Mapping link-layer connectivity
The newest member of the WhatsUp Gold plug-in family is WhatsConnected ($1895). Unlike VoIP and NetFlow Monitor plug-ins, WhatsConnected can be used by itself or to complement other WhatsUp Gold discovery methods. WhatsConnected is licensed as a plug-in—WhatsUp Gold is required to install and activate this tool. But thereafter, WhatsConnected can be launched through the console or executed directly.

As discussed in Part 1, standard WhatsUp Gold discovery relies upon network and transport layer protocols—ICMP, NetBIOS, and/or SNMP to find devices, followed by UDP/TCP port scans and SNMP/WMI queries to identify services. While these methods are effective at discovering IP-addressable devices, they do not map physical or virtual link layer connectivity. WhatsConnected fills this gap by automatically mapping your physical network, tracing link layer relationships, and gathering asset attributes to help flesh out equipment inventory databases.

WhatsConnected is a layer two discovery and mapping tool that employs two methods: ICMP ping sweeps and SNMP-based ARP cache crawls. Start by using the latter method to pull ARP caches from one or more discovery starting points—these should be SNMP-capable routers and/or switches located throughout your network. Use ping sweeps to fill in gaps—for example, to find host devices not discovered by ARP cache crawls.

During discovery (see Figure 6), WhatsConnected uses all SNMP-accessible ARP entries and ICMP responses to find active devices located throughout your network and how they are physically interconnected. You can repeat any past discovery to spot new devices (e.g., rogue APs, hosts that were inactive). Because ARP caches change based on recent activity, discovery do results vary, but you can save and merge results to create an aggregate device list. Scheduled discovery (a la WhatsUp Gold Active Discovery) would be a welcome addition.

By analyzing connectivity at a lower layer, WhatsConnected can produce more complete topo maps than WhatsUp Gold SmartScan. For example, after SmartScan discovery, you must manually link devices inside each subnet. But WhatsConnected ARP discovery generates a single "Network Devices" map that includes all of your SNMP-accessible routers, switches, and access points and the links between them (see Figure 7).

By aggregating ARP entries, WhatsConnected discovers the physical relationships that Network Devices learn for themselves using link layer discovery protocols (e.g., LLDP, CDP, NDP). In essence, it constructs one "big picture" by assembling all of the "little pictures" known to individual routers and switches, without having to actually speak all of those link layer discovery protocols.

However, we found that WhatsConnected could not map beyond unmanaged routers. Specifically, it could discover unmanaged routers and their subnets using ICMP, but it could not connect those subnets to the rest of the network or apply layer two traces to those "disconnected" devices. For example, in Figure 7, 192.168.15.1 is a non-SNMP router discovered via ICMP—we could add this device to our topo map but we could not link other devices that lay beyond that point. This limitation applies not only to simple SOHO routers, but also to enterprise routers that permit SNMPv3 only (WhatsConnected currently supports SNMPv1 and v2c only).

WhatsConnected makes it very easy to generate your own maps by providing simple add/remove device menus and fully-automated layout tools. In Figure 8, we have organized our own maps into two logical groups (local and remote) and created several local maps (hosts, routers, switches, all devices) simply by selecting discovered devices from supplied lists. WhatsConnected can apply its understanding of link layer relationships to add the devices that are "connected" to any device you might select, automatically drawing radial or hierarchical lines to represent that physical connectivity.

We found this to be a real time-saver, letting us quickly draw maps of interest to us. Results were not perfect—for example, WhatsConnected treated one of our VMware servers like a router because of its connectivity, but we didn't want our map to reflect that. Fortunately, WhatsConnected let us simply remove that unwanted device from that particular map, without removing it from the device list altogether. And when lines cross where you don't want them to, a manual layout option can be used to fine-tune automated layouts.

But WhatsConnected is much more than a mapping tool. All discovered devices are automatically categorized based on SNMP attributes (see Figure 9). If you don't like the category chosen by WhatsConnected, you can define a custom sysObjectID mapping (as we did when WhatsConnected categorized our APs as switches). Double-clicking on any individual device brings up a detailed Device Viewer that can be used to browse the SNMP attributes retrieved by WhatsConnected, including IP addresses, interfaces, ports, VLANs, links, routes, ARP cache entries, forwarding table entries, and system attributes that are useful for equipment inventory purposes. Naturally, WhatsConnected cannot display this level of detail for all discovered objects—only those that provide SNMP access to these attributes.

Browsing this device detail can be helpful to understand link layer connectivity, but the real value here comes from exporting this information to other programs. Specifically, WhatsConnected can export auto-created and custom maps to Visio, creating drawings complete with device/link labels and system attributes represented as "shape data." WhatsConnected can also export these topo maps to WhatsUp Gold (see Figure 10), representing each exported map as its own WhatsUp Gold Device Group.

Figure 10 illustrates several key export features. First, exported maps are not simply drawings—they can result in the automatic creation of WhatsUp Gold Active and Performance Monitors for each device. Second, exported maps automate logical link creation, so that WhatsUp Gold operators no longer have to add these relationships manually. Furthermore, each link is labeled, making these lines far more informative than "regular" WhatsUp Gold logical links. If discovered devices do not already exist in WhatsUp Gold's database, they are created during export. For devices that do already exist, exported information is simply merged with the existing the database object.

Figure 10 also shows several polling dependencies that were created by WhatsConnected. Here again, export automates what was a somewhat tedious but important manual process in WhatsUp Gold. However, WhatsConnected does not fully automate dependency creation. Rather, it provides a Layer2 Trace tool that can be invoked to establish the dependency by tracing link layer connectivity in real-time between a selected Source and Destination device. Once traced, that relationship is then exported to WhatsUp Gold along with the rest of your map and device details.

In fact, WhatsConnected provides a pair of extremely helpful utilities: the aforementioned Layer2 Trace and a new IP/MAC Finder (see Figure 11). Together, these utilities fill in a common blind spot, providing information that most network operators find essential for trouble-shooting. The only catch is that these utilities only present information that WhatsConnected discovers using SNMP to query ARP caches and SNMP attributes. Specifically, there were cases where we could traceroute from one device to another, but WhatsConnected was not able to perform a Layer2 trace because the source or destination or some switch/router in between them wasn't SNMP-capable.

Based on our brief test-drive of WhatsConnected, we're convinced that WhatsUp Gold customers will find this plug-in very valuable. It doesn't duplicate WhatsUp Gold service-level discovery, but rather fills in significant gaps in WhatsUp Gold layer two visibility and topo mapping. On the other hand, this $1895 plug-in will be too rich for entry-level WhatsUp Gold customers. The kinks we encountered are not altogether unexpected in a first release, but we'd like to see Ipswitch clean these up and make WhatsConnected more fully-consistent with WhatsUp Gold (e.g., scheduled discovery, SNMP version support).

Conclusion
Unlike open source network monitoring tools like Nagios, WhatsUp Gold runs on Windows platforms, backed by a plethora of GUI-driven wizards that enable ease of installation, set-up, and use. On the other hand, Nagios users can leverage a large collection of industry-authored plug-ins. These new WhatsUp Gold plug-ins don't provide that kind of extensibility—they are commercial add-ons, authored by Ipswitch. On the other hand, WhatsUp Gold customers could start to share custom monitor and action scripts, using the new VBScript/JScript interfaces.

We believe that smaller businesses will still find WhatsUp Gold v12.3.1 approachable in terms of price and simplicity. Larger organizations will appreciate how WhatsUp Gold has matured—from the scalability improvements in Distributed/MSP Editions and the WhatsConnected plug-in to the service-level monitoring extensions embodied by recent WMI/Active Monitor additions and VoIP/NetFlow plug-ins to the customizable, real-time visibility available through the new web GUI. However, feature growth also adds complexity and cost. As Ipswitch introduces new plug-ins, we hope that they will preserve overall consistency and keep the total price of this increasingly-powerful platform within SMB reach.