Administrator Handbook Table of contents version française

The SNMP network discover process


Introduction to snmp network discover

The main function of the snmp discover process is to find every IP network device connected to your network and and to populate the directory and network map. LoriotPro is able to find all hosts reachable with the IP protocol. The snmp discover process has a powerful algorithm base on a step-by-step progression. From network device to network device, from router to router, from host to host, the snmp discover process internally builds a detailed view of the IP layer topology.

The Network Discover Process, since the version 5 of LoriotPro, uses many methods of investigation for discovering network connected hosts and devices.

Here under the list of discovering methods available.

As a reminder and according to our terminology,  a network is made of a physical segment with an IP addressing schema, the Inter-Network is a group of networks connected together by IP routers.

Devices are any equipment with at least a network physical interface connected to a network and which has at least one associated IP address.

For the snmp discover process, a router is a device, defined as a group of hosts, one for each network interface. A router allows the routing of IP packet between these interfaces. If the routing function is activated in a device, the ipForwarding object from the MIBII should have the value 1.

The snmp discover process will manage a router as individual hosts. A host setting called “ RouterID ” is used to group hosts together and virtually build a router object within LoriotPro. This object is used and managed by another process of LoriotPro. 

router id
"RouterID" host property

The screen below shows you a router built from a group of two hosts with the reference  (RouterID) 10.33.10.121.

router host properties
router configuration window

Remark: Refer to the chapter concerning the Directory router object from more information about router creation.


Discover algorithm (SNMP request based)

There are few algorithms to use for a complete discover of the network devices. These algorithms use either the SNMP protocol or the ICMP protocol and sometimes the UDP protocol.

the snmp discover process uses an investigation method only based on the SNMP MIBII information provided by the devices connected to the Inter Network. The process makes request to all devices that recognize the MIBII requests, and collects the IPADDTABLE, IPROUTETABLE and ARPTABLE host tables. From that, it builds the IP topology.

Discover principle

the snmp discover process learns about out the network topology step by step or we should rather say “hop by hop”, a hop in telecommunication terminology being a router.

It uses the diversity of the router SNMP information to “imagine” the structure of the network. The router could be located on the opposite side of the world, it doesn’t matter, if Loriotpro could speak with it in SNMP, it will discover the remote IP infrastructure.

This method is efficient because it is not necessary to request all devices connected to the network in order to know that they are present and active. Of course a remote host will only be discovered if it had already exchanged packets with its default router, else it would not be seen. The reading of the router ARP table gives only volatile information, the table is flush every 4 hours

A host configured for not responding to Ping request or any other IP request will be discover anyway. The ARP table gives Medium Access Layer - MAC -information such as physical addresses, which is not possible with a single Ping to a remote host.

Remote here means at least behind an IP router.

However, if the remote device does not leave any trace in he router it will not be discovered.

Example

Let us imagine the network below.

snmp discover
Discover principle working example

In this context, one of the C router interfaces is known, as well as its SNMP read community, the snmp discover process will find out in two-step the topology and the devices connected to the network. It will find out if the B, D, E, F router are in the C routing table as “next hops”.

If the SNMP community of router D, E, F is known, hosts S1 S2 et S3 will be discovered by reading the ARP table of these router.

the snmp discover process uses a kind of “vector distance” algorithm and process hop by hop. Beside the network is discovered in a sequential manner regarding the defined setting and in the reverse order of the discovered hosts. The DSNMP program, which is the kernel of the Directory, manages all resources of host type in a chained structure list. A scan cycle consists of calling the first host of this list, using its conFigure d setting and if it succeeds, to do all schedule SNMP requests to it. The next host in the list is treated the same way and so on, up to the end of the list. 

Directory update

In case of new discovered hosts, the snmp discover process asks to the DSNMP process to creat a new entry in the chained list and thus save the new host object and its settings. The DSNMP process saves it at the beginning of the list, which doen’t affect the current scan cycle of the snmp discover process. At the next Discover cycle the newly discovered host will be questioned first.

Discover process algorithm

snmp discover process
Discover process algorithm

Example of discover

Let us imagine a complex network as below:

example of snmp discover

"Only Next-hops" discover

  1. First discover cycle : the snmp discover process collects SNMP information from the A router. It detects two other router, B and C. It finds all hosts that have already used the A router by reading the ARP table of router A.
  2. Second discover cycle : the snmp discover process collects SNMP information from the C, B and A router and finds three new routers D, E and F as well as new hosts.
  3. Third discover cycle : the snmp discover process collects SNMP information from the F, E, D, B, C et A and discovers new hosts.


Discover process configuration

The snmp discover process is fully configurable and could be fine tune to your expectation. The configuration windows is accessible from the main menu:

Configure >Discover Process…

 
ConFigure  option of the main menu

the snmp discover process window is a dialog box containing all adjustable settings.


Discover process window

Remark: Remember, the snmp discover process works as a background task of the LoriotPro kernel and this window is only a configuration window.

A lot of configuration options are available to finely tune the snmp discover process. It could be necessary to limit the number of discovery methods and consequently reduce the traffic generated by the snmp discover process.

To perform the scanning cycles, the snmp discover process uses the hosts settings stored in the Directory and a few others allowing a more precise analysis.


Unattended Mode

The Enable Discover Process option allows you to do periodic discover at regular intervals. The setting  Discover Process Running Interval defines the time between each discover cycle.

3 Warning: If you check the "Enable Discover Process" option, an information window reminds you that you will send SNMP requests to all of your network hosts and that links will be used. It could arise that “on demand” links will be opened and will be payable for time utilization. Activating the snmp discover process could open these links and generate unwanted costs.

snmp discover warning
Warning window

If you answer Yes, you will be able to conFigure  the discover cycle occurrences.

enabling snmp discover
'Run Scanning Process Every' option

Remark: In our preceding example, three cycles were necessary to discover the network. If the discover cycle frequency is set at 100 seconds,  it will take at least 300 secondes to discover the network. If the frequency used is lower than the time needed to do a completediscover, the snmp discover process will run continuously.

The process automatically switches to the SNMP version and selects the right read community of the current scanned host. By default the SNMP version 1 is used when the process interrogates a new host but version 2c request could also be use in case of no response in version 1.

Network container creation

Remark: By default the snmp discover process creates new discovered networks under the root (World) of the Directory tree. It is possible to modify this option and locate the Networks in a container of your choice. To do that, select the desired container in the tree and use the menu option  'Set Home Container' of the sub menu 'Discover Anchor '.

To reset this option in the default root value, select the ‘Reset Home To Root’ in the same sub menu.

Warning: This option is automatically set to root each time you restart Loriotpro


SNMP table discover options

As we already mention, the snmp discover process reads SNMP tables in the host in order to build its vision of the network topology.

These options are selectable in the configuration dialog box.

 

Table of options of SNMP scanning table

Options

Functions

Add all networks from SNMP route table

Scan the IpRouteEntry table and gather information iproutedest andt iproutemask for building network objects in the Directory.

Warning: If pour router is connected to an external network (Extranet or Internet) it could be possible that you will see unneeded networks.

Add hosts found with no registered network

the snmp discover process inserts the host in the Directory even if no network objects are available for them.

Add hosts found in SNMP route table

the snmp discover process inserts the next hop hosts of the routing table in the Directory or the hosts defined with routes having a mask of 255.255 .255.255.

Add host found in SNMP ARP table

the snmp discover process uses the SNMP IpAddEntry   table (Address Resolution Protocol - ARP) to discover all hosts that are on the same physical network.

Remark: Don’t use this option if you want to discover only the routers.


IP address range discover

It is possible to limit the scan range to a set of IP addresses. If you check the ‘Set and use IP Range’ case a new window appears allowing you to specify this range.


Check box 'Set and use IP range'

In the example below, only hosts in the Directory having addresses between 10.33.10.121 and 10.33.10.130 are scanned.


IP address range configuration window

Warning: This range should be contiguous.

The box is now checked and notifies you that the range is set up.

The text displayed in the information zone reminds you that an IP address range is used.

During the scanning cycle, the text informs you about the current scanned address.

IP Expert Options

The IP Expert options provide advanced analysis of the client/servers applications running on the discovered hosts.

If the discovered hosts are answering to SNMP requests, the IP Expert can also provide any information on the hosts’ resources.

The IP Expert uses in that case script programs. Scripts are already available for in deep hosts’ resources analysis and furthermore you can extend the library of available with your own script.

In the Discover Process configuration window, you can set up few option for activating the IP Expert process.

IP expert discover process

Run IP Expert on Directory Network Objects : If this option is checked, the IP Expert process will analyze all the Network objects (scan the network and launch discover strategy scripts). The scan is performed only if the Network Object property settings allow it.

In the Network Object property be sure that the "Make a new scan of this network at the next discover process" is checked

ip expert network scanning

Run IP Expert on Directory Host Objects : If this option is checked, the IP Expert process will analyze all the Host objects (scan host TCP ports). The scan is performed only if the Host Object property settings allow it.

In the Host Object Properties be sure that the Run AT Next Discover Cycle is checked. See example below

ip expert host tcp scan

Assign host parameters from IP Expert Informations (Extended Edition) : If the IP expert use discover strategies based on script the host parameters can be assigned directly by script functions. This options allows this features only available with the Extended Edition of LoriotPro.

A click on the Set IP Expert button open the IP Expert Console window. Read the IP Expert Console documentation for the next configuration steps.


Discover only routers option (next-hop hosts) 

the snmp discover process identifies the hosts that are routers (next-hops) when performing a discover. next-hop IP addresses are collected in the table entry called IpRouteNextHop of the SNMP IpRouteEntry table object which is the routing table.

ip route next hop
Table IpRouteEntry

This option could be forced in the advanced host setting.

Warning: It is not possible to get rid of this host option with certitude for a real next hop because the snmp discover process dynamically sets it up if it’s missing. If this option is manually set up by error the snmp discover process won’t discard it.

This option is useful to limit the discovery perimeter and to predefined next hop hosts (routers) therefore restricting the SNMP information collection to these hosts only.


Discover option

If the discover only routers option is not checked the snmp discover process scans all discovered hosts responding or not to SNMP requests.

Discover only actif hosts option

If the discover only actif hosts  is checked, only devices with the SNMP polling option activated and having a good polling status (green color) are scanned.

Discover only routers option and hosts.

If both modes are checked, only devices of next host type with the SNMP polling option active and having a good polling status (green color) are scanned.

All options removed

the snmp discover process scans all hosts of the Directory except those with the

 ‘Enable discover …’ option not checked.

Preventing a specific host  to be analyzed by the discover process

The scan of a host could be prevented by un-checking the option Enable discover scanning for this host in the host configuration window


" Enable Discover scanning for this host " Option

Limit the router hop count depth

The Maximum router hops to discover option limits the number of routers that the snmp discover process could cross during discovery cycles.

Warning: By default the value is set to 100, which is obviously a large network. With this default value, you might discover networks from extranet or Internet

 

Using an alternate community

A second Read Only community could be set up for newly discovered hosts that are  present in the Directory.


Second Community set up

Default values assigned to newly discovered hosts

Whenever the snmp discover process finds a new host, it uses the predefined settings for setting up its profile. If you wish that new discovered hosts be supervised by SNMP or ICMP at a predefined frequency, you can change the default assigned settings. 

default snmp discover parameters

Table of Default Settings

Options

Functions

CommunityRO

This Community is uses for new hosts, if the host responds to SNMP query.

All subsequent found hosts will have this RO community.

Second Community RO

If the previous community gets no answer, the second one is used.

All subsequent found hosts will have this RO community.

CommunityRW

This RW community is assigned to new hosts.

Polling

La polling frequency used by  ICMP or SNMP, assigned to new host.

60 seconds is the default value.

Snmp polling

If this option is checked all new discovered hosts will be polled with SNMP at regular intervals defined in the polling field

Ping polling

If this option is checked all new discovered hosts will be polled with ICMP (Ping)  at regular intervals defined in the polling field.

Check For SNMPV2c

If this option is checked the  Discover process will try to use SNMP version 1 requests.  If unsuccessful, it will try with SNMP version 2c requests. If the second request is successful, subsequent requests to this host will be made in version 2c.

Name resolution of discovered hosts

By default, the snmp discover process uses the SNMP Sysname object value as object name in the Directory. This is true if the name is defined in the agent and if the host answers to the SNMP query.

snmp sysname

If you check Assign DNS to host name the name resolution is carried out to the Name Server
If you check Scan and Assign Netbios to host name the name resolution is carried out to the WINS

Remark: If you check Assign DNS to host name the Discover cycle will be slowed down because DNS requests are sometimes slow.

If the name could not be resolved by all these ways, the host name will be built from the IP address and a ‘>’ will be added first

Example 

If the host address is 10.3.4.5 and if the snmp discover process is not able to find a name either with SNMP, DNS or Netbios the assigned name will be :

>10.3.4.5


Discovering remote architecture

The Discover process can be start manually and discover remote network architecture.

This discovers method requires that a remote router (the ip address of one of its interface) is accessible through the network and that this router is answering to SNMP requests.

The remote router read only community should be specified too.

To do a remote network discover add an IP address in the Discovering from a remote host (Router) area (see below).

remote network discover

When done click on the start button (Warning: the unattended mode should be off).


Host Default Settings

Host advanced settings, already seen in previous chapter, could affect the behavior of the snmp discover process for this particular host.


Host advanced settings

Advanced property definitions

The SNMP "polling" option is used in relation with the  “Scan only active hosts ” option.

snmp polling interval
Extract of the host properties

The “ This host is a router (Next-Hop) ” option forces the snmp discover process to consider a non-next hop host as a next hop.
The “ Enable discover scanning for this host ” option could disable the scan of this host by the snmp discover process.

snmp host type
Host properties

Standard properties affecting the snmp discover process.

When creating a new entry in the list, you may define the following settings

insert host
Host creation window

Table of standard options

Options

Impact on the snmp discover process

Ping Polling

This setting is used to do the ICMP polling and has no effect on the snmp discover process. If the device is polled successfully, its status is 1 and its color blue.

Snmp Polling

the snmp discover process uses this setting if the “ Scan only active hosts ” option is checked. If the device is polled successfully, its status is 2 and its color green. If both options are checked and if the status is 2 then the SNMP scanning of this host is performed.

This host is a router (Next-Hop)

This setting is automatically set up by the snmp discover process and could only be manually forced to  “true”.

If the option “ scan only routers (next-hop hosts) ” is set  then this device will be scanned by the snmp discover process  indifferent to its status or to the two previous settings.

Enable the snmp discover process to scan this host

This setting could disable the scan of this host in all cases.

Community RO

This is the community used by the snmp discover process for SNMP scanning.



Discover process generated events

Each time a host or a network is discovered by the snmp discover process,  an event notification is sent to an LoriotPro Event manager. This event manager could be local or remote.

snmp discover event

Events distributed management

The current version of the snmp discover process generates only two types of events

Event number

Description

1

"New host"

2

"New network"

The events are sent to the local or remote management and this could trigger an action.

The following drawing describes the concept of event management.

snmp discover event filter

Principles of event management and event filtering

snmp discover event log
Discover Alarm management


Example of event from the snmp discover process

It is possible to filter events by modifying the file trapfilter.txt.

Extract of trapfilter.txt file

event 2 0.0.0.0 0.0.0.0 2 wave "wave/newnetwork.wav"
event 1 10.0.0.0 255.0.0.0 1 wave "wave/ding.wav"
event 1 0.0.0.0 0.0.0.0 1 wave "wave/newhost.wav"

ConFigure d filters are graphically displayed in the Event windows under the filters tab.

snmp discover filter
Filters tab

 Remark: A full chapter is dedicated to event management and filters.


Warning about the snmp discover process

When discovering new hosts, the snmp discover process checks the "Enable Discover Scanning for this host" option by default and thus finds out all devices connected to the network. The LoriotPro administrator should modify this property if he does not wish to scan specific hosts.

It is recommended to proceed step by step. Initially it is simple to let the snmp discover process do its job by giving it enough time to run multiple scan cycles. Next, you can set up the hosts that should not be scanned by the snmp discover process.

the snmp discover process should be used with extreme caution when network architecture has on-demand or ISDN link. It doesn’t distinguish between  a free resource like an Ethernet segment and a payable one like a backup line.

To avoid the opening of such link, you should disable the “ Enable the  discover process to scan this host ” of the next-hop (router) providing this link.

Warning: Hosts located behind such next-hops could be used by the snmp discover process to continue its scanning. You should carefully conFigure  all host remotely located and do a fine adjustement of the snmp discover process setting of the polling setting.

If your network is especially meshed, we suggest you to disable the “ Enable Discover scanning for this host” option for all IP addresses of the router involved. Don’t forget that the snmp discover process considers a router as individual hosts.

Once the topology is discovered, increase the period between two scan cycles. If your network is stable and the number of hosts and networks doesn’t evolve, stop the snmp discover process and use only the classical polling.

Remark: It is possible to supervise "polling" a device in SNMP and prevent its scanning by the snmp discover process. The polling process is totally independent of the snmp discover process.


www.loriotpro.com