cancel
Showing results for 
Search instead for 
Did you mean: 

Network Discovery: Manual vs automated

Level 11

There is much talk in the IT profession about automation. “Automate all the things” is written in some shape or fashion across a variety of blogs and social media platforms. I even briefly mentioned it in my last Geek Speak post about configuration management. You have read that already... Right?

5b3761867c14de76ab959f4b9ece9a3b51654222b93c92e7e02c4e80fad9da21.jpg

I get the movement. Why do everything manually, wasting your time on tedious, trivial tasks when you could be working on the newest design for your data center or something better? And even though I could probably consider myself a new age networking professional, there’s still one task I enjoy doing the old-fashioned way: network discovery.

Call me crazy, but the task of learning a network for the first time in my opinion is best done manually. There are so many nuances that could be lost if this process is done automatically. Dissecting a network, one device at a time, port by port truly allows the ability to intimately understand the complexities of that network. Here are some tips and tricks that I have learned along the way and also seen other networking professionals speak of when discovering a network for the very first time:

  • Start from the Core switch and work your way out (if you don’t know where the Core switch is, start with your default gateway and branch out)
  • Use information like CDP/LLDP, ARP, MAC-addresses, and routing tables to help you navigate
  • NEVER completely trust switch port descriptions or network diagrams. They are almost always not kept up with or updated regularly.
  • Draw out the network as you go using pencil and paper. You will continuously edit this diagram so using pen will hamper you and trying to input this into a program like Microsoft Visio while continuously making changes will make you scream.


What about you all? Do you prefer automated network discovery or would you rather do it manually? Have any tips for either method? I look forward to hearing from you all.

13 Comments
Jfrazier
Level 18

While we don't do network discovery as our requirements revolve around items in the CMDB as a result of CI creation related to change management, I have worked in shops where we discovered most things....  once you got the filters set up to exclude printers, pc, laptops, etc., things were more manageable.

Some tools do provide a good dynamic map, but I do agree that most documentation on record is likely out of date although it does provide a good starting point.  I've always found that starting with the ARP cache of the core switch gets you the quickest bang for the buck.

Just be sure that you can throttle the rate your discovery runs at as I have seen it crash network devices.

I do agree with your 4 bulleted points..

The biggest challenge is what to do with new devices found on the network...with no DNS entry, no SNMP, etc. 

I had built a process that looked for those and pulled the MAC addresses to look for possible wireless access points being added to a store network when they shouldn't be there.  That is just one scenario where discovery can be a big benefit and mitigates a security risk.

u1976turn
Level 9

I can see both sides of the argument.... but in my case, I did network discovery manually when we installed NPM. This allowed me to discover only what I needed. My situation might be unique, as I only care about the backhaul and infrastructure, not the mobile equipment as it gets powered up, shut down and moves around. I manage the network in the pit of an active mine. My counterparts, manage the network up until it leaves the building, so they care more about everything on their network. I'm not sure if they did auto-discovery, or not -- I'll have to see if they are on my side of the argument -- which is of course the correct side to be on. 

deverts
Level 14

Pencil/paper or dry erase and whiteboard; then off to Visio.... I completely agree and I think I posted to your Geek Speak too. There is no better way to learn the network than a good, old fashion audit. However, I see the benefit of a automatic process used as a verification step. Example, you come into a new shop and you need to learn the network as quickly as possible...so you scan it with software to get a quick view. That gives you a reference for troubleshooting, as you manually audit the network. Then you compare the auto to the manual discovery and if they don't match, why? The one draw back to automated software I've seen the most is locating unmanaged switches on the network, and this is the biggest security threat as well. I wouldn't think it would be that hard for software to locate them, it is a extra MAC on that port after all.

kmillerusaf
Level 11

I agree deverts. I've always felt I've learned more about a new network I'm managing by going through manually and drawing it out on paper as I go. It beats someone trying to explain it and viewing a Visio that may or may not be up to date.

I can definitely see the argument for using an automated process for verification to keep everyone honest.

Jfrazier
Level 18

Dry erase board...large(wall sized)  with post-it notes.

deverts
Level 14

Oh yes!!!! Multi-colored Post-It's for different functions and features. I saw the coolest wall board....someone painted the wall white, and covered it with a piece of glass. You can use Dry-erase, Sharpie, or wax pencils...and Windex to cleans it up. It was fantastic!

Image that...here we sit geeking over whiteboards! Just goes to show IT folks will geek over anything cool.

cahunt
Level 17

Good point with never trusting the descriptions... the most overlooked part of the interface configuration.

These are all good points!

As Jfrazier mentiones; "The biggest challenge is what to do with new devices found on the network...with no DNS entry, no SNMP, etc. " - is the part that satisfies my hacking needs.

  * as a result, I have learned and documented more default account un/pw and community strings. If you have this issue and are not a fan of the SNMP Dictionary Attack, you are missing out!

zackm
Level 15

IF you have the time, sure. A manual discovery allows you to get extremely granular, avoids assumptions, and refreshes some of the basic skills of network engineering.

However, I'm just going to leave this here...

NTM 2.2 Beta1 - Building a Better Network Diagram Tool

bspencer63
Level 12

I agree on the descriptions... they are never kept up!  Constantly evolving and when you think you are caught up and all is perfect, think again!

I was out for 4 months once and noone kept anything up and now it is all back to groud zero and it makes it hard to even want to recreate when you are the only one that cares!

Just saying....

LOL @ SNMP Dictionary Attack from cahunt!

vjerez4129
Level 13

I just started a job where they have me learning SolarWind NPM and the learning curve for it is pretty nice. However it is pretty dauting looking at the system we have already configured and i've been confused with where everything is located. I like being part of the beginning of things just so I know whats going on, so I would defintely have loved to do manual discovery had I been the one to implement it

rschroeder
Level 21

I'd LOVE a reliable automated discovery and mapping tool--one that tied directly to Visio.  But the practical truth is that, while I've really enjoyed some of the mapping tools I've used, many are limited, many provide too much information, and nothing I've tried has met my needs so completely as manually discovering and documenting.  And that's disappointing; something should have already been built and marketed and sold that does the job the way I need it.  3Com's Transcend flavor of HP OpenView was great, but could easily miss something that was not a 3Com product.  Visio's earlier discovery tool was removed from the market, sadly.  HP OpenView itself was a nightmare to learn, deploy, filter, and maintain.  Nortel's Enterprise Switch Manager was an EXCELLENT tool, but wouldn't show you if a Cisco AP was plugged into a switch--it was very Nortel-centric.  CiscoWorks didn't.  And NTM provides too much information for segments and VLAN's where I may only need/want physical links.  Filtering out the unwanted NTM items never worked the way I needed, despite countless hours working with Tech Support.  I'm still looking for the product that does what I need, no more, no less.

kc10
Level 7

I was fortunate to be part of a recent deployment.  We used a combination of manual and automatic discovery and verified they matched as we proceeded.

kmillerusaf
Level 11

Thanks for the reply. It seems like you've used quite a few products. Have you looked into Auvik or Net Brain?

Regards,

Keith

About the Author
Network Engineer with SCANA