Problem solve Get help with specific problems with your technologies, process and projects.

Network topology mapping: How to automate network documentation

Network topology mapping to boost security can be time-consuming. Learn how to automate network documentation with network management tools.

How often should an enterprise update its network topology documentation; what security-related information should...

we include, and are there any tools that can help automate this process?

Ask the expert

Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)

You should update your network documentation as often as your network topology changes. Hopefully, the high-level details of your network don’t change often enough for this to be a major concern.  While you might be adding and removing devices from your network daily, don’t expect the documentation to go down to the individual device level.  Instead, you’ll probably end it at the network edge – the switches and wireless access points to which end-user devices connect.  The network beyond the switch (at least outside of the data center) is simply too dynamic to document.

Here’s what I’d suggest collecting as a basic set of network documentation:

  • Diagrams that include all of your routers, firewalls, switches and security devices.  Depending upon the size of your network, you may need to break this up into pieces.  The diagram should include basic information about the devices: including names, IP addresses, connections and port assignments.
  • Detailed network diagrams of your data center that include the individual servers connected to your network.
  • Configuration files from each of your network devices that would enable you to rebuild the device in the event of a failure.

To try to automate network documentation to some degree, consider the use of network management tools to help with the tactical details of documenting your network.  There are many network management tools on the market that are capable of gathering information directly from network devices and keeping up-to-date records of device configurations and monitoring changes to those configurations.  It’s a lot easier to automate this task than to perform it by hand!

This was last published in May 2012

Dig Deeper on Real-time network monitoring and forensics

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Good article, but I think a bit misleading. Network monitoring and management is not really the same as network documentation.

Here's why I think they differ:
- Network monitoring tools only show you discovered stuff, but what about all the rest?
- Network monitoring tools typically don't show physical views or rack elevation views
- They are not very flexible in terms of modeling entities adding custom fields and visual rules
- They are usually not easy to access by non NOC people
- They have basic security
- They are usually not hierarchical enough

Eventually I think once the network is large enough you need a real network documentation tool that either has its own embedded discovery or integrates with your existing monitoring.

I am thinking tools like Manage Engine, netTerrain from Graphical Networks, or netMapper frmo Opnet.
If you are looking for free or cheap alternatives you can combine some open source with in house development, for example combining an open source documentation tool with a Nagios, Zabbix or the like.

Here is a nice article that talks about what network documentation is not :- )