Homework Assignment #1 1

Homework Assignment Part 1: LAN setup –All nodes are hosts (including middle nodes) –Each link is its own LAN, with its own IP subnet –Can ARP and ping only to directly-connected hosts 2 H H H H H H HH

Homework Assignment Part 2: Writing your own switch –Middle nodes are switches and know nothing about IP –Switches transit Ethernet frames between interfaces –All hosts belong to a common IP subnet 3 H H H H H H SS

Homework Assignment Part 3: Fun with OSPF –All nodes are routers running Quagga –Each link is its own (say, /30) subnet –Each node has an OSPF adjacency with each neighbor 4 R R R R R R RR

Homework Suggestions Automation with scripts –Generate the host, Click, and OSPF configuration –Faster, less error-prone, and saves your work Checking the host configuration –ifconfig –arp -a Passive monitoring –Tcpdump on host interfaces –ListenEther on switches Start simple –E.g., two hosts connected to a single switch or router 5

Jennifer Rexford Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks Enterprise Configuration

Outline Enterprise network components –Repeaters/hubs, bridges/switches, and routers Enterprise network design –Hubs and switches, with DHCP server –Ethernet subnets interconnected by routers Flexible connectivity –Virtual Local Area Networks (VLANs) –Multi-homing to multiple ISPs –Interconnecting multiple enterprise locations Discussion of papers –VLAN survey and SEATTLE architecture 7

Enterprise Network Components 8

9 Physical Layer: Repeaters Distance limitation in local-area networks –Electrical signal becomes weaker as it travels –Imposes a limit on the length of a LAN Repeaters join LANs together –Analog electronic device –Continuously monitors electrical signals on each LAN –Transmits an amplified copy

10 Physical Layer: Hubs Joins multiple input lines electrically –Do not necessarily amplify the signal –Very similar to repeaters Disadvantages –Limited aggregate throughput due to shared link –Cannot support multiple rates or formats (e.g., 10 Mbps vs. 100 Mbps Ethernet) –Limitations on maximum # of nodes and physical distance hub

11 Link Layer: Bridges Connects two or more LANs at the link layer –Extracts destination address from the frame –Looks up the destination in a table –Forwards the frame to the appropriate LAN segment Each segment can carry its own traffic host Bridge

12 Link Layer: Switches Typically connects individual computers –A switch is essentially the same as a bridge –Supports concurrent communication Cut-through switching –Start forwarding a frame while it is still arriving hub switch/bridge segment

Hubs, Switches, and Routers 13 Hub/ Repeater Bridge/ Switch Router Protocol layerphysicallinknetwor k Traffic isolationnoyes Plug and playyes no Efficient routingno yes Cut throughyes no

Enterprise Network Design 14

Simple Enterprise Design A single layer-two subnet –Hubs and switches –Gateway router connecting to the Internet –ISP announces the address block into BGP Local services: DHCP and DNS 15 S S S G S DHCP server DNS server Internet / /0

Scalability Limitations Spanning tree –Paths that are longer than necessary –Heavy load on the root bridge –Bandwidth wasted for links not in the tree Forwarding tables –Bridge tables grow with number of hosts Broadcast traffic –ARP and DHCP –Applications that broadcast (e.g., iTunes) Flooding –Frames sent to unknown destinations 16

Hybrid of Switches and Routers Layer-two subnets interconnected by routers –No plug-and-play and mobility between layer-2 subnets –Need consistent configuration of IP routing and DHCP 17 R R R R Ethernet Bridging - Flat addressing - Self-learning - Flooding - Forwarding along a tree IP Routing - Hierarchical addressing - Subnet configuration - Host configuration - Forwarding along shortest paths R / / / /26 Internet

Virtual Local Area Networks (VLANs) 18

19 Evolution Toward Virtual LANs In the olden days… –Thick cables snaked through cable ducts in buildings –Every computer they passed was plugged in –All people in adjacent offices were put on the same LAN –Independent of whether they belonged together or not More recently… –Hubs and switches changed all that –Every office connected to central wiring closets –Often multiple LANs (k hubs) connected by switches –Flexibility in mapping offices to different LANs Group users based on organizational structure, rather than the physical layout of the building.

20 Why Group by Organizational Structure? Privacy –Ethernet is a shared media –Any interface card can be put into “promiscuous” mode –… and get a copy of any flooded/broadcast traffic –So, isolating traffic on separate LANs improves privacy Load –Some LAN segments are more heavily used than others –E.g., researchers running experiments get out of hand –… can saturate their own segment and not the others –Plus, there may be natural locality of communication –E.g., traffic between people in the same research group

21 People Move, and Roles Change Organizational changes are frequent –E.g., faculty office becomes a grad-student office –E.g., graduate student becomes a faculty member Physical rewiring is a major pain –Requires unplugging the cable from one port –… and plugging it into another –… and hoping the cable is long enough to reach –… and hoping you don’t make a mistake Would like to “rewire” the building in software –The resulting concept is a Virtual LAN (VLAN)

22 Example: Two Virtual LANs Red VLAN and Orange VLAN Switches forward traffic as needed R O RORO R R R OOO RORRR O O O

23 Making VLANs Work Changing the Ethernet header –Adding a field for a VLAN tag –Implemented on the bridges/switches –… but can still interoperate with old Ethernet cards Bridges/switches trunk links –Saying which VLANs are accessible via which interfaces Approaches to mapping access links to VLANs –Each interface has a VLAN color  Only works if all hosts on same segment belong to same VLAN –Each MAC address has a VLAN color  Useful when hosts on same segment belong to different VLANs  Useful when hosts move from one physical location to another

Multi-Homing 24

Motivation for Multi-Homing Benefits of multi-homing –Extra reliability, e.g., survive single ISP failure –Financial leverage through competition –Better performance by selecting better path –Gaming the 95 th -percentile billing model 25 ISP 1ISP /24

Multi-Homing Without BGP Inbound Traffic Ask each ISP to originate the IP prefix … to rest of the Internet Outbound Traffic One ISP as a primary, the other as a backup Or simple load balancing of all traffic 26 ISP 1 ISP /24

Multi-Homing With BGP Inbound traffic –Originate the prefix to both providers –Do not allow traffic from one ISP to another Outbound traffic –Select the “best” route for each remote prefix –Define BGP policies based on load, performance, cost 27 ISP 1 ISP /24 BGP sessions “Intelligent route control” or “multi- homed traffic engineering”.

Interconnecting Multiple Enterprise Sites 28

Challenges Challenges of interconnecting multiple sites –Performance –Reliability –Security –Privacy Solutions –Connecting via the Internet using secure tunnels –Virtual Private Network (VPN) service –Dedicated backbone between sites 29

Connecting Via the Internet Each site connects to the Internet –Encrypted tunnel between each pair of sites –Packet filtering to block unwanted traffic –But, no performance or reliability guarantees 30 Internet Site 2 Site 3 Site 1

Virtual Private Network (VPN) Each site connects to a common VPN provider –Provider allows each site to announce IP prefixes –Separate routing/forwarding table for each customer –Performance guarantees by overprovisioning resources 31 VPN Provider Site 2 Site 3 Site 1

Conclusions Simple enterprise network is (mostly) plug and play –Ethernet with MAC learning and spanning tree –DHCP server to assign IP addresses from single subnet –Gateway router with default route to the Internet Quickly starts to require configuration –Choosing the root bridge in the spanning tree –Consistent configuration of DHCP and IP routers –VLAN access and trunk link configuration –Access control for traffic between VLANs –BGP sessions and routing policy Discussion of the two papers 32

Discussion Flat vs. hierarchical addressing? Roles of the end host vs. the network? How to best support flexible policies? Alternatives or extensions to VLANs? 33

Backup Slides on VLAN Survey 34

Uses of VLANs Scoping broadcast traffic Simplifying access control policies Decentralizing network management Enabling host mobility 35

Problem: Limited Granularity Limited number of VLANs –Placing multiple groups in the same VLAN –Reusing limited VLAN Limited number of hosts per VLAN –Divide a large group into multiple VLANs One VLAN per access port –Supporting VLANs on the end host –Supporting multiple groups at the router 36

Problem: Complex Configuration Host address assignment –Wasting IP addresses –Complex host address assignment Spanning tree computation –Limitation of automated trunk configuration –Enabling extra links to survive failures –Distributing load over the root bridges 37

Backup Slides on SEATTLE 38

Avoiding Flooding Bridging uses flooding as a routing scheme –Unicast frames to unknown destinations are flooded –Does not scale to a large network Objective #1: Unicast unicast traffic –Need a control-plane mechanism to discover and disseminate hosts’ location information “Send it everywhere! At least, they’ll learn where the source is.” “Don’t know where destination is.”

Restraining Broadcasting Liberal use of broadcasting for bootstrapping (DHCP and ARP) –Broadcasting is a vestige of shared-medium Ethernet –Very serious overhead in switched networks Objective #2: Support unicast-based bootstrapping –Need a directory service Sub-objective #2.1: Yet, support general broadcast –Nonetheless, handling broadcast should be more scalable

Keeping Forwarding Tables Small Flooding and self-learning lead to unnecessarily large forwarding tables –Large tables are not only inefficient, but also dangerous Objective #3: Install hosts’ location information only when and where it is needed –Need a reactive resolution scheme –Enterprise traffic patterns are better-suited to reactive resolution

Ensuring Optimal Forwarding Paths Spanning tree avoids broadcast storms. But, forwarding along a single tree is inefficient. –Poor load balancing and longer paths –Multiple spanning trees are insufficient and expensive Objective #4: Utilize shortest paths –Need a routing protocol Sub-objective #4.1: Prevent broadcast storms –Need an alternative measure to prevent broadcast storms

Backwards Compatibility Objective #5: Do not modify end-hosts –From end-hosts’ view, network must work the same way –End hosts should  Use the same protocol stacks and applications  Not be forced to run an additional protocol

SEATTLE in a Slide Flat addressing of end-hosts –Switches use hosts’ MAC addresses for routing –Ensures zero-configuration and backwards-compatibility (Obj # 5) Automated host discovery at the edge –Switches detect the arrival/departure of hosts –Obviates flooding and ensures scalability (Obj #1, 5) Hash-based on-demand resolution –Hash deterministically maps a host to a switch –Switches resolve end-hosts’ location and address via hashing –Ensures scalability (Obj #1, 2, 3) Shortest-path forwarding between switches –Switches run link-state routing to maintain only switch-level topology (i.e., do not disseminate end-host information) –Ensures data-plane efficiency (Obj #4)

How does it work? Host discovery or registration B D x y Hash ( F ( x ) = B ) Store at B Traffic to x Hash ( F ( x ) = B ) Tunnel to egress node, A Deliver to x Switches End-hosts Control flow Data flow Notifying to D Entire enterprise (A large single IP subnet) LS core E Optimized forwarding directly from D to A C A Tunnel to relay switch, B

Terminology Ingress Relay (for x ) Egress x y B A Dst Src D Ingress applies a cache eviction policy to this entry shortest-path forwarding

47 Responding to Topology Changes The quality of hashing matters! A B C D E F h h h h h h h h h h Consistent Hash minimizes re-registration overhead

48 Single Hop Look-up A B C D F(x) x y y sends traffic to x E Every switch on a ring is logically one hop away

49 Responding to Host Mobility Relay (for x ) x y B A Src D when shortest-path forwarding is used G Old Dst New Dst

Unicast-based Bootstrapping: ARP ARP –Ethernet: Broadcast requests –SEATTLE: Hash-based on-demand address resolution 1. Host discovery 2. Hashing F ( IP a ) = r a 3. Storing ( IP a, mac a, s a ) 4. Broadcast ARP req for a 5. Hashing F ( IP a ) = r a Switch End-host Control msgs ARP msgs sasa a b rara sbsb 6. Unicast ARP req to r a 7. Unicast ARP reply ( IP a, mac a, s a ) to ingress Owner of ( IP a, mac a )

Unicast Bootstrapping: DHCP DHCP –Ethernet: Broadcast requests and replies –SEATTLE: Utilize DHCP relay agent (RFC 2131)  Proxy resolution by ingress switches via unicasting 1. Host discovery 2. Hashing F ( mac d ) = r 3. Storing ( mac d, s d ) 4. Broadcast DHCP discovery 5. Hashing F ( 0xDHCP ) = r Switch End-host Control msgs DHCP msgs sdsd d h r shsh 6. DHCP msg to r DHCP server ( mac d = 0xDHCP ) 7. DHCP msg to s d 8. Deliver DHCP msg to d

Prototype Implementation Link-state routing: eXtensible Open Router Platform Host information management and traffic forwarding: Click Host info. registration and notification messages User/Kernel Click XORP OSPF Daemon Ring Manager Host Info Manager SeattleSwitch Link-state advertisements from other switches Data Frames Routing Table Networ k Map Click Interface