Finding Your Way: Mapping Your Network to Improve Manageability

A network map, in its simplest form, is a diagram of your network and each device attached to it. It should include not only switches, routers, firewalls, VLANs and access points, but also hosts on the network. Traditionally, these network maps were made by network and systems administrators using tools like Visio. The issue with making maps like this is that manually generated maps quickly fall out of date and generally don’t include clients on the network, due to the dynamic nature of client systems (laptops, phones and tablets) constantly joining and leaving the network.

Image

Figure 1: A simple, manual network map.

Why bother mapping your network?

Building a manual network map for a modern, complex network can be time consuming, however, and because it’s out of date nearly as soon as it’s finished, many organizations don’t even make one. However, not having a network map can cost your team a lot more time than it takes to make one.

In the past, I have stepped into management roles at several companies that either didn’t have a network map or had an inaccurate and out-of-date map. Invariably, each time this happened, there was some kind of issue that became much harder to track down and troubleshoot due to a lack of overall understanding of the network and its topology.

The best (or worst) example of this that I can recall was when a company I worked for was having intermittent DNS issues. The company hosted its own Internet-facing DNS servers, as well as the main application for the company. At one point, DNS resolution for the domains that we hosted began to fail—intermittently. However, the DNS servers worked just fine when they were queried from inside the network, behind the firewall. Connections that originated from outside the network and traversed the firewall were the ones that had issues—they’d timeout and fail, but at random-seeming intervals. After more than a week of suffering through these issues in production and losing revenue over it, we finally tracked down the culprit. The DNS servers were behind a pair of load balancers, and one of the load balancers was beginning to fail. None of us realized that the DNS servers were behind the load balancer—figuring that out and testing the load balancer would have been trivial if we had had a network map. A map could have reduced the discovery time from a week to less than a day, saving the company countless dollars in possible lost revenue.

As I stated above, mapping your network is a huge benefit to your organization. Although you can get away with making a static, manual network map, there is an easier way. Network mapping software can automatically create a network map and keep it up to date for you, so that you and your team can spend less time documenting the network and more time improving the infrastructure and executing on projects.

Network mapping and network monitoring

While a software solution like Intermapper provides both network maps and monitoring, it can also be used to complement other network management products to improve your overall reach and network monitoring experience.

Where a network monitoring system typically works by polling each device for operational status and other statistics, a network mapper focuses on the way the devices interact and interconnect. More important, the network mapper will watch the network continually and notify you and your team of changes in the environment.

Image

Figure 2: Intermapper doing its thing! (Wow, I have a lot of devices at home.)

One of the great strengths of a network mapping tool is its ability to draw links between systems and keep them up to date automatically. The map shown in Figure 3 is the same data presented in the table shown in Figure 2, but it’s drawn automatically by the mapping tool and kept up to date. Here you can see quickly that all of these devices reside in the 192.168.1.0/24 network, for example. A picture is worth a thousand words, and having a solid picture of your network at any given time will give you and your staff a better understanding of the network, the hosts that reside in it, and how all the pieces interconnect.

Wouldn’t it be great to have your network map just made for you, without tying up you or your team’s time? A solid network mapping software solution can do that for you! Intelligent network mapping tools can “walk” your network, not only pinging hosts, but they also can do port scans of them and see what services are running on each host. In some cases, you can feed SNMP, SSH or WMI credentials to these tools, and they will add the information they pick up from each host to the map, creating a much richer informational context that gives your team even greater visibility into what’s going on at any given time.

Image

Figure 3: A very basic, but automatic network map.

Since the network map is constantly being updated by the tool as services are brought online, your team stays notified and aware. This is a great benefit—in the event a rogue operator makes it into your network and starts a service, like a Web server, mail server or file-sharing server—you can be notified, investigate and take appropriate action.

Network mapping tools are great at helping you and your staff get ahead of the curve and be proactive. Where a conventional network monitoring system generally alerts you only in the case of trouble with a host, a network mapper can alert you as a threshold begins to be reached, so you can take action to fix issues before they turn into problems, thereby preventing network outages and downtime.

Capacity planning can be a daunting task at times. In order to plan for the future correctly, you’ve got to know where you are and the state of your network and systems today—and this is another place where an accurate and up-to-date network map shines. Without a network mapper, in order to plan for the future, you have got to take a global assessment of your network—manually. This is a tedious, time-consuming process, and it can tie up your staff, keeping them from implementing new projects. Once you’ve got a network map, capacity planning can be as simple as running a report, looking for the usage trends across your network and extrapolating what pieces need upgrading, and how much. Tools like Intermapper can provide access to the data, and with minimal effort, capture and parse that data in an external program.

A static, manually generated network map doesn’t give you one of the biggest advantages that a tool like Intermapper can provide: real-time monitoring and alerting of changes in your network, as they happen. A good network mapper can act as your watchdog on the network, keeping an eye out for anomalies and reporting them to you in real time, as they occur.

If you have to maintain maximum uptime, you simply can’t have too much monitoring. A network mapper fills the gaps that an ordinary network management and monitoring system has, giving you a 360-degree view of your entire network deployment. Proactive monitoring is the key to maintaining uptime—being on top and aware 14 of situations before they become problematic will allow you to maintain the highest possible service level for your organization.

Speaking of service levels, do you have service-level agreements (SLAs) that you need to maintain? Usually not meeting those service levels results in credits to your customers, which means a loss to your business. Naturally, you and your staff want to prevent that situation from occurring, and a network mapping package is another tool in your toolbox to achieve that end. A good network mapper can keep an eye on your systems, switches, routers and interconnects, and warn you at a predetermined level before you saturate your capacity. Although this ties into capacity planning, it also allows you to maintain your service levels, keeping upper management happy and avoiding fire-fighting operational issues for your staff.

And, with respect to fire-fighting, we all face an ever-looming threat: external intrusion by malicious operators— in other words, attackers. Having that 360-degree view of your network helps you shine a spotlight on malicious activity when and where it occurs. Tools like Intermapper can help you establish a baseline level of activity for each device on your network, and then alert you when devices deviate too far from the baseline. In addition, a network mapper can monitor the flow of traffic in and out of the network, using NetFlow or sFlow protocols. This adds to the overall 360-degree view, giving you and your team insight not only into the state of devices on the network, but also the data those devices are transmitting and the destination of that data.

When the fire has broken out, and the chips are down, you need every tool you can have at your disposal, ready to go and provide information. Troubleshooting a problem on a complex network today requires that you have both a high-level picture of what’s going on in the entire system, as well as a low-level view from each host and device. Mapping your network, in conjunction with other tools, can give you that perspective, letting you hone in on issues and resolve them quickly.

Earlier in this ebook, I described a real-life troubleshooting situation where the time to resolution of that problem could have been dramatically reduced by having a solid network map and mapper tool—and that 360-degree view of the entire network. When your team is forced into troubleshooting and fire-fighting mode, situational awareness is critical. Analytical troubleshooting techniques, applied correctly, can reduce the problem space by half every time you iterate through the issue, but only if you have good information upon which to base your decisions and troubleshooting direction. That’s why having an up-to-date network map and good tools is so critically important. It can keep you from heading down a troubleshooting dead end and forcing you to retrace your steps back to an earlier point, thereby beginning the process over again.

Minimizing time to resolution and restoring service to expected levels is what it’s all about when you’re in troubleshooting mode. Software like Intermapper gives you the information necessary to zero in on issues and drive them to completion. 

Any team responsible for maintaining network health and performance needs every possible tool that will provide a comprehensive view of the network. Monitoring, capacity planning and troubleshooting activities all benefit greatly from the use of network mapping software like Intermapper. Whether you manage a large enterprise network or a smaller network, the benefits of mapping your network are clear for you and your team. Your team members will thank you for implementing a mapper, because they’ll get better information and can respond more appropriately, and management will be pleased when SLAs are maintained and predictable capacity planning and growth can be projected. Every network deployment can benefit from having a tool like Intermapper in its toolbox.