Inference of Network-Wide VLAN Usage In Small Enterprise Networks Kunwadee Sripanidkulchai, Chavee Issariyapat and Koonlachat Meesublak National Electronics and Computer Technology Center, Thailand
Are interfaces on routers related?
Motivation
Yes!
Virtual LANs (VLANs) are a powerful abstraction for enterprise networks. • • • •
Simpler address management Flexibility to group together any set of physical hosts Flexible VLAN-based access control to resources Segmentation and isolation of resources
However, virtualization poses challenging management and maintenance problems. • Missing physical-logical relationships needed to manage traffic • Are there VLANs that are responsible for the bulk of the traffic on a physical interface? • Which VLANs are the cause of shifts in traffic patterns inside the network?
We want to infer these missing relationships!
Two physical interfaces
Two VLANs
VLANs and their trunk
Inferencing Algorithm 1. Select interfaces to map: • Select physical interfaces that could carry VLANs determined by the lack of IP address information associated with that interface • Filter out interfaces using a minimum traffic requirement of 10000 packets/minute or roughly 100 kbps.
Goal Infer missing relationships by mapping VLANs to the physical interfaces carrying their traffic (any – any
2. Pre-process counter data: Calculate the number of packets seen in the last 1-minute period for all selected interfaces using the unicast “in” packet counter
mapping) • • • •
Vendor-agnostic Widely available information Low overhead Based on dynamic traffic information
SNMP Traffic Counters
4. Map VLAN to physical interface: • Select the VLAN-physical interface pair with the highest correlation value and subtract that VLAN’s traffic contribution (i.e., number of packets) from the physical interface’s traffic. • The remaining traffic is used to represent the physical interface’s traffic in subsequent iterations.
1. Access 2. Virtual Switch
3. Trunk
5. Iterate: Repeat steps 3-4 until the maximum correlation between any VLAN-physical pair is less than 0 or the number of iterations has reached a specified maximum.
4. IP-level traffic
Different Types of Mappings 1. 2. 3. 4. 5.
3. Compute correlation coefficient: Compute the Pearson’s correlation coefficient between all combinations of physical and logical interface pairs on the same router using 30-minute snapshots
Access port: 1 VLAN →1 Physical port Virtual switch: 1 VLAN → Many Physical ports VLAN trunk: Many VLANs → 1 Physical port Traffic-based usage: Any → Any Combinations of the above
ThaiSarn Network
Router
R1 R2
R3
# VLANs
14
39
29
# Physical Interfaces
18
11
7
• Domestic (Thailand) research and educational network interconnecting over 20 member organizations similar to Internet2 in the USA • Total of 59 VLANs over 3 core routers: 6 VLANs span 3 routers, 11 VLANS span 2 routers, and 42 VLANs span only one of the routers. • Data (SNMP counters) collected over 16 days in December 2007.
Map VLAN to physical interface: ⢠Select the VLAN-physical interface pair with the highest correlation value and ... Communities of interest. Configuration-based ...
mented on any physical infrastructure. As a result, enterprise network .... used in network monitoring tools [9] [10] also include non- user-level traffic which may ...
Aug 31, 2007 - bear this notice and the full citation on the first page. To copy ... were in the same building in campus, and other devices were located in ...
ing VLAN usage in a large operational network. Our study ... Operations]: Network Management ... data, and the extensive use of VLANs makes the Purdue.
the continuity of the inference, e.g. when I look out of the window at a bird while thinking through a problem, but this should not blind us to the existence of clear cases of both continuous and interrupted inferences. Once an inference has been int
I rewrote the ending of Farewell to Arms, the last page of it, thirty-nine ... Your writing is altogether obscure. A.M., P.M. .... But creating your own can result in an.
May 29, 2002 - We examined changes in lhe listige о/ muscular and motion-dependent moments during the long-term, practice, of a complex, multijoint ...
Jan 6, 2017 - The literal SDF has often poor explanatory power. â· Literal ... all other risk sources. For gt, it ... Alternative interpretation of the invariance result:.
Mar 11, 2009 - Figure 1. The Time Course of Adaptation following an Increase in Temporal Contrast Depends on ...... cent dye (0.1 mM Alexa 488; Molecular Probes). ... Gaussian noise in the frequency domain and filtering at 50 Hz, 60 Hz, or.
duction/abduction/induction triad is defined formally in terms of the position of the ... the terminology introduced by Flach and Kakas, this volume), cor- respond to ...
Download Date | 2/19/15 10:37 PM .... implying that the scores can be considered âas good as randomly assignedâ in this .... Any test statistic may be used, including difference-in-means, the ...... software rdrobust developed by Calonico et al.
