Sie sind auf Seite 1von 14

RESILIENCY

IN

LOCAL AREA NETWORKS (LAN’s)

By

ASAEL OMWAMBA

And

SINCLAIR GIBORE

Dept. of Computer Science Montclair State University CMPT 495-01 - Data Security Instructor: DR. Stefan Robila

1

TABLE OF CONTENTS

1 Introduction………………………………………………………………

3

1.1 Introduction…………………………………………………………

3

1.2 Local Area Networks (LAN)…………………………………………. 3

1.2.1 Design of

3

1.2.2 Peer-to-Peer Architecture……………………………………….3

1.2.3 Client-Server Architecture……………………………………

3

2 Types of Failures………………………………………………………

5

2.1 Path Failures…………………………………………………………. 5

2.2 Link Failures…………………………………………………………

5

3 How Failures Are Handled……………………………………………

5

3.1 Handling Link Failures………………………………………………. 5

3.2 Handling Path Failures………………………………………………. 6

4 Optimizing Redundancy………………………………………………… 7

4.1 Switching ……………………………………………………………… 7

4.2 Routing ………………………………………………………………… 8

4.2.1 Problems with Routing…………………………………………

10

4.2.1.1 Looping………………………………………………………… 10

4.2.1.2 How Routing Loops are Handled……………………………

11

5 Path Determination……………………………………………………

12

6 Dead Node Detection……………………………………………………

13

7 Conclusion………………………………………………………………

13

2

INTRODUCTION

A local-area network (LAN) allows businesses to share resources efficiently and thus

makes the internal communications of a business possible. This enables the internal structure of the business to share files, printers and other resources. In this paper we focus on how resiliency is achieved in a LAN. We discuss in depth the causes of path and link failures and how they are handled to attain a highly resilient LAN. The paper also discusses path determination and how dead nodes are detected in a LAN.

LOCAL AREA NETWORKS

A LAN is described as a high speed, low-error data network covering a relatively small

geographic area up to a few thousand meters. LANs connect workstations, peripherals, terminals and other devices in a single building or other geographically limited area.

Design of LANs:-LAN’s are designed to achieve the following

1) Operate within a limited geographical area 2) allow multi-access to high bandwidth media 3) Control the network privately under local administration 4) Provide full-time connectivity to local services 5) Connect physically adjacent devices

There are two major types of LANS: - These are peer-to-peer and client-server networks.

Peer-to-peer

In a peer-to-peer network, connected computers or devices act as equal partners as all

individual computers perform both the client and server function. Its main advantage is that there is no single point of failure as individual users make there own independent decisions as to whom they can share their resources with. Administration of security is also left to individual users. Figure two in the next page shows a peer-to-peer architecture

Client-Server For a client-server environment, resources are located on one computer (server) and all other computers (clients) are connected to the server. The clients send requests to the server and the server responds to these requests. This kind of architecture enhances security, control and ease of access. But on the other hand it introduces a single point of failure. Client-server is the most common type of architecture that is used today. Though this kind of architecture is ideal, there are issues associated to it that needs to be resolved in order to achieve resiliency. These issues are discussed later in this paper. Figure one in the next page shows a peer-to-peer architecture

figure 1 and 2 represent a client-server architecture and peer-to-peer

3

architecture respectively

architecture respectively 4

4

Both client-server and peer-to-peer architectures are prone to failures. These failures might be as a result of a breach of network security by way of denial of service attacks or through a natural disaster that can lead to the distraction of a network node. These failures can lead to the unavailability of the critical services in a network.

Types of Failures Failures that occur in a network can be broadly categorized into two. These are link and path failures.

Link failures Link failures are a result of a problem that may cause either the device connecting two sub-networks (in this case a router) or a device connecting multiple nodes (in this case a switch) to malfunction. This can also be a failure in the link connecting two routers or switches due to a software error, hardware problem or link disconnection.

Path failures Path failures are as a result of denial of service attacks or other spurts of traffic that cause a high degree of packet loss or high latencies. These are more significant in networks as its impact is immense than in the context of operating systems, databases and or applications. This is because critical services are denied and mission critical data cannot reach its intended destination. In these kinds of denial of service attacks, the device receiving these data is saturated and thereby rejecting any incoming data until it can clear its overload. These attacks that lead to path failures include connection flooding and Syn flood.

How failures are handled

Handling Link Failures In order to avoid link failures or design a network in which link failures are minimized, devices which are extremely fault tolerant are used. This ensures that the end-to-end availability between connected nodes is achieved. In doing so, fault tolerance of connecting devices must be highly optimized. To achieve this high fault tolerance, devices ought to have an internal redundancy for each of its key components. For example a switch connecting multiple nodes needs to have redundant processors and provisions for redundant links via interfaces that support multi-linked connections, have multiple cooling fans and or be connected to multiple power supplies. This is meant to guarantee that in case of a failure to one of the key components of the device, the device has a backup component that starts up automatically in the event the primary component fails. Thus the device does not malfunction but continues to run. This achieves a high Mean Time Between Failure (MTBF) for the networking devices. In figure 3 in the next page, all the devices used in the network are fault tolerant. This figure shows a network whose design is entirely based on the fault tolerance of its devices.

5

figure 3

figure 3 Though fault tolerant devices can achieve the elimination of link failures, they cannot by

Though fault tolerant devices can achieve the elimination of link failures, they cannot by themselves guarantee desired high network resiliency. This is because designing a network premised only on link failure elimination, results in multiple single points of failure as shown in figure 3 above. These single points of failure can overshadow any benefits that may have been attained by these highly fault tolerant devices in case any of these single points goes down. Thus design based on fault-tolerant devices must be combined with other network designs based on other factors to achieve high resiliency.

Handling Path Failures

Path failures are primarily handled by introducing redundancy in the network topology. By introducing redundancy, network nodes performing the same functionalities are situated at different location. This ensures that in case of a failure of one the nodes due to denial of service attacks or problem with the physical media, interruption of the services being provided is minimized as redundant network nodes assume the provision of the service in question that would have otherwise been down. Also upgrades and debugging of various applications can be dealt with separately in the primary and secondary paths without disruption of services thanks to redundancy in the network. For example, in a situation where there’s an email system, one of the email servers could be shadowed by another server, and therefore, when the time comes to perform an upgrade, one of the servers can be taken down for maintenance while the other is left providing necessary services. When finished, the upgraded server is brought back up, updated and then the other server is taken down for maintenance as well.

6

The introduction of redundancy in a network topology also facilitates high performance and capacity to be achieved by the network. This is so because the network can be designed to share the traffic between the primary and secondary paths under normal conditions but in case of a failure all traffic is reverted to one of the paths that is up. This will actually reduce the incremental costs of a redundant network as the secondary (redundant) paths will not be sitting idle during normal conditions in a network.

Optimizing Redundancy Redundancy is realized in a network through switching and routing. This ensures that a network is adequately segmented and secondary links established as discussed below.

Switching Switches are used to connect to multiple nodes under the same broadcast domain. A switch facilitates this since it has multiple ports that each node is hooked up to. A switch is actually a bridge with many ports. Switches operate by dynamically building and maintaining a content-addressable memory (CAM) table which holds all of the necessary MAC information for each port. When information being sent to a particular node reaches the switch, the switch checks the source and destination addresses of the frame against the contents of its CAM table and then forwards the frame to the destined address via the associated port. If the source address of the frame does not exist in its CAM table then the switch adds it to its CAM table and associates it with the port in which it reached the switch. If the destination address does not exist in its CAM table, the switch forwards it to another segment. By doing the above, the switch learns of all the nodes connected to it and forwards incoming frames accordingly. Through switching collisions are eliminated as most switches are capable of operating in full-duplex mode (ability to simultaneously transmit data between a sending station and a receiving station). Subject to the above, switches are used to connect one network segment to another. figure 4:- show a switch connecting multiple nodes

above, switches are used to connect one network segment to another. figure 4:- show a switch

7

To attain resiliency, standby paths (redundant links) are introduced as shown in figure 5 below. Switches are added to support this redundancy and they are configured appropriately to specify the underlying primary and secondary link for each given path. To achieve this configuration, a priority is assigned to each virtual interface to determine which the primary path and secondary path respectively are. In the case where more than one secondary path exists, the priorities assigned to the interfaces determine the order in which a path should be selected in case the primary path fails.

figure 5:-shows network with secondary switches

path fails. figure 5:-shows network with secondary switches Routing In routing, routers are used to connect

Routing

In routing, routers are used to connect various sub-networks in one network domain or connect two different LANs. Routers operate at layer three of the OSI model as opposed to switches that operate on layer two of the OSI. Routers use IP protocol to forward packets from the source network to the destination network. This typically means forwarding a packet from one switch to the router, and then from the router to the destination switch. The switch destination switch will then forward the packets to the destination address as previously discussed.

8

In a LAN that is segmented into multiple sub-networks, a router is needed to handle any path decisions required for the sub-nets to communicate effectively and achieve high availability of the entire network. To do this, like a switch, the router builds a reference table of all the computers (in this case all the switches) connected to it and all the available paths to them. The router will then decide how to forward data packets based on this reference table. Packets are hereby forwarded to there respective switches based on the IP address of the destination switch. The switches then forwards the frames based on MAC addresses to the respective node. Scalability is thereby achieved as local delivery to the physical sub-nets is not handled by the router but by the switch that connects each of the nodes in the subnet.

figure 6:-shows router connecting multiple sub-nets

subnet. figure 6:-shows router connecting multiple sub-nets With the above network design, a single point of

With the above network design, a single point of failure exist incase the router malfunctions. Thus resiliency is not achieved as the network is not highly available in case of failure of the router.

For resiliency to be attained, redundancy has to be introduced. This will involve introducing extra routers that will enable secondary links to be set up. Priorities for the links are established and configured to the interfaces of the virtual links. These enable primary and secondary paths to be identified and in case of the existence of multiple paths, the order in which paths are selected in case there is a failure in the primary path. Routers also facilitate the achievement of resiliency as they help to segment a network thereby creating smaller broadcast domains. If only switches are used in relatively large networks, the network can be overwhelmed by broadcast storms. These can greatly affect bandwidth. By using routers to connect switches that segment various subnets in the network structure, routers block LAN broadcasts. In this case a broadcast only affects the

9

broadcast domain in which it originated. This provides higher security and bandwidth control than would have been achieved otherwise. Figure 7 below shows a network designed with redundant routers. Incase of failure of any of the routers, each node will still be accessible via the alternate routers that exist.

figure 7

be accessible via the alternate routers that exist. figure 7 Thus a combination of switching and

Thus a combination of switching and routing in a LAN in which a proper design has been adopted will optimize resiliency thereof.

Problems with Routing

Though routers enhance resiliency in a LAN, failure to adopt the right routing protocols can cause a lot of problems in the network that can be an impediment to achieving the desired resiliency and security. The protocols adopted must also meet the demands of the network. The routers should also be correctly structured and configured in order to achieve high resiliency. One of the biggest problems that can occur as a result of this is.

Looping

This refers to a situation whereby network traffic bounces between routers infinitely. This can cause congestion to occur in the network. This would result into lower bandwidth thus leading into some traffic to be dropped. Resiliency in the network is compromised if this occurs as some traffic can not reach their destination. Therefore routing loops must be avoided for a network to be highly resilient.

10

Figure 8 explains routing loops. figure 8 in figure 8 on the left, if network

Figure 8 explains routing loops.

figure 8

in figure 8 on the left, if network 1 fails, router E sends an update to router A. Router A too stops from routing packets to network 1, but router B, C and D will continue to route to network 1 via router E as they have not been informed of the failure. When router A sends its update, routers B and D will stop routing to network 1. However network C hasn’t received an update and according to router C, network 1 can still be reached via router B. router C will send an update to D indicating that a path to network 1 through router B exist and this forces router D to change its routing table to reflect this incorrect information and sends the information to router A which updates its table to reflect this incorrect information. Router A then sends the information to router B and E and the process continues leading to an endless loop. Any packet now destined to network 1 will loop through router C to B to A to D and back to C.

How Routing loops are handled

The loop that results as the above diagram describes will continue to loop in spite of the destination network being down. Therefore a process has to be defined to get out of this loop or else the routers will loop infinitely.

One way of avoiding routing loops is introducing a maximum hop count. Distance vector routing algorithm uses hop count as one of its metrics in determining the best path to route through. Hop count is the number of routers a packet passes before it gets to its destination. With the hop count defined to a given number, packets destined to a network that is down will only be allowed to loop through the network the defined number of times before the network discards the packet.

Another way of eliminating routing loops is through split horizon. This technique prevents information about routes from exiting the router interface through which that information was received. This prevents contradictory information from being sent back to the router. For example in figure 8 above, if routing updates about network 1 arrives from router A, other routers lets say B and C cannot send information about network 1 back to router A. this prevents a loop from occurring.

Reverse route poisoning is another technique adopted by routing protocols to avoid large scale looping. These are routing updates that explicitly indicate that a network or subnet is unreachable, rather than imply that a network is unreachable by not including it in updates. If network 1 is down, router E will be set to poison the route. Router D is not affected by incorrect updates about the route to network 1. Router D will send poison

11

reverse back to E. This makes sure all routers on the segment have received the poisoned route information. This speeds up convergence between neighboring routers thus avoiding a loop.

Path Determination

Path determination is the process of selecting the best path through which packets will be routed through. This process involves deciding which port to send a packet out of to reach its destination. This is handled by layer 3 devices such as routers or layer 3 switches as this process occurs at the network layer. Routers determine the path to use based on a routing metric. A routing metric is simply a method that returns a value which indicates the route that is better than another. The lower the metric value the better the path. Metrics include bandwidth, communication cost, delay, hop count, load, maximum transmission unit (MTU), path cost and reliability. Different routing protocols use either one or a combination of the above metric to determine the desirability of a path. To achieve desired resiliency, network administrators should choose routing protocols that uses metrics that they deem fit to their network based on the services provided by their network. For example the RIP protocol uses hop count as its only routing metric whereas IGRP uses bandwidth, load, delay and reliability metrics to create a composite metric value. The following diagram shows how metrics help determine the path to be selected.

shows how metrics help determine the path to be selected. From the above diagram, there are

From the above diagram, there are three ways to reach network X:-

1)

E to B to A with a metric of 30

2)

E to C to A with a metric of 20

3)

E to D to A with a metric of 45

Based on the resultant metrics, router E would choose the second path, E to C to A since

it has the lowest cost.

12

These routes are either statically configured by the network administrator or dynamically configured by the router itself through the updates it receives from its neighboring routers. The static and dynamic configuration of routes is combined to necessitate the setting of primary and secondary paths. All default and secondary paths should be statically configured. These static routes are then overridden with the dynamic routing information. This is achieved by adjusting the administrative distance values which basically is a rating of the trustworthiness of a routing information source. The higher the value, the lower the trustworthiness rating. Therefore the static routes (secondary) are defined as less desirable than dynamic (primary) routes by configuring them with higher administrative distance values than dynamic routes. Subject to the foregoing higher resiliency will be achieved.

Dead Node Detection

A dead node is a malfunctioned router or switch resulting to unavailable paths through the node. This might be as a result of hardware failure or denial of service attacks that render that node useless thus unable to provide any further services. Failure for a network to detect a dead node would result into packets continuously being routed through this malfunctioned node resulting into packets not getting to their intended destination. This would also mean that the network would not know if the packets were successfully delivered to its intended destination. A network detects of a dead node through a periodic update of routing tables for routers and CAM tables for switches. The network discovery process (periodic updates) is meant to check for any topological changes in the network. Incase a change occurs in the network, each router is called to send its entire routing table (which includes the path cost as defined by its metric and the logical address of the router on the path to each network contained in the table) to each of its adjacent neighbors. If a network K is unreachable via let’s say router M, all paths to this unreachable network via router M will be dropped from the routing tables of all routers. This is made possible due to the periodic updates that are conducted by routers. Therefore any future packets destined to network K will not be routed via router M but will be routed via another secondary (redundant) path defined for this route. This achieves resiliency.

Conclusion

In this paper, we have discussed how resiliency can be achieved in the overall network design. This ensures that packets from a source reach a destination irrespective of any path or link failures that may be encountered. The high availability of the network is achieved through introducing redundancy either in the available paths or having highly fault-tolerant devices. Availability of redundant paths ensure that any denial of service attacks do not hinder any critical services from being available. Also fault tolerant devices that have an embedded redundancy in their key components are used. This minimizes the MTBF of devices as devices have key backup components that assume responsibilities of failed components. These two forms of redundancy guarantee a high level of resiliency that would not be achieved in their absence

13

Bibliography

Certification Zone. “Routing Loop Prevention”. 2002.

<http://www.certificationzone.com/newsletter/SL/IE-RIP-WP1-F03_RLP.html>.

Horms. "Routing Protocols.” 8 Nov. 2001.

<http://www.supersparrow.org/ss_paper/html/node9.html>.

Rolf McClellan, Nick Lippis, McClellan Consulting and ZD Tag Fellow. "Network-Level Redundancy/Resilience for High-Availability Campus LANs." Feb 1999

<http://www.cisco.com/warp/public/779/largeent/learn/technologies/campuslan.pdf>.

Google. “Google Image Search”. 2005 <http://www.google.com/imghp?hl=en&tab=wi&q=>

Cisco. “Cisco Networking Academy Program”. 2003 <http://www.cisco.com/edu/>

G. Goos and J. Hartmanis. Lecture Notes in Computer Science; 184. 1985

Goldman, James

Wiley & Sons, Inc, 1997.

Local Area Networks: A Client/Server Approach. Canada: John

Kibirige, Harry M. Local Area Networks in Information Management. Westport, Connecticut: Greenwood Press, 1989

14