resiliency in lans revised

8/6/2019 Resiliency in LANS Revised

1/14

1

RESILIENCY IN

LOCAL AREA NETWORKS (LANs)

By

ASAEL OMWAMBA

And

SINCLAIR GIBORE

Dept. of Computer ScienceMontclair State University

CMPT 495-01 - Data SecurityInstructor: DR. Stefan Robila


2/14

2

TABLE OF CONTENTS

1 Introduction.. 3

1.1Introduction.... 3

1.2Local Area Networks (LAN). 31.2.1 Design of LAN. . 31.2.2 Peer-to-Peer Architecture.31.2.3 Client-Server Architecture.. 3

2

Types of Failures.. 5

2.1Path Failures. 52.2Link Failures.. 5

3 How Failures Are Handled.. 53.1Handling Link Failures. 53.2 Handling Path Failures. 6

4 Optimizing Redundancy 74.1Switching 74.2Routing 8

4.2.1 Problems with Routing.. 104.2.1.1Looping 104.2.1.2How Routing Loops are Handled.. 11

5 Path Determination... 126 Dead Node Detection.. 137 Conclusion.. 13


3/14

3

INTRODUCTION

A local-area network (LAN) allows businesses to share resources efficiently and thus

makes the internal communications of a business possible. This enables the internal

structure of the business to share files, printers and other resources.In this paper we focus on how resiliency is achieved in a LAN. We discuss in depth the

causes of path and link failures and how they are handled to attain a highly resilient LAN.The paper also discusses path determination and how dead nodes are detected in a LAN.

LOCAL AREA NETWORKS

A LAN is described as a high speed, low-error data network covering a relatively small

geographic area up to a few thousand meters. LANs connect workstations, peripherals,

terminals and other devices in a single building or other geographically limited area.

Design of LANs:-LANs are designed to achieve the following

1) Operate within a limited geographical area

2) allow multi-access to high bandwidth media

3) Control the network privately under local administration4) Provide full-time connectivity to local services

5) Connect physically adjacent devices

There are two major types of LANS: - These are peer-to-peer and client-server networks.

Peer-to-peerIn a peer-to-peer network, connected computers or devices act as equal partners as all

individual computers perform both the client and server function. Its main advantage is

that there is no single point of failure as individual users make there own independent

decisions as to whom they can share their resources with. Administration of security isalso left to individual users.

Figure two in the next page shows a peer-to-peer architecture

Client-ServerFor a client-server environment, resources are located on one computer (server) and all

other computers (clients) are connected to the server. The clients send requests to the

server and the server responds to these requests. This kind of architecture enhancessecurity, control and ease of access. But on the other hand it introduces a single point of

failure. Client-server is the most common type of architecture that is used today.

Though this kind of architecture is ideal, there are issues associated to it that needs to beresolved in order to achieve resiliency. These issues are discussed later in this paper.

Figure one in the next page shows a peer-to-peer architecture

figure 1 and 2 represent a client-server architecture and peer-to-peer


4/14

4

architecture respectively


5/14

5

Both client-server and peer-to-peer architectures are prone to failures. These failures

might be as a result of a breach of network security by way of denial of service attacks orthrough a natural disaster that can lead to the distraction of a network node. These

failures can lead to the unavailability of the critical services in a network.

Types of FailuresFailures that occur in a network can be broadly categorized into two. These are link and

path failures.

Link failuresLink failures are a result of a problem that may cause either the device connecting twosub-networks (in this case a router) or a device connecting multiple nodes (in this case a

switch) to malfunction. This can also be a failure in the link connecting two routers or

switches due to a software error, hardware problem or link disconnection.

Path failures

Path failures are as a result of denial of service attacks or other spurts of traffic that causea high degree of packet loss or high latencies. These are more significant in networks asits impact is immense than in the context of operating systems, databases and or

applications. This is because critical services are denied and mission critical data cannot

reach its intended destination. In these kinds of denial of service attacks, the devicereceiving these data is saturated and thereby rejecting any incoming data until it can clear

its overload. These attacks that lead to path failures include connection flooding and Syn

flood.

How failures are handled

Handling Link FailuresIn order to avoid link failures or design a network in which link failures are minimized,

devices which are extremely fault tolerant are used. This ensures that the end-to-end

availability between connected nodes is achieved. In doing so, fault tolerance ofconnecting devices must be highly optimized.

To achieve this high fault tolerance, devices ought to have an internal redundancy for

each of its key components. For example a switch connecting multiple nodes needs to

have redundant processors and provisions for redundant links via interfaces that supportmulti-linked connections, have multiple cooling fans and or be connected to multiple

power supplies. This is meant to guarantee that in case of a failure to one of the key

components of the device, the device has a backup component that starts up automaticallyin the event the primary component fails. Thus the device does not malfunction but

continues to run. This achieves a high Mean Time Between Failure (MTBF) for the

networking devices.In figure 3 in the next page, all the devices used in the network are fault tolerant. This

figure shows a network whose design is entirely based on the fault tolerance of its

devices.


6/14

6

figure 3

Though fault tolerant devices can achieve the elimination of link failures, they cannot by

themselves guarantee desired high network resiliency. This is because designing anetwork premised only on link failure elimination, results in multiple single points of

failure as shown infigure 3 above. These single points of failure can overshadow any

benefits that may have been attained by these highly fault tolerant devices in case any of

these single points goes down.Thus design based on fault-tolerant devices must be combined with other network

designs based on other factors to achieve high resiliency.

Handling Path Failures

Path failures are primarily handled by introducing redundancy in the network topology.By introducing redundancy, network nodes performing the same functionalities are

situated at different location. This ensures that in case of a failure of one the nodes due to

denial of service attacks or problem with the physical media, interruption of the servicesbeing provided is minimized as redundant network nodes assume the provision of the

service in question that would have otherwise been down.Also upgrades and debugging of various applications can be dealt with separately in the

primary and secondary paths without disruption of services thanks to redundancy in thenetwork. For example, in a situation where theres an email system, one of the email

servers could be shadowed by another server, and therefore, when the time comes to

perform an upgrade, one of the servers can be taken down for maintenance while theother is left providing necessary services. When finished, the upgraded server is brought

back up, updated and then the other server is taken down for maintenance as well.


7/14


8/14

8

To attain resiliency, standby paths (redundant links) are introduced as shown in figure 5

below. Switches are added to support this redundancy and they are configuredappropriately to specify the underlying primary and secondary link for each given path.

To achieve this configuration, a priority is assigned to each virtual interface to determine

which the primary path and secondary path respectively are. In the case where more than

one secondary path exists, the priorities assigned to the interfaces determine the order inwhich a path should be selected in case the primary path fails.

figure 5:-shows network with secondary switches

Routing

In routing, routers are used to connect various sub-networks in one network domain or

connect two different LANs. Routers operate at layer three of the OSI model as opposedto switches that operate on layer two of the OSI.

Routers use IP protocol to forward packets from the source network to the destination

network. This typically means forwarding a packet from one switch to the router, and

then from the router to the destination switch. The switch destination switch will thenforward the packets to the destination address as previously discussed.


9/14

9

In a LAN that is segmented into multiple sub-networks, a router is needed to handle any

path decisions required for the sub-nets to communicate effectively and achieve highavailability of the entire network.

To do this, like a switch, the router builds a reference table of all the computers (in this

case all the switches) connected to it and all the available paths to them. The router will

then decide how to forward data packets based on this reference table. Packets are herebyforwarded to there respective switches based on the IP address of the destination switch.

The switches then forwards the frames based on MAC addresses to the respective node.Scalability is thereby achieved as local delivery to the physical sub-nets is not handled by

the router but by the switch that connects each of the nodes in the subnet.

figure 6:-shows router connecting multiple sub-nets

With the above network design, a single point of failure exist incase the router

malfunctions. Thus resiliency is not achieved as the network is not highly available in

case of failure of the router.

For resiliency to be attained, redundancy has to be introduced. This will involve

introducing extra routers that will enable secondary links to be set up. Priorities for the

links are established and configured to the interfaces of the virtual links. These enable

primary and secondary paths to be identified and in case of the existence of multiplepaths, the order in which paths are selected in case there is a failure in the primary path.

Routers also facilitate the achievement of resiliency as they help to segment a networkthereby creating smaller broadcast domains. If only switches are used in relatively large

networks, the network can be overwhelmed by broadcast storms. These can greatly affect

bandwidth. By using routers to connect switches that segment various subnets in thenetwork structure, routers block LAN broadcasts. In this case a broadcast only affects the


10/14

10

broadcast domain in which it originated. This provides higher security and bandwidth

control than would have been achieved otherwise.Figure 7 below shows a network designed with redundant routers. Incase of failure of any

of the routers, each node will still be accessible via the alternate routers that exist.

figure 7

Thus a combination of switching and routing in a LAN in which a proper design has beenadopted will optimize resiliency thereof.

Problems with Routing

Though routers enhance resiliency in a LAN, failure to adopt the right routing protocols

can cause a lot of problems in the network that can be an impediment to achieving thedesired resiliency and security. The protocols adopted must also meet the demands of the

network. The routers should also be correctly structured and configured in order to

achieve high resiliency. One of the biggest problems that can occur as a result of this is.

Looping

This refers to a situation whereby network traffic bounces between routers infinitely.This can cause congestion to occur in the network. This would result into lower

bandwidth thus leading into some traffic to be dropped. Resiliency in the network is

compromised if this occurs as some traffic can not reach their destination. Thereforerouting loops must be avoided for a network to be highly resilient.


11/14

11

Figure 8 explains routing loops.

figure 8

in figure 8 on the left, if network 1

fails, router E sends an update torouter A. Router A too stops from

routing packets to network 1, butrouter B, C and D will continue to

route to network 1 via router E as

they have not been informed of thefailure. When router A sends its

update, routers B and D will stop routing to network 1. However network C hasnt

received an update and according to router C, network 1 can still be reached via router B.

router C will send an update to D indicating that a path to network 1 through router Bexist and this forces router D to change its routing table to reflect this incorrect

information and sends the information to router A which updates its table to reflect thisincorrect information. Router A then sends the information to router B and E and theprocess continues leading to an endless loop. Any packet now destined to network 1 will

loop through router C to B to A to D and back to C.

How Routing loops are handled

The loop that results as the above diagram describes will continue to loop in spite of the

destination network being down. Therefore a process has to be defined to get out of thisloop or else the routers will loop infinitely.

One way of avoiding routing loops is introducing a maximum hop count. Distance vectorrouting algorithm uses hop count as one of its metrics in determining the best path to

route through. Hop count is the number of routers a packet passes before it gets to its

destination. With the hop count defined to a given number, packets destined to a networkthat is down will only be allowed to loop through the network the defined number of

times before the network discards the packet.

Another way of eliminating routing loops is through split horizon. This techniqueprevents information about routes from exiting the router interface through which that

information was received. This prevents contradictory information from being sent back

to the router. For example infigure 8 above, if routing updates about network 1 arrivesfrom router A, other routers lets say B and C cannot send information about network 1

back to router A. this prevents a loop from occurring.

Reverse route poisoning is another technique adopted by routing protocols to avoid large

scale looping. These are routing updates that explicitly indicate that a network or subnet

is unreachable, rather than imply that a network is unreachable by not including it inupdates. If network 1 is down, router E will be set to poison the route. Router D is not

affected by incorrect updates about the route to network 1. Router D will send poison


12/14


13/14

13

These routes are either statically configured by the network administrator or dynamically

configured by the router itself through the updates it receives from its neighboringrouters. The static and dynamic configuration of routes is combined to necessitate the

setting of primary and secondary paths. All default and secondary paths should be

statically configured. These static routes are then overridden with the dynamic routing

information. This is achieved by adjusting the administrative distance values whichbasically is a rating of the trustworthiness of a routing information source. The higher the

value, the lower the trustworthiness rating. Therefore the static routes (secondary) aredefined as less desirable than dynamic (primary) routes by configuring them with higher

administrative distance values than dynamic routes. Subject to the foregoing higher

resiliency will be achieved.

Dead Node Detection

A dead node is a malfunctioned router or switch resulting to unavailable paths throughthe node. This might be as a result of hardware failure or denial of service attacks that

render that node useless thus unable to provide any further services. Failure for a networkto detect a dead node would result into packets continuously being routed through thismalfunctioned node resulting into packets not getting to their intended destination. This

would also mean that the network would not know if the packets were successfully

delivered to its intended destination.A network detects of a dead node through a periodic update of routing tables for routers

and CAM tables for switches.

The network discovery process (periodic updates) is meant to check for any topological

changes in the network. Incase a change occurs in the network, each router is called tosend its entire routing table (which includes the path cost as defined by its metric and the

logical address of the router on the path to each network contained in the table) to each of

its adjacent neighbors. If a network K is unreachable via lets say router M, all paths tothis unreachable network via router M will be dropped from the routing tables of all

routers. This is made possible due to the periodic updates that are conducted by routers.

Therefore any future packets destined to network K will not be routed via router M butwill be routed via another secondary (redundant) path defined for this route. This

achieves resiliency.

Conclusion

In this paper, we have discussed how resiliency can be achieved in the overall network

design. This ensures that packets from a source reach a destination irrespective of anypath or link failures that may be encountered. The high availability of the network is

achieved through introducing redundancy either in the available paths or having highly

fault-tolerant devices. Availability of redundant paths ensure that any denial of serviceattacks do not hinder any critical services from being available. Also fault tolerant

devices that have an embedded redundancy in their key components are used. This

minimizes the MTBF of devices as devices have key backup components that assumeresponsibilities of failed components. These two forms of redundancy guarantee a high

level of resiliency that would not be achieved in their absence


14/14

14

Bibliography

Certification Zone. Routing Loop Prevention. 2002..

Horms. "Routing Protocols. 8 Nov. 2001..

Rolf McClellan, Nick Lippis, McClellan Consulting and ZD Tag Fellow. "Network-LevelRedundancy/Resilience for High-Availability Campus LANs." Feb 1999

.

Google. Google Image Search. 2005

Cisco. Cisco Networking Academy Program. 2003

G. Goos and J. Hartmanis. Lecture Notes in Computer Science; 184. 1985

Goldman, James E. . Local Area Networks: A Client/Server Approach. Canada: John

Wiley & Sons, Inc, 1997.

Kibirige, Harry M. Local Area Networks in Information Management. Westport,

Connecticut: Greenwood Press, 1989

resiliency in lans revised

Documents