Your First Network Map

Create Your first Network Map


In this post I will show you how easy and quick is to create a new network map. The test network in this example consists of a Paloalto firewall and a few Juniper EX series switches.

Logon credentials

One thing what is really required to perform a successful discovery is to ensure PGT is able to connect and log in to devices. Assuming you can use the same credential for all network equipment got to Tools/Options and select Terminal Scripting tab to set default username and password:

If login to network devices requires several different credentials to be used, then credentials can also bet set specific to management address / network :


Connections

Another factor influencing discovery is how devices can be reached. Some networks allow accessing protected network gears from a specific source network only and hence a jump server (or stepping server) must be used.

To define jump servers go to Tools/Options and select "Jump server definitions" tab and add the required servers there:


Make sure the right vendor type is selected, and take care of picking the correct protocol and credentials for accessing the jump server, otherwise connections will freeze.

As the network discovery engine runs multiple parallel tasks, the number of tasks running at the same time may be higher than the number of connection a given jump server can handle, which may lead to incomplete discovery. To overcome this situation, it is possible to set a connection limit for a jump server that will be enforced whenever a new connection must be made via that specific jump server. 

In a complex network only small, isolated parts of the network may require a jump server while the rest of the devices are accessible directly. The discovery engine must able to find out which jump server to use for a specific host, if any at all. There are two ways to accomplish this goal:

  1. Define a host in the Favorite host database and assign the desired jump server to the host. Whenever a connection must be made to that device - determined by its management address - PGT and therefore the discovery engine will use the specified jump server.
  2. It can obviously be a tedious work to define each host for a particular network only to make this jump server assignment.
    Rather than that, simply define a network in CIDR notation and assign a jump server for the target network. For each host whose management address falls into the defined network range, the associated jump server will be selected aromatically. This feature is called Jump Server Targeting in PGT, and is configurable via Tools/Options.

Different modes of discovery

You can use the Network Map to both discover an unknown network or visualize and document connections between known devices. The difference is whether you want to allow the discovery engine log on to each neighbors found and search for new neighbors from there in a recursive way - this is called "Active discovery" herein - or you simply want to discover the interconnections between the specified hosts displaying any of their neighbors without taking the discovery further from there.
For active discovery, it is usually necessary to limit how far the discovery is allowed to reach. This behavior is controlled by several settings called Discovery Domain.

Another factor that influences discovery - either active or not - is the number of seed hosts defined initially. As discovery will run many parallel tasks, the more hosts to start the discovery from is potentially the faster the result.

In this example I would like to show how to document a known network by starting an active discovery using several seed hosts and setting up a discovery domain to limit search boundary. We will start from a pre-defined set of hosts in the Favorite host database in Terminal Window:

Starting the discovery

Open a new Network Map from the Action menu of PGT, then select the second tab called Network Discovery then the Discovery List tab:



There is a large text box in the upper right corner where the list of seed devices can be entered, one per line. This text may be edited manually by adding only the management address of the desired hosts, bu can also be populated from the Favorite host database by clicking the "Pick favorite hosts" button. If all possible address in a specific network range is to be added, enter the network address in CIDR format - like 10.0.0.0/26 and click "Add network".  Any undesired entries (lines) can simply be deleted from the text box. 

Below examples shows adding hosts from favorite host definitions:


When NDE is making a connection to a host which is not found in the favorite host database, it must make some assumptions on what connection protocol to use and how to perform the logon dialog, what logon prompts and device prompts to expect by default. Use the "Default connection parameters" to defined this default behavior. Switch on Active discovery and select "Route table query mode" to Exclude, or simply leave it undefined:


The next step is to configure the search boundary to control how far discovery may reach. To do so, go to the next tab called Discovery Domain:


Here you can limit the network protocols analyzed by NDE when searching for protocol neighbors, as well as set up rules for included or excluded network ranges and host name patters. For network definitions use CIDR format and add only a single network per line. For the host name filtering multiple regex expressions can be added, also line by line.

Now you're all set, let's start the discovery process. Switch back to Discovery List tab and click the green "Start discovery" button.

As the discovery is running and neighbors are found, the parser task view will be populated with new tasks showing the reason why that particular task is there - like "seed" or "OSPF neighbor" of some router - and each task status will indicate the progress.


You can both stop or cancel the discovery at any time. Stopping means that actual results will be preserved while cancelling will terminate the process without results.

When discovery is finished, the network Layer 3 graph will be rendered showing routed links and routing protocol neighborship information for selected routing protocols. In our case, BGP and OSPF routing is visible:


Selecting "Layer 2 connections" from the drop-down list in the top right corner, will reveal L2 links and VLAN information:


The graph engine has many customization options how to present the map, and there are several alignment tools accessible from the graph context menu to arrange the nodes as most suited. Adding annotation objects can further clarify regions on the map.

As the map is interactive, you can connect directly to a device using either terminal connection or by opening browser session which makes troubleshooting quick and effective.

What's next ?

Several exciting features are also available in a few clicks using the interactive map like Visual Trace, deploying scripts on selected nodes or launching QoS monitor for a particular link. 

Besides the built-in layer 3 and layer 2 connections any number of custom maps can also be created based on the topology database and exporting the graph to Microsoft Visio is super easy.

Don't miss upcoming posts to reveal all the details...

Comments

Post a Comment

Popular posts from this blog

Introduction to PGT Network Map

Image
What is PGT Network Map Pretty Good Terminal - or PGT - is a Windows Desktop application designed primarily for developing and deploying scripts on computer networking devices, such as routers and switches. PGT scripting engine is vendor agnostic by design, and its extensible architecture makes it very easy to generate and deploy simple CLI, Python or Visual scripts for almost any type of device supporting some sort of command interface. Beyond its superb scripting capability, PGT has several, well-documented development interfaces  allowing the development of custom plugins that can leverage the advanced scripting APIs provided by the software.   The availability of the development and scripting support, as well as the built-in Python IDE environment has inspired the vision of building an interactive Network Map plugin for PGT.  Ultimately, PGT Network Map is an optional module of the application making extensive use of Python script parser modu...
Read more