Project

General

Profile

Feature #2285

Design report connection interface.

Added by Randy Reitz almost 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
12/13/2011
Due date:
12/19/2011
% Done:

100%

Estimated time:
10.00 h
Spent time:
Duration: 7

Description

Report connection will by used by CIA pollers to report connection information.

IF-MIB.txt (70 KB) IF-MIB.txt IF-MIB Randy Reitz, 12/13/2011 04:06 PM
IP-MIB.txt (181 KB) IP-MIB.txt IP-MIB Randy Reitz, 12/13/2011 04:06 PM
testrtr.pl (7.5 KB) testrtr.pl NodeLocator router poller Randy Reitz, 12/14/2011 09:07 AM
NL_arplist.pm (2.18 KB) NL_arplist.pm Perl Module to gather ARP table from given device Randy Reitz, 12/14/2011 09:10 AM

History

#1 Updated by Randy Reitz almost 8 years ago

Site routers support the IF-MIB:ifXTable which contains these elements:
  • ifName.index - index in IF-MIB:ifXTable for row
  • ifName - name of interface
Site routers support the IP-MIB:ipNetToMediaTable which contains these elements:
  • ipNetToMediaIfIndex - index in IP-MIB:ifName
  • ipNetToMediaPhysAddress - MAC address
  • ipNetToMediaNetAddress - IPv4 address
  • ipNetToMediaType - Values for: 1 : other, 2 : invalid, 3 : dynamic, 4 : static

The CIA poller for connections should report the contents of these MIB elements for a given router-name as follows:
(IPv4 address, MAC address, ifXTable:ifName[ipNetToMediaIfIndex], router-name, timestamp)

#2 Updated by Randy Reitz almost 8 years ago

From a reading of testator.pl
  • Read the list of routers to poll:
    Select ("cisco_native", "cisco_router") from infile.in
    Ignore lines with "nopoll" flag
    Set default COMMUNITY_STRING unless "comstr" found in record
  • Loop over each selected device
    Read ARP Table using NL_arplist perl module, returns ARPLIST
    Loop over each record in returned ARPLIST
    Log any errors (e.g. not reachable, unknown name, no response)
    Prepare output records, look for duplicate MAC addresses
  • Write the "new" routers.db and update the archive db
    Only consider "public" record for output (ie. IP address does not start with 172. or 10.)
    Check timestamp on each record. Write "current" records: end-of-poll - record timestamp <= ValidAge=pollcycle * 60

#3 Updated by Randy Reitz almost 8 years ago

From a reading of NL_arplist.pm
  • Site routers support the IF-MIB:ifXTable which contains these elements:
    • ifName.index - index in IF-MIB:ifXTable for row
    • ifName - name of interface
  • Site routers support the IP-MIB:ipNetToMediaTable which contains these elements:
    • ipNetToMediaIfIndex - index in IP-MIB:ifName
    • ipNetToMediaPhysAddress - MAC address
    • ipNetToMediaNetAddress - IPv4 address
    • ipNetToMediaType - Values for: 1 : other, 2 : invalid, 3 : dynamic, 4 : static
  • The CIA poller for connections should report the contents of these MIB elements for a given router-name as follows:
    (IPv4 address, MAC address, ifXTable:ifName[ipNetToMediaIfIndex], router-name, timestamp)

#4 Updated by Randy Reitz almost 8 years ago

Here is the ARP table for r-s-lhc-wh1e:

[rreitz@tissue-dev ~]$ snmpwalk -Ob -v2c -c ${READ_COMMUNITY_STRING} r-s-lhc-wh1e ipNetToMediaTable
IP-MIB::ipNetToMediaIfIndex.252.131.225.252.42 = INTEGER: 252
IP-MIB::ipNetToMediaIfIndex.252.131.225.252.200 = INTEGER: 252
IP-MIB::ipNetToMediaIfIndex.364.131.225.15.173 = INTEGER: 364
IP-MIB::ipNetToMediaIfIndex.364.131.225.15.174 = INTEGER: 364
IP-MIB::ipNetToMediaIfIndex.812.172.17.12.32 = INTEGER: 812
IP-MIB::ipNetToMediaIfIndex.812.172.17.12.200 = INTEGER: 812
IP-MIB::ipNetToMediaPhysAddress.252.131.225.252.42 = STRING: 0:1a:a0:47:77:56
IP-MIB::ipNetToMediaPhysAddress.252.131.225.252.200 = STRING: 0:18:73:c6:fe:c1
IP-MIB::ipNetToMediaPhysAddress.364.131.225.15.173 = STRING: 0:18:73:c6:fe:c2
IP-MIB::ipNetToMediaPhysAddress.364.131.225.15.174 = STRING: 0:1c:b0:58:1c:0
IP-MIB::ipNetToMediaPhysAddress.812.172.17.12.32 = STRING: 0:18:73:c6:fe:c3
IP-MIB::ipNetToMediaPhysAddress.812.172.17.12.200 = STRING: 0:d:bc:f9:1a:4e
IP-MIB::ipNetToMediaNetAddress.252.131.225.252.42 = IpAddress: 131.225.252.42
IP-MIB::ipNetToMediaNetAddress.252.131.225.252.200 = IpAddress: 131.225.252.200
IP-MIB::ipNetToMediaNetAddress.364.131.225.15.173 = IpAddress: 131.225.15.173
IP-MIB::ipNetToMediaNetAddress.364.131.225.15.174 = IpAddress: 131.225.15.174
IP-MIB::ipNetToMediaNetAddress.812.172.17.12.32 = IpAddress: 172.17.12.32
IP-MIB::ipNetToMediaNetAddress.812.172.17.12.200 = IpAddress: 172.17.12.200
IP-MIB::ipNetToMediaType.252.131.225.252.42 = INTEGER: dynamic(3)
IP-MIB::ipNetToMediaType.252.131.225.252.200 = INTEGER: static(4)
IP-MIB::ipNetToMediaType.364.131.225.15.173 = INTEGER: static(4)
IP-MIB::ipNetToMediaType.364.131.225.15.174 = INTEGER: dynamic(3)
IP-MIB::ipNetToMediaType.812.172.17.12.32 = INTEGER: static(4)
IP-MIB::ipNetToMediaType.812.172.17.12.200 = INTEGER: dynamic(3)


Here is the ifName item from the interface table:
[rreitz@tissue-dev ~]$ snmpwalk -Ob -v2c -c ${READ_COMMUNITY_STRING} r-s-lhc-wh1e ifName
IF-MIB::ifName.1 = STRING: Vl1
IF-MIB::ifName.252 = STRING: Vl252
IF-MIB::ifName.364 = STRING: Vl364
IF-MIB::ifName.812 = STRING: Vl812
IF-MIB::ifName.5049 = STRING: Lo0
IF-MIB::ifName.10101 = STRING: Gi1/0/1
IF-MIB::ifName.10102 = STRING: Gi1/0/2
[snip]


Here is the NIMI arp_table_intervals:
nimi=> select * from arp_table_intervals where router_name='r-s-lhc-wh1e' order by interval_begin desc limit 22;
   ip_address    |    mac_address    |   interval_begin    |    interval_end     | router_name  | interface_name 
-----------------+-------------------+---------------------+---------------------+--------------+----------------
 131.225.15.173  | 00:18:73:c6:fe:c2 | 2011-11-17 11:07:00 | 2011-12-14 09:17:00 | r-s-lhc-wh1e | Vl364
 131.225.252.200 | 00:18:73:c6:fe:c1 | 2011-11-17 11:07:00 | 2011-12-14 09:17:00 | r-s-lhc-wh1e | Vl252
 131.225.15.174  | 00:1c:b0:58:1c:00 | 2011-11-17 11:07:00 | 2011-12-14 09:17:00 | r-s-lhc-wh1e | Vl364
 131.225.252.42  | 00:1a:a0:47:77:56 | 2011-11-17 11:07:00 | 2011-12-14 09:17:00 | r-s-lhc-wh1e | Vl252


Notes:
1) 4 of the 6 IP<->MAC pairs are recorded in NIMI
2) The IP addresses starting with 172.* are discarded. These IP addresses are associated with interface index=812 which is VLAN=812.
3) The ifName indexes are the VLAN number. If this holds true on all routers, then the IF-MIB may not be needed.
Can't check at this time since this is the only router that seems to be accessible from tissue-dev.

#5 Updated by Michael Zalokar over 6 years ago

  • Status changed from New to Closed
  • % Done changed from 20 to 100

Included as part of the NCIS/TIssue/FBI V3 release on 8-1-2013.



Also available in: Atom PDF