Download LAN Analysis: Cable Testing and Protocol Decoding

Previous screen
51-20-53 LAN Analysis: Cable Testing and Protocol
Decoding
Amitava Dutta-Roy
Payoff
Smooth operation of LANs is critical to a company's productivity and profitability. LANs
do, however, sometimes crash. More often than not cables are at fault, although problems
may occur at higher layers as well. This article examines two tools used in LAN
troubleshooting: cable testers and protocol decoders.
Introduction
Local area networks are an integral part of most corporate information systems
infrastructures. By allowing many users to share information, LANs increase productivity
while reducing the cost of data base maintenance at multiple sites. But this increase in
productivity is somehow inversely proportional to the response time of the network. If the
response from a LAN server is more than a few seconds, users tend to get frustrated or
distracted and productivity drops. If for some reason the LAN crashes, workers who
depend on a LAN are forced to stop working.
Various industry reports have cited case studies of LAN downtimes and
emphasized the importance of monitoring LANs for healthy performance. LAN analyzers
- cable testers and protocol decoders -help systems administrators keep networks running
smoothly. Furthermore, analyzers may be used to evaluate the performance of a LAN
before installation, under simulated stress conditions. The results of such an evaluation can
indicate limits of the various LAN components and may even suggest a different
configuration or selection of more robust components.
Cable Testers
Cable testers are hand-held devices for examining cables that physically connect the
different components of a LAN. Although LAN users and administrators blame the server
or the communications hardware and software for network downtime, many network
integrators and consultants have found that approximately 65% of LAN downtimes are
caused by cable failures.
Most LAN components now commercially available are of reasonably good
quality. The only exception to this appears to be the cabling. Cables usually connect
equipment over long distances. LAN performance can be jeopardized by an invisible break
in the cable along its path, an inadvertently coiled cable, a bad contact at either end, a cable
thrown out of alignment, incorrect pin connections, electromagnetic interference, or simply
a cable of inferior quality. Every cable should be checked before a network is switched on
and after a network crash.
How to Select a Cable Tester
There are several vendors of cable testers in the market. A good cable tester should be able
to perform tests on a variety of cables such as Unshielded Twisted-pair, Shielded Twistedpair, and coaxial cables, in combination with the standard connectors for both Ethernet and
token-ring networks. Some quality cable testers include Pair Scanner, Cable Scanner,
Quick Scanner, and LANMETER. List prices vary between $1,000 and $9,000, depending
Previous screen
on the variety of features offered and their sophistication. Therefore, an organization's
needs should be carefully evaluated before a cable tester is selected. It is practically
impossible to develop a cut-and-dried plan for the acquisition of such equipment. Price and
utility should be considered, as well as the needs of each environment. Factors to consider
in general include:
·
How complex is the corporate network?
·
Who will install the network? An outside systems integrator or in-house personnel?
·
How critical is LAN downtime to the company s operations?
·
Are there any maintenance contracts with outside firms?
·
Does the company have technical personnel to undertake the testing, interpret the test
results, and make necessary corrections?
Tests Performed
Fully featured cable testers should be able to perform most or all of the following tests.
Open and Short-Circuit Tests
This test uses the principles of Time Domain Reflectometry. A short electrical pulse is
transmitted from one end of the cable and reflected back from the other end. If the far end
is open, the excursions of the transmitted and reflected pulses have the same sense. If the
far end is shorted, however, the sense of excursion of the reflected pulse is inverted (see
Exhibits 1 and 2). Some cable testers show the directions of the excursions and travel time
of the pulses in an oscilloscope-like display. Others may show it in an alphanumeric
display (see Exhibit 3). Both types of displays, however, use the same basic time domain
reflectometry (TDR) principle.
TDR Oscilloscope Displays
Cable Fault Location Using TDR(Length vs. Scan)
Typical LANMETER Display
DC Resistance Measurement
This test gives a reading of the direct current (DC) resistance connected to the far end of the
cable. These measurements, coupled with open and short-circuit tests, indicate if the cable
is connected properly.
Nominal Velocity of Propagation (NVP)
Electrical signals traveling along a metal cable have a finite velocity of propagation that
varies between 60% and 90% of the speed of light. The best cable manufacturers try to
Previous screen
Previous screen
keep this velocity constant over a band of frequencies at which the LANs are expected to
operate. Otherwise the signals become distorted, which can cause errors in the detection of
the ones and zeros of a data stream.
The Nominal Velocity of Propagation is measured by taking a sample of the cable
used in the network installation and injecting a short pulse into one end. The other end
could be left open or short-circuited. The cable tester measures the time it takes the pulse to
travel up and down the sample cable. The recorded time gives a fairly accurate indication of
the nominal velocity at the frequency of operation. Most cable testers have this capability.
Once the Nominal Velocity of Propagation is determined, it can be retained in the memory
of the equipment and used for further tests.
Linear Distance Between the Point of Test and the Far End
Given the nominal velocity of propagation, a cable tester should be able to calculate the
linear distance between the point of measurement and the far end of a cable.
Wire Map
This feature checks all of the conductors in Unshielded Twisted-pair cable cabling. A
message flashes if any of them is poorly connected at either end.
Cable Grading
Most cable testers can verify the grade of the cable and if it meets the standards
requirements.
Crosstalk
Crosstalk is defined as the electrical noise in a wire spuriously generated by a signal in an
adjacent wire; it is caused by electrical coupling between the two in a multiwire cable.
When the crosstalk is measured near the point where the signals are generated, it is known
as the Near-end crosstalk. If the Near-End crosswalk coupling is high, it signifies that the
signals arriving from the far end will be“drowned” by the near-end interference. A cable
tester should be able to measure the NEXT and flash a signal to the operator when this
figure is not acceptable. The cause may be a cable of inferior quality or a nearby strong
source of electromagnetic radiation.
Most of the parameters just mentioned are specified in the IEEE 802 series
standards and by the vendors of cables or system integrators. Any significant deviation
from the norm is a harbinger of potential problems. Cable testers offer a fairly
straightforward method of detecting problems, especially after any physical relocation of
workstations or servers.
Protocol Decoders
Cable testers from most vendors examine only cables. The principal purpose of using a
protocol decoder for troubleshooting in a LAN is to examine the inner workings of the
LAN components, which operate in layers 1 through 7 of the Open Systems
Interconnection (OSI) model. Exhibits 4, 5 and 6 show sample results from obtained from a
protocol decoder.
Previous screen
Previous screen
Previous screen
Fluke LANMETER Softkeys for Ethernet and Token Ring
Previous screen
Ethernet Error Statistics Sample Results
Token-Ring Expert-T Autotest Sample Results
To perform such a task, a decoder needs to strip open the data frames going back and forth
between the various components (e.g., a PC and the server or a bridge) and determine, for
example, the protocol type (e.g., TCP/IP, Internetwork Packet eXchange, or others) used
for communications, the size of the frames, their origins and destinations, and the routes
they follow in moving data from one point to another, for both hardware and software.
Most decoders can store accurate logs of these parameters and network-related events over
a period of time and for printout later. Careful examination of such a log helps detect faulty
components or misguided operations. A protocol decoder thus complements the cable
testers in a complete analysis of a network.
Protocol Decoder Classifications
Protocol decoders may be classified into three groups
Software-based Protocol Decoders
Several vendors, including Digilog Corp. (LANVista), File Transfer Protocol
Software(LanWatch), and Triticom (LANdecoder/tr), have developed such software. These
software packages are priced between $1,200 and$1,800. They run on PCs. No special
attachments are necessary, other than the network interface card. For medium-size
networks, the software-based protocol decoder offers many features. Monitor displays are
relatively easy to interpret (see Exhibit 7).
Monitor Displays Using Triticom's LANdecoder
Integrated Protocol Decoders
This type of protocol decoder is essentially a special-purpose PC with both hardware and
software integrated in one package. Some can be folded like a briefcase and are convenient
to carry from one location to another. Vendors of protocol decoders in this medium-priced
category include Network General Corp. (Sniffer and Expert Sniffer), Novell Inc.
(LanAnalyzer), and Hewlett-Packard (LAN Advisor), among others. Many reputable
manufacturers have integrated decoding capabilities in their hubs. Suggested prices of the
standalone decoders with attachments vary between $15,000 and $25,000.
High-End Protocol Decoders
There are several vendors of high-end decoders in the marketplace. Because they offer
much more than the medium-price analyzers, their prices are higher. Some of the products
are: Dataglance (IBM Corp.),Protocol Tester (Siemens Industrial Automation Inc.),
Chameleon(Tekelec Inc.), and DA-30 Protocol Decoder (Wandel & Goltermann
Previous screen
Technologies Inc.). These decoders are suitable for high-volume network integrators and
benchmarking laboratories.
Features of a Protocol Decoder
The large variation in the prices of protocol decoders suggests that the range of features
offered also varies greatly. It takes time and practice for a technical support person to
become proficient in both selecting and using protocol decoders and in interpreting their
displays. Some of the most common features to consider are described next.
Use in Both Ethernet and Token-Ring Networks
If a firm owns a mixture of Ethernet and token-ring networks, it is essential that the
protocol decoder works with both. Some decoders will work only with one type, mainly
Ethernet. There is also the question of accurate measurements to consider. It is more
difficult to work with token-ring LANs, both 4M b/s and 16M b/s. Some industry reviews
also claim that decoder results are less accurate for token-ring networks. Before the
network administrator decides to purchase a decoder, these points should be thoroughly
investigated with the vendor.
Identification of Type of Protocol
Protocol decoders can detect most of the protocols used in LANs(e.g., IPX and TCP/IP).
Before acquiring a protocol decoder, the administrator must ensure that it detects the
protocol being used on the network.
Measurement of Network Utilization
In an Ethernet or IEEE 802.3 network, if a node tries to access the LAN when there are
frames already present on the wires nearest to the node (carrier sense), the transmission
from this node is deferred for a randomly determined interval before another attempt of
transmission is made. It is also possible that one node unknowingly transmits a frame
before the signal from an earlier transmission arrives at that point. Obviously, these two
frames will collide somewhere along the wire and a collision signal is generated.
Immediately the transmissions are halted for a random interval of time. As the number of
users increases, so does the number of collisions, because in a Carrier Sense Multiple
Access/Collision Detection (carrier sense multiple access/collision detection) network, all
users have an equal right of access. A large number of collisions leads to frequent
deferment of transmissions, which eventually slows down the network. In other words, as
the utilization of the network increases, the response time gets worse.
A protocol decoder can measure the utilization and express it in terms of percentage
of maximum theoretical utilization of the bandwidth. The utilization figures may be plotted
against time in the form of line plot, a bar chart, or even displayed in a fashion resembling
an automobile speedometer. From these charts, a network administrator is able to learn the
peak periods of network utilization. Usually these peaks occur in the morning when most
users in an office try to log in and get their working files from the server. Another peak
period might be in the evening when backups are executed.
One way to avoid peak loads would be to stagger the Login or backup processes.
Under normal circumstances, a utilization of 20% to 25% of the theoretical maximum is
considered acceptable. A protocol decoder is also able to count the number of collisions
Previous screen
occurring during a specified period. This data helps a network administrator systematically
isolate a problem. Exhibits 8, 9, and 10 show sample displays.
LANanalyzer Network Dashboard Display
Sample of Network Performance Analysis Using LANanalyzer
Sample of Decoding and Analysis Using LANanalyzer
Measurement of Token Rotation Time
In token-ring LANs, the frames move from node to node as they are read and then
accepted by the right destination station or thrown back on the wire. Each of these
operations takes a finite length of time. Thus, when the number of stations is large (the
maximum is 255 per network) and the sizes of the frames are also large, the time for the
frames to come around to the original source station, known as the token rotation time, also
increases. Consequently, there may be severe delays in the response time. A protocol
decoder can measure and display this token rotation time.
Measurement of Packet Size
It is important for a network administrator to know the frame sizes traveling on the
network. Long frames indicate a faulty component. It is necessary to locate the source of
long frames using a systematic probe with the protocol decoder. For Ethernet networks, a
large number of runt frames (i.e., remnants of collisions and short in length)indicates a
faulty component. Probing the network with a protocol decoder can help determine the
cause of the runt frames.
Detection of Broadcast Storms
Broadcast storms are generally caused by faulty network interface cards on Ethernet
networks. A broadcast storm takes up practically the whole bandwidth available on a
network. A scrutiny of all transmitted frames can easily reveal the source of a broadcast
storm.
Setting of Filters and Alarms
Filters may be placed in protocol decoders to filter all traffic on the network for the
detection of a specified occurrence. An alarm could be set to go off if such an event occurs.
For example, an alarm may go off if the network utilization exceeds 25%.
Logging of Access Nodes to the Servers
A protocol decoder can identify and log the nodes attempting to access a certain file in a
particular server, and can also identify the source of the request, the time of the access, and
the number of bytes read. In short, the whole history of the network during a specific
interval of time may be compiled and stored for later examination.
Previous screen
Detection of Data Paths through Hubs, Bridges, and Routers. Hubs and bridges are
excellent points at which to connect the protocol decoders to the network, since all traffic
passes through those points. Most protocol decoders identify the sources of frames, frame
numbers, and the routes they follow. This information can assist in detection of a poor
configuration.
Detection of Beaconing Signals
In token-ring networks, a beacon signal signifies a faulty node. A protocol decoder should
be able to identify the faulty node and the time at which the node is first detected as faulty.
Promiscuous Mode of Operation
Decoders operate in a promiscuous mode, which means that they can listen to every frame
going past them in a network. Use of this feature, however, calls for caution, because the
frame may containsensitive information that should not fall into the hands of the operator
of the equipment. For token-ring networks, a decoder should work without being attached
like a legal node on the network.
Local Decoding and Distributed Decoding
Some decoders, though they work well for the purposes of local decoding, may not be able
to do any decoding of an enterprisewide distributed network. However, a few of these tools
are designed for the specific purpose of examining devices that are physically distant.
Examples include Expert Sniffer (Network General Corp.) and Network Advisor
(Hewlett-Packard).
Proactive and Reactive Analysis
Proactive analysis of a LAN helps to check a network's optimal configuration and possibly
determine whether the LAN should be segmented into two or more subnetworks so that all
workers on a LAN get a fair share of the resources within a reasonable response time.
Most protocol decoders can generate frames for checking a network under stress. In
complex cases, however, it is best to use commercially available frame generators for
proactive analysis. Routine stress analysis can, among other things, indicate failure before it
occurs. For example, a buffer may not be adequate for a server under a heavy load. In this
case a stress test will reveal this weakness and measures may be taken to prevent a real
failure.
Data from a proactive analysis can also be fed into some commercially available
LAN simulation programs. These procedures are useful to visualize the simulated
performance of an extended LAN even before purchasing additional equipment for this
extension. Reactive analysis, as the name suggests, is used for detection of faults on a
network after a crash.
Difference Between a Protocol Decoder and an SNMP-based
Management Tool
The difference between a good protocol decoder and a Simple Network Management
Protocol system is fuzzy. These management tools are often embedded in a hub and can
get and set desired parameters in remote components such as workstations, hubs, bridges,
routers, and even uninterrupted power supplies (UPS) in an enterprisewide network.
Previous screen
Operation of these management tools is based on Remote MONitoring protocols. These
tools depend on “agents” and“superagents” residing on the equipment. The agents gather
the data, send it to the central monitoring station, and if necessary, set alarms or new values
on the parameters. It should be emphasized, however, that neither a protocol decoder nor a
more elaborate and sophisticated simple network management protocol (SNMP)-based
management tool is a substitute for the other. The two have distinctly different uses in the
smooth operation of a LAN.
Conclusion
To avoid costly LAN downtime, systems administrators should select and use
troubleshooting tools that are appropriate for their networks. Using cable testers to
eliminate the most common cause of LAN downtimes and protocol decoders to monitor
the inner workings of LANs, a network administrator can greatly improve the performance
record of the company LAN.
Author Biographies
Amitava Dutta-Roy
Amitava Dutta-Roy is a principal for Optimarc in New York NY and a regular contributor
to several international technical journals. He earned B.Sc. and Ph.D. degrees in electronic
engineering from Imperial College, University of London. He has taught at Queen's
University of Belfast, Northern Ireland, University of Sao Paolo, Brazil, and the Brazilian
Institute for Space Research. He has served as a UN consultant in Central America on
applications of science and technology for development and was recently elected as an
IEEE Fellow.