l2trace

The TUI in one glance

The OPS dashboard answers “what’s broken right now?” at a glance — and the as-of header at the top means it answers the same question for any T.

What’s the point?

Existing OSS network tools (Netdisco, NetDB, NeDi, LibreNMS) answer “where is MAC X right now?” well. They struggle with two harder questions:

• What L2 path does a frame from A to B take through the fabric — hop by hop, now?
• Same question, but at 14:42 UTC three weeks ago?

l2trace is built around those two questions.

Bitemporal

Every observation carries two time ranges: when it was true on the network (valid_during) and when we believed it (recorded_during). “As of T” queries are first-class on both axes.

Hop-by-hop

A Postgres recursive CTE walks adjacencies, filters STP-blocking edges, handles MLAG group collapse, and terminates cleanly on flood / dead-end / loop.

Multi-source

gNMI streaming + SNMP polling + SSH (show mac-address-table via napalm) collect FDB and LLDP in parallel. A reconciler converges them into one bitemporal log, quarantining events that disagree and surfacing one-way LLDP via the adjacency audit.

Operator-first

Keyboard-driven Textual TUI with four modes (TRACE / HISTORY / OPS / AUDIT) and an ambient as-of timestamp picker. No browser, no clicking.

How the docs are organized

These docs follow the Diátaxis framework — four kinds of writing, each answering a different question:

Tutorial

Learning by doing. Start from make up and end with your first bitemporal traceroute. → Start here

How-to

Task-oriented recipes. “I want to find out who flapped this MAC last week.” → How-to guides

Reference

Look-up facts. CLI flags, schema columns, event envelope fields. → Reference

Explanation

Why it works that way. The bitemporal model, the traceroute algorithm, the reconciler’s late-arrival rule. → Explanation