jmg@cernvax.UUCP (jmg) (01/27/89)
We run a fairly large bridged Ethernet: about 20 or so LANBridges, several Vitalinks, some in-house bridges, hundreds of connected computers. I started to design a program which would take in the management information obtainable either automatically from the bridges or manually (where necessary) and work out what Ethernet addresses were on what segments. Sounds easy, although it is somewhat complicated in practice: needs to have a snapshot of forwarding tables at a given time, and must also know the spanning tree, and also take into account that some bridges may have forgotten forwarding information which others still remember. The fact that different types of bridge have different management protocols and information formats is also a nuisance. One would also have to do this several times and merge the information in order to catch connections which are infrequently seen. First question: maybe someone has already done this. If so, I would be happy to beg/steal/borrow/buy (?) such a program. Second question: I am having problems getting the forwarding tables out of the LANBridges. Is anyone else WITH A LARGE NETWORK having any similar problems? -- _ _ o | __ | jmg@cernvax.uucp | | | | _ / \ _ __ _ __ _| jmg@cernvax.bitnet | | | | |_) /_) | __/_) | (___\ | (_/ | J. M. Gerard, Div. DD, CERN, | | |_|_| \_/\___ \__/ \___| (_|_| \_|_ 1211 Geneva 23, Switzerland
karn@ka9q.bellcore.com (Phil Karn) (01/29/89)
Yes, I've already done this here at Bellcore. I wrote a program called "locate" that, given an ethernet address, reads a topology file and queries the Lan Bridge 100s to find the segment containing that address. The algorithm works by a simple process of elimination. You start with a complete list of your cable segments, and you search each bridge's forwarding table in turn for the target address. (I do this in parallel, since the RBMS protocols are rather slow.) When a bridge replies that the desired address is on port A, you can rule out the segment attached to port B. Eventually you (hopefully) end up with one segment. The process is not 100% reliable, but it works well enough to be useful. I guess I'll ask about getting it released. Phil
jmg@cernvax.UUCP (jmg) (01/30/89)
In article <13701@bellcore.bellcore.com> karn@ka9q.bellcore.com (Phil Karn) writes: > >Yes, I've already done this here at Bellcore. I wrote a program called >"locate" that, given an ethernet address, reads a topology file and queries >the Lan Bridge 100s to find the segment containing that address. Would be nice to know what is in the topology file. However, my point was rather that I do not necessarily know all the Ethernet addresses in use. I know one could probably create such a list, but it would be long. >The algorithm works by a simple process of elimination. You start with a >complete list of your cable segments, and you search each bridge's >forwarding table in turn for the target address. (I do this in parallel, >since the RBMS protocols are rather slow.) When a bridge replies that the >desired address is on port A, you can rule out the segment attached to port >B. Eventually you (hopefully) end up with one segment. I assume this means that either the topology file includes the A and B side information or you have a standard way of knowing which side is which. I also suppose that you could automatically run this procedure from a list of Ethernet addresses: how long would it take if the list is around 1000? Also, what happens if some bridges have forgotten the address while others still remember it? Finally, what about bridges different from LANBridge 100? >The process is not 100% reliable, but it works well enough to be useful. I >guess I'll ask about getting it released. It would certainly be useful in an emergency situation where you want to know the segment of some enmerdeur (Franglais: you can guess what it means!). However, it was not really what I was after. -- _ _ o | __ | jmg@cernvax.uucp | | | | _ / \ _ __ _ __ _| jmg@cernvax.bitnet | | | | |_) /_) | __/_) | (___\ | (_/ | J. M. Gerard, Div. DD, CERN, | | |_|_| \_/\___ \__/ \___| (_|_| \_|_ 1211 Geneva 23, Switzerland
karn@ka9q.bellcore.com (Phil Karn) (02/02/89)
Yes, the "topology file" contains a list of Lan Bridge ethernet addresses and the identities of the cable segments attached to their A and B ports. The only real problem I've encountered in practice is LAN bridges that have been switched off or disconnected; the result is a non-unique answer (i.e., more than 1 possible location). It can take a bit of work to keep the topology file up to date when you have a large network. But it has already helped us find some misbehaving hosts very quickly. I only wish it was as easy to figure out which host (out of several in locked labs or offices) on a given segment is the offender! The software, by the way, runs on a Sun workstation under SunOS 3.x; it uses the NIT(4) raw packet facility. I'm inquiring about how I might release it. Phil