discover an IP netowrk than the algorithm proposed in [6] if the SNMP MIBs in the routers can
be accessed For example, it takes 108 seconds for the pro- posed algorithm to discover the subnets from 1 4 0 11 4 6 3 0
to 140.114 6 7 0 The algorithm proposed in [6] takes 1284 seconds to discover the same address spaces
VI CONCLUSION
In this paper, an algorithm for automatic discovery of IP net- works is proposed This algorithm makes use of the SNMP MIB in routers and the information obtained using the ICMP,
traceroute program, and DNS, to produce the topology map The IP addresses of the routers need not to be known
in advance Without knowing the IP addresses of the routers
in the network, this algorithm will try to find the IP addresses
of the routers in the network and use the SNMP protocol to re- trieve topology configuration information from the MIBs in the routers The algorithm will try to find as many subnet IDS of interest as possible and the connections among them from the MIB information For the rest of the subnet IDS or IP addresses, the algorithm proposed in [6] is used to identify the existence
of each device and the connections to the rest of the network Detailed implementation techniques are given
Trang 4Fig 2 The 140.114.254.0 subnet Fig 3 The subnets directly connected to the router 1 4 0 11 4 2 5 4 , 1
Trang 5Fig 4 The devices in the subnet
REFERENCES
[ 1 J
[2]
V Jacobson, “Traceroute Software,” Lawrence Berkeley Laboratories,
1989
G Mansfield, M Ouchi, K Jayanthi, Y Kimura, K Ohta, and Y Nemoto,
“Techniques for Automated Network Map Generation Using SNMP,”
IEEE INFOCOM, 1996, pp 473480
J K Ousterhout, “TCL: An Embeddable Command Language,” Proc Winter USENIX Conference, 1990, pp 133-146
J K Ousterhout, “An X11 Toolkit Based on the TCL Language,” Proc Winter USENIX Conference, 1991, pp 105-1 15
J K Ousterhout, “Tcl and the Tk Toolkit,” Addison-Wesley Publishing
Company, 1994
J Schonwdder and H Langendorfer, “How to Keep Track of Your Net-
work Configuration,” Proc LISA, Nov 1993, pp 101-105
J Schonwdder and H Langendorfer, “Tcl Extensions for Network Man-
agement Applications,” Proc T c U k Workshop, 1995, pp 279-288
[3]
[4]
[ 5 ]
[6]
[7]