automatic topology detection in nav
TRANSCRIPT
Automatic topology detection in NAV
NORDUnet 2011, Reykjavik
Morten Brekkevold
2
In the beginning...
A large, heterogenous campus network Norwegian University of Science and
Technology, in Trondheim 20.000 students Student villages connected
3
Basic NMS needs
Status monitoring Alerts Traffic statistics
4
The real challenges
Who's connected, where and when? Filtered outage alerts Network weather map
5
Abuse handling
Given an IP address, date and time Where was the perpetrator
connected? Block access!
6
The real challenges
Who's connected, where and when? Filtered outage alerts Network weather map
7
Central node outage
Router goes down 100 switches ping-unreachable Want a single alert, not 100
8
The real challenges
Who's connected, where and when? Filtered outage alerts Network weather map
9
Weather maps
Layers 2 and 3 Traffic load Automatic layout
10
What is needed?
A good understanding of the network topology
11
But?
It's 1999! Proprietary discovery protocols LLDP not invented yet No 802.1X authentication
12
The birth of NAV
Current commercial NMS-es tested and rejected
Let's write our own! Network Administration Visualized
was born Made free in 2004, under a GPL
license
13
Approach
Collect SNMP data IETF MIBs Vendor proprietary MIBs
Process data
14
First task
Port classification Uplink/downlink Access port
How? It's in the MAC address! Let's find the MAC addresses of all
monitored nodes
15
IP / MAC mappings
Routers know which IP and MAC addresses are associated ARP for IPv4 ND for IPv6
NAV has the IPs of all switches/routers
16
Interface MAC addresses
Each interface on an Ethernet device has a unique MAC address
These may appear in other switches' forwarding tables
17
Now what?
We know the MAC addresses used by all monitored infrastructure
Let's get the switches' forwarding tables!
18
Getting forward
Infrastructure MAC found on port →Uplink/downlink port
Otherwise Access port→
19
Processing
Multiple adjacency candidates per uplink/downlink must be pruned
Trust data from any port with a single candidate
R AR C
B
X
Y
Z
20
Upshot
Now we also know the switch port and MAC/IP addresses of every end-user
Log them!
21
For added accuracy
CDP (Cisco proprietary) LLDP (IEEE standard)
22
Cisco Discovery Protocol
Reports adjacent device and port without processing
BUT: CDP frames are forwarded as regular
ethernet frames through non-CDP switches
Non-CDP switches become “invisible”
A B C
23
Link Layer Discovery Protocol
Improves on CDP Uses multicast destination addresses
that a standards-conforming ethernet switch must not forward Should eliminate “invisible device
problem”
24
Solved challenges
A full layer 2 topology has been obtained
A complete log of end-user connectivity
We can filter outage alerts based on topology
25
Filtering outage alert
NAVserver
26
What about layer 3?
Collect routers' IP addresses and prefixes
Give complete overview of subnet allocations
27
Layer 3 links
Discernable through: Prefix mask size Number of connected routers
1 router Elink (or LAN)→ 2 routers Link→ > 2 routers Core→
28
What about VLANs?
IEEE 802.1Q Subsets of layer 2 topology Need to collect more data!
29
SNMP 802.1Q & 802.1D
Get: Native VLAN of each switch port Tagged VLANs on trunk ports STP blocked VLANs on switch ports
Map VLAN IDs to IP subnets
30
VLAN topology
Each routed VLAN's topology can now be seen as a subset of the layer 2 topology rooted at one or possibly more
router ports
31
The larger picture
Physical topology ARP/ND CAM CDP(/LLDP)
VLAN topology Trunks STP
32
Weather maps
33
Geographical maps
34
What else?
There's more to NAV than this There are always other ways to use
this data
35
End-user detention
NAV can help track abusers and restrict access on their switch port: by shutting it down or configuring a restricted quarantine
VLAN
36
IPv6 deployment stats
IP/MAC mappings include both IPv4 and IPv6 addresses
Can be (and are being) used to generate IPv6 deployment statistics
37
IPv6 deployment graph
Consolidated data of 31 HE institutions 2 year period
38
UNINETTs involvement
Saw the potential of NAV as beneficial to entire HE community
Provided funding for development since 2001
Took control of development in 2006
39
Deployment in Norway
Success in Norwegian HE community 36 universities and colleges run NAV Contributions from all major
universities
40
Nordic collaboration?
We hope to see a wider Nordic adoption of NAV
Collaboration on development efforts to make useful for all involved parties
How?
42
MIB references
IP related MIBs IP-MIB (RFC 4293) IPv6-MIB (deprecated) CISCO-IETF-IP-MIB
Interface details IF-MIB (RFCs 1573, 2863, 1229)
Switch forwarding tables BRIDGE-MIB (RFC 4188)
VLAN MIBs Q-BRIDGE-MIB (RFC 4363) Community indexed BRIDGE-MIB (Cisco) Other proprietary MIBs