Monday, September 5, 2011

Topology based Correlation

Amazing how many products have attempted just this sort of thing and for one reason or another, ended up with something a bit more complex than it really should be.

Consider this... In an IP Network, when to have a connectivity issue, basic network diagnosis mandates a connectivity test like a ping and if that doesn't work, run a traceroute to the end node to see how far you get.

What a traceroute doesn't give you is the interface by interface, blow by blow or the layer 2.  If you turn on the verbose flag in ping or traceroute, you will see ICMP HOST_UNREACHABLE control messages. These come from the router that services the IP Subnet for the end device when an ARP request goes unnoticed.

So, consider this.  when you have a connectivity problem to an end node:

Can you ping the end Node?
If not, can you ping the router for that subnet?
If yes, you have a Layer 2 problem.
If not, you have a layer 3 problem.  Perform a traceroute.

Within the traceroute, it should bottom out  where it cannot go further giving you some level of indication where the problem is.

On a layer 2 problem, you need to check the path from the end node, through the switch or switches, on to the Router.

Hows that for simplicity?