Network Stakeholders And Types Of Application

Published Date: 02 Nov 2017

Abstract

A communication network has become an indispensable part of our day to day life. A problem in a vast and complex network, such as Lancaster University’s campus network, is difficult to detect and resolve. In this report it’s the problem of network failure, which we are trying to resolve. Network measurements such as active and passive measurements scenarios provide us very valuable information about the performance, utilization, QOS and health of network. However, complexity and large size of the network makes these measurements a much more difficult task. Lack of administrative permission to access backbone network, multiple points of failure and a need to make these measurements in a non-intrusive manner makes the problem much more challenging.

In this report we present a case study of Lancaster University’s campus network including the topology of network, the constituents and direction of traffic flow within campus network, and services provided by Network management Centre to the users within the campus. We then propose the design of measurement tool which we have developed to detect and resolve different kinds of failures that occur in the campus network.

Introduction

Over the years we have seen tremendous improvement in communication network complexity. The complexity is also reflected in campus networks, such as Lancaster University’s campus network. Lancaster University’s campus network is a hierarchical network comprised with 350 Km of fibre optic network in use across the campus, 1,500 Km of copper lines cowering whole campus, it’s having a capacity of 31,000 data points out of which 10,000 points in use, In addition to this 450 wireless network access points Daily serving 5050 university workstations across the campus.

At the bottom most level we have a user (students, staff, teaching faculty), accessing the network from his machine. A Group of users in a building form a subnet, which are connected to backbone routers through switches and hubs. And finally there is a NAT box cum proxy server which provides WAN access to users. User will have multiple applications running on his machines, Routers and switches perform the function of routing and traffic measurements, and firewall Tries to shape the network traffic. This growth in complexity and the distributed nature of the campus network and the network elements has made network measurement and monitoring a challenging task not only for administrators but for researchers as well.

It is not enough to simply monitor the status of just one element in the network. There are other multiple elements in the network, which successfully interact with each other to provide end-to-end connectivity to users. Thus complicating the task of network measurements and monitoring leading us to question of WHAT,HOW,WHEN and WHERE to measure In a large and complex networks like Lancaster University network, there are multiple points of failures like Input buffer at intermediate router might be full and packets might be getting dropped or the proxy server might be overloaded and dropping requests or some WAN link might itself be down or domain name is not resolved because of under-performance of DNS or their might be some miss-configuration at the user’s machine and traffic from other users also affects the performance of the user. This ends with a question in every users mind "What went wrong with this network?"

In this report we try to answer above question, by performing measurements on the University campus network to detect and resolve failures in campus network and we also perform some measurements based discussion to determine the performance of network of Lancaster University. In our observation we are trying to answer some important question which is

The types of failure that can happen in different network elements

Frequency of the failure occurrence in the different elements in network

Status of network elements at given period of time

Variation in performance experienced by the user over the one part of the network to other part of network

The what inference which we will get by analysing performance

The above analysis is mainly targeting two group of users .Users of network will benefited by measurement tool to detect the failure and cause for the failure, this results in saving their time . Network operator is another group of people who will benefited by the network measurement by checking the performance of different elements in a network

Considering Lancaster University for The work:

To make the measurement more appropriate, we considering "Lancaster University campus" .Here we aim to achieve following goals

First goal here is to continuously monitor the performance of the network such that in case of any failure , we are in a position to find the problem and resolve it easily .Failure in the network happens because of the malfunctioning of components like link ,router ,switches ,server and software

Second goal is to study the amount of traffic exists in campus and behaviour of traffic in different sections(hostel ,library, learning zone etc) of campus, and to study the composition of traffic based on the type of application

By this report we will develop a tool which will track network status by continuously measuring traffic this will help network users to diagnose problem easily .such that users in position to detect and diagnose the network failures very easily and more appropriately

1. Lancaster University Network Overview

The Lancaster University Network is of a type CAN(Campus Area Network) .which interconnects limited no of LANs within a university campus area ,which includes departments ,university library and lecturer halls .Lancaster university campus network is a vast entity, it’s a hierarchical network with 350 Km of fibre optic network in use across the campus 1,500 Km of copper lines cowering whole campus, it having the capacity of 31,000 data points out of which 10,000 points in use, in addition to this 450 wireless network access points, Daily serving 5050 university workstations across the campus, in total 900 networking devices in 168 communications rooms Providing 6,625 residents with high-speed broadband .

Daily serve 5050 university workstations across the campus providing network access to a large group of faculty, students and staff. Round-the-clock monitoring and management of such a network is a daunting task. To understand the challenges involved in measurements of such a network it is important to first study its structure, understand the kind of traffic that flows through it and the services that are run over it.

This section outlines the structure of the network in Lancaster University and gives a description of its various components emphasizing on the problems faced by different group of people using the network

1.1 Network Topology

The campus core network is arranged in hierarchy, with three main routers located in different location in campus, main routers includes border gateway router situated near Graduate North Avenue, along with eleven other routers located in different parts of the campus controlling the traffic flow. Campus network can be classified by considering different type of users that is

Hostels: Access to students and the staffs

Academic: Access to the academic areas

Admin

Wireless :Wireless access to selected location in the institute

Physically wire from an office ,lab and user machine goes to one of several communication equipment rooms in the building and connects into hub or switch ,these hubs are interconnected via either a shared Ethernet segment or switch in the building’s main communication equipment room .This hub or switch is then connected via fibre –optic cable to router port in one of the campus router ,using switches in buildings ,network traffic in different building is kept separate ,that is computer in one particular building cannot see the traffic from any other building

Lancaster University local network is connected to external network via leased broadband lines (32 Mbps, 8Mbps, 64 Mbps).traffic destined to nodes outside campus is filtered at the router kept near Graduate North Avenue building.

2. Network Stakeholders and Types of Application

Network stake holders of university network can be grouped into two different categories based on the network usage and the network monitoring

University network operator: provides ,manages and monitors the various network services to all the users in the institute .These services include electronic mail, FTP, World Wide Web , DNS and many other Services

Users (Students, Staff, etc): This category consists of major stake holder of university network. This is categorise by considering different type of users who are availing different type services from university network, it’s mainly consists of students who is mainly contributing to the network traffic and network usage of. Teaching staffs are the another kind of network users

2.1 University network operator:

University Network operator centre manages and monitors various network services to all the users in the institute .The service includes electronic mail, FTP, World Wide Web, DNS and many other services ,Let us consider some of these services

1 Web Proxy

Squid proxy server serves the campus network as web proxy. It performs the function of web caching, content filtering, user authentication, ad-blocking and bandwidth shaping. As mentioned in Section, campus network is connected to Internet via three WAN links. Proxy server also performs load balancing on these WAN. Proxy server is essentially a cluster of machines which appears as a single server to end-users because of Ultra Monkey. This is essentially done by providing virtual server as front end and using real servers as back end

2 Firewall

A packet coming into or going out of the campus network has to pass through different Firewalls. The purpose of firewalls is to protect internal network in-case servers are compromised. These firewalls are implemented using, iptables the open source firewall tool. It consists of rules for how to deal with packets. These rules are grouped into chains, an ordered list of rules. Further, these chains are grouped to form tables, there are three basic tables containing some predefined set of chains. These are the Filter table, NAT table and Mangle table.

a) Filter table: is used to packet filtering. It is used to restrict the services available to the network users within campus. It does so by blocking the traffic on specific ports, for example outgoing packet has been blocked from everywhere except the School of Computing And Communication machines (which can be identified from their IP address). It also looks into the type of request to block certain services.

b) NAT table: is used for rewriting packet addresses and ports. It is through the use of NAT table that firewall also acts as the NATing agent. Connection tracking is done to keep track of states and expectations. SNAT is used for changing the source address while DNAT is used for changing the destination address. Requests forwarded outside the campus network contain the address of the three WAN interfaces provided by the ISP.

c)Mangle table: is used for modifying packet options and hence enables traffic shaping.TOS, TTL and MARK field of the IP header are modified. By changing the MARK field and using iproute2, specific routing is achieved.

3 Domain name service:

There is a local hierarchy of DNS servers within Lancaster University network. Some of the Building have a local DNS at lower level with Lancaster University DNS at the upper level. For example, INFO lab (10.129.1.1) and School Of Management (10.105.1.7) have their Own DNS servers at lower level and there is the Lancaster University DNS (10.200.1.11) for the whole campus. Queries for addresses with lancs.ac.uk suffix are resolved by the DNS at the local subnet or by the campus DNS, dns. lancs.ac.uk, while all other queries are forwarded to the DNS server provided by the ISP. There is a small cache of queries maintained at each of these servers. dnscache, an open source recursive name resolver is used to implement the DNS.

2.1(a) Network Monitoring Tools For performance Analysis

Network administrators provide some of the statistics about network performance using some of the commonly available tools. These include:

• MRTG (Multi Router Traffic Grapher) uses the SNMP (Simple Network Management Protocol), for monitoring and measuring the traffic load on network links. Data is collected every 5 minutes and results are plotted vs. time into day, week, month and year graphs.

• Nagios is used to monitor hosts and services, such as SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP and SSH running on them. An online web interface is available where users can check the status of hosts and services. Currently it is used to monitor only the routers and switches of different subnets. It is installed at central lCC router and it continuously checks these machines for services (SNMP) running on them.

• Mail logs are also provided giving a count of number of incoming mails, outgoing mails and their sizes along with number of mails queued up in the IMAP server.

• Proxy Servers usage statistics is also provided using MRTG.

These services measure the load on the network but do not provide us the current status. For example MRTG measures the traffic load on network links but it does not tells us about the status of the given router or switch. Or for proxy for that matter. And all these services are running individually. The tool which we have built checks the status of the backbone of the campus network, which includes:

• Subnet Switch

• Subnet routers and CC router

• Proxy server

• DNS servers

2.2 Network Users: Students, teaching staffs and faculty the university are the major network users. Type of usage/application of network is different for different users. Students Each of this user have certain common usage characteristics, for example all of them still use email services. However, they have certain characteristics peculiar to their group. Academic users have higher web usage, accessing journal sites and HTTP content (text+ images) access. While hostel users largely access multimedia content and heavy traffic generating applications such as instant messengers. It is also known that a large amount of multimedia content is downloaded using HTTP; this also contributes to the application traffic of the users.

Different Types of traffic Flow across the campus network

Based on the source and destination address of packets across the network, traffic is classified into categories such as:

Internal traffic this type of traffic results by a packet which are destined towards the node within in the same network .While Internet bound traffic comprises of packets which are destined to nodes outside the campus network. Packets from each of this class have a different flow within network as follows: Internal Traffic flow Packets generated at the host, if destined to another host within its own subnet, and then they are delivered to the destination host via switch. However, if the packet is destined to a node outside the subnet; it is forwarded to the router interfacing the subnet. Inbound packets are then forwarded to the router which interfaces with destination node’s subnet. On the other hand if it is Internet bound packet or meant for servers in DMZ it is routed to the central CC router in KReSIT and then forwarded to DMZ after passing through a firewall.

Out bound traffic: traffic results from the inbound packets from network other than same network. Once the packet passing through the firewall it will enters the DMZ, Here packets are serviced depending on their destination, packets which are destined servers within the DMZ are directly serviced , and packets which are destined to nodes within the same network are sent to the router by performing reverse NAT lookup

3. Types of failures which results denying services to end users

Based on discussion in Section, we tried to identify various failures that occur at various elements in network backbone. In this Section we describe the different types of Application layer failures identified for Web Access, DNS servers and Routers.

Web Access Failures: Web access failures are the failures which are seen by an application when trying to access WAN from within the campus. Following are different types of web access failures seen at the application layer:

• 503 Service Unavailable:• Connection timed out failure at Proxy

• Connection time out failure at Server

• Connection refused failure

• Connection reset failure• 504 Gateway Timeout Failure

DNS Access Failures: DNS access failures are the failures seen by an application while trying to resolve a DNS query from a DNS server. Following are the different types of Error seen by an application during a query to DNS server.

• Connection Time out Failure

• Blank answer field:

Router Access Failures: Router access failures are the failures seen by an application while trying to access the router. Following are different types of failures seen by an application while sending packets to a router:

• No Route to Host Failure

• No response received

4. Measurement Methodology

In this section we describe different parameters that are measured and method / tool used to measure network parameters in campus. Based on the type of measurements performed we classify these methods into, Active measurements and Passive Measurements.

4.1 Passive Measurements:

In order to not overload the network with measurement traffic passive measurements are performed. We snoop in on the packets coming in and going out from the host. Each node within a subnet can see the ARP packets and IP packets in that subnet. ARP packets however are blocked by the subnet router and are not allowed to go outside the originating subnet. IP packets on the other hand if destined for a host within subnet remain in the subnet or else are sent to the destination subnet via subnet router. Thus by looking at these packets on a host we can measure following parameters: Subnets reachable by the host Based on our assumption, that the clients connection settings are correct, receiving packet from a host indicates client was able to establish connection to that host and able to reach that host as shown in the We snoop in on the ARP packets to determine whether host is able to reach a hosting its own subnet. And snoop in on the IP packets (TCP and UDP) to determine which nodes are reachable outside its own subnet. Thus we record the reachable of the subnet switch, subnet router, DNS server configured at the client and proxy using the packets received at the client machine. If however in the given one minute measurement interval we do not receive any packet, we use it as an indicator for the subnet switch to be down. Since most of the time there are more than one user on the network, the subnet is always full of ARP packets thus if we don’t even receive any ARP packet in our measurement interval it can be safely assumed that subnet switch is not working.

4.2 Active Measurements:

Passive measurement sometimes reveal information that at times is inconclusive, thus to make conclusive measurements active measurements are performed, however a bigger question with active measurements in such a large network is what to measure Lancaster University campus network is an hierarchical network, with fixed topology and static routing. The internal and internet bound traffic, , has a predefined fixed path in the network. Thus the task of active measurements is much more stream lined. Let us consider some of the network parameters that are measured using active measurements.

Packet Loss: loss over the link is one of the most studied properties of links. It can occur due to network congestion where the server or intermediate router starts dropping packets because of input buffer getting overflowed, it can also occur because of packets getting corrupted and being dropped at intermediate node or server.

Delay: Delay is measured as time taken by packet to reach from one machine to another in a network. It is a sum of propagation delay, queuing delay and transmission delay. Given the bandwidth and size of the link, propagation delay and transmission delay are deterministic. It is the non-deterministic nature of queuing delay which adds the randomness to packet delay and thus making its measurement harder. The lack of time synchronization across hosts in network makes the experimental determination of delay that much harder

Round Trip: Time or RTT is measured directly at the sender by measuring the time difference between the time when packet was sent and time when acknowledgment was received. There are several tools which give us RTT, such as Ping. It is throne way delay that is hard to measure. Time synchronization protocols are used to synchronize the clocks on two machines, which are then used to measure the one way delay.

Bandwidth: Bandwidth or throughput is the amount of data per unit time which is delivered over a link. In network measurements it is sometimes used exchangeable with link capacity, which is defined as the maximum amount of traffic which can be transmitted over the link. Thus bandwidth is data rate which we get from our experiments. Path char [15] measures the link bandwidth by sending variable size packets and performing a statistical analysis of the results to compute the link capacity. Path char is unique in its ability as it is able to measure bandwidth of all the links in path.

Measurement solution:

In the above details we came across the many advantages and disadvantages of active measurements and passive measurements .By considering all the challenges associated with it we are proposing new strategy for the measurements

Architecture

Our solution consisting of 3 layer architecture as shown in above figure, network measurement tool mainly consists of client ,server and diagnostic node ,these nodes distinguished based on the type of activity performed at the nodes. Client nodes continuously performs the on demand active measurements and passive measurement .Server node continuously performs local interference from the results of interference and performs active measurements .Both these server and client node continuously sends data collected to Diagnostic node .which makes inference about network by comparing each data received from server and client node

As we disused earlier Lancaster university campus network is categorised based on the different section of users for the network management purpose and based on the different section of users. We will place server nod e at all the sections like in academic, hostel library and residential area. SNTP protocols are used to synchronize all the server nodes to www.lancs.ac.uk. Based on the measurements performed by all these nodes locally they make some localized inference about parameters mentioned below and then it will send diagnostic nodes

Subnet router status

Subnet switch status

CC router status

DNS server status

Proxy server status

Bandwidth estimation

Web access performance

Client node refers to the end node user’s machines .These performs the passive measurement about the performance experienced by the end user and few on demand measurements and send these report periodically to diagnostic node .Measured parameters of client nodes is

Subnet switch status

Subnet router reach ability

Reach ability of DNS server

Proxy reach ability

No of uploaded bytes

Bandwidth estimation

No of downloaded bytes

Upload rate

Download rate

Client node is used mainly for two purposes here

Load on the network is reduced due to no need of injecting synthetic traffic into the network

Client node is able to measure the status of subnet switch: The use of Client-node serves two purposes. First, the load on the network is reduced as we do not have to inject any synthetic traffic into the network. Secondly, and more importantly, Client-node is able to measure the status of the subnet switch. Most of the switches in the campus network are layer two switches. Thus they do not have any ip-address thus making it difficult for the Server-node to measure their status. There uptime status can be inferred from the fact that if we are able to reach subnet router then we are able to reach the status but still the failures of subnet switch and subnet router would become indistinguishable in this case. The Client-Node can be used to check the status of the subnet switches.

Diagnostic node

This node performs the task of receiving data logs from server and client node and makes global inference about network status by using information received from all the nodes. Network status includes

Status of Subnet switches ,DNS server, subnet routers ,proxy server: Diagnostic node determines whether the given element is active ,inactive or overloaded or find outs the present of failure by using information received about status of each network element

Outage length: Based on the information received it calculates the status of the network elements and using that it computes the length of outages with the outage frequency for given element

Higher level statics :it calculates a higher level statics for router and DNS servers in the campus .It takes the interface which belong to the same machine ,like taking all the interfaces of a subnet router and generates statics for the percentage amount of time

DNS service time: By using the information received from the entire server nodes diagnose node computes the service time for each DNS server, DNS service time defines the amount of time DNS server takes to service DNS query

Web download performance: Using the web download rate information received from the server nodes for each of the different external URL’s, it calculates the web download rate expected for that URL.

These nodes perform this measure online as well as offline from the logs previously saved. In case of failure or performance deterioration any node in campus network can query these nodes using a remote query interface in order to enquire about the status of the network. Also, system administrators can run the script on their machine locally to determine the status of the network.

Conclusion