Network Operations and Internet Security @ Princeton


Overview: Detecting VLAN-Induced Sharing

Many enterprise, campus, and data-center networks have complex layer-2 virtual LANs (“VLANs”) beneath the IP layer. The interaction between layer-2 and IP topologies can introduce sharing that reduces redundancy and complicates fault diagnosis. This paper characterizes the extent and effect of this sharing in a large campus network. We first present the design and implementation of EtherTrace, a publicly available tool that infers the layer-2 topology using data passively collected from Ethernet switches. Using this tool, we infer the layer-2 topology for a large campus network and compare it with the IP topology. Our comparison yields some striking initial findings: almost 70% of layer-2 edges are shared by 10 or more IP edges, and a single layer-2 edge may be shared by as many as 34 different IP edges. We examine the implications of this sharing on both robusness and diagnosis accuracy. For example, applying network tomography to the IP topology to diagnose failures caused by layer-2 devices results in only 54% accuracy, compared to 100% accuracy when our tomography algorithm takes input across layers. We also describe several possible extensions and avenues for future work.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s