网络拓扑发现snmp摘要随着计算机网络技术的发展和Internet在全世界范围内的普及,计算机网络 作为信息社会的基础设施已应用到政府部门、商业、军事、教育等社会各领域 当前计算机网络的发展特点是:网络规模不断扩大,复杂性不断增加,网络的异 构性也越来越高在现有的技术条件下,人们希望有一个更加稳定可靠的网络环 境,计算机网络管理系统就是应这样的需求而产生的它对网络上的各种设备进 行管理,通过监视和控制这些设备,及时地向管理人员报告网络状态,并且简化 网络故障的处理,减少故障造成的损失,提高网络的服务质量和效率[1]一个好的网络管理系统首先需要掌握整个被管网络的拓扑结构网络的配置 管理是发现和配置网络中对网络管理有意义的设备的过程,而网络的自动拓扑发 现规则是配置管理的核心,是故障和性能管理的基础,同时它也是衡量一个商业 网管系统成败的重要尺度因此,拓扑发现算法的设计在整个网管系统的开发中 有着举足轻重的地位网络拓扑发现技术是利用网管协议或网络提供的可用工 具,通过拓扑算法,发现网络中路由器、交换机及主机之间的连接关系,并且以 图形的方式直观地显示出来,同时还要尽量减小发现网络设备和显示设备拓扑图 的运行代价[2]。
为了发现更加详细的网络拓扑结构,网络的多层自动拓扑发现是必不可少的, 业界通常把网络自动拓扑发现分为两部分,即IP管理域内网络层拓扑发现和数据链路层拓扑发现,本文将详细地介绍网络拓扑自动发现算法1•拓扑发现算法的相关协议简介1.1 SNMP(Simple Network ManagementProtocol,简单网络管理协议)由于SNMP的简单和易于实现的特点,该管理协议已经成为目前应用最为广泛 和最为流行的网络管理协议,也成为了事实上的标准[3]它的设计目的是使网 络管理站能够有效而简单地监视和控制网络设备,它由管理者、管理信息库 (MIB)、代理(Agent)以及被管对象4部分组成,SNMP的体系结构见图1被管理对象管理操作原语 响应原语 通知原语执行管理操作\/'通知#响应書理对象设备图1 SNMP协议工作原理1. 管理者一一是一段执行用户管理功能的程序代码,通过SNMP相关原语,向 代理发送命令请求获取被管设备上的各种状态信息2. 管理信息库(MIB)一一位于被管设备上,是一个守护线程,负责收集、整理 和维护被管设备的各种状态信息,这些信息存放在管理信息库中此外,它还负 责收到管理者发送的请求并向管理者发送对应的响应报文。
3. 代理(Agent)——驻留在各种被管对象中的软件,维护本地的MIB信息,接 受由管理站发来的MIB变量存取请求报文,经过身份检验后向管理站回送响应 报文,这种响应报文包括管理站要求存取的MIB变量值或者是相应错误信息4.被管对象一一就是被管理的各种物理设备的属性特征SNMP规定了 5种协 议数据单元PDU[4],用来在管理进程和代理之间的交换a. get一request操作:从代理进程处提取一个或多个参数值b. get-next—request操作:从代理进程处提取紧跟当前参数值的下一个参数值c. set一request操作:设置代理进程的一个或多个参数值d. get一response操作:返回的一个或多个参数值这个操作是由代理进程发出 的,它是前面三种操作的响应操作e. trap操作:代理进程主动发出的报文,通知管理进程有某些事情发生1. 2 ICMP(Internet Control Message Protocol,网际控制报文协议)基于TCP/IP协议的网络设备几乎都支持所有的ICMP协议,该协议允许主机或 路由器报告差错情况和提供有关异常情况的报告ICMP报文的类型很多,本算 法中仅用到2种报文一一回应请求报文或回应应答报文,如果对一个网段内所 有可能的IP地址依次执行“Ping”操作,根据应答就可以发现该网段内所有当 前活动的设备,然后对“Ping”通过的IP地址逐一执行“Tracert”操作,就可发 现子网内的活动主机信息,从而得到子网内部的拓扑情况。
2. 算法描述本算法采用网络主干和子网的层次发现策略,将网络拓扑发现分成两个层次 并采用不同的拓扑发现方法第一层次用于发现主干网内的路由器以及它们的接口和子网的连接关系,采 用基于SNMP协议的网络拓扑发现方法,通过遍历路由表来实现主干拓扑的自 动发现;第二层次用于发现子网内存活主机的相关信息,采用基于ICMP协议的网络 拓扑发现方法,通过ICMP协议的“Ping”操作来发现子网中的主机2・1主干网拓扑的获取算法通过使用SNMP来访问被管设备中的MIB,以此来发现设备信息以及它们之间 的联系凡是支持SNMP的设备可认为是一级网络设备,其余的则是主机设备 设计路由发现算法时,采用了类似于广度优先搜索的算法这里主要用到了三条 链表:待检路由设备网关链表、已检路由设备网关信息链表、子网信息链表这 需要从路由设备返回的应答数据包解析出每条记录中的路由相关信息,如表1所 Z示O表1需解析出的路由相关信息MIB对象功能描述对应的OIDipRoutelfIndex网关的接口号1.3.6.1.2.1.4.21.1.2ipRouteNextHop下一跳网关的IP地址1.3.6.1.2.1.4.21.1.8ipRouteType路由类型 Direct(3):路由到直连子网Indirect(4):路由到一非本地主机、网络或子网1.3.6.1.2.1.4.21.1.8ipRouteMask网段的子网掩码1.3.6.1.2.1.4.21.1.11ipAdEntAddr网关的IP地址1.3.6.1.2.1.4.20.1.1ifDescr接口的描述(指定了VLAN 号)1.361.2.1.221.2用SNMP读取人口设备的IP路由表,并存入数据库,然后再从数据库中读取下一路由地址字段,通过循环且不重复地从数据库中读取下一路由地址字段便可实 现对树的层次遍历。
具体算法描述如下:初始化待访问路由器队列,初始化已访问路由器队列;把缺省路由器的标志IP 放人待访问路由器的队列中;while(待访问的路由器队列不为空时){从待访问的路由器队列中取出一个路由器,为CurrentRouter; if(CurrentRouter加入到已访问路由器队列成功){初始化与本地相连的路由器队列和本地相连的子网队列;访问CurrentRouter路由表;(if(ipRouteType(l. 3. 6. 1. 2. 1. 4. 21. 1. 8)= =indirect(4))把路由表中的各ipRouteNextHop不重复地放到与本地相连的路由器队列中;if(ipRouteType(1. 3. 6. 1. 2. 1. 4. 21. 1. 8)==direct⑶)把ipRouteDest和ipRouteMask不重复地放到与本地相连的子网队列中;然后访 问 CurrentRouter 中的 ipAdEntAddr 和ipAdEntNetMask,并把它们不重复地放到与本地相连的子网队列中;}遍历与本地相连的路由器队列中的每个路由器,将其标志IP放到待访问的路由 器队列;elseif(CurrentROuter属于已访问路由器队列)break;}2・2子网拓扑发现算法子网拓扑发现主要利用的是ICMP协议来实现嘲.由于很多主机为了安全性会考 虑关闭Ping响应功能,有些主机甚至为了防止一些其他类型的ICMP攻击而拒 绝处理所有来自外部的ICMP数据包(许多防火墙在默认情况下都启用了 ICMP 过滤的能),但它们一般不会关闭本机对其他机器的Ping探测,也不会阻止自身 对外发出ICMP错误汇报。
因此,如果对一台活动主机发送UDP信包,指定与 该主机的一未开启端口进行通信,无论此目的主机是否设置了 ICMP过滤,它都 会返回一条目的端口不可达的ICMP错误消息(Type=3, Code=3),通知源主机通 信不成功,源主机收到该ICMP响应后就可以知道目的主机是活动的,只有目的 主机处于关闭状态,才不会有任何ICMP错误消息返回主要采用以下几步实现:① 确定该子网的网关、子网地址和子网掩码,子网地址通过对IP和Mask进行“与”操作获得;② 通过网关的地址获得子网的类型;⑧ 通过子网地址和子网掩码获得该子网的机器数和可能存在的IP地址的范围;④向该子网内所有可能存在的IP地址对应的主机发送UDP信包,并指定一个 冷僻的端口号(如4320),将所有返回了 Type 一 3,Code 一 3的ICMP消息的主 机IP地址键入子网信息链表中当前节点的主机链表⑤在给定的子网中,对这个区间的IP地址进行多线程Ping操作,将检测到的IP 地址记录到IP地址表中3•总结和将来的工作拓扑结构的自动发现一直是网络管理中重要的手段和工具,设计和开发一个 有效且实用的网络拓扑发现工具也是网络管理系统开发中一个重要且难度比较 大的部分,它涉及到很多网络通信协议的细节和具体实现。
本文详细讨论了怎样 利用SNMP来实现网络拓扑结构的自动发现,介绍了该拓扑发现算法的主要流 程,同时还对实现过程中需要实现的一些关键技术进行了详细分析作为一个完 整的网络拓扑发现算法,还应该要考虑网络中存在多子网⑹和VLAN的情形, 这些因素的介人使网络拓扑发现变为一个越来越复杂的问题,这些问题都是后续 工作的主要内容4渗考文献[1] Vaughan-Nichols S J. Mobile IPv6 and the Future of Wireless Internet Access[J]. Computer,2003, 36 (2):18-20[2] . J.D.Case, M. Fedor, M. Schoffstall, J.Davin, RFC 1157, “A Simple Network ManagementProtocol(SNMP), ” 1990.5[3] . K. McCloghrie, M. Rose, RFC 1213, “Management Information Base for NetworkManagement of TCP/IP-based internets: MIB-II, ” 1991.3[4] . Glenn Mansfield, M. Ouchi, K.Jayanthi. el. “Techniques for automated Network MapGeneration using SNMP” IEEE INFOCOM, 1996. pp.473-480[5] . Hwa-Chun Lin, Hsin_Liang Lai, Shou-Chuan Lai, “Automatic Link layer Topology Discoveryof IP Networks” IEEE, 1999Bridges[6] . E.Decker, RFC 1493: Definitions of Managed Objects forhttp://www.faqs.org/rfcs/rfcl493.html, 1993.7原文The research of network topology discovery algorithmDeng-Guo Feng Science and Technology Press, September 2009ABSTRACTAlong with the development of the computer network technology and Internet worldwide, computer network as the popularity of information society infrastructure has applied to the government, business, military, education and other social fields. The current development of computer networks features are: network scale unceasingly expands, the complexity increases, heterogeneous network is also higher and higher . on the existing technology conditions, people want to have a more stable and reliable network environment, the computer network management system is the result of demand. It has all sorts of equipment for network management, through monitoring and controlling these devices, timely report to management personnel the network state and simplify handling of network fault, reducing the loss caused by fault, increasing the network service quality and efficiency [1].A good network management system first needs to master the whole topology of the network. Network configuration management is found and configuration network to network management meaningful equipment process, and the network topology discovery rules is the automatic core configuration management, is the basis of fault and performance management, also it is the measure of a commercial network management system of the important measure success or failure. Therefore, the design of topology discovery algorithm in the whole development of network management system plays a vital role. Network topology discovery technology USES net agreement or networks offer usable tool, through the topological algorithm, found network routers, switches and host and connections between the way by graphical display intuitively, while also minimize found network equipment and display devices running costs [2].In order to find more detailed network topology structure, network topology discovery of multi-layer automatic is necessary, the industry usually put topology discovery network automatically into two parts, namely IP management domaintopology discovery and network layer data link layer topology discovery, this article will detail network topology automatically find algorithm.1. The agreement, topology discovery algorithm profile1・1 SNMP (Simple Management Protocol, a Simple Network management protocol)Because of the simplicity and easy realization of SNMP, the management agreement has become the most widely used and most popular network management protocols, it also become the DE facto standard [3]. Its purpose is to make the design of the data which can be effective and simple network to monitor and control network equipment, it consists of managers, management information base (MIB), agents (Agent) and the object composed of four, SNMP architecture (see figure 1.Executiue management operatiaonManagemented systenInforom/responsedeuiceManagement operation originalResponse to the originalTrapFigure 1 SNMP protocol working principle1. Managers - is a section of executing user management functions the program code, through the original language, to related SNMP agent by sending command request access on the various equipment of state information.2. The database of management information (MIB) - located in the (pipe facilities, is a daemon thread responsible for collecting, sorting and maintenance of equipment by tube of state information, the information stored in database management. In addition, it is also responsible for receiving and sending requests to managers sent the corresponding response message managers.3. Agency (Agent) - lives in various of software, maintenance tube object local MIB information, accept MIB variables by the data access requests from the message, after identity to send data back inspection message, this response response of the data message including MIB variable value requires access or corresponding error messages.4. The object of management - is various physical equipment attributes. Five kinds of provisions SNMP protocol data unit units = PDU[4], used in management process and agent of exchange between.A. the operation of get - request : from acting process place extraction one or more parameter values.B. the operation of get -next -request : in the current parameters extracted follows a parameter values.C. the operation of get - request : set agent process one or more parameter values.D. the operation of get-response: return to one or more of the parameter values. The operation is issued by the agency, it is the process of three operating response operation.E. the operation of trap:agency process a message, notify voluntarily administration process there's something happening.1.2 ICMP Protocol, macro Control (Internet Internet Control Message Protocol)Based on TCP/IP protocol network equipment almost support all the ICMP protocol, this agreement allow host or router report the situations and provide relevant mistake the abnormal situation report. ICMP messages type many, this algorithm is used only in response to request two message -- a message or respond to a message,讦 response network segment of all possible IP address within executing in sequence "the Ping" operation, according to response can find this segment of the current activity within all of "devices, and the IP address of the Ping" through one Tracert "operation performed" can be found.2. Algorithm describedThe algorithm utilizes network backbone and the hierarchical found strategy, putting subnet network topology discovery into two levels and using different topology discovery methods.The first level for discovery backbone routers and their within the interface and subnet connections, based on SNMP protocol network topology discovery methods, through traversal routing tables to realize the automatic found; trunk topologyThe second level for discovery subnet information related to live within the host based on ICMP protocol network topology discovery methods, through the ICMP protocol "Ping" operation to find out the host.2.1 backbone topological acquisition algorithmBy using SNMP to access the MIB pipe facilities, in order to find out equipment information and the relations among them. All the equipment can think and support SNMP is first-order network equipment, the rest is to host equipment. Design mute discovery algorithm, using a similar to breadth first search algorithm. list, sub Here basically use the three linked list: waiting list, routing equipment gateway already inspection routing equipment gateway information net information list. This requires the response from routing equipment returns to resolve the each road record packets of routing information, such as table l.3.Table 1 need to resolve the routing informationMIB objectThe description of functionOIDipRoutelfIndexThe port of gateway1.3.6.1.2.1.4.21.1.2ipRouteNextHopThe ip of next hop1.3.6.1.2.1.4.21.1.8ipRouteTypeThe type ofrouteDirect(3):Routing to straight lotus seed netsIndirect(4): Route to a non local host network1.3.6.1.2.1.4.21.1.8or subnetipRouteMaskSegment of the subnet mask1.3.6.1.2.1.4.21.1.11ipAdEntAddrThe ip of gateway1.3.6.1.2.1.4.20.1.1ifDescrThe description of the interfaces (specifies the VLAN number1.361.2.1.221.2Using SNMP to read IP routing table of population equipment, and deposited in the database, and then read from the database, next routing address field by cyclic and not repeated next read from the database can be realized routing address field of tree level traversal. Specific algorithm are described below:Initialize stay access routers queue, initialization has accessed routers queues; The default router's mark IP put people stay access routers in the queue;While (the queue of visiting router not null){The router to visit from the queue for Current Router removed a router,;If (Current Router join has access routers queue success){Initialize local connected with the router queue and local connected subnet queues;Visit Current Router routing table;(If (Route Type (1.3.6.1.2.1.4.21.1.8) = = indirect (4))In the routing table Route NextHop not repeatedly on each with local connected router queue;If (Route Type (1.3.6.1.2.1.4.21.1.8) = = direct (3))The ipRoute Dest and ipRouteMask not repeatedly on and local connected subnet queue; Then the CurrentRouter ipAdEntAddr and visitIpAdEntNetMask, and put them not repeatedly on and local connected subnet queue;}Traverse and local connected router in a queue, will the logo for each router to access router IP in queues;)CurrentROuter belong to elseif (already access routers queue)The;}2.2 The algorithm of subnet topology discoveryThe main advantage of subnet topology discovery ICMP protocol is to be realized. Because a lot of host to mockery and security will consider closing the Ping response function, some host even in order to prevent some other types of ICMP attack and refuse to handle all the ICMP packets from external (many firewall by default enable ICMP filtering all can), but they are generally not shut down the machine to other machines, also won't stop Ping detection of foreign report issued ICMP mistake itself. Therefore, if a activities machine to send letter bag, the designated and UDP a untapped the host, whether this communication port to set the ICMP whether its destination, it will return a filter of the port unreachable entries ICMP error messages (Type = 3, Code = 3), notify the source host communication is not successful, source host received after the ICMP response can know purpose of host is only purpose host activities in full close state, it won't have any ICMP error messages back.Mainly adopts the following steps to achieve:1. Sure the subnet gateway, subnet addresses and subnet Mask, subnet addresses for IP and goes through "and" operation obtain;2. Through the gateway address get subnet type;3. Through the subnet addresses and subnet mask get this subnet machine number and the possible existence of IP address range;4. To this subnet all possible within the IP address of the corresponding machine to send UDP packets, and appoint letter a little-used socket (such as 423), will all returned to Type a 3, Code a 3 ICMP messages of the host's IP address Type subnet information list hosts of the current node list.5. In a given in this interval subnet the IP address for multi-threaded Ping operation and will detect IP address records to IP address list.4. CONCLUSIONS AND FUTURE WORKThe topological structure of automatic found has been important in network management means and tools, design and develop an effective and practical network topology discovery tool is also developing a network management system of an important and difficult part, it involves a lot of network communication protocol details and specific implementation. This paper discusses how to use the SNMP to realize the automatic network topology structure, found that introduces the main flow topology discovery algorithm, but also in the process of realizing the need to implement some key technologies are analyzed in detail. As a complete network topology discovery algorithm, also should consider how subnet existing in the network [6] and VLAN case, these factors make the topology of the network interface that becomes a more and more complex found, these problems are the main content of the follow-up work.5. REFERENCES[1] Vaughan-Nichols S J. Mobile IPv6 and the Future of Wireless Internet Access[J]. Computer, 2003, 36 (2):18-20[2] . J.D.Case, M. Fedor, M. Schoffstall, J.Davin, RFC 1157, “A Simple NetworkManagement Protocol(SNMP),” 1990.5[3] . K. McCloghrie, M. Rose, RFC 1213, “Management Information Base for Network Management of TCP/IP-based internets: MIB-II,'T991.3[4] . Glenn Mansfield, M. Ouchi, K.Jayanthi. el. “Techniques for automated Network Map Generation using SNMP” IEEE INFOCOM, 1996. pp.473-480[5] . Hwa-Chun Lin, Hsin_Liang Lai, Shou-Chuan Lai, “Automatic Link layer Topology Discovery of IP Networks” IEEE, 1999[6] . E.Decker, RFC 1493: Definitions of Managed Objects for Bridges http://www.faqs.org/rfcs/rfc1493.html, 1993.7。