If you’re a network engineer chances are pretty likely you’ve encountered some form of this situation. You get a new job (either assigned to a new customer or a one-off) and are immediately expected to execute a specific task within the network without any previous knowledge of it.
Sound familiar?
The thing is, navigating these situations effectively requires having accurate information for performing network changes and troubleshooting issues reported by the end user. Having the right info is also vital to being a part of the engineering process related to the network’s growth and evolution.
Questions that must be asked: How do you become aware of the network’s blocks, learn all the functions, and work effectively during the “on-boarding” phase? The truth is, the answers to these questions are actually more complicated than they may appear.
Over the years, I have supported lots of networks and many customers — everything from smaller networks with just a few sites across a country, larger ones covering several countries, to enterprise networks with sites worldwide. Personally, I have found that the approach to initial discovery is nearly the same with most networks regardless of size.
To start, it’s highly recommended to obtain a very high-level of information covering lots of sources.
These include but are not limited to:
Let’s cover each bullet and try to find the optimal way to discovering the unknown networks.
Reaching out to experienced colleagues is one of the most valuable ways of gaining a great initial view of any network. When a team has been working on a network for some time, they are an excellent resource for information; capable of providing technical background from their hands-on experience during the implementation and troubleshooting process.
Keep in mind; however, that is some cases, although an engineer might be great at their job, it doesn’t necessarily mean they’ll be a good teacher. There may be particular facts concerning the network that they forget to relay because for them the information isn’t important to their job.
“I thought it was pretty obvious…”
I’ve heard this exact sentence a million times, and it’s always been due to the fact that it’s tough for experienced colleagues to remember and explain all of the functions, blocks, and overall behavior.
This is the trickiest section, as documentation can either be a highly valuable source of information (if it’s up to date) or can cause a lot of pain and headaches in the case that it hasn’t been updated for a while.
There are few attributes of proper documentation, so let’s name some of them:
Since we could easily spend hours and days talking about documentation, I’m going to move on to the other topics. I’ll return to documentation in a later series.
This is the best way to get in touch with the reality of the network (as opposed to something said by a colleague or written in the documents). Utilizing monitoring tools offers a view of the actual state of the network’s devices and functions.
An excellent place to start is to go through the tools that are running and collecting a lot of data , such as network inventory to check the specific vendors and architecture and IPAM (IP Address Management). You want to focus on the structure of the network, monitoring features including alarms, and database issues in order to identify the common problems reported by different types of users, etc.
There are plenty of tools that can be run for network discovery and create automated reports, supplying an excellent source for additional information when getting started.
In other words, the approach here is about deploying monitoring tools to acquire the desired data — and that’s my point. It doesn’t matter if I’m using my own scripts (PERL, PYTHON or VBS) or some existing software, the primary goal is to go through the network, collect specific sets of data, and be able to analyze all of the outputs.
Without any doubts, having hands-on experience is the most valuable and reliable resource for information. Yes, this is a slow process since it doesn’t rely on any documents or anyone’s advice. The truth is, though, that by going through different types of devices, different blocks, parts of the network — just to see the configuration and the features being used, you learn so much first-hand. The only requirement needed is access and login to the devices.
For many smaller companies, access is usually available immediately. With larger companies and global enterprises, the process of obtaining the necessary credentials can take days if not weeks. The reasoning for this is that the administration and processes of these companies use a centralized solution to control access, such as RADIUS or TACACS+…
This is the first part of my series exploring how to become more familiar with networks from scratch. To better understand this process, I have built a small lab environment with a lot of features for testing the network discovery process without relying on pre-existing documentation or advice from colleagues.
During this series, I intend to show you the various approaches , manual work, some scripting tips, and use IP Fabric software to illustrate the differences between each method we use.
If you’re interested in learning more about how IP Fabric’s platform can help you with analytics or intended network behavior reporting, contact us through our website, request a demo, follow this blog or sign up for our webinars.
Today, we are delighted to release the new version 2.2.9 of IP Fabric platform. This release assists engineers in having a more complete overview of their network by adding support for additional vendors, such as Arista, HP Aruba, Huawei and F5 loadbalancers. It also provides support for new routing protocol IS-IS and improves End-to-end Path Lookup, which is now more intuitive — we now allow you to save and continuously verify specific path forwarding results, as well as display them on the dashboard.
E2E Path Lookup is one of the most useful features of our platform, allowing you to test and visualize the forwarding of the packet through the network. This will allow you to verify if the traffic is being forwarded as it is intended. Many of you have inquired regarding the possibility to be able to continuously verify specific traffic patterns, such as reachability of the CRM systems from branches. The verification now also extends to verifying if forward and return traffic are symmetric and if the traffic is being flooded somewhere within the network.
In order to receive the detailed information more efficiently regarding End to End path forwarding decision, we have implemented a new tab, which aggregates all the information found during the examining of the specific packet flow.
There are situations when you may wish to only see the edge devices, whether it be for troubleshooting or to see how the WAN works without distractions from the LAN devices and links. Therefore, we are introducing a function that allows for this.
As a committed vendor independent software company, we are always working towards implementing additional support for more widespread networking equipment, so that our software may analyze and verify any network. Therefore, we are providing discovery support for Arista, Hewlett-Packard Aruba, and Huawei networking equipment and loadbalancers from F5.
While we support general routing verifications regardless of the protocol or the route source, with version 2.2.8 we have expanded detailed routing protocol support and added EIGRP and RIP. Today, we are proud to announce that our platform supports all of the most important routing protocols, as we have implemented IS-IS.
Last but not least, based on the feedback that we have received, we have decided to add DNS resolve support for the Discovery Error reports, making it far easier to identify the devices that have not been properly discovered. We are also adding a graphical historical overview of the number of discovered devices.
If you’re interested in learning more about how IP Fabric’s platform can help you with analytics or intended network behavior reporting, contact us through our website, request a demo, follow this blog or sign up for our webinars.