Integrated Mapping

Mapping
Written By Josh Varghese

In the previous two posts we have talked about software packages from OT network switch vendors that provide physical topology mapping. What I’d like to show off in this post is a few mapping components that are integrated directly in the vendor’s network hardware GUI directly.

As a first example I’d like to show Fortinet and specifically the Managed FortiSwitch topology page within the FortiGate GUI. One of the coolest things about utilizing Fortinet for both your firewall and your switching needs is this awesome capability. Below you' see we’re in the GUI for the FortiGate firewall but as we’re also using the FortiGate as a switch controller we can see all of the switches under it’s management and…drumroll…the physical topology!

You may have noticed the interesting line-type and symbol for the top right link above between the ACCESS-1 and ACCESS-2 switches. If we click on the link we’ll get some more information.

What whaaaaaaaat?!?!? We’re seeing not just the admin/link status of ports but also the STP status, so that symbol is flagging to the admin that this is a link that is in STP discarding state - pretty sweet!

It’s worth noting a FortiGate isn’t the only way to get this topology. In the absence of a Gate, FortiSwitches can also be managed by FortiSwitch Manager or FortiEdge Cloud, both of which will provide similar topology visibility. It’s further worth noting the switch controller functionality offers plenty more than just topology, from firmware management to centralized point of configuration, etc. but these points are beyond the scope of this series.

Next up I’d like to show you Lantronix and their Device Management System (DMS) which runs on their managed switches and is available directly within the switch GUI. The first time I saw this I was blown away as I couldn’t believe there was an application running ON the switch providing this kind of detail, particularly because the detail it provides goes beyond what switches generally keep track of by design.

Some cool things about DMS:

  • Zero additional purchase required. It’s just there as part of your switch purchase ready to help you with increased visibility.

  • Note in the picture above you’re not just seeing switch to switch connections; you’re seeing HOSTS and you’re seeing more than just MAC! You’ve got IP, possibly hostnames, port utilization, PoE consumption, etc.

  • In a network with multiple switches, one switch will effectively act as the master to do the heavy lifting and collect the information about neighbors and links, but this topology view is available from within ANY switch in the network you log into. Even crazier, the first switch in the map will always be the switch you’re logged into so your “perspective” of the network is always from the switch you’re logged into!

  • Floor View allows the designer to import existing JPEGs of the floor and site drawings into the DMS

  • Enhanced diagnostics including IP connectivity and physical layer cabling checks and tests are available with the DMS:

    • One-click cable diagnosis

    • One-click to check device alive

    • Instant identification of faulty cable connections

  • Real-time graphical monitoring of traffic and statistics, health checking of powered devices with ICMP ping “keep alive”, and auto-alarming for exceeded thresholds:

    • Monitor traffic and packets of devices

    • Analyze by day/week/port/device

    • Perform health check by threshold

    • Auto-alarming if abnormal condition exists

Echo-ing a similiar sentiment to the conclusion of the previous post, I’m not typically one to advise a customer go all-in with a single vendor but it’s worth being aware of what any given vendor offers in this area if it’s an important topic for you.

Still more in the series to come. Stay tuned!

Josh Varghese
Next

The Mapping Challenge