characterizing vlan-induced sharing in a campus network
DESCRIPTION
Characterizing VLAN-Induced Sharing in a Campus Network. Mukarram Bin Tariq, Ahmed Mansy Nick Feamster, Mostafa Ammar {mtariq, amansy, feamster, ammar}@cc.gatech.edu. Virtual LANs (VLANs). Multiple LANs on top of a single physical network Typically map to IP subnets - PowerPoint PPT PresentationTRANSCRIPT
11
Characterizing VLAN-Induced Sharing in a Campus NetworkCharacterizing VLAN-Induced Sharing in a Campus Network
Mukarram Bin Tariq, Ahmed Mansy
Nick Feamster, Mostafa Ammar
{mtariq, amansy, feamster, ammar}@cc.gatech.edu
22
Ethernet
VLAN2
VLAN3
VLAN1
VLAN Core
Virtual LANs (VLANs)Virtual LANs (VLANs)
• Multiple LANs on top of a single physical network
• Typically map to IP subnets• Flexible design of IP subnets
– Administrative ease– Sharing infrastructure
among separate networks, e.g., for departments, experiments
• Sharing: IP networks may depend on same Ethernet infrastructure
33
Problems: Informal Operator’s SurveyProblems: Informal Operator’s Survey
“[users] can end up on portsconfigured for the wrong VLAN …. difficult for end users todetermine why their network isn't working ("but I have a link light!”)”
“I wish for insight. Better visibility into operational details”
“Using only the information the switch can give [is difficult to determine] to which VLAN or VLANs are the busy ones”
“deploy tomography tool [for the campus to isolate faulty switches]”
Need for diagnostic tools for VLANs
Shared failure modes among networks
Lack of cross-layer visibility
44
Key Questions and ContributionsKey Questions and Contributions
How to obtain visibility in sharing of Ethernet among IP networks?
EtherTrace: A tool for discovery of Ethernet devices on IP path
Passive discovery using bridge tables Does not require CDP or LLDP
How much sharing is there in a typical network?
Analysis of VLAN in Georgia Tech network
1358 Switches, 1542 VLANs Find significant sharing
How much does Ethernet visibility help?
Network tomography 2x improvement in binary tomography
using Ethernet visibility
55
EtherTrace: Maps IP to Ethernet PathsEtherTrace: Maps IP to Ethernet Paths
Due to spanning tree, frames from H1 and H2 are received on separate ports of same VLAN for switches that are on the path
C
B D
E
FA
H1
H2F
E
Frames arrive on separate ports for on-path switches
Frames arrive on same port for off-path switches
A
B
C
D EtherTrace automates discovery of Ethernet path by analyzing bridge and ARP tables, and iterating for each IP hop in IP traceroute
Works well for stable networks
Available at: http://www.gtnoise.net/ethertrace
66
Georgia Tech Campus Network DatasetGeorgia Tech Campus Network Dataset
Data sources
• 1358 Switches• 31 Routers• 79 monitoring
nodes
Dataset• Bridge tables obtained every 4 hours• ARP tables obtained every hour• IP traceroutes among monitoring
nodes every 5 minutes• One-day snapshot on March 25, 2008
Analysis
• Obtain Ethernet devices for IP traceroutes using EtherTrace• Quantify the sharing of Ethernet devices among IP hops and
paths
77
Ethernet Hops Shared among IP HopsEthernet Hops Shared among IP Hops
57% of Ethernet Hops are shared by more than 2 disjoint IP Hops
Maximum IP hops on an Ethernet interface: 34. 17 considering disjoint only
On average, an Ethernet Hop affects ~30 IP hops~4 considering disjoint IP hops only
88
Application: Improving Accuracy with Cross-layer Sharing VisibilityApplication: Improving Accuracy with Cross-layer Sharing Visibility
MetricUsing IP level
information onlyIncorporating layer-2
visibility
Accuracy: Is failed hop in the diagnosed set of hops?
Fraction of times faulty edge in diagnosed set 54% 100%
Specificity: How big is the diagnosed set relative to number of failed hops?
Size of Diagnosed Set
Average 3.7 1.48
95th %-ile9 1
Experiment1. Simulate failure of a random Ethernet hop2. Determine IP paths that are affected by the failure3. Use binary tomography to determine the hop that
has fault
99
SummarySummary
• Surprising amount of sharing– On average, an Ethernet hop affects ~30 IP hops– 57% of Ethernet hops affect two or more disjoint
IP hops • Failure of an Ethernet device affects (on average)
as many IP paths as failure of an IP device– Two orders of magnitude more Ethernet devices
• Cross-layer visibility improves diagnosis– 2x improvement in accuracy and specificity
• EtherTrace: www.gtnoise.net/ethertrace
1010
Comparison of Dependency of IP Paths on Ethernet and IP devices Comparison of Dependency of IP Paths on Ethernet and IP devices
On average, a switch or switch interface is critical to similar number of IP paths as a router or IP interface, although there are two orders of magnitude more layer-2 devices
1212
Application: Improving Accuracy with Cross-layer Sharing InsightApplication: Improving Accuracy with Cross-layer Sharing Insight• We can improve fault-localization accuracy by using layer-2 topology
information• Experiment
1. Simulate failure of a random layer-2 edge
2. Determine IP paths that are broken by the failure
3. Use Binary tomography to determine the network segment that has fault• Conventional Approach: Use Layer-3 path elements as dependencies
• Cross-layer Approach: Use layer-2 elements determined with EtherTrace as dependencies
– Metrics• Accuracy: diagnosed segment contains the failed network element
• Specificity: ratio of actual number of elements that failed to the number of layer-2 elements in diagnosed segment
1313
EtherTraceEtherTrace
• Collect Bridge tables from switches using SNMP– Table has entries of form <MAC, port, vlan-id>
• Collect ARP tables from Routers• Given IP traceroute between two hosts find layer-2
path elements as:1.De-alias router IP addresses
2.Obtain MAC addresses IP addresses on each IP hop
3.Obtain Layer-2 switches and ports for each IP hop