repeaterssugih/courses/eecs489/lectures/23-lan.pdf• segment: a layer-2 collision domain •...
TRANSCRIPT
Computer Networks
Lecture23:LANConnectivity
Repeaters
Ethernetsegmentislimitedto500mduetosignalattenuation
Arepeater:
• ananalogelectronicdevice
• continuouslymonitorselectricalsignalsoneachLAN
• repeatsandstrengthens/amplifiessignal
Ethernetonlyallows4repeaters:max2.5km.Why?
Repeater
Hubs
Hubsjoinsmultipleinputlineselectrically
• bitscomingfromonelinkgooutallotherlinks
• atthesamerate
• noframebuffering
• donotnecessarilyamplifysignal
• extendsmaxdistancebetweennodes
NoCSMA/CDathub:
• collisiondetectionlefttohostadaptors• individualsegmentcollision
domainsbecomeonelarge
collisiondomain
hub
hub
hub
hub
LimitationsofRepeatersandHubs
Onelargesharedlink• eachbitispropagatedtothewholenetwork
• aggregatethroughputislimited
• e.g.,threedepartmentseachhasa10MbpsLAN
• ifconnectedviaahub,theymustsharethe10Mbps
CannotsupportmultipleLANtechnologies• doesnotbufferorinterpretframes
• can’tinterconnectbetweendifferentratesorformats
• e.g.,can’tinterconnect10BaseT&100BaseT
Limitationsonmaximum#nodesanddistances• sharedmediumimposeslengthlimits
• e.g.,cannotgobeyond2500metersonEthernet
Switches/Bridges
Linklayerrouter-equivalent:
• connectLANsatthelinklayer
• unlikerouters,onlyknowwhether
anodeisinasegment
• canconnectsegmentswithdifferentMACprotocols
• canalsoconnectdirectlytohost,atfullduplex
Storeandforwardframesbetweensegments
• extractsdestinationaddressfromtheframe
• looksupthedestinationinatable
hub hub
hub
switch
1 2
3
Bridges/SwitchesSupportconcurrentcommunication(A�C,B�D)
• doesnotpropagateinterferenceandcollisions�mustbuffer
• whenaframeistobeforwardedonasegment,
usesCSMA/CDtoaccesssegment
• increaseeffective/aggregatebandwidthofaLANby
takingadvantageofspatiallocality
host host host host host
host host host host host
host
host
Bridge
A
C
B
D
TransparentBridges/Switches
Transparent:hostsareunawareofthepresenceofswitches
Eachswitchhasaswitchtable
Entryinswitchtable:
• <MACaddress,interface,timestamp>
• staleentriesintabledropped(TTLcanbe60mins)
Plug-and-play:self-learningswitches
donotneedtobeconfigured
hub hub
hub
switch
1 2
3
BackwardLearning
Howdoesaswitchknowatwhichsegmentanodeislocated?
Backwardlearning:
• whenaframeisreceived,switch“learns”theincominginterfacethroughwhichasendermaybereached
• recordssender/interfacepairinswitchtable
FrameFiltering/ForwardingWhenaswitchreceivesaframe:
LookfortheMACdestinationaddressinswitchtable
ifentryfoundfordestination{
ifdestinationisonthesamesegmentfromwhichframearrived{
droptheframe
}else{
forwardtheframeoninterfaceindicated
}
}else{
flood//forwardtoallinterfacesexcepttheincominginterface
}
FloodingExample
SupposeCsendsaframetoD
SwitchreceivesframefromC recordsinswitchtablethatCisoninterface1becauseDisnotintable,switchforwards
frametointerfaces2and3framereceivedbyD
hub hub hub
switch
A
B CD
EF G H
I
address interface
ABEG
1123
1 2 3
BackwardLearningExample
SupposeDnowsendsaframetoC
SwitchreceivesframefromD recordsinswitchtablethatDisoninterface2becauseCisintable,switchforwardsframe
onlytointerface1framereceivedbyC
hub hub hub
switch
A
B CD
EF G H
I
address interface
ABEGCD
112312
1 2 3
Switch:TrafficIsolationSwitchbreakssubnetintoLANsegments
Switchfilterspackets:• same-LAN-segmentframesarenotusuallyforwardedontootherLANsegments
• segmentsbecomeseparatecollisiondomains
hub hubhub
switch
collisiondomain collisiondomain
collisiondomain
Switches:DedicatedAccess
Hostscanhavedirectconnectiontoswitch• fullduplex:dedicatedtransmissionline
ineachdirection,stillCSMA/CD,
butnochanceofcollision
Switching:A-to-DandB-to-Esimultaneously,nocollisions
Switchescansupportcombinationsofshared/dedicatedand
10/100/1000Mbpsinterfaces
switch
A
D
B
E
C
F
Cut-ThroughSwitching
Bufferingdelaycanbeahighfractionoftotaldelay• receivingaframeoflengthLfromalinkwithtransmission
rateRtakesL/Rtimeunits
• overshortdistancespropagationdelayissmall
• andbufferingdelaycanbecomealargefractionoftotal
Cut-throughswitching:streamingtransmission• inspecttheframeheaderanddothetablelook-up
• ifoutgoinglinkisidle,immediatelystartforwardingthe
headoftheframetotheoutgoinglink• whilestillreceivingthetailviatheincominglink
A B
switches
ExampleEnterpriseNetworkSwitch/HubInstallment
hub hubhub
switch
toexternalnetwork
router
IPsubnet
mailserver
webserver
CyclesandBroadcastStorm
LANsmayformcycles• eitheraccidentally,orbydesign,forhigherreliability• useoffloodingcanleadtoforwardingloops
• causing“broadcaststorm”
Topreventbroadcaststorm,
switchesneedtoavoidsome
linkswhenflooding,soasnottoformaloop
Howtodecidewhichlinktoavoid?
SpanningTreeWhatisaspanningtreeofagraph?• asub-graphthatcoversallnodes,butcontainsnocycle
Toavoidloops,linksnotinthespanningtreedonot
forwardframes
Needadistributedalgorithmtocomputespanningtree• switchescooperatetobuildthespanningtree
• andadaptautomaticallywhenfailuresoccur[afterRexford]
ConstructingaSpanningTreeKeyingredientsofthealgorithm
• switchesneedtoelecta“root”• root::=theswitchwiththesmallestidentifier
• “rootmessages”oftheform(X, R, d)isbroadcast• XistheIDofthenodesending/forwardingtherootmessage• Risthecurrentroot(smallestIDseen)• disX’scost/distancetoR
• eachswitchcheckswhetheritsinterfaceisonthe
shortestpathfromtheroot• excludefromthespanningtreeinterfacesnotontheshortestpathfromroot,breaktiebyID
• eachLANhasadesignatedswitch• multipleswitcheselectonewithshortestrootpath,breaktiebyID
[afterRexford]
StepsinSpanningTreeAlgorithm
Initially,eachswitchthinksitistheroot• switchsendsarootmessageouteveryinterface
• identifyingitselfastherootwithdistance0• example:switchXannounces(X, X, 0)
Switchesupdatetheir“rootview”• uponreceivingarootmessage,checktherootid
• ifthenewidissmaller,startviewingthatswitchasroot
Switchescomputetheirdistancefromtheroot• add1tothedistancereceivedfromaneighbor
• identifyinterfacesnotonashortestpathtotheroot• andexcludethemfromthespanningtree
• floodanupdatedrootmessage
[afterRexford]
ExamplefromSwitch4’sViewpoint
Switch4thinksitistheroot• sends(4, 4, 0)rootmessageto2and7
Then,switch4hearsfromswitch2• receives(2, 2, 0)rootmessagefrom2• andthinksthatswitch2istheroot• atdistanceonehopaway
Then,switch4hearsfromswitch7• receives(7, 2, 1)from7• realizesthatthisisalongerpath• so,prefersitsown1-hoppath(onrootport)• andremoves4-7linkfromthetree
1
2
3
4
5
67
[afterRexford]
Switch2hearsaboutswitch1• switch2hears(3, 1, 1)from3• switch2startstreating1asroot• andsends(2, 1, 2)toneighbors
Switch4hearsfromswitch2• switch4startstreating1asroot• andsends(4, 1, 3)toneighbors
Switch4hearsfromswitch7• switch4receives(7, 1, 3)from7• andrealizesthatthisisalongerpath• prefersitsown3-hoppath(onrootport)• andremoves4-7Iinkfromthetree
ExamplefromSwitch4’sViewpoint
1
2
3
4
5
67
[afterRexford]
RobustSpanning-TreeAlgorithm
Algorithmmustreacttofailures• failureoftherootnode• needtoelectanewroot,withthenextlowestidentifier
• failureofotherswitchesandlinks• needtore-computethespanningtree
Rootswitchcontinuestosendrootmessages• periodicallyre-announcesitselfastheroot(1, 1, 0)• otherswitchescontinuetoforwardrootmessages
Detectfailuresthroughtimeout(softstate)• aswitchwaitstohearfromothers• eventuallytimesoutandclaimstobetheroot,and
restartsthedistributedalgorithmalloveragain
[afterRexford]
ForwardingonSpanningTreeSummaryofdistributedspanningtreecomputation:• switchwithlowestIDbecomesrootoftree
• allswitches(exceptroot)determinerootport(porttoroot)
• thespanningtreeconsistsofswitchesandroot-portlinks
• designated-portlinksconnectdesignatedswitchestoLANs
Forwardingonthetree:
• forwardframesonlyonroot-portanddesignated-portlinks
• treedoesnotprovideshortestpath,e.g.,AtoCdoesnotgothroughB3
Peterson&Davie
AdvantagesofSwitchesoverHubs/Repeaters
Onlyforwardsframesasneeded• filtersframestoavoidunnecessaryloadonsegments
• sendsframesonlytosegmentsthatneedtoseethem
Extendsthegeographicspanofthenetwork• separatesegmentsallowlongerdistances
Improvesprivacybylimitingscopeofframes• hostscan“snoop”onlythetraffictraversingtheirsegment
Canjoinsegmentsusingdifferenttechnologies
[afterRexford]
DisadvantagesofSwitchesoverHubs/RepeatersDelayinforwardingframes• bridge/switchmustreceiveandparsetheframe
• andperformalook-uptodecidewheretoforward
• storingandforwardingthepacketintroducesdelay
• solution:cut-throughswitching
Needtolearnwheretoforwardframes• bridge/switchneedstoconstructaforwardingtable
• ideally,withoutinterventionfromnetworkadministrators
• solution:self-learning
Highercost• morecomplicateddevicescostmoremoney
[afterRexford]
Switchesvs.Routers
Bothstore-and-forwarddevices
Givenbridges/switches,whydowestillneedrouters?
• routersarenetworklayerdevices(whatdoesthismean?)
• routersmaintainroutingtables,implementroutingalgorithms
• switchesarelinklayerdevices
• switchesmaintainswitchtables,implementfiltering,backwardlearningalgorithms
Switch
Segmentvs.Subnet
Acommonlyuseddifferentiator:
• segment:alayer-2collisiondomain
• subnet:alayer-3broadcastdomain
Asubnetmaycontainmultiplesegments
Asegmentmaycontainmultiplesubnets(notrecommended)
“Segment”isalsooftenusedtosimplymean“partofanetwork”notalwaysaccordingtoaprecisetechnicaldefinition
MovingFromSwitchestoRouters
Advantagesofswitchesoverrouters• plug-and-play• fastfilteringandforwardingofframes
Disadvantagesofswitchesoverrouters• topologyisrestrictedtoaspanningtree• largenetworksrequirelargeARPtables
• broadcaststormscancausenetworkcollapse
[afterRexford]
ComparingHubs,Switches,Routers
Hub/Repeater
Bridge/Switch
Router
Trafficisolation ✗ ✔ ✔
PlugandPlay ✔ ✔ ✗
Efficientrouting ✗ ✗ ✔
Cutthrough ✔ ✔ ✗
[afterRexford]
EvolutionTowardVirtualLANs
WhenbeingpartofaLANmeanstappingintoacablethatpasses
throughone’soffice• peopleinadjacentofficeswereputonthesameLAN
• regardlessoftheirfunctionalrole
Withhubsandswitchessittingincentralwiringclosets,oftenwith
multipleLANs(khubs)connectedbyswitches• adjacentofficescanbe
mappedtodifferentLANs
[afterRexford]
hubhub
switch
wiringcloset
WhyGroupbyOrganizationalStructure?Security• Ethernetisasharedmedia
• anyinterfacecardcanbeputinto“promiscuous”mode
• andgetacopyofallofthetraffic(e.g.,midtermexam)
• so,isolatingtrafficonseparateLANsimprovessecurity
Load• someLANsegmentsaremoreheavilyusedthanothers• e.g.,researchersrunningexperimentsthatgetoutofhandcansaturatetheirownsegmentandnottheothers
• plus,theremaybenaturallocalityofcommunication• e.g.,trafficbetweenpeopleinthesameresearchgroup
[afterRexford]
LANReconfiguration
Organizationalchangesarefrequent• administrativeofficebecomesamarketingoffice
• technicalsupportpersonnelbecomesanadministrativepersonnel
• aspeoplechangerole,theirmachinesmovefromoneLANto
another
Physicalrewiringisamajorpain• requiresunpluggingthecablefromoneport
• andpluggingitintoanother• andhopingthecableislongenoughtoreach• andhopingyoudon’tmakeamistake
Wouldliketo“rewire”thebuildinginsoftware• theresultingconceptisaVirtualLAN(VLAN)
[afterRexford]
VLANsImplementationsAddconfigurationtablesatbridges/switches• sayingwhichVLANsareaccessibleviawhichinterfaces
ApproachestoVLANmapping:• giveeachinterfaceaVLAN“color”• onlyworksifallhostsonthesamesegmentbelongtothesameVLAN
• giveeachMACaddressaVLAN“color”• usefulwhenhostsonthesamesegmentbelongtodifferentVLANs• usefulwhenhostsmovefromonephysicallocationtoanother
ChangeEthernetheader• addafieldforVLANtag
• recognizedbybridges/switchesonly• ignoredbyoldEthernetcards
[afterRexford]
Example:TwoVirtualLANs
RedVLANandOrangeVLANSwitchesforwardtrafficasneeded
R
O
RO
R
R
R
OOOR OR R R
O
O
O
[Rexford]
RedVLANandOrangeVLANBridgesforwardtrafficasneeded
RRO RO
ORO
Example:TwoVirtualLANs
[Rexford]
EthernetSwitches
Independent• followtheirownrules
• determinetheirownforwardingpath
• responsibleforVLANandotherservices
• communicatetopologyinformationwiththeirpeers
Onceaperson/hostgetsonanEthernet
network,itcandoanything
Whatifwewanttohavefinercontrolofwhata
host/personcandoonaLAN?
Ethane:aPrototypeSoftware-DefinedNetwork(SDN)
CentralizedNetworkControl• networkrulesenforcedbynetworkcontroller
• controllermonitorsandapprovesalltraffic• allowsforcompletepolicy-basedcontrolofthenetwork
• accesscontrolsbuiltin• networkunderstandsusers,hardware,topology,andpolicies
• controllerresponsiblefordamage-routing
[C+5]
FlowSetupProcess1. UserAtriestoconnecttoUserB
2. UserAtoUserBflowisn’tinSwitch1’sflowtable,
sothepacketisforwardedtotheController
3. Controllereitherapprovesordeniesroute
4. Ifapproved,Switch1andSwitch2establishaflowfromUserAtoUserB
[C+5]
Ethane’sAssumptions
Policydeterminespacketflow
Networkshouldmaintainastrong
connectionbetweenusersandtraffic
Bakesecurityintonetworkpolicy
Policyshouldbesimpletoimplement
Incrementaldeployability• shouldworkwithEthernet
EthanePolicyConfiguration
TheconfigurationlanguageforEthane:
• compiledintocontroller
• individualrulesareANDedofsimplestatements
• allowsforuser-basedrules
• rulesprioritydetermined
byorderinfile
• veryhuman-readable
[C+5]
Dependentoncontroller• requiresconnectiontocontrollertoroutenewtraffic
• communicateswithcontrolleroverasecurechannel
Simple• minimalon-boardlogic• “flow”tablelookuponly• onlystoresactiveflows• nounderstandingofnetworktopology• noNATknowledge• noVLANsupport
SDNSwitchesFlowTableEntry �
Type0OpenFlowSwitch
Switchport
MACsrc
MACdst
Ethtype
VLANID
IPsrc
IPdst
IPprot
TCPsport
TCPdport
Rule Action Stats
1. Forwardpackettoport(s)2. Encapsulateandforwardtocontroller3. Droppacket4. Sendtonormalprocessingpipeline
+mask
Packet+bytecounters
TheNetworkController
SwitchesreportnetworktopologytoNetworkController(NC)• NCusesthistocreateflowrules
Controlsallroutesbetweenhosts• allowsforprioritization
• NChandlescongestion• canrestrictclientmovement
HandlesAuthentication• users,devices,switches• understandswhereauserisphysicallyconnectedtothenetwork
TheNetworkController
Informedoflinkfailuresandupdatesflowrules
Cancutoffmisbehavinghostsattheswitch,
completelydenyingnetworkaccess
Supportsresourcelimitsonclients
Handlesbroadcastrequests
Allowsforverydetailednetworkusagelogs• usefulforfailurepost-mortems
• presentssomethingofaprivacyrisk [C+5]
SDNnotLimitedtoLANB4:Google’sWAN
• connectsafewdozenWANdatacenters
• hasbeenindeploymentsinceJuly2010• mosttrafficcarried:synchronizinglargedatasets
• usesSDNandOpenFlowtoimplementTrafficEngineering
• controlofedgesitesandapplications:• re-routetraffictolesscongestedpath
• schedulebackuptraffictoquiettime