snmp management software LoriotProsnmp management software LoriotPro

Administrator Handbook
www.loriotpro.com

TOC

The Discover Process

Introduction

The prime function of the discover process is to find every device connected to your Network information system. If they are reachable with the IP protocol LoriotPro is able to find them. The Discover process has a powerful algorithm base on a step-by-step progression. From device to device, from router to router, it internally builds a detailed view of the IP layer topology.

As a reminder and according to our terminology,  a network is made of a physical segment with an IP addressing schema, the Inter-Network is a group of networks connected together by IP routers.

Devices are any equipment with at least a network physical interface connected to a network and has at least one associated IP address.

For the Discover process, a router is a device, defined as a group of hosts, one for each interface allowing the routing of IP packet between these interfaces.

If the routing function is activated in a device, the ipForwarding object from the MIBII should have the value 1.

The Discover process will manage a router as individual hosts. A host setting called “ RouterID ” is used to group hosts together and virtually build a router object within LoriotPro. This object is used and managed by another process of LoriotPro. 


"RouterID" host property

The screen below shows you a router built from a group of two hosts with the reference  (RouterID) 10.33.10.121.


router configuration window

Remark: Refer to the chapter concerning the Directory router object from more information about router creation.

Discover algorithm (SNMP request based)

There are few algorithms to use for a complete discover of the network devices. These algorithms use either the SNMP protocol or the ICMP protocol and sometimes the UDP protocol.

The Discover process uses an investigation method only based on the SNMP MIBII information provided by the devices connected to the Inter Network. The process makes request to all devices that recognize the MIBII requests, and collects the IPADDTABLE, IPROUTETABLE and ARPTABLE host tables. From that, it builds the IP topology.

The Discover process doesn’t use the ICMP echo request (ping) to detect every host on the Network but only SNMP information.

Discover algorithm:  (ICMP echo request based – ping)

Another method of discovering hosts is to use the LoriotPro IP Scanner. This one is able to do an exhaustive scan of all IP addresses of an IP subnet.


IP Scanner window

Refer to the chapter ‘Scan IP Range…’ for more information.

Algorithm  (Trace Route based)

Detecting routers located between two defined IP addresses is possible by using the “next-hops ” logical based on the “ Traceroute ” tools. This is available as a LoriotPro service Plugin called TraceRouteDiscover.


The TraceRouteDiscover plugin window

Remark: Refer to the chapter on Plugins for more information.

SNMP Discover Algorithm

Introduction

The Discover process uses an investigation method only based on the SNMP MIBII information provided by the devices connected to the Inter Network. The process sends request to all devices that recognize the MIBII requests, and collects the IPADDTABLE, IPROUTETABLE and ARPTABLE host tables. From that, it builds the IP topology.

Principle

The Discover process learns about out the network topology step by step or we should rather say “hop by hop”, a hop in telecommunication terminology being a router.

It uses the diversity of the router SNMP information to “imagine” the structure of the network. The router could be located on the opposite side of the world, it doesn’t matter, if Loriotpro could speak with it in SNMP, it will discover the remote IP infrastructure.

This method is efficient because it is not necessary to request all devices connected to the network in order to know that they are present and active. Of course a remote host will only be discovered if it had already exchanged packets with its default router, else it would not be seen. The reading of the router ARP table gives only volatile information, the table is flush every 4 hours

A host configured for not responding to Ping request or any other IP request will be discover anyway. The ARP table gives Medium Access Layer - MAC -information such as physical addresses, which is not possible with a single Ping to a remote host.

Remote here means at least behind an IP router.

However, if the remote device does not leave any trace in he router it will not be discovered.

Example

Let us imagine the network below.


Discover principle working example

In this context, one of the C router interfaces is known, as well as its SNMP read community, the discover process will find out in two-step the topology and the devices connected to the network. It will find out if the B, D, E, F router are in the C routing table as “next hops”.

If the SNMP community of router D, E, F is known, hosts S1 S2 et S3 will be discovered by reading the ARP table of these router.

The Discover Process uses a kind of “vector distance” algorithm and process hop by hop. Beside the network is discovered in a sequential manner regarding the defined setting and in the reverse order of the discovered hosts. The DSNMP program, which is the kernel of the Directory, manages all resources of host type in a chained structure list. A scan cycle consists of calling the first host of this list, using its conFigure d setting and if it succeeds, to do all schedule SNMP requests to it. The next host in the list is treated the same way and so on, up to the end of the list. 

Directory update

In case of new discovered hosts, the Discover process asks to the DSNMP process to creat a new entry in the chained list and thus save the new host object and its settings. The DSNMP process saves it at the beginning of the list, which doen’t affect the current scan cycle of the Discover Process. At the next Discover cycle the newly discovered host will be questioned first.

Insertion strategy of new host

Discover process algorithm


Discover process algorithm

Example of discover

Let us imagine a complex network as below:

"Only Next-hops" discover

First discover cycle

The Discover process collects SNMP information from the A router. It detects two other router, B and C. It finds all hosts that have already used the A router by reading the ARP table of router A.

Second discover cycle

The Discover process collects SNMP information from the C, B and A router and finds three new routers D, E and F as well as new hosts.

Third discover cycle

The Discover process collects SNMP information from the F, E, D, B, C et A and discovers new hosts.

Discover process supervision

The Discover process is fully configurable and could be fine tune to your expectation. The configuration windows is accessible from the main menu:

ConFigure >Discover Process…

 
ConFigure  option of the main menu

The Discover process window is a dialog box containing all adjustable settings.


Discover process window

Remark: Remember, the discover process works as a background task of the LoriotPro kernel and this window is only a configuration window.

Discover process options

A lot of configuration options are available to finely tune the Discover process. It could be necessary to limit the number discovery methods and consequently reduce the traffic generated by the discover process.

To perform the scanning cycles, the Discover process uses the advanced hosts settings stored in the Directory and a few others allowing a more precise analysis.

The process automatically switches to the SNMP version and selects the right read community of the current scanned host. By default the SNMP version 1 is used when the process interrogates a new host but version 2c request could also be use in case of no response in version 1.

 

If you want this type of ‘Check For SNMPV2c’.

Network container creation

Remark: By default the Discover process creates new discovered networks under the root (World) of the Directory tree. It is possible to modify this option and locate the Networks in a container of your choice. To do that, select the desired container in the tree and use the menu option  ‘Set Home Container’ of the sub menu ‘Discover Anchor ’.

Directory>Discover Anchor>Set Home Container

To reset this option in the default root value, select the ‘Reset Home To Root’ in the same sub menu.

Warning: This option is automatically set to root each time you restart Loriotpro

SNMP table scanning

As we already mention, the Discover process reads SNMP tables in the host in order to build its vision of the network topology.

These options are selectable in the configuration dialog box.

 

Table of options of SNMP scanning table

Options

Functions

Add all networks from SNMP route table

Scan the IpRouteEntry table and gather information iproutedest andt iproutemask for building network objects in the Directory.

Warning: If pour router is connected to an external network (Extranet or Internet) it could be possible that you will see unneeded networks.

Add hosts found with no registered network

The Discover process inserts the host in the Directory even if no network objects are available for them.

Add hosts found in SNMP route table

The Discover process inserts the next hop hosts of the routing table in the Directory or the hosts defined with routes having a mask of 255.255 .255.255.

Add host found in SNMP ARP table

The Discover process uses the SNMP IpAddEntry   table (Address Resolution Protocol - ARP) to discover all hosts that are on the same physical network.

Remark: Don’t use this option if you want to discover only the routers.

IP address range reduced scan

It is possible to limit the scan range to a set of IP addresses. If you check the ‘Set and use IP Range’ case a new window appears allowing you to specify this range.


Check box 'Set and use IP range'

In the example below, only hosts in the Directory having addresses between 10.33.10.121 and 10.33.10.130 are scanned.


IP address range configuration window

Warning: This range should be contiguous.

The box is now checked and notifies you that the range is set up.

The text displayed in the information zone reminds you that an IP address range is used.

During the scanning cycle, the text informs you about the current scanned address.

 The “ scan only routers option (next-hop hosts) ”.

The Discover process identifies the hosts that are routers (next-hops) when performing a discover. next-hop IP addresses are collected in the table entry called IpRouteNextHop of the SNMP IpRouteEntry table object which is the routing table.


Table IpRouteEntry

This option could be forced in the advanced host setting.

Warning: It is not possible to get rid of this host option with certitude for a real next hop because the Discover process dynamically sets it up if it’s missing. If this option is manually set up by error the Discover process won’t discard it.

This option is useful to limit the discovery perimeter and to predefined next hop hosts (routers) therefore restricting the SNMP information collection to these hosts only.


Discover option

If the “ scan only routers (next-hops hosts) ” option is not checked the Discover process scans all discovered hosts responding or not to SNMP requests.

Scan only active hosts option

If the “ scan only active host ”  is checked, only devices with the SNMP polling option activated and having a good polling status (green color) are scanned.

Scan only active hosts ” and “only routers”.

If both modes are checked, only devices of next host type with the SNMP polling option active and having a good polling status (green color) are scanned.

All options removed

The discover process scans all hosts of the Directory except those with the

 ‘Enable discover …’ option not checked.

Preventing a specific host  scanning

The scan of a host could be prevented by un-checking the option ‘Enable discover scanning for this host’ in the host advanced configuration window


“ Enable Discover scanning for this host ” Option

Limit the hop count depth.

The “ Max Network Hops From Starting host ” option limits the number of routers that the Discover process could cross during discovery cycles.

Warning: By default the value is set to 100, which is obviously a large network. With this default value, you might discover networks from extranet or Internet

Scanning period.

The “ Automatic Scanning ” option allows you to do a continuous scan at regular intervals. The setting  “ Run Scanning Process Every ” defines the time between each scanning cycle.

Warning: If you check the ‘Automatic Scanning’ option, an information window reminds you that you will send SNMP requests to all of your network hosts and that links will be used. It could arise that “on demand” links will be opened and will be payable for time utilization. Activating the Discover process could open these links and generate unwanted invoices


Warning window

If you answer Yes, you will be able to conFigure  the scanning cycle occurrences.


'Run Scanning Process Every' option

Remark: In our preceding example, three cycles were necessary to discover the network. If the scanning cycle frequency is set at 100 seconds,  it will take at least 300 secondes to discover the network. If the frequency used is lower than the time needed to do a complete scan, the Discover process will run continuously.

Using an alternate community

A second Read Only community could be set up for newly discovered hosts that are  present in the Directory.


Second Community set up

Name resolution of discovered hosts.

By default, the Discover process uses the SNMP Sysname object value as object name in the Directory. This is true if the name is defined in the agent and if the host answers to the SNMP query.

If you check ‘DNS as name’ the name resolution is carried out to the Name Server
If you check ‘Netbios name query’ the name resolution is carried out to the WINS

Remark: If you check ‘DNS as name’ the Discover cycle will be slowed down because DNS requests are sometimes slow.

If the name could not be resolved by all these ways, the host name will be built from the IP address and a ‘>’ will be added first

Example 

If the host address is 10.3.4.5 and if the Discover process is not able to find a name either with SNMP, DNS or Netbios the assigned name will be :

>10.3.4.5

Default values assigned to newly discovered hosts

Whenever the Discover process finds a new host, it uses the predefined settings for setting up its profile. If you wish that new discovered hosts be supervised by SNMP or ICMP at a predefined frequency, you can change the default assigned settings. 

Table of Default Settings

Options

Functions

CommunityRO

This Community is uses for new hosts, if the host responds to SNMP query.

All subsequent found hosts will have this RO community.

Second Community RO

If the previous community gets no answer, the second one is used.

All subsequent found hosts will have this RO community.

CommunityRW

This RW community is assigned to new hosts.

Polling

La polling frequency used by  ICMP or SNMP, assigned to new host.

60 seconds is the default value.

Snmp polling

If this option is checked all new discovered hosts will be polled with SNMP at regular intervals defined in the polling field

Ping polling

If this option is checked all new discovered hosts will be polled with ICMP (Ping)  at regular intervals defined in the polling field.

Check For SNMPV2c

If this option is checked the  Discover process will try to use SNMP version 1 requests.  If unsuccessful, it will try with SNMP version 2c requests. If the second request is successful, subsequent requests to this host will be made in version 2c.

Host discover options

Host advanced settings, already seen in previous chapter, could affect the behavior of the Discover process for this particular host.

Host advanced settings

Advanced property definitions

The SNMP "polling" option is used in relation with the  “Scan only active hosts ” option.


Extract of the host properties

The “ This host is a router (Next-Hop) ” option forces the discover process to consider a non-next hop host as a next hop.
The “ Enable discover scanning for this host ” option could disable the scan of this host by the Discover Process.


Host properties

Standard properties affecting the Discover process.

When creating a new entry in the list, you may define the following settings


Host creation window

Table of standard options

Options

Impact on the Discover process

Ping Polling

This setting is used to do the ICMP polling and has no effect on the Discover process. If the device is polled successfully, its status is 1 and its color blue.

Snmp Polling

The Discover process uses this setting if the “ Scan only active hosts ” option is checked. If the device is polled successfully, its status is 2 and its color green. If both options are checked and if the status is 2 then the SNMP scanning of this host is performed.

This host is a router (Next-Hop)

This setting is automatically set up by the Discover process and could only be manually forced to  “true”.

If the option “ scan only routers (next-hop hosts) ” is set  then this device will be scanned by the Discover process  indifferent to its status or to the two previous settings.

Enable the discover process to scan this host

This setting could disable the scan of this host in all cases.

Community RO

This is the community used by the Discover process for SNMP scanning.


Discover process generated events

Each time a host or a network is discovered by the Discover process,  an event notification is sent to an LoriotPro Event manager. This event manager could be local or remote.

Events distributed management

The current version of the Discover process generates only two types of events

Event number

Description

1

"New host"

2

"New network"

The events are sent to the local or remote management and this could trigger an action.

The following drawing describes the concept of event management.

Principles of event management and event filtering


Discover Alarm management


Example of event from the Discover process

It is possible to filter events by modifying the file trapfilter.txt.

Extract of trapfilter.txt file

event 2 0.0.0.0 0.0.0.0 2 wave "wave/newnetwork.wav"
event 1 10.0.0.0 255.0.0.0 1 wave "wave/ding.wav"
event 1 0.0.0.0 0.0.0.0 1 wave "wave/newhost.wav"

ConFigure d filters are graphically displayed in the Event windows under the filters tab.


Filters tab

 Remark: A full chapter is dedicated to event management and filters.

Warning about the Discover process

When discovering new hosts, the Discover process checks the "Enable Discover Scanning for this host" option by default and thus finds out all devices connected to the network. The LoriotPro administrator should modify this property if he does not wish to scan specific hosts.

It is recommended to proceed step by step. Initially it is simple to let the Discover process do its job by giving it enough time to run multiple scan cycles. Next, you can set up the hosts that should not be scanned by the Discover process.

The Discover process should be used with extreme caution when network architecture has on-demand or ISDN link. It doesn’t distinguish between  a free resource like an Ethernet segment and a payable one like a backup line.

To avoid the opening of such link, you should disable the “ Enable the  discover process to scan this host ” of the next-hop (router) providing this link.

Warning: Hosts located behind such next-hops could be used by the Discover process to continue its scanning. You should carefully conFigure  all host remotely located and do a fine adjustement of the Discover process setting of the polling setting.

If your network is especially meshed, we suggest you to disable the “ Enable Discover scanning for this host” option for all IP addresses of the router involved. Don’t forget that the Discover process considers a router as individual hosts.

Once the topology is discovered, increase the period between two scan cycles. If your network is stable and the number of hosts and networks doesn’t evolve, stop the Discover Process and use only the classical polling.

Remark: It is possible to supervise "polling" a device in SNMP and prevent its scanning by the Discover process. The polling process is totally independent of the Discover process.


www.loriotpro.com
Copyright © 2004 LUTEUS SARL. All rights reserved. This documentation is copyrighted by LUTEUS SARL. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying or otherwise, without the prior express written permission of LUTEUS SARL