Advances in Methods of Information and Communication Technology, 2015 Graph Model of an IEEE802.1 Based Network Structure and Its Application for Enterprise ICT-infrastructure Discovery Anton Andreev Iurii A. Bogoiavlenskii Aleksandr Kolosov Department of Computer Science Petrozavodsk State University May 14, 2015 Anton Andreev Graph Model of Network Structure 14.05.2015 1 / 30 Petrozavodsk, Russia
Areas of Network graph use ICT-infrastructure graph (the Network) — most convinient way to represent data about its structure. Network documentation Network management and optimization Modelling and designing of network Load simulation for network segments The Network graph discovery problem Lack of standard tools for device detection Heterogeneity and incompleteness of data Diversity of network devices Network’s constant changing Comlex structure of Network (due to VLANs, IP-subnets, VPN) Anton Andreev Graph Model of Network Structure 14.05.2015 2 / 30
Project goal The Nest platform Network graph building Graph visualizing Tools for interaction with graph Data fl ows modeling Depiction and visualization of spatial and organizational structures of an enterprise The goal To develop, implement and test methods for automatized discovery of Network structure graph Anton Andreev Graph Model of Network Structure 14.05.2015 3 / 30
Network structure modelling Importance of Network structure model Formal relationship description Abstraction for devices Math tools for algorithms Ability to generate certain Network graphs The modelling problem Modelling of static structure of 1, 2, 3 layers of OSI model Modelling of Networks built in accordance to IEEE 802.1 и IP (RFC 791) standards Description of logical structures (VLAN, IP-subnets) Anton Andreev Graph Model of Network Structure 14.05.2015 4 / 30
Physical layer structure modelling D — set of devices; d 1 , d 2 , d 3 ∈ D d 1 d 2 d 3 Anton Andreev Graph Model of Network Structure 14.05.2015 5 / 30
Physical layer structure modelling P — set of ports; P d ⊆ P — set of ports of device d ∈ D ; O — set of edges of ownership d 1 d 2 d 3 P d1 P d2 P d3 p 13 p 12 p 11 p 22 p 21 p 32 p 31 Anton Andreev Graph Model of Network Structure 14.05.2015 6 / 30
Physical layer structure modelling L — set of edges between ports d 3 d 2 p 31 p 32 p 22 p 21 p 11 p 12 p 13 d 1 Anton Andreev Graph Model of Network Structure 14.05.2015 7 / 30
Link layer structure modelling VP — set of interfaces; VP d ⊆ VP — set of interfaces of device d ∈ D ; VO — set of edges of ownership for interfaces d 1 VP d1 (p 13 , i 3 ) (p 13 , i 2 ) (p 12 , i 2 ) (p 12 , i 1 ) (p 11 , i 1 ) d 2 d 3 VP d2 VP d3 (p 22 , i 3 ) (p 22 , i 1 ) (p 21 , i 2 ) (p 21 , i 1 ) (p 32 , i 3 ) (p 32 , i 1 ) (p 31 , i 2 ) Anton Andreev Graph Model of Network Structure 14.05.2015 8 / 30
Link layer structure modelling VC — set of switching edges; d 1 VP d1 (p 13 , i 3 ) (p 12 , i 2 ) (p 13 , i 2 ) (p 11 , i 1 ) (p 12 , i 1 ) d 2 VP d2 (p 22 , i 3 ) (p 21 , i 2 ) (p 21 , i 1 ) (p 22 , i 1 ) d 3 VP d3 (p 32 , i 3 ) (p 32 , i 1 ) (p 31 , i 2 ) Anton Andreev Graph Model of Network Structure 14.05.2015 9 / 30
Link layer structure modelling VL — set of edges between interfaces of di ff erent devices (p 13 , i 3 ) (p 11 , i 1 ) (p 31 , i 2 ) d 1 (p 12 , i 1 ) (p 21 , i 1 ) (p 22 , i 1 ) (p 32 , i 1 ) d 3 (p 13 , i 2 ) (p 12 , i 2 ) d 2 (p 22 , i 3 ) (p 32 , i 3 ) (p 21 , i 2 ) Anton Andreev Graph Model of Network Structure 14.05.2015 10 / 30
Broadcast domains modelling BD — set of broadcast domains in network (p 32 , i 3 ) (p 22 , i 3 ) (p 31 , i 1 ) (p 22 , i 4 ) (p 13 , i 3 ) (p 21 , i 2 ) (p 11 , i 2 ) (p 13 , i 2 ) (p 31 , i 2 ) (p 11 , i 1 ) (p 12 , i 1 ) (p 21 , i 1 ) (p 22 , i 1 ) Anton Andreev Graph Model of Network Structure 14.05.2015 11 / 30
Network layer structure modelling NP — set of network interfaces; NO — set of edges of ownership for network interfaces. ip1, mask1 ip3, mask1 ip2, mask2 d 1 ip3, mask1 ip1, mask1 ip4, mask3 ip2, mask2 Anton Andreev Graph Model of Network Structure 14.05.2015 12 / 30
Common Network structure modelling Graph G = < V , E > ; V = D ∪ P ∪ VP ∪ NP , E = O ∪ VO ∪ NO ∪ L ∪ VC ∪ VL d 1 ip1, mask1 ip2, mask2 ip2, mask2 ip1, mask1 ip3, mask1 ip3, mask1 ip4, mask3 (p 11 , i 1 ) (p 12 , i 1 ) p 12 d 2 p 13 p 11 (p 12 , i 2 ) (p 13 , i 2 ) (p 13 , i 3 ) (p 21 , i 1 ) p 21 (p 22 , i 3 ) p 22 (p 22 , i 1 ) (p 21 , i 2 ) (p 31 , i 2 ) ip5, mask1 (p 32 , i 3 ) ip7, mask3 p 32 ip5, mask1 (p 32 , i 1 ) p 31 ip6, mask1 ip8, mask1 ip10, mask3 d 3 ip9, mask1 Anton Andreev Graph Model of Network Structure 14.05.2015 13 / 30
Examples Switch p 11 ip1, mask1 ip1, mask1 p 12 (p 11 , i 1 ) (p 13 , i 1 ) d 1 (p 12 , i 1 ) (p 14 , i 1 ) p 13 ip1, mask1 ip1, mask1 p 14 Anton Andreev Graph Model of Network Structure 14.05.2015 14 / 30
Examples Link aggregation p 11 p 21 p 12 p 22 d 1 d 2 (p 11 , i 1 ) (p 21 , i 1 ) (p 12 , i 1 ) (p 22 , i 1 ) Anton Andreev Graph Model of Network Structure 14.05.2015 15 / 30
Available data on Network structure Retrieving using Simple Network Management Protocol Ports and interfaces IF-MIB IP-MIB Q-BRIDGE-MIB, VTP-MIB, CISCO-VLAN-MEMBERSHIP-MIB, ... Physical and logical connections Cisco Discovery Protocol: CISCO-CDP-MIB Link Layer Discovery Protocol: LLDP-MIB Spanning Tree Protocol: BRIDGE-MIB Address Forwarding Table: BRIDGE-MIB Address Resolution Protocol: RFC1213-MIB, IP-MIB Anton Andreev Graph Model of Network Structure 14.05.2015 16 / 30
Graph discovery algorithm 1 Data collection ◮ Data about devices (MACs, names, etc.) ◮ Data about VLAN and IP ◮ Data about connections 2 Graph vertices creation ◮ Vertices creation for devices accessible via SNMP ◮ Vertices creation for unaccessible devices using indirect data 3 Search for potential connections ◮ Using data about direct connections ◮ Using reachability data 4 Graph edges building Anton Andreev Graph Model of Network Structure 14.05.2015 17 / 30
Potential connections fi ltering example A , B , C ∈ D a ∈ VP A b 1 ∈ VP B b 2 ∈ VP B c ∈ VP C b 1 a c b 2 c a ⇓ a ∈ VP A b 1 ∈ VP B b 2 ∈ VP B c ∈ VP C b 1 a c b 2 ⇓ b 1 b 2 A a B c C Anton Andreev Graph Model of Network Structure 14.05.2015 18 / 30
Algorithm implementation Nestopo — Nest subsystem for automatized Network graph building Availability for Network structure graph building Use Simple Network Management Protocol (SNMP) for data retrieving Handling standard MIBs (Management Information Base) Availability to add vendor speci fi с MIBs for handling Subsystem con fi guration: ◮ Start address for Network traversing ◮ Devices access parameters ◮ Algorithm partial execution Anton Andreev Graph Model of Network Structure 14.05.2015 19 / 30
Testing of Nestopo Testing necessity Built graph correctness veri fi cation Various devices interaction examination Data incompletness in fl uence analysis Testing methods Real network testing Use of virtual labs and Network simulators Automated testing using network structure generation Anton Andreev Graph Model of Network Structure 14.05.2015 20 / 30
Testing Nestopo using PetrSU network Bene fi ts Maximal network structure realism Interaction with real devices Disadvantages Network structure change unpredictability Result graph viri fi cation di ffi culty Lack of in fl uence on con fi guration Lack of tests variety Long data collection duration Anton Andreev Graph Model of Network Structure 14.05.2015 21 / 30
Graph of physical structure of PetrSU Network Anton Andreev Graph Model of Network Structure 14.05.2015 22 / 30
Testing Nestopo using GNS3 labs GNS3 — Graphical Network Simulator 3 Bene fi ts Con fi guration opportunities Network behaviour predictability Simplicity of result graphs veri fi cation Disadvantages Long duration of handmade con fi guration Tiny scale of Networks Invariety of available devices Anton Andreev Graph Model of Network Structure 14.05.2015 23 / 30
Testing Nestopo with GNS3 labs Anton Andreev Graph Model of Network Structure 14.05.2015 24 / 30
Testing Nestopo with GNS3 labs Anton Andreev Graph Model of Network Structure 14.05.2015 25 / 30
Testing using Network structure generation Bene fi ts A lot of varied network structures with any scale Formation of any type of data Availability of testing automatization Imitation of mechanics that can’t be seen in accessible networks Disadvantages Need for implementing generation mechanics Can’t replace testing in real networks Anton Andreev Graph Model of Network Structure 14.05.2015 26 / 30
Testing using generation: Netgen subsystem Generation method 1 Sequential generation of three layers of model 2 Physical structure generation in shape of scale-free network (Barabasi-Albert algorithm) 3 Data generation Opportunities of Netgen 1 Structure generation con fi guration: number of nodes, VLAN sizes, etc. 2 Data generation con fi guration: data completeness degree 3 Storing result graph in various formats Anton Andreev Graph Model of Network Structure 14.05.2015 27 / 30
Testing using generation: examples Generated Devices 15 Including hubs 3 Hosts 202 Links 216 Discovered Devices 14 Including hubs 2 Hosts 202 Links 195 Matched Devices 14 Hosts 202 Links 195 Anton Andreev Graph Model of Network Structure 14.05.2015 28 / 30
Recommend
More recommend