Understanding how devices are logically and physically associated with each other is the next step of a network audit. Without tracking this information, you can never be sure what the true source of traffic to a device can be. It makes a huge difference whether traffic coming into a switch is from a server, user, or another switch. When deciding which ports to monitor in the network, you may mistakenly choose not to monitor a particular port because you thought it was a user port, when in fact it was the mainframe connection. Unfortunately, after the audit is complete, you must maintain the currency of the documentation. The nature of business is that people move (and so do their connections), devices move, and networks undergo change. As a result, the documentation will be good as long as it is accurate. As soon as its accuracy declines, people will learn not to trust the information and eventually find other methods to keep track of network connectivity. Most of the time, the alternative method is guesswork, which leads to unnecessary outages due to mistakes. Connectivity maps tend to be the most-used pieces of documentation with network operations. Therefore, it is important to integrate appropriate maintenance of the information within the framework of work. Don't let the information get out-of-date. Documenting network connectivity consists of the following:
StandardizationStandardization involves setting up standard methods for naming, connecting devices, and locating equipment. Develop a naming scheme that will allow people (and automated tools) to quickly identify the type and use of a device. Use DNS names, hostnames, and interface descriptions to implement the naming. Interface description usage is especially helpful because the description can be obtained both from the device configuration file as well as SNMP. Another form of standardization involves consistently using physical ports on devices to identify the type of device connected. For instance, the first port of the first card on a Catalyst 5000 could be used exclusively for connecting building routers. Figure 1-3 provides an example of port standardization. In this case, port 1/1 is used for connection back to the backbone router, whereas port 1/2 is always used to connect to a redundant switch. Figure 1-3. Example of Port StandardizationYou should also indicate the purpose of the port in the configuration of the port name or interface description. For example, the switch in Figure 1-3 might have port names such as bb-rtr-2 for port 1/1 and redun-flr1-sw-2 for port 1/2. Finally, you can standardize on IP address assignment. For instance, for each subnet, the following host portions would be reserved:
So, if you see a problem with an address such as 172.26.10.6, you would know that it is a router, switch, or RMON probe, as opposed to a user workstation or server.
Layer 2 ConnectivityThe next stage of a connectivity audit involves learning and documenting the physical relationships between devices. In this context, the physical relationships include the following:
Network management software from Cisco and other vendors provides Layer 2 discovery in which given a particular switch, Layer 2 and physical relationships between switches and routers can be discovered. The software can be used to seed your documentation with the current connectivity of devices, which generally requires the use of proprietary protocols. This is because there is no standard method for network devices to learn and report their Layer 2 neighbor relationships. With Cisco devices, the Cisco Discovery Protocol (CDP) is used. CDP runs on each Cisco device and allows it to track those Cisco devices connected off of each of its ports. CDP works well in an all-Cisco network for documentation and troubleshooting, but becomes less useful in a multi-vendor network because non-Cisco devices do not participate in CDP, and thus will not be known by their neighbor. Figure 1-4 compares the CDP discovery of Cisco devices with a Cisco and a non-Cisco device in-between. If a Catalyst 5000 connects two Cisco routers, a CDP discovered map would display the proper relationship. However, if two Cisco routers are connected by a hub or switch from another vendor who does not participate in CDP, the map will simply display the routers as directly connected without a switch in-between. Figure 1-4. CDP Discovery with a Cisco Switch and a Non-Cisco SwitchA CDP discovery application generally requires the specification of a starting, or seed device. The seeding involves manually entering a device name or IP address, community strings, and possibly Telnet passwords for each device of interest. This provides the auto-discovery routine with enough information to be able to interrogate the device for more information. The downside of this approach is that if devices are swapped out, moved around, or reconfigured, the changes must manually be tracked. Given the seed device, the application queries the device's CDP neighbor table. Once discovered, the application can continue to track the changes that occur in the network. The discovered network can then be displayed or printed in map form. The map displays the physical connectivity relationship between network devices. For each device, there is a line that connects to each of its physically adjacent network device peers. Figure 1-5 provides an example of a map that was discovered using CDP. Notice that the map is able to display the Layer 2 and Layer 3 relationships of Cisco devices. Figure 1-5. Example of a Hypothetical Map Discovered Using CDPBy using CDP, the application can determine how each device is physically connected, down to the port/interface number. Unfortunately, auto-discovering the physical relationships among multi-vendor networks is considerably more difficult because of the complete lack of standard neighbor discovery protocols. Cisco has submitted the CDP standard to the IETF. Layer 3 ConnectivityUnlike physical connectivity, Layer 3 connectivity is easier to auto-discover and map. This is mainly due to public domain methods and MIBs to collect the necessary information. Logical connectivity maps demonstrate the distribution and relationship of network layer addresses. There are multiple methods for documenting logical connectivity (as mentioned for physical connectivity), including auto-discovering network management software, spreadsheets, and databases. The data/reports should then be made available to those who need it. You could generate reports or capture screen shots and place them on an internal web server. Or you could simply print them out and distribute. (Don't forget to date them so people know whether they've got the latest version.) In addition, DNS and DHCP servers can be used to capture and enforce the distribution of addressing. Network management products that auto-discover logical networks can also be used as reference documentation. TIP Never allow network devices to dynamically learn their network addresses. You should always assign a static address so that the device is definitively known by that address. Automatic discovery of logical connectivity is relatively commonplace in today's network management tools. By parsing through each router's routing table, an auto-discovery routine can determine the neighbor router for each learned route. The routine then can query the routing table from the neighbor and discover the neighbor's neighbors. TIP You can take certain preventive steps to help auto-discovery routines more accurately discover your network and in general provide you with a cleaner network to manage:
There are third-party tools available that allow you to draw the network connectivity as it makes sense to your organization. One method for mapping the logical network is to draw maps that display the physical network and identify the IP addresses and networks between network devices. You may also choose to incorporate connecting port and server information as well. You may also choose to store MAC addresses in the system. Typically, hybrid maps will evolve in which logical and physical information is displayed together. This is the kind of information that people will print out and store in their notebooks or pin up on the wall. Figure 1-6 provides an example of a hybrid map. Figure 1-6. Example of a Hybrid Connectivity MapIn this map, notice how physical connectivity, physical device traits, logical addressing, and VLAN information are displayed on the same map. Notice the following:
|