Page tree

The Path Discovery envoy traces data paths through a network to see if assets communicate properly. It runs trace routes (i.e., traceRoute) to target networks using the protocols ICMP, UDP, and/or TCP.  The IP address of each hop observed during these traces is recorded.

Path Discovery gathers information about the connectivity of the entire network by sending a series of standard, properly formed packets with varying time-to-live (TTL) values. Lumeta only needs to send one series of packets per protocol to each CIDR block in the expanded CIDR block list, so minimal traffic is generated. Lumeta sends Path Discovery (TTL and SNMP) packets using a “fan-out” algorithm that spreads the traffic out across the targeted IP address space. This prevents the saturation of any single network or network device.

The traffic that Path Discovery generates is controlled by specifying the desired level of CIDR expansion, and the scanning packet rate. Path Discovery also gathers select information via SNMP (system, interface, route table, ARP table, among others), but it is careful to collect only select information so as not to burden the routers or to generate large volumes of traffic.

In a secure network environment, it's important to know what Ports are accessed and used by your management applications. Path Discovery is an agentless discovery tool that allows the Notification Server to go out on the wire and discover what devices exist.

The value of Path Discovery in Lumeta depends on a collector being placed on a subnet (or given an IP address) that is authorized to poll the routers for SNMP. This may require modification of access control lists (ACL) to permit SNMP access from Lumeta.

Path Discovery uses the following ports:

  • ICMP: (no port)
  • SNMP: UDP 161
  • DNS: UDP 53
  • UDP High Port:  Port range  33435 to 33435 plus the hop number (starting with hop number 1)
  • TCP: User-specified ports

Advanced Optional Configuration

  • Use Custom TCP Ports:  Similar to Host Discovery you can define a TCP Port to use for Path Discovery.
  • Trace to Hosts: Trace to any hosts that was discovered via Host Discovery in addition to the CIDRs that are in the Discovery Spaces for the Zone (Target List, Eligible List)
  • Trace Discovered Routes: Target routes that were discovered via SNMP, BGP, and OSPF Discovery in addition to devices that are in the Discovery Spaces for the Zone (Target List, Eligible List)
  • Maximum Consecutive Stealths:  Stealth Devices are hops on a path that pass the packet through but give no other information.  This field limits the amount of consecutive stealths a packet will travel.  For example, from this terminal you would need to set maximum stealths to 2 for the packet to continue to 8.8.8.8.

                 

  • Maximum Unknown Hops: Maximum amount of Unknown Devices not covered by CIDRs in the known list the packet will travel in Path Discovery.  In below screenshot if 142.251.0.0/16 was not in the Known List then you would need to define 3 Unknown Hops.

                 

Configuring Path Discovery 

  To configure Path Discovery:

  1. Browse to Settings > Zones.
  2. Select the zone and collector on which you want to add Path Discovery.
  3. Click the Path tab.
    Path is initially disabled and defaults settings are visible.

  4. Edit the form as necessary, and then click Update.



    The Path configuration is complete. The discovery of routes traversed initiates with these settings. 


  • No labels