[quagga-users 11306] Re: very newbish question regarding netwok discovery
christopher.barry at rackwareinc.com
Sun Jan 10 22:26:14 GMT 2010
On Sun, 2010-01-10 at 15:36 -0500, Christopher Barry wrote:
> On Sun, 2010-01-10 at 12:07 -0800, Kurt Buff wrote:
> > On Sun, Jan 10, 2010 at 11:42, Christopher Barry
> > <christopher.barry at rackwareinc.com> wrote:
> > > Greetings all,
> > >
> > > This is my fist post to this group.
> > >
> > > My question is around a use of Quagga, and potentially OSPF that is
> > > likely very non-standard.
> > >
> > > Use Case:
> > > A compute system with multiple interfaces whose attached networks are
> > > not known is temporarily booted with a special Linux image running
> > > (potentially) quagga.
> > >
> > > This Linux image would use OSPF (or some other protocol) to determine
> > > what networks each interface was attached to. Ideally, no IP addresses
> > > would be configured on the system during this process. Scripts would
> > > record this information (e.g. the system interface/attached subnet
> > > pairing) for future understanding about the system's network
> > > connectivity.
> > >
> > > Is this use case even remotely possible? And if so, can anyone here give
> > > me some advice on where to begin to implement such a system?
> > >
> > >
> > > Thanks,
> > > -Christopher
> > I see four possibilities:
> > 1) Ask for IP addresses, and see if you can get your data.
> > 2) Start listening to broadcasts on each NIC, and characterize the subnets
> > 3) Start sending all ones broadcasts on each NIC and see what replies you get
> > 4) start blasting MAC addresses to each connection in the hopes of
> > flooding the tables on the connected devices and start looking at the
> > traffic that comes through on each NIC
> > I don't
> > think you need a routing package for any of that, unless I'm
> > missing something fundamental.
> > Kurt
see thread for more interaction about this with Kurt.
> The ideal situation is: I bring up the image, bring up the interfaces,
> but leave them unconfigured with IP addresses, and some whiz-bang
> protocol queries each interface at the link-level, and figures out which
> subnets are directly connected to each.
> Originally I thought I could use arp for this, but a multi-homed system,
> and routers as well, from what I can gather, will do a form of
> proxy-arp, so they will respond with the directly connected MAC address
> of a host, but with an IP from another local interface. This makes
> isolation essentially impossible.
As stated above, in a prior posting, arp is not a feasible solution for
this use case - I have already tried it.
from the arp-scan user manual located @
$ arp-scan --interface=eth0 192.168.1.1 10.0.105.225
192.168.1.1 00:c0:9f:09:b8:db QUANTA COMPUTER, INC.
10.0.105.225 00:c0:9f:09:b8:db QUANTA COMPUTER, INC.
So, doing subnet identification via arp is not possible. Attempting to
isolate an IP subnet via arp scans will produce multiple false positives
- to the point that any identification or isolation is simply not
possible. It also requires a certain afore-knowledge of the available
subnets - I would like to avoid this restriction.
> Hence this foray into routing protocols. This may not be a reasonable
> methodology either, but I thought it was worthy of asking all of you
> experts on this list.
Can anyone speak to the behavior of OSPF as a potential discovery
protocol for the above scenario? I have already fully investigated arp,
and found it non-workable for my use case, and while my current
algorithm does somewhat function, it's not without it's warts and
burdens, and I'm in search of something better.
More information about the Quagga-users