Network mapping: Difference between revisions

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Network mapping" – news · newspapers · books · scholar · JSTOR (April 2016) (Learn how and when to remove this message)

Network mapping is the study of the physical connectivity of networks e.g. the Internet. Network mapping discovers the devices on the network and their connectivity. It is not to be confused with network discovery or network enumeration which discovers devices on the network and their characteristics such as operating system, open ports, listening network services, etc. The field of automated network mapping has taken on greater importance as networks become more dynamic and complex in nature.

Images of some of the first attempts at a large scale map of the internet were produced by the Internet Mapping Project and appeared in Wired magazine. The maps produced by this project were based on the layer 3 or IP level connectivity of the Internet (see OSI model), but there are different aspects of internet structure that have also been mapped.

More recent efforts to map the internet have been improved by more sophisticated methods, allowing them to make faster and more sensible maps. An example of such an effort is the OPTE project, which is attempting to develop a system capable of mapping the internet in a single day.

The "Map of the Internet Project" maps over 4 billion internet locations as cubes in 3D cyberspace. Users can add URLs as cubes and re-arrange objects on the map.

In early 2011 Canadian based ISP PEER 1 Hosting created their own Map of the Internet that depicts a graph of 19,869 autonomous system nodes connected by 44,344 connections. The sizing and layout of the autonomous systems was calculated based on their eigenvector centrality, which is a measure of how central to the network each autonomous system is.

Graph theory can be used to better understand maps of the internet and to help choose between the many ways to visualize internet maps. Some projects have attempted to incorporate geographical data into their internet maps (for example, to draw locations of routers and nodes on a map of the world), but others are only concerned with representing the more abstract structures of the internet, such as the allocation, structure, and purpose of IP space.

Many organizations create network maps of their network system. These maps can be made manually using simple tools such as Microsoft Visio, or the mapping process can be simplified by using tools that integrate auto network discovery with Network mapping, one such example being the Fabric platform. Many of the vendors from the Notable network mappers list enable you to customize the maps and include your own labels, add un-discoverable items and background images. Sophisticated mapping is used to help visualize the network and understand relationships between end devices and the transport layers that provide service. Mostly, network scanners detect the network with all its components and deliver a list which is used for creating charts and maps using network mapping software.^[1] Items such as bottlenecks and root cause analysis can be easier to spot using these tools.

There are three main techniques used for network mapping: SNMP based approaches, active probing and route analytics.

The SNMP based approach retrieves data from Router and Switch MIBs in order to build the network map. The active probing approach relies on a series of traceroute-like probe packets in order to build the network map. The route analytics approach relies on information from the routing protocols to build the network map. Each of the three approaches have advantages and disadvantages in the methods that they use.

There are two prominent techniques used today to create Internet maps. The first works on the data plane of the Internet and is called active probing. It is used to infer Internet topology based on router adjacencies. The second works on the control plane and infers autonomous system connectivity based on BGP data. A BGP speaker sends 19-byte keep-alive messages every 60 seconds to maintain the connection.

This technique relies on traceroute-like probing on the IP address space. These probes report back IP forwarding paths to the destination address. By combining these paths one can infer router level topology for a given POP. Active probing is advantageous in that the paths returned by probes constitute the actual forwarding path that data takes through networks. It is also more likely to find peering links between ISPs. However, active probing requires massive amounts of probes to map the entire Internet. It is more likely to infer false topologies due to load balancing routers and routers with multiple IP address aliases. Decreased global support for enhanced probing mechanisms such as source-route probing, ICMP Echo Broadcasting, and IP Address Resolution techniques leaves this type of probing in the realm of network diagnosis.

This technique relies on various BGP collectors who collect routing updates and tables and provide this information publicly. Each BGP entry contains a Path Vector attribute called the AS Path. This path represents an autonomous system forwarding path from a given origin for a given set of prefixes. These paths can be used to infer AS-level connectivity and in turn be used to build AS topology graphs. However, these paths do not necessarily reflect how data is actually forwarded and adjacencies between AS nodes only represent a policy relationship between them. A single AS link can in reality be several router links. It is also much harder to infer peerings between two AS nodes as these peering relationships are only propagated to an ISP's customer networks. Nevertheless, support for this type of mapping is increasing as more and more ISP's offer to peer with public route collectors such as Route-Views and RIPE. New toolsets are emerging such as Cyclops and NetViews that take advantage of a new experimental BGP collector BGPMon. NetViews can not only build topology maps in seconds but visualize topology changes moments after occurring at the actual router. Hence, routing dynamics can be visualized in real time. In comparison to what the tools using BGPMon does there is another tool netTransformer able to discover and generate BGP peering maps either through SNMP polling or by converting MRT dumps^[2] to a graphml file format. netTransformer allows us also to perform network diffs between any two dumps and thus to reason how does the BGP peering has evolved through the years.^[3] WhatsUp Gold, an IT monitoring tool, tracks networks, servers, applications, storage devices, virtual devices and incorporates infrastructure management, application performance management.^[4]

Internet BGP peering map (red - multi homed AS, green stubs)

• Comparison of network diagram software
• DIMES
• Idea networking
• Network topology
• Opte Project
• Webometrics

• Cheleby Internet Topology Mapping System
• Center for Applied Internet Data Analysis
• NetViews: Multi-level Realtime Internet Mapping
• Cyclops: An AS level Observatory
• DIMES Research Project
• Internet Mapping Research Project
• The Opte Project