Download LAN connectivity

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Asynchronous Transfer Mode wikipedia , lookup

Distributed firewall wikipedia , lookup

IEEE 1355 wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Power over Ethernet wikipedia , lookup

Computer network wikipedia , lookup

Zero-configuration networking wikipedia , lookup

CAN bus wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

Brocade Communications Systems wikipedia , lookup

Wake-on-LAN wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Telephone exchange wikipedia , lookup

Virtual LAN wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Transcript
Repeaters
Ethernetsegmentislimitedto500mduetosignal
attenuation
Computer Networks
Arepeater:
•  ananalogelectronicdevice
•  continuouslymonitorselectricalsignalsoneachLAN
Lecture23:
LANConnectivity
Hubs
Onelargesharedlink
•  bitscomingfromonelinkgooutallotherlinks
•  atthesamerate
hub
•  noframebuffering
•  donotnecessarilyamplifysignal
hub
hub
•  collisiondetectionlefttohostadaptors
domainsbecomeonelarge
collisiondomain
•  eachbitispropagatedtothewholenetwork
•  aggregatethroughputislimited
•  e.g.,threedepartmentseachhasa10MbpsLAN
•  ifconnectedviaahub,theymustsharethe10Mbps
CannotsupportmultipleLANtechnologies
•  extendsmaxdistancebetweennodes
•  individualsegmentcollision
Repeater
Ethernetonlyallows4repeaters:max2.5km.Why?
LimitationsofRepeatersandHubs
Hubsjoinsmultipleinputlineselectrically
NoCSMA/CDathub:
•  repeatsandstrengthens/amplifiessignal
hub
•  doesnotbufferorinterpretframes
•  can’tinterconnectbetweendifferentratesorformats
•  e.g.,can’tinterconnect10BaseT&100BaseT
Limitationsonmaximum#nodesanddistances
•  sharedmediumimposeslengthlimits
•  e.g.,cannotgobeyond2500metersonEthernet
Switches/Bridges
Bridges/Switches
Linklayerrouter-equivalent:
•  connectLANsatthelinklayer
•  doesnotpropagateinterferenceandcollisions
3
•  unlikerouters,onlyknowwhether
anodeisinasegment
•  canconnectsegmentswith
differentMACprotocols
•  canalsoconnectdirectly
tohost,atfullduplex
Supportconcurrentcommunication(A C,B D)
hub
mustbuffer
switch
1
•  whenaframeistobeforwardedonasegment,
2
usesCSMA/CDtoaccesssegment
hub
hub
•  increaseeffective/aggregatebandwidthofaLANby
takingadvantageofspatiallocality
D
host
host
host
host
host
host
C
host
host
B
Storeandforwardframesbetweensegments
•  extractsdestinationaddressfromtheframe
Bridge
•  looksupthedestinationinatable
A
TransparentBridges/Switches
Transparent:hostsareunawareof
thepresenceofswitches
3
switch
Entryinswitchtable:
•  <MACaddress,interface,timestamp>
•  staleentriesintabledropped
1
hub
(TTLcanbe60mins)
Plug-and-play:self-learningswitches
donotneedtobeconfigured
host
host
host
BackwardLearning
hub
Eachswitchhasaswitchtable
host
2
Howdoesaswitchknowatwhichsegmenta
nodeislocated?
Backwardlearning:
•  whenaframeisreceived,switch“learns”theincoming
interfacethroughwhichasendermaybereached
hub
•  recordssender/interfacepairinswitchtable
FrameFiltering/Forwarding
FloodingExample
Whenaswitchreceivesaframe:
SupposeCsendsaframetoD
LookfortheMACdestinationaddressinswitchtable
ifentryfoundfordestination{
ifdestinationisonthesamesegmentfromwhichframearrived{
droptheframe
}else{
forwardtheframeoninterfaceindicated
}
address interface
3
hub
hub
I
B
C
F
D
E
G
hub
hub
I
F
D
C
E
G
H
SwitchreceivesframefromC
recordsinswitchtablethatCisoninterface1
becauseDisnotintable,switchforwards
frametointerfaces2and3
framereceivedbyD
SwitchbreakssubnetintoLANsegments
switch
hub
A
B
E
G
3
Switch:TrafficIsolation
SupposeDnowsendsaframetoC
A
2
hub
B
BackwardLearningExample
1 2
1
A
}else{
flood//forwardtoallinterfacesexcepttheincominginterface
}
address interface
switch
H
SwitchreceivesframefromD
recordsinswitchtablethatDisoninterface2
becauseCisintable,switchforwardsframe
onlytointerface1
framereceivedbyC
A
B
E
G
C
D
1
1
2
3
1
2
Switchfilterspackets:
•  same-LAN-segmentframesarenotusually
forwardedontootherLANsegments
•  segmentsbecomeseparatecollisiondomains
switch
collision
domain
hub
collisiondomain
hub
collisiondomain
hub
1
1
2
3
Cut-ThroughSwitching
Switches:DedicatedAccess
Bufferingdelaycanbeahighfractionoftotaldelay
Hostscanhavedirectconnectiontoswitch
•  fullduplex:dedicatedtransmissionline
ineachdirection,stillCSMA/CD,
butnochanceofcollision
•  receivingaframeoflengthLfromalinkwithtransmission
A
F
Switching:A-to-DandB-to-E
simultaneously,nocollisions
B
Cut-throughswitching:streamingtransmission
switch
Switchescansupportcombinations
ofshared/dedicatedand
10/100/1000Mbpsinterfaces
C
E
rateRtakesL/Rtimeunits
•  overshortdistancespropagationdelayissmall
•  andbufferingdelaycanbecomealargefractionoftotal
D
•  inspecttheframeheaderanddothetablelook-up
•  ifoutgoinglinkisidle,immediatelystartforwardingthe
headoftheframetotheoutgoinglink
•  whilestillreceivingthetailviatheincominglink
A
B
switches
ExampleEnterpriseNetwork
Switch/HubInstallment
toexternal
network
mailserver
webserver
router
switch
IPsubnet
hub
hub
hub
CyclesandBroadcastStorm
LANsmayformcycles
• eitheraccidentally,orbydesign,forhigherreliability
• useoffloodingcanleadtoforwardingloops
• causing“broadcaststorm”
Topreventbroadcaststorm,
switchesneedtoavoidsome
linkswhenflooding,soasnottoformaloop
Howtodecidewhichlinktoavoid?
SpanningTree
ConstructingaSpanningTree
Whatisaspanningtreeofagraph?
Keyingredientsofthealgorithm
• asub-graphthatcoversallnodes,butcontainsnocycle
Toavoidloops,linksnotinthespanningtreedonot
forwardframes
Needadistributedalgorithmtocomputespanningtree
•  switchescooperatetobuildthespanningtree
•  andadaptautomaticallywhenfailuresoccur
•  switchesneedtoelecta“root”
•  root::=theswitchwiththesmallestidentifier
•  “rootmessages”oftheform(X, R, d)isbroadcast
•  XistheIDofthenodesending/forwardingtherootmessage
•  Risthecurrentroot(smallestIDseen)
•  disX’scost/distancetoR
•  eachswitchcheckswhetheritsinterfaceisonthe
shortestpathfromtheroot
•  excludefromthespanningtreeinterfacesnotontheshortestpath
fromroot,breaktiebyID
•  eachLANhasadesignatedswitch
•  multipleswitcheselectonewithshortestrootpath,breaktiebyID
[afterRexford]
StepsinSpanningTreeAlgorithm
[afterRexford]
ExamplefromSwitch4’sViewpoint
Switch4thinksitistheroot
Initially,eachswitchthinksitistheroot
•  sends(4, 4, 0)rootmessageto2and7
•  switchsendsarootmessageouteveryinterface
•  identifyingitselfastherootwithdistance0
•  example:switchXannounces(X, X, 0)
Then,switch4hearsfromswitch2
•  receives(2, 2, 0)rootmessagefrom2
•  andthinksthatswitch2istheroot
•  atdistanceonehopaway
Switchesupdatetheir“rootview”
•  uponreceivingarootmessage,checktherootid
•  ifthenewidissmaller,startviewingthatswitchasroot
1
3
5
Then,switch4hearsfromswitch7
4
•  receives(7, 2, 1)from7
•  realizesthatthisisalongerpath
•  so,prefersitsown1-hoppath(onrootport)
•  andremoves4-7linkfromthetree
Switchescomputetheirdistancefromtheroot
•  add1tothedistancereceivedfromaneighbor
•  identifyinterfacesnotonashortestpathtotheroot
•  andexcludethemfromthespanningtree
•  floodanupdatedrootmessage
[afterRexford]
2
7
6
[afterRexford]
ExamplefromSwitch4’sViewpoint
Switch2hearsaboutswitch1
Algorithmmustreacttofailures
•  switch2hears(3, 1, 1)from3
•  switch2startstreating1asroot
•  andsends(2, 1, 2)toneighbors
•  switch4startstreating1asroot
•  andsends(4, 1, 3)toneighbors
•  switch4receives(7, 1, 3)from7
•  andrealizesthatthisisalongerpath
•  prefersitsown3-hoppath(onrootport)
•  andremoves4-7Iinkfromthetree
•  failureoftherootnode
•  needtoelectanewroot,withthenextlowestidentifier
•  failureofotherswitchesandlinks
•  needtore-computethespanningtree
1
Switch4hearsfromswitch2
Switch4hearsfromswitch7
RobustSpanning-TreeAlgorithm
3
5
Rootswitchcontinuestosendrootmessages
•  periodicallyre-announcesitselfastheroot(1, 1, 0)
•  otherswitchescontinuetoforwardrootmessages
2
4
6
7
Detectfailuresthroughtimeout(softstate)
•  aswitchwaitstohearfromothers
•  eventuallytimesoutandclaimstobetheroot,and
restartsthedistributedalgorithmalloveragain
[afterRexford]
ForwardingonSpanningTree
Summaryofdistributedspanningtreecomputation:
• switchwithlowestIDbecomesrootoftree
• allswitches(exceptroot)determinerootport(porttoroot)
• thespanningtreeconsistsof
switchesandroot-portlinks
• designated-portlinksconnect
designatedswitchestoLANs
Forwardingonthetree:
•  forwardframesonlyonroot-portand
designated-portlinks
•  treedoesnotprovideshortestpath,e.g.,
AtoCdoesnotgothroughB3
[afterRexford]
AdvantagesofSwitches
overHubs/Repeaters
Onlyforwardsframesasneeded
•  filtersframestoavoidunnecessaryloadonsegments
•  sendsframesonlytosegmentsthatneedtoseethem
Extendsthegeographicspanofthenetwork
•  separatesegmentsallowlongerdistances
Improvesprivacybylimitingscopeofframes
•  hostscan“snoop”onlythetraffictraversingtheirsegment
Peterson&Davie
Canjoinsegmentsusingdifferenttechnologies
[afterRexford]
Switchesvs.Routers
DisadvantagesofSwitches
overHubs/Repeaters
Bothstore-and-forwarddevices
Givenbridges/switches,whydowestillneedrouters?
Delayinforwardingframes
•  bridge/switchmustreceiveandparsetheframe
•  andperformalook-uptodecidewheretoforward
•  storingandforwardingthepacketintroducesdelay
•  solution:cut-throughswitching
•  routersarenetworklayerdevices(whatdoesthismean?)
•  routersmaintainroutingtables,implementroutingalgorithms
•  switchesarelinklayerdevices
•  switchesmaintainswitchtables,implementfiltering,backward
Needtolearnwheretoforwardframes
learningalgorithms
•  bridge/switchneedstoconstructaforwardingtable
•  ideally,withoutinterventionfromnetworkadministrators
•  solution:self-learning
Highercost
•  morecomplicateddevicescostmoremoney
[afterRexford]
Segmentvs.Subnet
Acommonlyuseddifferentiator:
• segment:alayer-2collisiondomain
• subnet:alayer-3broadcastdomain
Asubnetmaycontainmultiplesegments
Asegmentmaycontainmultiplesubnets
(notrecommended)
Switch
MovingFromSwitchestoRouters
Advantagesofswitchesoverrouters
•  plug-and-play
•  fastfilteringandforwardingofframes
Disadvantagesofswitchesoverrouters
•  topologyisrestrictedtoaspanningtree
•  largenetworksrequirelargeARPtables
•  broadcaststormscancausenetworkcollapse
“Segment”isalsooftenusedtosimply
mean“partofanetwork”notalways
accordingtoaprecisetechnicaldefinition
[afterRexford]
ComparingHubs,Switches,Routers
Hub/
Bridge/
Repeater Switch
Trafficisolation
PlugandPlay
✗
✔
✔
✔
WhenbeingpartofaLANmeans
tappingintoacablethatpasses
throughone’soffice
Router
•  peopleinadjacentofficeswereputonthesameLAN
•  regardlessoftheirfunctionalrole
✔
Withhubsandswitchessittingin
centralwiringclosets,oftenwith
multipleLANs(khubs)connected
byswitches
✗
Efficientrouting
✗
✗
✔
Cutthrough
✔
✔
✗
EvolutionTowardVirtualLANs
wiringcloset
hub
switch
hub
•  adjacentofficescanbe
mappedtodifferentLANs
[afterRexford]
WhyGroupby
OrganizationalStructure?
[afterRexford]
LANReconfiguration
Organizationalchangesarefrequent
•  administrativeofficebecomesamarketingoffice
•  technicalsupportpersonnelbecomesanadministrativepersonnel
•  aspeoplechangerole,theirmachinesmovefromoneLANto
Security
•  Ethernetisasharedmedia
•  anyinterfacecardcanbeputinto“promiscuous”mode
•  andgetacopyofallofthetraffic(e.g.,midtermexam)
•  so,isolatingtrafficonseparateLANsimprovessecurity
another
Physicalrewiringisamajorpain
•  requiresunpluggingthecablefromoneport
•  andpluggingitintoanother
•  andhopingthecableislongenoughtoreach
•  andhopingyoudon’tmakeamistake
Load
•  someLANsegmentsaremoreheavilyusedthanothers
•  e.g.,researchersrunningexperimentsthatgetoutofhandcan
saturatetheirownsegmentandnottheothers
•  plus,theremaybenaturallocalityofcommunication
•  e.g.,trafficbetweenpeopleinthesameresearchgroup
Wouldliketo“rewire”thebuildinginsoftware
•  theresultingconceptisaVirtualLAN(VLAN)
[afterRexford]
[afterRexford]
VLANsImplementations
Example:TwoVirtualLANs
Addconfigurationtablesatbridges/switches
•  sayingwhichVLANsareaccessibleviawhichinterfaces
O
O
R
O
RO
R
R
R
R
O
R
O
ChangeEthernetheader
O
O
R
•  giveeachinterfaceaVLAN“color”
•  onlyworksifallhostsonthesamesegmentbelongtothesameVLAN
•  giveeachMACaddressaVLAN“color”
•  usefulwhenhostsonthesamesegmentbelongtodifferentVLANs
•  usefulwhenhostsmovefromonephysicallocationtoanother
O
ApproachestoVLANmapping:
R
•  addafieldforVLANtag
•  recognizedbybridges/switchesonly
•  ignoredbyoldEthernetcards
RedVLANandOrangeVLAN
Switchesforwardtrafficasneeded
[afterRexford]
Example:TwoVirtualLANs
[Rexford]
EthernetSwitches
Independent
RO
R
RO
RO
•  followtheirownrules
•  determinetheirownforwardingpath
•  responsibleforVLANandotherservices
•  communicatetopologyinformationwiththeirpeers
O
Onceaperson/hostgetsonanEthernet
network,itcandoanything
Whatifwewanttohavefinercontrolofwhata
host/personcandoonaLAN?
RedVLANandOrangeVLAN
Bridgesforwardtrafficasneeded
[Rexford]
Ethane:aPrototype
Software-DefinedNetwork(SDN)
FlowSetupProcess
1. UserAtriestoconnecttoUserB
CentralizedNetworkControl
2. UserAtoUserBflowisn’tinSwitch1’sflowtable,
sothepacketisforwardedtotheController
•  networkrulesenforcedbynetworkcontroller
•  controllermonitorsandapprovesalltraffic
•  allowsforcompletepolicy-basedcontrolofthenetwork
3. Controllereitherapprovesordeniesroute
4. Ifapproved,Switch1and
Switch2establishaflow
fromUserAtoUserB
•  accesscontrolsbuiltin
•  networkunderstandsusers,
hardware,topology,andpolicies
•  controllerresponsiblefor
damage-routing
[C+5]
Ethane’sAssumptions
Policydeterminespacketflow
Networkshouldmaintainastrong
connectionbetweenusersandtraffic
Bakesecurityintonetworkpolicy
Policyshouldbesimpletoimplement
Incrementaldeployability
•  shouldworkwithEthernet
[C+5]
EthanePolicyConfiguration
Theconfiguration
languageforEthane:
•  compiledintocontroller
•  individualrulesareANDed
ofsimplestatements
•  allowsforuser-basedrules
•  rulesprioritydetermined
byorderinfile
•  veryhuman-readable
[C+5]
SDNSwitches
Dependentoncontroller
•  requiresconnectiontocontrollertoroutenewtraffic
•  communicateswithcontrolleroverasecurechannel
FlowTableEntry
Type0OpenFlowSwitch
Rule
Action
Stats
Simple
Packet+bytecounters
•  minimalon-boardlogic
•  “flow”tablelookuponly
•  onlystoresactiveflows
•  nounderstandingofnetworktopology
•  noNATknowledge
•  noVLANsupport
1. 
2. 
3. 
4. 
Switch MAC
port
src
+mask
TheNetworkController
MAC
dst
Forwardpackettoport(s)
Encapsulateandforwardtocontroller
Droppacket
Sendtonormalprocessingpipeline
Eth
type
VLAN
ID
IP
src
IP
dst
IP
prot
TCP TCP
sport dport
TheNetworkController
Switchesreportnetworktopologyto
NetworkController(NC)
Informedoflinkfailuresandupdatesflowrules
Controlsallroutes
betweenhosts
Supportsresourcelimitsonclients
•  NCusesthistocreateflowrules
•  allowsforprioritization
•  NChandlescongestion
•  canrestrictclientmovement
HandlesAuthentication
•  users,devices,switches
•  understandswhereauseris
physicallyconnectedtothenetwork
Cancutoffmisbehavinghostsattheswitch,
completelydenyingnetworkaccess
Handlesbroadcastrequests
Allowsforverydetailed
networkusagelogs
•  usefulforfailurepost-mortems
•  presentssomethingofaprivacyrisk
[C+5]
SDNnotLimitedtoLAN
B4:Google’sWAN
• connectsafewdozenWANdatacenters
• hasbeenindeploymentsinceJuly2010
• mosttrafficcarried:synchronizinglargedatasets
• usesSDNandOpenFlowtoimplementTrafficEngineering
•  controlofedgesitesandapplications:
•  re-routetraffictolesscongestedpath
•  schedulebackuptraffictoquiettime