🕸️NeDi / SNMP poller | Network Based Asset & Topology Discovery Tool 🚀

🕸️NeDi / SNMP poller | Network Based Asset & Topology Discovery Tool 🚀

Ever wondered how networks seamlessly manage thousands of devices? It's all about the fundamentals of network discovery, & NeDi is leading the charge!

·

8 min read

There are some fundamentals to network discovery and although there are tools available, this article will discuss the generic concepts. An example of such a tool is 👉 NeDi. I used it at iBurst where it polled thousands of devices using a HP Microserver running ubuntu, however it works perfectly with debian.

Showcase Video

The video above is a showcase of the implementation of NeDi. This is a great tool to not only view the configuration and topology of a network but can assist greatly when troubleshooting a network. It is a tool that can answer many of the checks in this network troubleshooting checklist. As a network management tool it far outstrips 99.2% of commercial offerings currently out there. It is available as a open source download and runs on the sniff of an oil rag (or the server equivalent - an HP Microserver - with 8GB of RAM). Here is the server below:

Typically, a network inventory of all connected devices will provide an active asset list of all usable equipment. This is equipment that is accessing an organizations networks and can include multi-function printers, servers, desktops, voice equipment, wireless devices, sensors, switches, routers, firewalls and WiFi access points.

A network inventory is obtained by doing an active poll using a tool of the equipment using either standard networking protocols, specialized discovery protocols as well as information inherently available in network equipment used for connectivity.

The network inventory provides a basis on which assets used for connectivity can be verified and validated.

Requirements

The requirements to conduct a network discover are:

  • Network discovery server requires IP access to all network equipment;

  • A Network server is required for each group of approximately 30 000 network connected devices. The server is an Intel NUC appliance that has the form factor of an A5 page with a height of no more than 10cm. For the stated requirement, this would need to be an i7 processor with 8GB of RAM and preferable an SSD;

  • VPN connectivity to manage the network discovery server via the cloud using a tool such as Wireguard.

Key information

To fully complete a network discovery requires the following additional key information is required:

  • Seed IPs of core network switches and routers located in data centre;

  • CLI access to network equipment using SSH or TELNET;

  • SNMP community strings; and

  • Scanning of well-known protocol ports.

Mined information

A network discovery will mine information from network connectivity equipment:

  • IP subnet scans. This becomes problematic when firewalls are placed in the path of network equipment resulting in failed polls;

  • Routing tables such as OSPF or BGP tables;

  • ARP tables which are typically available on routers (default gateway of IP subnet);

  • MAC tables which are available on switches and identify the interface being used. This is correlated to the correposing ARP table entry to determine a network device's IP address;

  • Device neighbours using LLDP or CDP. This is a protocol automatically available on all modern-day network equipment and can identify equipment even if it’s not in the immediate layer 3 connectivity domain of an organisation.

In some cases, when restrictive incoming firewall rules prevent discovery then a proxy polling appliance needs to be inserted within the network to perform discovery.

Configuration Management

Many of the different discovered devices can have their configuration pulled using ssh and the Expect library.

Analysis

Most networks have been discovered the following analysis can be conducted:

  • Creation of network maps. Best practices in Information Security (Info Sec) require that the IT engineers responsible for network security maintain a current map or diagram of their network topology. Info Sec professionals have long taught that the first step in any vulnerability management program is to discover and identify all the assets in a network and to understand their role. For example, PCI DSS Requirement mandates that the following exists: “Current network diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks.” Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures. Full standard is available from PCI Security Standards Council, LLC at www.pcistandards.org;

  • Determine servers and top activity on network;

  • Inventory of all network equipment including Location, Manufacturer, Serial numbers and Versions.

Methodology

The high level discovery methodology is as follows:

  1. Network discovery server is installed with network discovery tool;

  2. Server installed within organisations network with access to network connecting equipment such as routers, switches and firewalls;

  3. VPN access to the server is provisioned;

  4. Initial network connecting equipment is seeded in the tool, typically the core switches and routers in the organisations data centre;

  5. Invalid CLI access, failed community strings and restrictive firewalls rule sets are identified;

  6. Change management is implemented to correct identified discovery problems;

  7. Tool is scheduled to re-initialize network discovery;

  8. The process is repeated until a significant portion of the network inventory has been listed to an acceptable level of accuracy;

  9. The network inventory is validated by physical inspection including verifying geographic location, inspection of equipment including photos and replacement costs and equipment lifetime investigated;

  10. Network diagrams are created for devices;

  11. Preliminary risk assessment is completed of network inventory; and

  12. Network documentation is completed and signed off.

The high level analysis methodology is as follows:

  1. Network link capacity and usage is documented;

  2. Network performance is determined and documented;

  3. Network errors and faults are determined and documented;

  4. Intermediate risk assessment is completed of analysed network metrics; and

  5. Network Analysis documentation is completed and signed off.

Network Management with LLDP | Enhancing Visibility and Control

In modern network management, having clear visibility of device connections and configurations is critical. Link Layer Discovery Protocol (LLDP) plays a crucial role in providing this visibility by helping network administrators identify devices and their connections across the network. In an SD-WAN environment, where edge devices are distributed and critical to connectivity, LLDP can be particularly beneficial for managing and troubleshooting network infrastructure.

What is LLDP?

LLDP is a Layer 2 protocol used for network devices to advertise their identity, capabilities, and neighbours to each other. It operates independently of the network layer and allows network devices to broadcast information about themselves, including:

  • System name and description

  • Port description

  • Chassis ID

  • VLAN information

  • IP addresses

This information helps network administrators understand how devices are connected within a network and ensures that the correct network paths are used.

Why LLDP is Useful in Network Management

LLDP is a valuable tool for maintaining network accuracy, detecting misconfigurations, and identifying potential issues in connectivity. Here are a few reasons why it is essential:

  1. Device Discovery: LLDP enables automatic discovery of devices and their physical connections, helping administrators build an accurate network topology. This is especially useful in large or complex environments where manually tracking devices and connections is impractical.

  2. Simplified Troubleshooting: By understanding which devices are connected to which ports, network administrators can easily pinpoint problems. For example, if a device suddenly goes offline, LLDP can help identify the neighbouring devices and track down the source of the failure.

  3. Configuration Verification: LLDP can ensure that devices are correctly configured, helping administrators verify that connections and VLAN assignments match the intended design. Misconfigurations, such as devices being plugged into the wrong ports, can be quickly identified.

  4. Network Documentation: The real-time updates provided by LLDP mean that network documentation can stay current, eliminating outdated records and manual tracking.

Utilizing LLDP with Linux for SD-WAN Edge Devices

On Linux-based SD-WAN edge devices, LLDP can be a powerful tool to enhance network visibility and management. Many SD-WAN solutions use Linux-based operating systems, making it easy to leverage LLDP as part of the device’s network management.

To use LLDP on Linux, you need to install and configure lldpd, a popular LLDP daemon:

  1. Install LLDPD:

    On most Linux distributions, lldpd can be installed from the package manager:

     sudo apt update
     sudo apt install lldpd
    
  2. Start and Enable the LLDP Daemon:

    Once installed, start the daemon and enable it to run at boot:

     sudo systemctl start lldpd
     sudo systemctl enable lldpd
    
  3. Check LLDP Neighbours:

    After lldpd is running, you can view the LLDP neighbours (other devices on the network) using the command:

     lldpctl
    

    This will output information about the devices connected to the SD-WAN edge, including the system names, port descriptions, and chassis IDs of neighbouring devices.

Leveraging LLDP in SD-WAN Edge Devices

For SD-WAN edge devices, LLDP can be invaluable for managing distributed networks. It helps network administrators identify the physical connections between edge devices and their corresponding upstream routers or switches, providing clear insight into the network topology.

Here are a few ways LLDP enhances SD-WAN deployments:

  1. Improved Monitoring: LLDP can be integrated with network monitoring tools to ensure that SD-WAN edge devices are connected correctly and consistently. This helps avoid downtime by ensuring that edge devices maintain their intended connections.

  2. Dynamic Topology Updates: As new devices are added or removed, LLDP provides real-time updates, ensuring that the SD-WAN network topology is always accurate.

  3. Enhanced Troubleshooting: In the event of a network failure, LLDP’s detailed port and neighbour information allows administrators to quickly identify where the problem lies, even in large, distributed SD-WAN deployments.

  4. Simplified Network Planning: When expanding SD-WAN networks, LLDP helps administrators ensure new edge devices are properly integrated into the network, reducing the risk of misconfiguration.

Wrapping up, LLDP is a powerful protocol for managing and maintaining visibility of network infrastructure. When combined with Linux-based SD-WAN edge devices, it provides a simple yet effective way to monitor device connections, detect issues, and maintain an accurate network topology. For any organisation deploying SD-WAN, using LLDP can enhance network reliability and make managing a distributed infrastructure far more efficient.


Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa. Learn more about the best SD-WAN in the world: 👉Contact Fusion

Â