11

Characterizing VLAN-Induced Sharing in a Campus NetworkCharacterizing VLAN-Induced Sharing in a Campus Network

Mukarram Bin Tariq, Ahmed Mansy

Nick Feamster, Mostafa Ammar

{mtariq, amansy, feamster, ammar}@cc.gatech.edu

22

Ethernet

VLAN2

VLAN3

VLAN1

VLAN Core

Virtual LANs (VLANs)Virtual LANs (VLANs)

• Multiple LANs on top of a single physical network

• Typically map to IP subnets• Flexible design of IP subnets

– Administrative ease– Sharing infrastructure

among separate networks, e.g., for departments, experiments

• Sharing: IP networks may depend on same Ethernet infrastructure

33

Problems: Informal Operator’s SurveyProblems: Informal Operator’s Survey

“[users] can end up on portsconfigured for the wrong VLAN …. difficult for end users todetermine why their network isn't working ("but I have a link light!”)”

“I wish for insight. Better visibility into operational details”

“Using only the information the switch can give [is difficult to determine] to which VLAN or VLANs are the busy ones”

“deploy tomography tool [for the campus to isolate faulty switches]”

Need for diagnostic tools for VLANs

Shared failure modes among networks

Lack of cross-layer visibility

44

Key Questions and ContributionsKey Questions and Contributions

How to obtain visibility in sharing of Ethernet among IP networks?

EtherTrace: A tool for discovery of Ethernet devices on IP path

Passive discovery using bridge tables Does not require CDP or LLDP

How much sharing is there in a typical network?

Analysis of VLAN in Georgia Tech network

1358 Switches, 1542 VLANs Find significant sharing

How much does Ethernet visibility help?

Network tomography 2x improvement in binary tomography

using Ethernet visibility

55

EtherTrace: Maps IP to Ethernet PathsEtherTrace: Maps IP to Ethernet Paths

Due to spanning tree, frames from H1 and H2 are received on separate ports of same VLAN for switches that are on the path

C

B D

E

FA

H1

H2F

E

Frames arrive on separate ports for on-path switches

Frames arrive on same port for off-path switches

A

B

C

D EtherTrace automates discovery of Ethernet path by analyzing bridge and ARP tables, and iterating for each IP hop in IP traceroute

Works well for stable networks

Available at: http://www.gtnoise.net/ethertrace

66

Georgia Tech Campus Network DatasetGeorgia Tech Campus Network Dataset

Data sources

• 1358 Switches• 31 Routers• 79 monitoring

nodes

Dataset• Bridge tables obtained every 4 hours• ARP tables obtained every hour• IP traceroutes among monitoring

nodes every 5 minutes• One-day snapshot on March 25, 2008

Analysis

• Obtain Ethernet devices for IP traceroutes using EtherTrace• Quantify the sharing of Ethernet devices among IP hops and

paths

77

Ethernet Hops Shared among IP HopsEthernet Hops Shared among IP Hops

57% of Ethernet Hops are shared by more than 2 disjoint IP Hops

Maximum IP hops on an Ethernet interface: 34. 17 considering disjoint only

On average, an Ethernet Hop affects ~30 IP hops~4 considering disjoint IP hops only

88

Application: Improving Accuracy with Cross-layer Sharing VisibilityApplication: Improving Accuracy with Cross-layer Sharing Visibility

MetricUsing IP level

information onlyIncorporating layer-2

visibility

Accuracy: Is failed hop in the diagnosed set of hops?

Fraction of times faulty edge in diagnosed set 54% 100%

Specificity: How big is the diagnosed set relative to number of failed hops?

Size of Diagnosed Set

Average 3.7 1.48

95th %-ile9 1

Experiment1. Simulate failure of a random Ethernet hop2. Determine IP paths that are affected by the failure3. Use binary tomography to determine the hop that

has fault

99

SummarySummary

• Surprising amount of sharing– On average, an Ethernet hop affects ~30 IP hops– 57% of Ethernet hops affect two or more disjoint

IP hops • Failure of an Ethernet device affects (on average)

as many IP paths as failure of an IP device– Two orders of magnitude more Ethernet devices

• Cross-layer visibility improves diagnosis– 2x improvement in accuracy and specificity

• EtherTrace: www.gtnoise.net/ethertrace

1010

Comparison of Dependency of IP Paths on Ethernet and IP devices Comparison of Dependency of IP Paths on Ethernet and IP devices

On average, a switch or switch interface is critical to similar number of IP paths as a router or IP interface, although there are two orders of magnitude more layer-2 devices

1212

Application: Improving Accuracy with Cross-layer Sharing InsightApplication: Improving Accuracy with Cross-layer Sharing Insight• We can improve fault-localization accuracy by using layer-2 topology

information• Experiment

1. Simulate failure of a random layer-2 edge

2. Determine IP paths that are broken by the failure

3. Use Binary tomography to determine the network segment that has fault• Conventional Approach: Use Layer-3 path elements as dependencies

• Cross-layer Approach: Use layer-2 elements determined with EtherTrace as dependencies

– Metrics• Accuracy: diagnosed segment contains the failed network element

• Specificity: ratio of actual number of elements that failed to the number of layer-2 elements in diagnosed segment

1313

EtherTraceEtherTrace

• Collect Bridge tables from switches using SNMP– Table has entries of form <MAC, port, vlan-id>

• Collect ARP tables from Routers• Given IP traceroute between two hosts find layer-2

path elements as:1.De-alias router IP addresses

2.Obtain MAC addresses IP addresses on each IP hop

3.Obtain Layer-2 switches and ports for each IP hop