Transparent Bridge Discovery

Discovering Layer 2 network links using the bridge forwarding table (BFT) requires a special algorithm which is based on Topology Discovery for Large Ethernet Networks. The gathered information is used to classify links as macLinks and bridgeLinks.

Definitions

A macLink represents a link between a workstation or server that is identified by a MAC address. A bridgeLink represents a connection between backbone ports.

A shared segment is a connection established among workstations or servers (made up of several MAC addresses) and backbone ports (for example, devices connected via a hub). A bridgeLink is a shared segment with only two bridge backbone ports. A macLink is a shared segment with only one bridge port and one MAC address.

Broadcast and bridge domains are collections of shared segments, based on common sets of MAC addresses.

Bridge domains

Discovery bridge broadcast domains are made in two steps. The first step is data collection. To collect the necessary information, the BridgeDiscovery collector collects the BFT and other spanning tree information. The BFT is maintained in memory to be processed by BridgeDomainDiscovery. BridgeDomainDiscovery runs the specified algorithm on collected BFTs, and will produce a bridge domain (or several bridge domains) based on the broadcast set of MAC addresses identified.

BridgeDomainDiscovery does not support multi-VLAN; the bridge network model identifies a bridge for every VLAN identified. Each VLAN has its own BFT and spanning tree. Although discovery is run only against the main VLAN, the algorithm has to be run against all bridges and VLANs to discover a bridge topology.

Bridge domains provide no information about Layer 3 links; they produce only a Layer 2 map of the broadcast domains. You can determine which Layer 3 interfaces map to Layer 2 nodes if your device supports the IpNetToMedia table. You can associate a MAC address with its corresponding IP address and the associated node using this table.

Bridge Topology Updater

The Bridge Topology Updater combines the information stored in bridge domains with the ipnettomedia data and the provided Bridge OnmsTopology.

Whenever possible, the Bridge Topology Updater tries to associate a MAC address to an IP address, and then to a monitored node. It may be that the specified MAC address and IP address are not associated with a single node (for example, because there are duplicate nodes, or because the nodes support a protocol like LACP). Because the Updater does not support LACP and other similar aggregation protocols, Horizon does not resolve the node or record the association discovered as a MAC:IP relationship for a specific vertex.

Transparent bridging is not loop-free. If you have loops, you must enable the spanning tree protocol, which detects loops and will put some ports in a blocking state to avoid them.

You can find generic information about the bridge link discovery process in the Bridge Information box on any device’s Node Detail page. Information gathered from the supported OIDs is stored in the following database tables:

Network diagram depicting database tables used in transparent bridge discovery
Figure 1. Database tables related to transparent bridge discovery

Required SNMP MIBs

To define links, Horizon must perform some calculations, and the SNMP agent must support the following MIBs to allow this:

Table 1. Supported MIBs from the Cisco-VTP MIB
Name Description OID

vtpVersion

The local version of VTP. A device reports its version capability, but not the particular version that it uses. If the device does not support VTP, the version is none(3).

.1.3.6.1.4.1.9.9.46.1.1.1.0

Supported OIDs

The bridge discovery process supports the following OIDs:

Table 2. Supported OIDs from the IP-MIB module
Name Description OID

ipNetToMediaIfIndex

Interface on which the entry’s equivalent is effective. The Layer 2 interface identified by a particular value of this index is the same as identified by the value of ifIndex.

.1.3.6.1.2.1.4.22.1.1

ipNetToMediaPhysAddress

Media-dependent physical address.

.1.3.6.1.2.1.4.22.1.2

ipNetToMediaNetAddress

IP address that corresponds to ipNetToMediaPhysAddress.

.1.3.6.1.2.1.4.22.1.3

ipNetToMediaType

Mapping type. Setting this object to invalid(2) invalidates its corresponding entry in the ipNetToMediaTable. This effectively disassociates the entry’s identified interface from its mapping. Accordingly, management stations must be prepared to receive tabular information from agents that correspond to entries that are not currently in use. Proper interpretation of such entries requires the relevant ipNetToMediaType object to be examined.

.1.3.6.1.2.1.4.22.1.4

Table 3. Supported OIDs from the BRIDGE-MIB module
Name Description OID

dot1dBaseBridgeAddress

MAC address used by the bridge as a unique identifier. We recommend that this be the numerically smallest MAC address of all ports that belong to this bridge; however, it is only required to be unique. When concatenated with dot1dStpPriority, they form a unique BridgeIdentifier which is used in the spanning tree protocol.

.1.3.6.1.2.1.17.1.1.0

dot1dBaseNumPorts

Number of ports controlled by this bridging entity.

.1.3.6.1.2.1.17.1.2.0

dot1dBaseType

Type of bridging that this bridge can perform. If a bridge is actually performing a certain type of bridging, entries in the appropriate port table will reflect this.

.1.3.6.1.2.1.17.1.3.0

dot1dBasePort

Port number as defined by the corresponding bridge management information.

.1.3.6.1.2.1.17.1.4.1.1

dot1dPortIfIndex

Value of the ifIndex object, as defined in MIB-II, for the interface that corresponds to this port.

.1.3.6.1.2.1.17.1.4.1.2

dot1dStpProtocolSpecification

Version of the spanning tree protocol that is being run.
decLb100(2) indicates the DEC LANbridge 100 protocol.
ieee9021d(3) indicates IEE 802.1d implementations. If future versions of the IEE protocol are released that are not compatible with the current version, a new value will be defined.

.1.3.6.1.2.1.17.2.1.0

dot1dStpPriority

Value of the writeable portion of the bridge ID (for example, for first two octets of the eight-octet bridge ID). dot1dBaseBridgeAddressOther provides the final six octets of the bridge ID.

.1.3.6.1.2.1.17.2.2

dot1dStpDesignatedRoot

Bridge identifier for the root of the spanning tree, as determined by the node’s spanning tree protocol. This value is used as the root identifier parameter in all configuration bridge protocol data units (BPDUs) originated by this node.

.1.3.6.1.2.1.17.2.5

dot1dStpRootCost

Cost of the path to the root of the spanning tree, from the perspective of the current bridge.

.1.3.6.1.2.1.17.2.6

dot1dStpRootPort

Port number of the port that offers the lowest-cost path from the current bridge to the root.

.1.3.6.1.2.1.17.2.7

dot1dStpPort

Port number of the port for which this entry contains spanning tree protocol management information.

.1.3.6.1.2.1.17.2.15.1.1

dot1dStpPortPriority

Value of the property field contained in the first octet (in network byte order) of the two-octet port ID. dot1dStpPort provides the second octet of the port ID.

.1.3.6.1.2.1.17.2.15.1.2

dot1dStpPortState

Current state of the port, as defined by the spanning tree protocol. This state controls what action a port takes upon reception of a frame. If the bridge detects a malfunctioning port, it places that port into the broken(6) state. For ports that are disabled (see dot1dStpPortEnable), this object has a value of disabled(1).

.1.3.6.1.2.1.17.2.15.1.3

dot1dStpPortEnable

Port’s enabled or disabled status.

.1.3.6.1.2.1.17.2.15.1.4

dot1dStpPortPathCost

Current path’s contribution to the cost of paths toward the root. 802.1D-1990 recommends that this parameter’s default value be in inverse proportion to the speed of the attached LAN.

.1.3.6.1.2.1.17.2.15.1.5

dot1dStpPortDesignatedRoot

Unique bridge identifier of the bridge that is recorded as the root in the configuration BPDUs that the designated bridge transmitted for the segment to which the port is attached.

.1.3.6.1.2.1.17.2.15.1.6

dot1dStpPortDesignatedCost

Path cost of the segment connected to the designated port. This value is compared to the root path cost field in received BPDUs.

.1.3.6.1.2.1.17.2.15.1.7

dot1dStpPortDesignatedBridge

Identifier of the bridge that this port considers to be the designated bridge for the port’s segment.

.1.3.6.1.2.1.17.2.15.1.8

dot1dStpPortDesignatedPort

Identifier of the port on the designated bridge for the current port’s segment.

.1.3.6.1.2.1.17.2.15.1.9

dot1dTpFdbAddress

Unicast MAC address for which the bridge has forwarding or filtering information.

.1.3.6.1.2.1.17.4.3.1.1

dot1dTpFdbPort

Either 0 or the port number of the port on which a frame whose source address is equal to the value of dot1dTpFdbAddress has been seen. A value of 0 indicates that the port number has not been discovered, but that the bridge does have some forwarding or filtering information about this address (for example, stored in dot1dStaticTable).
You are encouraged to assign the port value to this object when it is discovered, even for addresses for which the value of dot1dTpFdbStatus is not learned(3).

.1.3.6.1.2.1.17.4.3.1.2

dot1dTpFdbStatus

The current entry’s status.
other(1) indicates "none of the following." This may include the case in which another MIB object (which is not dot1dTpFdbPort or an entry in the dot1dStaticTable) is being used to determine if and how frames addressed to the value of dot1dTpFdbAddress are being forwarded.
invalid(2) indicates that the entry is no longer valid (for example, the entry was discovered but has since aged out), but has not yet been flushed from the table.
learned(3) indicates that the value of dot1dTpFdbPort was discovered and is being used.
self(4) indicates that the value of dot1dTpFdbAddress represents one of the bridge’s addresses. dot1dTpFdbPort indicates which of the bridge’s ports has this address.
mgmt(5) indicates that the value of dot1dTpFdbAddress is also the value of an existing instance of dot1dStaticAddress.

.1.3.6.1.2.1.17.4.3.1.3

Table 4. Supported OIDs from the Q-BRIDGE-MIB module
Name Description OID

dot1qTpFdbPort

Either 0 or the port number of the port on which a frame whose source address is equal to the value of dot1qTpFdbAddress has been seen. A value of 0 indicates that the port number has not been discovered, but that the device does have some forwarding or filtering information about this address (for example, in the dot1qStaticUnicastTable).
You are encouraged to assign the port value to this object whenever it is discovered, even for addresses for which dot1qTpFdbStatus is not learned(3).

.1.3.6.1.2.1.17.7.1.2.2.1.2

dot1qTpFdbStatus

The current entry’s status.
other(1) indicates "none of the following." This may include the case in which another MIB object (which is not dot1qTpFdbPort or an entry in the dot1dStaticUnicastTable) is being used to determine if and how frames addressed to the value of dot1dTpFdbAddress are being forwarded.
invalid(2) indicates that the entry is no longer valid (for example, the entry was discovered but has since aged out), but has not yet been flushed from the table.
learned(3) indicates that the value of dot1dTpFdbPort was discovered and is being used.
self(4) indicates that the value of dot1dTpFdbAddress represents one of the device’s addresses. dot1dTpFdbPort indicates which of the device’s ports has this address.
mgmt(5) indicates that the value of dot1dTpFdbAddress is also the value of an existing instance of dot1dStaticAddress.

.1.3.6.1.2.1.17.7.1.2.2.1.3