6.5. Mapping or DiagrammingAt this point, you should have a good idea of how to find out what is on your network. The next step is to put together a picture of how everything interconnects. This is usually referred to as mapping but may go by other names such as network drawing or diagramming. This can be absolutely essential if you are dealing with topology-related problems. A wide spectrum of approaches may be taken. At one extreme, you could simply use the collected data and some standard drawing utility to create your map. Clearly, some graphics software is better suited than others for this purpose. For example, special icons for different types of equipment are particularly nice. But almost any software should be usable to a degree. I have even put together passable diagrams using the drawing features in Microsoft Excel. Manual diagramming is usually practical only for a single segment or a very small network. But there might be times when this will be desirable for larger networks -- for example, you may be preparing graphics for a formal presentation. This, however, should be an obvious exception, not a routine activity. In the middle of the spectrum are programs that will both discover and draw the network. When using tools with automatic discovery, you will almost certainly want to clean up the graphics. It is extremely hard to lay out a graph in an aesthetically pleasing manner when doing it manually. You can forget about a computer doing a good job automatically. Another closely related possibility is to use scripting tools to update the files used by a graphing utility. The graphic utility can then display the new or updated map with little or no additional interaction. While this is a wonderful learning opportunity, it really isn't a practical solution for most people with real time constraints. At the other extreme, mapping tools are usually part of more comprehensive management packages. Automatic discovery is the norm for these. Once the map is created, additional management functions -- including basic monitoring to ensure that devices and connections still work and to collect performance data -- are performed. Ideally, these programs will provide a full graphic display that is automatically generated, includes every device on the network, provides details of the nature and state of the devices, updates the map in real time, and requires a minimum of user input. Some tools are well along the path to this goal. There are problems with automatic discovery. First, you'll want to be careful when you specify the networks to be analyzed and keep an eye on things whenever you change this. It is not that uncommon to make an error and find that you are mapping devices well beyond your network. And, as explained later in this chapter, not everyone will be happy about this. Also, many mapping programs do a poor job of recognizing topology. For example, in a virtual LAN, a single switch may be logically part of two different networks. Apart from proprietary tools, don't expect many map programs to recognize and handle these devices correctly. Each logical device may be drawn as a separate device. If you are relying solely on ICMP ECHO_REQUEST packets, unmanaged hubs and switches will not be recognized at all, while managed hubs and switches will be drawn as just another device on the network without any indication of the role they play in the network topology. Even with automatic discovery, network mapping and management tools may presuppose that you know the basic structure of your network. At a minimum, you must know the address range for your network. It seems very unlikely that a legitimate administrator would not have this information. If for some bizarre reason you don't have this information, you might begin by looking at the routing tables and NAT tables in your router, DNS files, DHCP configurations, or Internic registration information. You might also use traceroute to identify intermediate segments and routers.
6.5.1. tkinedAn excellent example of a noncommercial, open source mapping program is tkined. This is a network editor that can be used as a standalone tool or as a framework for an extensible network management system. At its simplest, it can be used to construct a network diagram. Figure 6-1 is an example of a simple network map that has been constructed using tkined tools. (Actually, as will be explained, this map was "discovered" rather than drawn, but don't worry about this distinction for now.)
Figure 6-1. A network map constructed with tkined
126.96.36.199. Drawing maps with tkinedManually drawing a map like this is fairly straightforward, although somewhat tedious for all but the smallest networks. You begin by starting tkined under an X Window session. (This discussion assumes you are familiar with using an X Window application.) You should see the menu bar across the top window just under the titlebar, a toolbar to the left, and a large, initially blank work area called the canvas. To create a map, follow these steps:
188.8.131.52. Autodiscovery with tkinedFor a small network, manually drawing a diagram doesn't take very long. But for large networks, this can be a very tedious process. Fortunately, tkined provides tools for the automatic discovery of nodes and the automatic layout of maps. You begin with Tools IP-Discover. What this does is add the IP Discover menu to the menu bar. The first two items on this menu are Discover IP Network and Discover Route. These tools will attempt to discover either the devices on a network or the routers along a path to a remote machine. When one of these is selected, a pop-up box queries you for the network number or remote device of interest. Unfortunately, tkined seems to support only class-based discovery, so you must specify a class B or a class C address (although you can specify a portion of a class B network by giving a class C style subnet address, e.g., 172.16.1.0). It also tends to be somewhat unpredictable or quirky when trying to discover multiple networks. If you are using subnets on a class B address, what seems to work best is to run separate discovery sessions and then cut and paste the results together. This is a little bit of a nuisance, but it is not too bad. This was what was actually done to create Figure 6-1. Figure 6-2 shows the output generated in discovering a route across the network and one of the subnets for the network shown in Figure 6-1. This window is automatically created by tkined and shows its progress during the discovery process. Note that it is sending out a flood of ICMP ECHO_REQUEST packets in addition to the traceroute-style discovery packets, the ICMP network mask queries, and the SNMP queries shown here.
Figure 6-2. Route and network discovery with tkinedIf you do end up piecing together a network map, other previously discussed tools, such as traceroute, can be very helpful. You might also want to look at your routing tables with netstat. There are a couple of problems in using tkined. Foremost is the problem of getting everything installed correctly. You will need to install Tcl, then Tk, and then scotty. scotty can be very particular about which version of Tcl and Tk are installed. You will also need to make sure everything is in the default location or that the environmental variables are correctly set. Fortunately, packages are available for some systems, such as Linux, that take care of most of these details automatically. Also, tkined will not warn you if you exit without saving any changes you have made.
Copyright © 2002 O'Reilly & Associates. All rights reserved.