Upload
stevensnr
View
217
Download
0
Embed Size (px)
Citation preview
8/6/2019 Resiliency in LANS Revised
1/14
1
RESILIENCY IN
LOCAL AREA NETWORKS (LANs)
By
ASAEL OMWAMBA
And
SINCLAIR GIBORE
Dept. of Computer ScienceMontclair State University
CMPT 495-01 - Data SecurityInstructor: DR. Stefan Robila
8/6/2019 Resiliency in LANS Revised
2/14
2
TABLE OF CONTENTS
1 Introduction.. 3
1.1Introduction.... 3
1.2Local Area Networks (LAN). 31.2.1 Design of LAN. . 31.2.2 Peer-to-Peer Architecture.31.2.3 Client-Server Architecture.. 3
2
Types of Failures.. 5
2.1Path Failures. 52.2Link Failures.. 5
3 How Failures Are Handled.. 53.1Handling Link Failures. 53.2 Handling Path Failures. 6
4 Optimizing Redundancy 74.1Switching 74.2Routing 8
4.2.1 Problems with Routing.. 104.2.1.1Looping 104.2.1.2How Routing Loops are Handled.. 11
5 Path Determination... 126 Dead Node Detection.. 137 Conclusion.. 13
8/6/2019 Resiliency in LANS Revised
3/14
3
INTRODUCTION
A local-area network (LAN) allows businesses to share resources efficiently and thus
makes the internal communications of a business possible. This enables the internal
structure of the business to share files, printers and other resources.In this paper we focus on how resiliency is achieved in a LAN. We discuss in depth the
causes of path and link failures and how they are handled to attain a highly resilient LAN.The paper also discusses path determination and how dead nodes are detected in a LAN.
LOCAL AREA NETWORKS
A LAN is described as a high speed, low-error data network covering a relatively small
geographic area up to a few thousand meters. LANs connect workstations, peripherals,
terminals and other devices in a single building or other geographically limited area.
Design of LANs:-LANs are designed to achieve the following
1) Operate within a limited geographical area
2) allow multi-access to high bandwidth media
3) Control the network privately under local administration4) Provide full-time connectivity to local services
5) Connect physically adjacent devices
There are two major types of LANS: - These are peer-to-peer and client-server networks.
Peer-to-peerIn a peer-to-peer network, connected computers or devices act as equal partners as all
individual computers perform both the client and server function. Its main advantage is
that there is no single point of failure as individual users make there own independent
decisions as to whom they can share their resources with. Administration of security isalso left to individual users.
Figure two in the next page shows a peer-to-peer architecture
Client-ServerFor a client-server environment, resources are located on one computer (server) and all
other computers (clients) are connected to the server. The clients send requests to the
server and the server responds to these requests. This kind of architecture enhancessecurity, control and ease of access. But on the other hand it introduces a single point of
failure. Client-server is the most common type of architecture that is used today.
Though this kind of architecture is ideal, there are issues associated to it that needs to beresolved in order to achieve resiliency. These issues are discussed later in this paper.
Figure one in the next page shows a peer-to-peer architecture
figure 1 and 2 represent a client-server architecture and peer-to-peer
8/6/2019 Resiliency in LANS Revised
4/14
4
architecture respectively
8/6/2019 Resiliency in LANS Revised
5/14
5
Both client-server and peer-to-peer architectures are prone to failures. These failures
might be as a result of a breach of network security by way of denial of service attacks orthrough a natural disaster that can lead to the distraction of a network node. These
failures can lead to the unavailability of the critical services in a network.
Types of FailuresFailures that occur in a network can be broadly categorized into two. These are link and
path failures.
Link failuresLink failures are a result of a problem that may cause either the device connecting twosub-networks (in this case a router) or a device connecting multiple nodes (in this case a
switch) to malfunction. This can also be a failure in the link connecting two routers or
switches due to a software error, hardware problem or link disconnection.
Path failures
Path failures are as a result of denial of service attacks or other spurts of traffic that causea high degree of packet loss or high latencies. These are more significant in networks asits impact is immense than in the context of operating systems, databases and or
applications. This is because critical services are denied and mission critical data cannot
reach its intended destination. In these kinds of denial of service attacks, the devicereceiving these data is saturated and thereby rejecting any incoming data until it can clear
its overload. These attacks that lead to path failures include connection flooding and Syn
flood.
How failures are handled
Handling Link FailuresIn order to avoid link failures or design a network in which link failures are minimized,
devices which are extremely fault tolerant are used. This ensures that the end-to-end
availability between connected nodes is achieved. In doing so, fault tolerance ofconnecting devices must be highly optimized.
To achieve this high fault tolerance, devices ought to have an internal redundancy for
each of its key components. For example a switch connecting multiple nodes needs to
have redundant processors and provisions for redundant links via interfaces that supportmulti-linked connections, have multiple cooling fans and or be connected to multiple
power supplies. This is meant to guarantee that in case of a failure to one of the key
components of the device, the device has a backup component that starts up automaticallyin the event the primary component fails. Thus the device does not malfunction but
continues to run. This achieves a high Mean Time Between Failure (MTBF) for the
networking devices.In figure 3 in the next page, all the devices used in the network are fault tolerant. This
figure shows a network whose design is entirely based on the fault tolerance of its
devices.
8/6/2019 Resiliency in LANS Revised
6/14
6
figure 3
Though fault tolerant devices can achieve the elimination of link failures, they cannot by
themselves guarantee desired high network resiliency. This is because designing anetwork premised only on link failure elimination, results in multiple single points of
failure as shown infigure 3 above. These single points of failure can overshadow any
benefits that may have been attained by these highly fault tolerant devices in case any of
these single points goes down.Thus design based on fault-tolerant devices must be combined with other network
designs based on other factors to achieve high resiliency.
Handling Path Failures
Path failures are primarily handled by introducing redundancy in the network topology.By introducing redundancy, network nodes performing the same functionalities are
situated at different location. This ensures that in case of a failure of one the nodes due to
denial of service attacks or problem with the physical media, interruption of the servicesbeing provided is minimized as redundant network nodes assume the provision of the
service in question that would have otherwise been down.Also upgrades and debugging of various applications can be dealt with separately in the
primary and secondary paths without disruption of services thanks to redundancy in thenetwork. For example, in a situation where theres an email system, one of the email
servers could be shadowed by another server, and therefore, when the time comes to
perform an upgrade, one of the servers can be taken down for maintenance while theother is left providing necessary services. When finished, the upgraded server is brought
back up, updated and then the other server is taken down for maintenance as well.
8/6/2019 Resiliency in LANS Revised
7/14
8/6/2019 Resiliency in LANS Revised
8/14
8
To attain resiliency, standby paths (redundant links) are introduced as shown in figure 5
below. Switches are added to support this redundancy and they are configuredappropriately to specify the underlying primary and secondary link for each given path.
To achieve this configuration, a priority is assigned to each virtual interface to determine
which the primary path and secondary path respectively are. In the case where more than
one secondary path exists, the priorities assigned to the interfaces determine the order inwhich a path should be selected in case the primary path fails.
figure 5:-shows network with secondary switches
Routing
In routing, routers are used to connect various sub-networks in one network domain or
connect two different LANs. Routers operate at layer three of the OSI model as opposedto switches that operate on layer two of the OSI.
Routers use IP protocol to forward packets from the source network to the destination
network. This typically means forwarding a packet from one switch to the router, and
then from the router to the destination switch. The switch destination switch will thenforward the packets to the destination address as previously discussed.
8/6/2019 Resiliency in LANS Revised
9/14
9
In a LAN that is segmented into multiple sub-networks, a router is needed to handle any
path decisions required for the sub-nets to communicate effectively and achieve highavailability of the entire network.
To do this, like a switch, the router builds a reference table of all the computers (in this
case all the switches) connected to it and all the available paths to them. The router will
then decide how to forward data packets based on this reference table. Packets are herebyforwarded to there respective switches based on the IP address of the destination switch.
The switches then forwards the frames based on MAC addresses to the respective node.Scalability is thereby achieved as local delivery to the physical sub-nets is not handled by
the router but by the switch that connects each of the nodes in the subnet.
figure 6:-shows router connecting multiple sub-nets
With the above network design, a single point of failure exist incase the router
malfunctions. Thus resiliency is not achieved as the network is not highly available in
case of failure of the router.
For resiliency to be attained, redundancy has to be introduced. This will involve
introducing extra routers that will enable secondary links to be set up. Priorities for the
links are established and configured to the interfaces of the virtual links. These enable
primary and secondary paths to be identified and in case of the existence of multiplepaths, the order in which paths are selected in case there is a failure in the primary path.
Routers also facilitate the achievement of resiliency as they help to segment a networkthereby creating smaller broadcast domains. If only switches are used in relatively large
networks, the network can be overwhelmed by broadcast storms. These can greatly affect
bandwidth. By using routers to connect switches that segment various subnets in thenetwork structure, routers block LAN broadcasts. In this case a broadcast only affects the
8/6/2019 Resiliency in LANS Revised
10/14
10
broadcast domain in which it originated. This provides higher security and bandwidth
control than would have been achieved otherwise.Figure 7 below shows a network designed with redundant routers. Incase of failure of any
of the routers, each node will still be accessible via the alternate routers that exist.
figure 7
Thus a combination of switching and routing in a LAN in which a proper design has beenadopted will optimize resiliency thereof.
Problems with Routing
Though routers enhance resiliency in a LAN, failure to adopt the right routing protocols
can cause a lot of problems in the network that can be an impediment to achieving thedesired resiliency and security. The protocols adopted must also meet the demands of the
network. The routers should also be correctly structured and configured in order to
achieve high resiliency. One of the biggest problems that can occur as a result of this is.
Looping
This refers to a situation whereby network traffic bounces between routers infinitely.This can cause congestion to occur in the network. This would result into lower
bandwidth thus leading into some traffic to be dropped. Resiliency in the network is
compromised if this occurs as some traffic can not reach their destination. Thereforerouting loops must be avoided for a network to be highly resilient.
8/6/2019 Resiliency in LANS Revised
11/14
11
Figure 8 explains routing loops.
figure 8
in figure 8 on the left, if network 1
fails, router E sends an update torouter A. Router A too stops from
routing packets to network 1, butrouter B, C and D will continue to
route to network 1 via router E as
they have not been informed of thefailure. When router A sends its
update, routers B and D will stop routing to network 1. However network C hasnt
received an update and according to router C, network 1 can still be reached via router B.
router C will send an update to D indicating that a path to network 1 through router Bexist and this forces router D to change its routing table to reflect this incorrect
information and sends the information to router A which updates its table to reflect thisincorrect information. Router A then sends the information to router B and E and theprocess continues leading to an endless loop. Any packet now destined to network 1 will
loop through router C to B to A to D and back to C.
How Routing loops are handled
The loop that results as the above diagram describes will continue to loop in spite of the
destination network being down. Therefore a process has to be defined to get out of thisloop or else the routers will loop infinitely.
One way of avoiding routing loops is introducing a maximum hop count. Distance vectorrouting algorithm uses hop count as one of its metrics in determining the best path to
route through. Hop count is the number of routers a packet passes before it gets to its
destination. With the hop count defined to a given number, packets destined to a networkthat is down will only be allowed to loop through the network the defined number of
times before the network discards the packet.
Another way of eliminating routing loops is through split horizon. This techniqueprevents information about routes from exiting the router interface through which that
information was received. This prevents contradictory information from being sent back
to the router. For example infigure 8 above, if routing updates about network 1 arrivesfrom router A, other routers lets say B and C cannot send information about network 1
back to router A. this prevents a loop from occurring.
Reverse route poisoning is another technique adopted by routing protocols to avoid large
scale looping. These are routing updates that explicitly indicate that a network or subnet
is unreachable, rather than imply that a network is unreachable by not including it inupdates. If network 1 is down, router E will be set to poison the route. Router D is not
affected by incorrect updates about the route to network 1. Router D will send poison
8/6/2019 Resiliency in LANS Revised
12/14
8/6/2019 Resiliency in LANS Revised
13/14
13
These routes are either statically configured by the network administrator or dynamically
configured by the router itself through the updates it receives from its neighboringrouters. The static and dynamic configuration of routes is combined to necessitate the
setting of primary and secondary paths. All default and secondary paths should be
statically configured. These static routes are then overridden with the dynamic routing
information. This is achieved by adjusting the administrative distance values whichbasically is a rating of the trustworthiness of a routing information source. The higher the
value, the lower the trustworthiness rating. Therefore the static routes (secondary) aredefined as less desirable than dynamic (primary) routes by configuring them with higher
administrative distance values than dynamic routes. Subject to the foregoing higher
resiliency will be achieved.
Dead Node Detection
A dead node is a malfunctioned router or switch resulting to unavailable paths throughthe node. This might be as a result of hardware failure or denial of service attacks that
render that node useless thus unable to provide any further services. Failure for a networkto detect a dead node would result into packets continuously being routed through thismalfunctioned node resulting into packets not getting to their intended destination. This
would also mean that the network would not know if the packets were successfully
delivered to its intended destination.A network detects of a dead node through a periodic update of routing tables for routers
and CAM tables for switches.
The network discovery process (periodic updates) is meant to check for any topological
changes in the network. Incase a change occurs in the network, each router is called tosend its entire routing table (which includes the path cost as defined by its metric and the
logical address of the router on the path to each network contained in the table) to each of
its adjacent neighbors. If a network K is unreachable via lets say router M, all paths tothis unreachable network via router M will be dropped from the routing tables of all
routers. This is made possible due to the periodic updates that are conducted by routers.
Therefore any future packets destined to network K will not be routed via router M butwill be routed via another secondary (redundant) path defined for this route. This
achieves resiliency.
Conclusion
In this paper, we have discussed how resiliency can be achieved in the overall network
design. This ensures that packets from a source reach a destination irrespective of anypath or link failures that may be encountered. The high availability of the network is
achieved through introducing redundancy either in the available paths or having highly
fault-tolerant devices. Availability of redundant paths ensure that any denial of serviceattacks do not hinder any critical services from being available. Also fault tolerant
devices that have an embedded redundancy in their key components are used. This
minimizes the MTBF of devices as devices have key backup components that assumeresponsibilities of failed components. These two forms of redundancy guarantee a high
level of resiliency that would not be achieved in their absence
8/6/2019 Resiliency in LANS Revised
14/14
14
Bibliography
Certification Zone. Routing Loop Prevention. 2002..
Horms. "Routing Protocols. 8 Nov. 2001..
Rolf McClellan, Nick Lippis, McClellan Consulting and ZD Tag Fellow. "Network-LevelRedundancy/Resilience for High-Availability Campus LANs." Feb 1999
.
Google. Google Image Search. 2005
Cisco. Cisco Networking Academy Program. 2003
G. Goos and J. Hartmanis. Lecture Notes in Computer Science; 184. 1985
Goldman, James E. . Local Area Networks: A Client/Server Approach. Canada: John
Wiley & Sons, Inc, 1997.
Kibirige, Harry M. Local Area Networks in Information Management. Westport,
Connecticut: Greenwood Press, 1989