automatic topology detection in nav
TRANSCRIPT
2
In the beginning...
A large, heterogenous campus network Norwegian University of Science and
Technology, in Trondheim 20.000 students Student villages connected
5
Abuse handling
Given an IP address, date and time Where was the perpetrator
connected? Block access!
12
The birth of NAV
Current commercial NMS-es tested and rejected
Let's write our own! Network Administration Visualized
was born Made free in 2004, under a GPL
license
14
First task
Port classification Uplink/downlink Access port
How? It's in the MAC address! Let's find the MAC addresses of all
monitored nodes
15
IP / MAC mappings
Routers know which IP and MAC addresses are associated ARP for IPv4 ND for IPv6
NAV has the IPs of all switches/routers
16
Interface MAC addresses
Each interface on an Ethernet device has a unique MAC address
These may appear in other switches' forwarding tables
17
Now what?
We know the MAC addresses used by all monitored infrastructure
Let's get the switches' forwarding tables!
19
Processing
Multiple adjacency candidates per uplink/downlink must be pruned
Trust data from any port with a single candidate
R AR C
B
X
Y
Z
22
Cisco Discovery Protocol
Reports adjacent device and port without processing
BUT: CDP frames are forwarded as regular
ethernet frames through non-CDP switches
Non-CDP switches become “invisible”
A B C
23
Link Layer Discovery Protocol
Improves on CDP Uses multicast destination addresses
that a standards-conforming ethernet switch must not forward Should eliminate “invisible device
problem”
24
Solved challenges
A full layer 2 topology has been obtained
A complete log of end-user connectivity
We can filter outage alerts based on topology
26
What about layer 3?
Collect routers' IP addresses and prefixes
Give complete overview of subnet allocations
27
Layer 3 links
Discernable through: Prefix mask size Number of connected routers
1 router Elink (or LAN)→ 2 routers Link→ > 2 routers Core→
29
SNMP 802.1Q & 802.1D
Get: Native VLAN of each switch port Tagged VLANs on trunk ports STP blocked VLANs on switch ports
Map VLAN IDs to IP subnets
30
VLAN topology
Each routed VLAN's topology can now be seen as a subset of the layer 2 topology rooted at one or possibly more
router ports
35
End-user detention
NAV can help track abusers and restrict access on their switch port: by shutting it down or configuring a restricted quarantine
VLAN
36
IPv6 deployment stats
IP/MAC mappings include both IPv4 and IPv6 addresses
Can be (and are being) used to generate IPv6 deployment statistics
38
UNINETTs involvement
Saw the potential of NAV as beneficial to entire HE community
Provided funding for development since 2001
Took control of development in 2006
39
Deployment in Norway
Success in Norwegian HE community 36 universities and colleges run NAV Contributions from all major
universities
40
Nordic collaboration?
We hope to see a wider Nordic adoption of NAV
Collaboration on development efforts to make useful for all involved parties
How?