Research on Network Topology Discovery Methods of the Ethernet link layer (Xiaogang, reserved for use)

SummaryThis paper analyzes the existing Ethernet link layer topology discovery algorithms, proposes improved algorithms, and provides the basic implementation methods of the algorithms. The new algorithm relaxed the conditions in the original algorithm, making the algorithm more widely used and adaptable. The new algorithm can discover devices that cannot be found by the original algorithm in the network.

 

KeywordsLink Layer topology SNMP 1 IntroductionWith the improvement of computer performance and the increase of traffic, the traditional LAN has been more and more overloaded. The exchange Ethernet technology emerged, greatly improving the LAN performance. Compared with the LAN topology based on bridges, hubs, and routers in the past, network switches can significantly increase bandwidth. With the addition of the exchange technology, you can establish a geographically dispersed network, so that each port of the LAN switch can transmit information in parallel, securely, and simultaneously, and make the LAN highly scalable. According to the network technology used, LAN switches can be divided into Ethernet switches, licensing ring switches, FDDI switches, ATM switches, and fast Ethernet switches. Due to the simplicity and ease of use of Ethernet, most of the currently used Ethernet switches and Fast Ethernet switches as their own network switching devices. The link layer topology discovery in this article is targeted at two-layer Ethernet devices. The Research on topology discovery technology in China also focuses on three-layer topology discovery, ignoring the importance of L2 topology discovery. In the Intranet or LAN, switches are usually used as the center to connect to machines. However, layer-3 topology discovery cannot achieve topology discovery in such a network environment. 2 Existing link layer topology discovery AlgorithmsFrom the perspective of how the vswitch works [2], we can find that the vswitch does not provide an effective and Direct Method to Determine the device to which it is directly connected. The only feasible method for a heterogeneous network is to use the information of the MIB ⅱ bridge group in SNMP (implemented by various manufacturers) to obtain the address forwarding table of the switch and analyze its features, find a reasonable algorithm to determine the topological relationship of the physical network. 2.1 existing algorithms describe the link layer topology automatic discovery algorithm. The goal is to find the connection relationship between switches and switches in the subnet, between switches and routers, and between switches and hosts. Finding the connection between a vswitch and a vswitch is the key to automatic discovery of The Link Layer topology. The Bell Laboratory's Yuri Breitbart provides the basic algorithms [, 5]. The Theoretical Basis and description of the algorithm are as follows: Define L: the L2 trunk structure composed of a vro is Fig n. In N, the I-th vswitch is si, and the J-th port is SIJ. Definition 2: set any port SIJ. dij indicates the source MAC address set in the address forwarding table of the Switch si received through the port SIJ. Definition 3: set any port SIJ. lij indicates that the source MAC address of the data frame received through the port SIJ in the address forwarding table of the switch Si is a set of switches. Definition 4: If no MAC address of other switches is displayed in the lij of the Si port of a vswitch, The SIJ port is called a leaf port. Definition 5: the port SIJ is complete. It means that the data frame sent to any device d in the stator network can reach Si through the port SIJ, then the MAC address of D must appear in lij. Theorem 1: If lij ∪ lkl = U (U refers to the collection of all switches in the subnet) and lij ∩ lkl = # (# blank set) then, port SIJ and port SKL are directly connected to [1]. Theorem 2: If the vro or host is directly connected to the sij of the vswitch Si, if and only if the SIJ is a leaf port, and the lij contains the MAC address of the vro or host [1], Procedure findinterconnections (S1, S2 ,..., SN, R1, R2 ,..., rm)/* S1, S2 ,..., sn are the switches of a subnet S * // * R1, R2 ,..., rm are the routers of the subnet S */beginfor each Switch si do for each interface J of Si do {If SIJ has determined continue else {If lij has lkl = u and lij has lkl =) the SIJ is directly connected to the SKL to generate a new connection/* The SIJ matches the SKL */} For Each router rk do for each Switch si do for each interface J of Si do if SIJ is a leaf port and lij contains rk MAC address. SIJ is directly connected to rk./* SIJ matches rk. */end 2.2 algorithm. The basic algorithm itself requires that the address forwarding table must be complete (each switch must know the port corresponding to other switches ), however, this is difficult to implement in Real Networks. For this reason, Yuri Breitbart [1] specially designed a mping program: to modify the original Ping program, use rawsocket to change the source IP address in the ICMP Response Request message sent by the management node to the IP address of the specified target switch. The destination IP address is the address of other main devices in the network. When other trunk devices receive ICMP query request packets, they will send ICMP query response packets to the specified destination forwarder, then, the MAC address of the target device is added to the destination switch address forwarding table. This kind of mping program is correct in principle, but in some networks with strict security configurations, such data packets with fake source IP addresses will be filtered by routers and firewalls, make the mping program unable to achieve the expected results. Even in a loose network environment, some target devices do not perform ARP operations after receiving ICMP query request packets, instead, it simply swaps the source MAC address of the received data frame with the destination MAC Address [3], and then sends the ICMP query response message, the target MAC address of the response packet does not correspond to the IP address. Therefore, the forwarding table completeness cannot be effectively enhanced. In addition, this algorithm greatly increases the number of additional network packets, and the order of magnitude is O (switching machine + router) 2 ). In addition, this algorithm requires all vswitches to obtain their SNMP information, and the hub can only be on its leaf port. Although some switches in a complex network structure support the SNMP protocol, the SNMP information cannot be obtained due to security considerations or setup issues. In addition, some networks may be connected through a hub, these two situations cannot be solved by the basic algorithm. 3 Algorithm ImprovementThe difficulty of the Link Layer topology automatic discovery algorithm lies in the acquisition of network information. In the actual network environment, various network devices are used to save resources or ensure network security, various demanding conditions are set for collection of network topology information. The starting point of the improved algorithm is to reduce the requirements of the algorithm for the completeness of topology information, especially address forwarding table, and to meet the requirements after this reduction through simple and effective means. Considering that there may be dumb devices (switches and hubs that cannot obtain SNMP data) in the main link of the physical network, the new algorithm relaxed the restrictions on the direct connection between a vswitch and a vswitch (all the vswitches that can obtain SNMP data). As a result, a vswitch port can be connected to multiple vswitches through a dumb device, this makes the algorithm more widely used and adaptable. 3.1 Theoretical Basis of AlgorithmsTo better describe the new link layer topology discovery algorithm, the existing definition is added here: Definition 6: Flag node: when the host running the algorithm is in the pre-discovered subnet, name the host as a flag node. If not, the router that forwards the data packets sent by the algorithm host in the target subnet is defined as a flag node. [3] definition 7: upstream port: Port indicating the MAC address of the Flag node in the address forwarding table corresponding to the port [3] definition 8: downstream Port: no port indicating the MAC address of the node is displayed in the address forwarding table corresponding to the port. [3] define 9: Si MAC address: Make the si mac address of the switch si_mac. Definition 10: lij (j = 1, 2 ,..., If the sum of N) is Li, then the port SIJ corresponding to li = {IJ | lij is the downstream port} defines 11: dij (j = ,..., N) for Di, then di = {IJ | SIJ corresponding to dij is the downstream port} is defined as 12: any non-leaf port SIJ, lij must not be empty set, for a vswitch Sk in the lij set, whose Lk is the largest, SK is the maximum subroot node of SIJ (if multiple vswitches have the same L value, select one ). Conclusion 1: the non-blade port of the vswitch is directly connected to the vswitch: the set of MAC tables of the downstream non-leaf port SIJ of the switch Si is equal to the Mac table of all downstream ports of the root node SK of the maximum subtree and the MAC address of the SK is AIJ. = ak + sk_mac, then Si connects directly to the upstream port of SK through the downstream port SIJ. Conclusion 2: the non-blade port of the vswitch is directly connected to the dumb device: the set of MAC tables of the downstream non-leaf port SIJ of the switch Si is greater than the Mac table of all downstream ports of the root node SK of the maximum subtree and the MAC address of the sk. AIJ> aK + sk_mac. Then Si connects to the dumb device through the downstream port SIJ, and SK connects directly to the dumb device through the upstream port. 3.2 Algorithm Description And implementationThe basic description of the improved algorithm is as follows: (1) obtain the list of all routers, switches, and hosts in the subnet, determine the correspondence between the IP address and the MAC address, and identify the flag node. (2) ping all active devices in the subnet. (3) read the address forwarding table of each vswitch. (4) determine the connection status of the Flag node, set the nearest switch as the root switch, and add it to the switch discovery queue. Find the first vswitch in the queue and determine the connection relationship between its downstream ports. If it is a leaf port, the connection relationship between it and the dumb device and the host router is determined based on Conclusion 3. If it is not a leaf port, the connection relationship is determined based on conclusions 1 and 2, add the newly discovered switch to the end of the switch discovery queue. Round 5, until the switch queue is empty, and the algorithm ends. Algorithm Implementation is divided into three processes. Set N as the subnet address. Init (n) initialization program, linklayer (n) Main L2 Topology Discovery program, core of the dealsubtree (F, FP, temp, l2_temp, hub_num) algorithm, processes the connection relationship between the vswitch port FP. Init (n) function (1) sends ICMP request packets to all IP address spaces in the subnetwork to obtain all active devices and assign them to alive. (2) determine the flag node: if it is the subnet where the management server is located, it indicates that the node is the Management Server, and the other subnet is the last vro returned by the traceroute program, which is assigned to the root user. (3) collect topology information: send SNMP packets to each active device in the sub-network to determine the device type, add a layer-3 device to a set of layer-3 devices and obtain the ing table between their IP addresses and MAC addresses. Add a layer-2 device to the set of layer-2 devices and determine its upstream port. Linklayer (N) (1) calls Init (n) to collect information. (2) identify the root switch (3) retrieve the first switch F in the switch discovery queue and process each downstream port (call dealsubtree (F, FP, temp, l2_temp, hub_num) and add the newly discovered vswitch to the Discovery queue. (4) After each port of F is processed, jump to step 4. The supervisor finds that all switches in the queue have been processed. The algorithm ends. Dealsubtree (F, FP, temp, l2_temp, hub_num), F is the switch of the parent node, and FP is a downstream port of switch F. Temp is the MAC address table of the FP port. L2_temp is a set of two-layer device MAC addresses on the FP port. Hub_num is the subscript of the dummy device array. (1) If FP is a non-leaf port, the sub-tree line of FP is processed, its root node is found, and a connection is established. If the root of the subtree is a switch, the connection relationship between the subtree and FP is established directly. If the root of a subtree is a dumb device, continue to process the connection relationship between the dumb device and other switches, and add these switches to the Discovery queue. (2) If FP is a leaf port, the connection relationship between the vswitch In the CIDR Block and the dumb device, host, and router is determined based on Conclusion 3. The network environment of a network room is used as the algorithm test environment. The subnet address is 192.168.100.0, And the subnet mask is 255.255.255.0. The subnet includes one vro and more than 40 hosts. Through four Cisco calayst2950 series switches and multiple hub connections, all switches can obtain SNMP data. This algorithm is run multiple times to test the topology. The result is basically the same as that of the actual physical network. 4 ConclusionIn this paper, the algorithm for topology discovery at the Ethernet link layer is studied and a preliminary improvement algorithm is proposed. The improved algorithm expands the conditions of the original algorithm to extend its applicability. However, in the algorithm, the occurrence of a dumb device is determined based on the number of devices connected to the switch port when the program is running. However, this situation may be an illusion of actual connection, it is possible that a port of the switch is indeed connected to multiple devices through a single dumb device, but only one device is active, then the address forwarding table can only learn one MAC address, in this way, this algorithm will not be able to find this 1: n relationship, but can only be mistaken for direct connection. This limitation cannot be effectively solved through a topology discovery. It can only be found multiple times and the correct network structure can be obtained based on historical information.