An Algorithm for Automatic Topology Discovery of IP Networks Hwa-Chun Lin , Shou-Chuan Lai, and Ping-Wen Chen Department of Computer Science National Tsing Hua University HsinChu, Taiwan, R.O.C Abstract- A topology discovery algorithm for IP networks is proposed in this paper Topology configuration information can be obtained from various sources including the MIBs in routers and gateways, the Internet Control Message Protocol (ICMP), the traceroute program, the Domain Name System (DNS), and etc In order to retrieve the MIB information in a router, the IP address of the router has to be known However, the IP addresses of the routers in the network of interest may not be known in advance This paper presents an algorithm for automatic topology discovery under the situation that the IP addresses of the routers are not known in advance Detailed implementation techniques for bringing pieces of the information together to produce a topology map are discussed Keywords-Internet, Network management, topology discovery, SNMP I INTRODUCTION T HE topology of a computer network is referred to as the map of the network consisting of the devices in the network and the connections among them Network topology information is useful for network administration and planning For examples, network problems, traffic bottlenecks, and other important information can be shown directly on the topology map such that a network administrator has a clear view of the current condition of the network The current topology information is also important for planning the new configuration when an expansion is needed Entering the network topology information manually is a tedious task if the number of network devices is large Therefore, a tool for generating the network topology automatically is desirable The networks considered in this paper are IP networks Techniques for automatic topology map generation for IP networks can be found in [6], [2] A detailed algorithm for discovering the topology maps of IP networks using the Internet Control Message Protocol (ICMP) was presented in [6] In the algorithm, the devices in the network are identified using the ICMP echo request/echo reply messages The subnets are determined using the ICMP addressmask request/address-mask reply messages The connections among the devices are obtained primarily using the traceroute [l] results The connections in the topology map generated using this algorithm represent the connections that appear in the results of traceroute program It is possible that some of the connections are missing A map editor is required to enter the missing part manually Mansfield et al [2] described some MIB (Management Information Base) information which can be retrieved using the SNMP protocol for automatic map generation The information This research was supported by the National Science Council, Taiwan, R.O.C., under grant NSC 87-2622-E-007-002 0-7803-4788-9/98/$10.000 1998 IEEE in the MIB is sufficient to generate the topology map However, essential techniques for bringing pieces of the information together were not given Topology configuration information can be obtained from various sources including the MIBs in routers and gateways, the ICMP protocol, the traceroute program, the Domain Name System (DNS), and etc In order to obtain the MIB information in a router, the IP address of the router has to be known However, the IP addresses of the routers in the network of interest may not be known in advance In this paper, we develop an algorithm for automatic topology discovery under the situation that the IP addresses of the routers may not be known in advance Detailed implementation techniques for bringing pieces of the information together to produce a topology map are discussed The rest of this paper is organized as follows The next section describes the sources where topology configuration information can be obtained The proposed algorithm for automatic topology discovery is given in section The implementation details are discussed in section Some sample topology maps generated using the proposed algorithm are presented in section Finally, some concluding remarks are given in section 11 TOPOLOGY CONFIGURATION INFORMATION Topology configuration information can be obtained from various sources The sources are classified into two parts for ease of presentation: the MIB information and other sources including the ICMP, the traceroute program, and the DNS A Management Information Base (MIB) A MIB defines a collection of related managed objects A managed objects is an unit of management information A network manager can monitor the resources at a managed node by reading the values of managed objects in the MIB and can control the resources at the node by modifying these values The MIB-I1 (RFC-1213) is a standard SNMP MIB which is implemented in most of the routers The MIB-I1 is subdivided into a number of groups The groups of interest in this paper are system, interfaces,and ip groups The objects that are useful in generating topology maps are described in the following The system group There are seven objects in this group, namely, sysDescr, sysObjectID, sysUpTime, syscontact, sysName, syslocation,and sysservices Most of them are selfexplanatory The value of the sysservices object can be used to determine the types of services the managed node can 1192 ~ support The value can be interpreted as a seven-bit code Each bit corresponds to a layer in the OS1 architecture The least significant bit corresponds to the physical layer and the most significant bit to the application layer The value of the sysservices object can be viewed as a translation of the binary value into decimal number automatically The input to this algorithm is a range of subnet IDS for an IP network Without knowing the IP addresses of the routers in the network, this algorithm will try to find the IP addresses of the routers in the network and use the SNMP protocol to retrieve topology configuration information from the MIBs in the routers The algorithm will try to find as many subnet IDS of interest as possible and the connections among The interfaces group The interfaces group contains the object ifNumber, them from the MIB information For the rest of the subnet IDS which indicates the total number of interfaces in the managed or IP addresses, the algorithm proposed in [6] is used to identify node The rest of the group consists of the ifTable This ta- the existence of each device and the connections to the rest of ble has one row for each interface The interface type, speed, the network In the algorithm, three lists, SNMP-SEARCH, ICMPand operational status of each interface can be found in this taSEARCH and ROUTER, are used to maintain the IP addresses ble to be searched and routers to be processed The SNMP3 The ip group Three tables in the ip group are useful in generating topol- SEARCH list contains the IP addresses to be searched in the ogy maps, namely, ipAddrTable, ipRouteTable, and MIBs of the routers Initially, all the IP addresses in the range ipNetToMediaTable The ipAddrTablecontains the IP of IP addresses of interest are in the SNMP-SEARCH list The ICMP-SEARCH list maintains the IP addresses to be searched addresses assigned to the interfaces in the managed node The subnets which are reachable from the managed node can using the the algorithm proposed in [ ] The ROUTER list conbe determined from the values in the ipRouteDest and tains the IP addresses of the routers to be processed The ICMPipRouteMask columns in the ipRouteTable A\,mong SEARCH and ROUTER lists are initially empty these reachable subnets, the subnets which are directly connected to the managed node can be determined by examining the values in the ipRouteTypecolumn in the ipRouteTdble If the value of the ipRouteType is “direct”, this subnet is directly connected to the node Otherwise, the values in the ipRouteNextHop column can be used to find the next router to the subnet of interest until a directly connected router is found The IP addresses of some of the devices on the subne:ts directly connected to the managed node can be found in the: table ipNetToMediaTable.These devices are found to be alive in the subnets within the expiration time of an entry B Other sources The ICMP The ICMP (Internet Control Message Protocol) provides; lowlevel feedbacks about how the IP network is operating The ICMP echo request/echo reply messages can bc used to test the reachability of an IP address The ICMP addr= S S mask request/address-mask reply messages can be used to determine the subnet mask associated with the subnet I The traceroute program The traceroute program [l],written by Van Jacobson, can be used to find the sequence of routers through which an IP packet travels to reach its destination The routers next tc each other in the result of an ICMP traceroute are direct11 connected The DNS The Domain Name System (DNS) is a distributed database that provides mappings between hostnames and IP addresses Therefore, the DNS can be used to look up the hostname for an IP address 111 A TOPOLOGY DISCOVERY ALGORITHM 1) In ascending order of the IP addresses in the SNMPSEARCH list, find the first network device which is alive Remove the IP addresses which have been searched from the SNMP-SEARCH list If the SNMP-SEARCH list is empty, go to step 9) 2) For the network device found in step l), identify the ID of the subnet which1 the device belongs to 3) Find the default router of the subnet found in step 2) Add the IP address of the router to the ROUTER list Set FLAG = “on” 4) Get an IP address from the ROUTER list and remove it from the list If no IP address is found in the ROUTER list, go to step 1) ) Check the SNMP agent on the router to see if the MIB is accessible If the MIB information in the router cannot be retrieved and FLAG = “on”, add the IP addresses in the subnet to the ICMP-SEARCH list, remove the IP addresses in the subnet from the SNMP-SEARCH list, set FLAG = “off’, and go to step 4) If the MIB information in the router cannot be retrieved and FLAG = “off”, go to step 4) 6) Find the IDS of all subnets of interest which are directly connected to the router Remove the IP addresses in the subnets from the SNMP-SEARCH list Set FLAG = “off” 7) Find all network devices in each of the subnets 8) In the MIB of the current router, find the IP addresses of all the next-hop routers through which at least one of the IP addresses in the SNMP-SEARCH list can be reached Add the IP addresses of the routers which have not been processed before to the ROUTER list Go to step 4) 9) For the IP addresses in the ICMP-SEARCH list, use the algorithm proposed in [6] to check the existence of the devices and their connections to the rest of the network In this section, we propose an algorithm which discovers the topology maps of IP networks in an Autonomous System (AS) 10) Construct the network topology and draw the map 1193 ~ I v IMPLEMENTATION DETAILS network map The implementation details of the algorithm are discussed in the following Determine whether a device is alive To determine whether a network device is alive, one may send ICMP echo request messages to the IP address and wait for ICMP echo reply messages An alternative is to send thc ICMP echo request messages to a broadcast IP address However some routers may drop incoming broadcast packets to reduce the broadcast storm e Subnet identijication The purpose for identifying the subnet ID of a subnet in the proposed topology discovery algorithm is to find the range of IP addresses in the subnet One can find a number of network devices which are alive Then, send ICMP address-mask request messages to these network devices The subnet ID can be determined from the network masks returned by the network devices From our observations, some routers may report 0.0 as their network masks If we are facing a routing subnet (most of the devices in the subnet are routers), we may treat the network mask as 5 5 5 and fix it later The correct network mask can be retrieved from the MIB in the router Finding the default router The MIB in a router contains valuable topology configuration information Therefore, it is very helpful if the default router of the subnet of interest can be found To find the default router of a subnet, onc can simply send SNMP packets to try to get the sysservices object in the system group from each network device that is alive in the subnet If a network device provides layer (internet or network) service, it could be a router We can check each of the “potential” routers to find the router(s) which provides the routing information for the subnet of interest An alternative is to trace the routing paths to the network devices which are alive in the subnet using the traceroute program In the traceroute results, the IP address that appears the most number of times in the position next to the last IP address could be a default router of the subnet Finding the reachable subnets from a router If the MIB in a router is accessible, the subnets reachable from the router can be determined from the values of the ipRouteDest, and ipRouteMask objects in the ipRout eTab 1e Finding the subnets directly connected to a router The value of the ipRouteType object in the ipRouteTable can be used to determine whether thc associatcd subnet is directed connected to the router or not If the value of the ipRouteType object is “direct”, the subnet is directed connected to the router Note that the value of the i foperstatus object in the ifTable needs to be checked to make sure that the status of the corresponding interface is “up” Finding all the IP addresses of a router Get all the values o f the object ipAdEntAddr from the table ipAddrTable These values are the IP addresses of all the interfaces of the router The IP addresses of all the interfaces of the router are required to remove redundant routers from the Finding the network devices in a subnet ICMP echo request messages can be sent to each of the IP addresses in the subnet to determine whether the device is alive or not An alternative is to retrieve the values in the ipNetToMediaNetAddress column in the ipNetToMediaTable The values in the ipNetToMediaNetAddress column represent all the IP addresses which exist currently in the ARP cache For the IP addresses not in the ARP cache, ICMP echo request messages can be sent to determine whether the devices are alive v SAMPLE TOPOLOGY MAPS We have implemented the proposed topology discovery algorithm based on the Tcl/Tk [31, 141, [5] and Scotty [7] environment Fig shows the topology map of the network in the National Tsing Hua University (NTHU) discovered by our program The network in the NTHU is a class-B network (140 1 0) The figure shows the routers and all of the subnets in use in the NTHU To view the details of a subnet, one can simply move the mouse pointer to the icon of the subnet and double click Fig gives the map of the I 254 subnet as an example The figure shows that the subnet is an FDDI ring with routers To see the subnets directly connected to a router, one can move the mouse pointer to the router and double click Fig shows that two FDDI and ten Ethernet subnets are connected to the router 114 1.Double click on a subnet will show the network devices in the subnet Fig shows the network devices in the subnet 1 If the SNMP agent on a network device is accessible, the device is displayed in different color The network topology in the NTHU discovered by our program is identical to the real network configuration It is faster for the proposed algorithm to discover an IP netowrk than the algorithm proposed in [6] if the SNMP MIBs in the routers can be accessed For example, it takes 108 seconds for the proposed algorithm to discover the subnets from 114 to 140.114.6 The algorithm proposed in [6] takes 1284 seconds to discover the same address spaces VI CONCLUSION In this paper, an algorithm for automatic discovery of IP networks is proposed This algorithm makes use of the SNMP MIB in routers and the information obtained using the ICMP, traceroute program, and DNS, to produce the topology map The IP addresses of the routers need not to be known in advance Without knowing the IP addresses of the routers in the network, this algorithm will try to find the IP addresses of the routers in the network and use the SNMP protocol to retrieve topology configuration information from the MIBs in the routers The algorithm will try to find as many subnet IDS of interest as possible and the connections among them from the MIB information For the rest of the subnet IDS or IP addresses, the algorithm proposed in [6] is used to identify the existence of each device and the connections to the rest of the network Detailed implementation techniques are given 1194 Fig The 140.114.254.0 subnet Fig The subnets directly connected to the router 114 , 1195 Fig The devices in the subnet 140.114.64.0 REFERENCES V Jacobson, “Traceroute Software,” Lawrence Berkeley Laboratories, 1989 [2] G Mansfield, M Ouchi, K Jayanthi, Y Kimura, K Ohta, and Y.Nemoto, “Techniques for Automated Network Map Generation Using SNMP,” IEEE INFOCOM, 1996, pp 473480 [3] J K Ousterhout, “TCL: An Embeddable Command Language,” Proc Winter USENIX Conference, 1990, pp 133-146 [4] J K Ousterhout, “An X11 Toolkit Based on the TCL Language,” Proc Winter USENIX Conference, 1991, pp 105-1 15 [5] J K Ousterhout, “Tcl and the Tk Toolkit,” Addison-Wesley Publishing Company, 1994 [6] J Schonwdder and H Langendorfer, “How to Keep Track of Your Network Configuration,” Proc LISA, Nov 1993, pp 101-105 [7] J Schonwdder and H Langendorfer, “Tcl Extensions for Network Management Applications,” Proc T c U k Workshop, 1995, pp 279-288 [ 1J 1196 ... “potential” routers to find the router(s) which provides the routing information for the subnet of interest An alternative is to trace the routing paths to the network devices which are alive in the... (Internet Control Message Protocol) provides; lowlevel feedbacks about how the IP network is operating The ICMP echo request/echo reply messages can bc used to test the reachability of an IP address... can be used to find the sequence of routers through which an IP packet travels to reach its destination The routers next tc each other in the result of an ICMP traceroute are direct11 connected