Port-Level Mapping Through The Use Of SNMP
Roth Cabletron Systems and Loran Technologies claim that their products can make port-level resolutions when mapping nodes. This feature is different from logical subnetting, which is based on router port and IP address. Cabletron's Spectrum and Loran's Kinnetics server use information gathered from SNMP gets and vendor-specific MIBs. In this way, both are dependent upon the SNMP implementation on each managed device, which, even given the maturity of SNMP, proved to be imperfect.

But it was here that Cabletron's and Loran's approaches diverged. Spectrum adds third-party modules that account for specifics in vendor devices. If information is not initially available in the correct MIB tree, a recode of the module is required.

Kinnetics, on the other hand, uses scripts, which have two advantages. First, instead of requiring a recode when SNMP compliance is lacking, the scripts are easy to field-upgrade, a service that Loran supplies. Second, Loran has patented a statistical probability methodology that compares the traffic patterns between ports and matches the similarities of one port's output traffic to another--hopefully an adjacent port's input. Over time, Loran claims to have a 99.97 percent degree of accuracy. During our tests, we found that its accuracy improved to approximately 90 percent.

The fly in the ointment for both of these products' port-level mapping is the real-world lack of SNMP compliance by all of the well-known infrastructure vendors. Add to this topologies that simply don't lend themselves to easy mapping representations.

To illustrate our point, we have taken a view of a Cisco Systems Catalyst 5000 that has multiple VLANs (virtual LANs) on multiple IP subnets, driven by different router interfaces, but with only a single IP address. The drawing at left ("Reference Network") represents how this device is physically wired, and the three screen shots to the right detail how Cabletron, Loran and Tivoli Systems mapped this setup. The logical view from Tivoli's Netview is included to illustrate the difference between the logical and port-level views.

We recognize that this is a challenge, since the end nodes connected to the Catalyst do not all support SNMP, but this is not an unrealistic configuration, and it is one that is increasingly common in today's networks. Neither Cabletron nor Loran resolved all of the ports. We weren't surprised in Spectrum's case, given the Catalyst's apparent lack of support of the transparent bridge table and the SNMP void on the connected nodes. And though Kinnetics resolved a single port--which gave us some hope--it only could do so after months of traffic data.