Locating Network Devices

Author
Terry Slattery
Principal Architect

Sometimes you really need to know where a given device is located in the network. I quickly can think of 3 cases:

  • Case 1: Syslog suddenly starts reporting failed login attempts on the routers and switches. Usernames like ‘root’ and ‘admin’ are appearing as failed attempts, with all login attempts originating from the same machine within the network. A virus has infected a machine and it is trying to break into other devices in the network. You have the IP address of the machine that’s attacking the network. Where is is located? What switch port do you turn off so that you can protect the network?
  • Case 2: A customer is reporting that an application is slow. You have other data that tells you the IP address of the customer’s workstation and that of the server hosting the application. Pinging to each shows that one or the other is occasionally dropping packets. You decide to check the error counters on the interfaces, suspecting a possible duplex mismatch. What switch and switch port is used for the server and the customer?
  • Case 3: A number of new IP phones, computers, and video conferencing systems are being deployed in a new building. The IT organization is tasked with tracking these assets as they are added to the network and as they are moved around. Are any of the assets disappearing? When are they being disconnected? Should security cameras be checked for theft, or are the devices being moved?

In each of these cases, the network management tools should have the capability of quickly reporting the switch and switch port of the offending device. By searching the switch forwarding tables and also understanding the spanning tree topology, the NMS can construct the Layer 2 path from the router servicing a subnet to the server or customer workstation in that subnet. Reports on locations and changes in locations should be easily accessible. The asset information needs to be exportable to other asset data bases, possibly to correlate with purchasing or leasing information. The MAC address of the assets may be the only way that they can easily be tracked as the devices are moved across the network. This means that the NMS needs to track MAC addresses and use it to help identify each device.

If you’ve not heard of it, you may want to track IF-MAP (Wikipedia, Infoblox’s Overview Whitepaper), which is a protocol for real-time sharing of network meta-data, such as location information.

Because the assets are connected to the network, using the network to track the assets increases the utility of the network and of the network management applications.

-Terry

_____________________________________________________________________________________________

Re-posted with Permission 

NetCraftsmen would like to acknowledge Infoblox for their permission to re-post this article which originally appeared in the Applied Infrastructure blog under http://www.infoblox.com/en/communities/blogs.html

infoblox-logo

Leave a Reply