This topology suffers from higher costs due to the extensive wiring and installation difficulties. Figure(6): Dual Link-Star Topology. Figure(7): Dual Star-Ring ...
Design & Implementation of a Highly secured & Reliable Cooperative Network Qutaiba I. Ali Salah Abdulghani Computer Engineering Department/University of Mosul
Abstract: This paper deals with the necessary steps taken to enhance both security and reliability status of Mosul university. From security point of view, the main aim of the design is to protect the network against internal and external threats as well as various types of attacks. The design includes the ability of the administrator to control and manage the network from different locations inside the network and remotely from outside the network. First of all, the current security state of the network is examined, then, complete network security architecture is proposed. This architecture is based on supplying the network with 11 security methods against internal threats and 6 security methods against external threats. These methods have both software and hardware nature and work in all network layers. The affectivity of the suggested security solutions is tested against different attacks and proves its ability to resist these situations. Our suggestions to enhance network reliability includes supplying the network with different techniques to enhance its robustness, such as, Link redundancy (using Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) or Etherchannel Technology with different network topologies), Server Redundancy, Redundant switch components , Dual power input and standby Wireless LAN in case of sever cabling failure. The affectivity of the suggested solutions and their impact of the network behavior were tested using an experimental network. Keywords: Network Security, Network Reliability, VLAN, AAA server, VPN, Redundancy, Recovery time, STP, RSTP, Etherchannel.
تصميم و تنفيذ شبكة تعاونية عالية األمنية و الوثوقية صالح عبد الغني قتيبة إبراهيم علي.د جامعة الموصل/كلية الهندسة يتناول هذا البحث الخطوات الضرورية الواجب إتباعها لبناء شبكة حاسبات ذات مستوى عالي من األمان و الوثوقية:الملخص تقنية ضد الهجمات11( تم تزويد الشبكة بتقنيات متنوعة لزيادة مستوى األمان.والتي تم تطبيقها على شبكة جامعة الموصل تقنيات ضد الهجمات الخارجية) و لضمان مقاومتها لشتى أنواع االختراقات والذي تم التأكد منه بإجراء اختبارات6 الداخلية و كذلك تم إدخال مفاهيم الوثوقية للشبكة لضمان استمرار عملها في أقسى الظروف واتخاذ.معمقة على نموذج مختبري للشبكة .إجراءات بديلة في تعرض أجزاء الشبكة المختلفة إلى أعطال مختلفة
1.INTRODUCTION Mosul university network was established in 2004. The purpose of the network is to connect the different locations of the university by a high speed (1 Gigabit Ethernet) links. The network introduces several services to its client (2000 user in 2007), such as internet sharing, Email accounts, web hosting and internal chatting. The future may witness its application to be extended to cover more sophisticated fields such as database sharing and interactive multimedia applications. 1
The topology of the basic installation of the network is shown in Figure (1). The Description of the different network devices and its current configuration are listed in Table (1) .
Figure(1): Mosul’s University Network Topology
2
Table 1: Current Configuration of Network Devices DEVICE NAME
Cisco Router 2800
QTY.
1
Cisco Switch 2950 30 Cisco 515E
Cisco switch layer2 switch
Antivirus Server
Access point
●2 Fast Ethernet ports, 2 serial ports ●IOS=12.3 ●Support=Rip1,Rip2,EIGRP,IG RP,OSPF,ISIS,BGP,VPN,VLAN,VTP ●Layer 2 switch ●24 Fast Ethernet ports ● IOS=12.3 ● VLAN, VTP
CURRENT CONFIG. ●Dynamic Routing= IGRP ●Static Routing=default state ●Extended access list ●Static NAT ●No Encrypted Password ●1VLAN/Switch ●default configuration ●No Encrypted Password
●3 Fast Ethernet ports,2 serial ports ●IOS=7.21
●Access-list ●Static NAT ●Default configuration
●Layer 3 switch ●3 modules (fiber optic, Gigabit Ethernet, Fast Ethernet,48 port) ●IOS=12.4
●(50)Port Based VLANS ●Inter VLAN Enabled ●Extended access-list ●Default configuration ●Encrypted Password
11
●24 Fast Ethernet ports ●2 Gigabit Ethernet Ports ●IOS=12.4
●1VLAN/Switch ●default configuration ●No Encrypted Password
1
●DELL POWER EDGE 6600 SERVER
●Password required
1
● AP 1200
●64 bit WEP ●MAC Address Filtering
firewall(PIX)
Cisco Core 6051E
DESCRIPTION
1
switch 1
3750
The network consists of (41 Cisco 3750 & 2950) switches connected (via 1 Gbps Ethernet) to the Cisco 6051E core switch. These switches represent different university departments. Each switch is connected down to many layer 2 switches and different department’s hosts. The connection to the internet is achieved through the Private Internet eXchange (PIX515E) device (which act as a firewall) and the Cisco2800 Network Address Translation (NAT) router. The internet service of the network could also be accessed through several IEEE802.11b WLAN connections. It is obviously clear that network security and availability concepts have not been considered during the installation of the network. In numerous occasions, the failure of an optical cable prevents wide sector of network clients from accessing it to make use of its services. Thus, it is important to insert different security and reliability methods in a transparent fashion without affecting the performance of the network. 2. BUILDING A SECURED NETWORK: The main goal of the network security is to protect against the mentioned types of threats and attacks. On the other hand, the added security methods should not affect seriously on the network management or its performance. As a suggestion to achieve these goals, the network topology 3
must reorder, new devices should be added and a reconfiguration should be made to the existed devices. Figure (2) shows the suggested topology of the network.
Figure(2):Suggested Topology of Mosul’s University Network The heart of the proposed security system is the AAA server. AAA is the acronym for authentication, authorization, and accounting Authentication controls access by requiring valid user credentials, which are typically a username and password. Authorization controls access per 4
user after users authenticate. Accounting tracks traffic that passes through the security appliance, gives the ability to have a record of user activity. The security appliance supports a variety of AAA server types and a local database that is stored on the security appliance. Examples of these types are: RADIUS Server, TACACS+ Server, SDI Server, NT Server, Kerberos Server, LDAP Server Support and Local Database Support. Depending on the size of the network and available resources, AAA can be implemented on a device locally or can be managed from a central server running RADIUS or TACACS+ protocols. The AAA server first checks to see if the user has been authenticated. If a valid authentication entry exists for the user, the session is allowed and no further intervention is required by the authentication proxy. If no entry exists, the authentication proxy responds to the connection request by prompting the user for a username and password. If the authentication fails, the AAA server reports the failure to the user and prompts the user for a configurable number of retries. The most functionally server type is the TACACS+ Server and it is chosen here for that purpose. Terminal Access Controller Access Control System Plus (TACACS+) is an industry standard protocol specification, RFC 1492, that forwards username and password information to a centralized server. Another AAA server is used as a backup in the case of the fail of the first one and they may cooperate to retrieve against network congestion problem [1]. The other change in the network topology is connecting the web server to the demilitarized zone (DMZ) portion of the PIX device. The firewall allows limited access to the DMZ, but because the DMZ only includes the public servers, an attack there only affects the servers and does not affect the other inside networks [ 2]. In order to manage the network efficiently, a management server is added. This server contains the necessary tools the administrator needs to manage the network, such as traffic analyzer, devices debuggers and remote access software. The server has an HTML Page which acts as a Graphical User Interface (GUI) for the administrator and includes all the accessed network resources. The server could also be accessed using command line interface. It is worth to mention that management server has its own ‘User Name &Password’ and can accessed only by the administrator [1]. The other addition to the network is the insertion of Intrusion Detection System (IDS) devices. It is known that IDS monitors and performs real-time analysis of network traffic by looking for anomalies and misuse based on an extensive, embedded signature library. When the system detects unauthorized activity, it can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to the device manager. Other legitimate connections continue to operate independently without interruption [3]. The main aim of the proposed solutions is to securely allow the administrator to reconfigure any network device either locally (through console ports), via wired network (switched network), using the WLAN link or remotely using the internet connection. The philosophy of the suggested security solutions is based on using multiple dimensions of protection and it could be explained as followed: 1. The first security dimension is to protect the network against the internal threats. This was achieved using the following techniques: · Any access to the network must pass through the AAA server. The AAA server is configured to have two administrators groups. First group consists of 41 sub administrators and the second consists of 2 main administrators (for the whole network). The sub administrators have limited access and authorities to the network devices in their departments only. The main administrator has unlimited authorities and can access any portion of the network with configurations 5
privileges over the sub administrators. Also, The AAA server has different groups and accounts for the different users. · The (Wired & Wireless) LAN connections of the main administrator are protected using Virtual Private Network (VPN). It is found that VPN connection decrease the channel throughput by (70%) [4], for that reason it is used for the administrator communications only. The following VPN parameters are chosen: The authentication method is pre shared keys, AES encryption method, MD5 Hashed Message Authentication Codes (HMAC), Diffie-Hellman Group 2 (1024bit) and 12 hour policy lifetime. · Installing Intrusion Detection System (Cisco IDS 4215) devices in front of important (sensitive data) locations such as the servers farm and the university presidency switch. · Splitting the network into 50 port based Virtual Local Area Networks (VLANs). It is known that access is denied for a cretin VLAN except their members. The other benefit of using VALN it to limit the damage caused by viruses or worms to the members of the VLAN. Looking from the management point of view, it is easier to administrate a network consist of several VLANs [3]. The main administrator’s VLAN has the access privilege over the other network VLANs. · Each network device is protected using an ‘encrypted User Name & Password’ assigned by the administrator with two attempts. Also the IP address of the administrator is checked by enabling the access list VTY property. · For further protection, the TELNET service and PING command is disabled in all the switches ports except one of them. These ports on the different switches represent the backbone of the management network. Additionally, Secure Shell Header (SSH) is used instead of TELNET. SSH is an application running on top of a reliable transport layer, such as TCP/IP, that provides strong authentication and encryption capabilities [5]. SSH is configured to have a key modulus size of (1024bit). This key is used by the RSA ciphering. · The WLAN security is achieved using: Rotated 128bit WEP keys (for better performance), MAC address filtering in each access point and network access is achieved through the AAA server. Also VPN is used for administrator’s WLAN connections as mentioned earlier. · The core switch, AAA server and VPNs are supplied with an Extended access lists. These lists are made up of one or more Access Control Entries (ACE). An ACE is a single entry in an access list that specifies a permit or deny rule, and is applied to a protocol, a source and destination IP address or network, and the source and destination ports [1]. Each device has its own rules on which the access lists were written in order to control the traffic inside the network. · Disabling any unnecessary services on the network devices. · Physical protection through installing the important network devices in immune locations. Also each port of the main switches has been secured using a predefined MAC addresses allowed to be connected. · Using central viruses' server. Symantec Norton Antivirus corporation edition is installed at the server and each client has its own copy which is updated periodically by the server. 2. In order to simplify the management operation, the administrator must be able to access the network from external locations. However, this remote access must be protected against external threats. · Using AAA server. Any connection request is checked by the AAA server and only the authorized users can access to the network according to their policies. · In order to access the network remotely, the administrator must use Remote Access VPN connection. This allows the administrator to connect to the management server through a secure 6
connection over a TCP/IP network such as the Internet. This connection has the same VPN parameters mentioned earlier while setting the dynamic Crypto Map. These dynamic crypto maps let the security appliance receive connections from peers that have unknown IP addresses. · Enabling Network Address Translation (NAT) control. Address translation substitutes the real address in a packet with a mapped address that is routable on the destination network. NAT is comprised of two steps: the process in which a real address is translated into a mapped address, and then the process to undo translation for returning traffic [5]. The security appliance translates an address when a NAT rule matches the traffic. If no NAT rule matches, processing for the packet stops. The benefits of NAT are preventing private addresses from being routable on the Internet and NAT hides the real addresses from other networks, so attackers cannot learn the real address of a host. In order to apply Remote administration through VPN connection, static NAT is used. · In addition to the Extended access lists mentioned earlier, The PIX device (Firewall) is also supplied with an extended access lists. These lists control the traffic in both directions (inside and outside the network) according to predefined rules. · The whole network is protected against external attacks using another IDS device connected to the inside portion of the firewall. · SSH is used by the administrator only for remote access to the system. It has the configuration mentioned earlier. 3. TESTING NETWORK CONFIGURATION: In order to test the correctness of the network configuration after considering the proposed security methods and prior to implementing them practically, an experimental test bed represents the network was built. The purpose was to test the network security robustness against different types of attacks. Figure (3) shows the structure of the experimental network. In this paper, penetration test is used to discover the importance of each security technique and to evaluate the whole system response. This test is designed to evaluate an information system’s defense and discover weaknesses in the network and its resources. A penetration test can determine how a system reacts to an attack, whether or not a system’s defenses can be breached, and what information can be acquired from the system [6]. Using several packet sniffing and network hacking tools (super scanner, port scan, Packer Sniffer, Trinoo and TFN2K), numerous internal & external supposed attacks were applied on the network to emulate real world scenarios. The following procedures were taken to examine the network operation (The details of the test procedure are listed in Table (2), which shows the attack type, direction and the effective defense technique(s) against this threat): 1.Monitoring the network traffic: attempts were made to monitor the network traffic (as the hacker does before his attack).It was assumed that packet sniffing procedure (using Ping Sweep & Telnet) is done by an authorized user (internal threat) at different locations (inside and out side the network). Trying to use the TELNET service or PING command was stopped by the switches access lists, SSH and AAA server. Also, the IDS prevent any suspicious packet from entering the network. 2. The illegal log in to the network (IP Spoofing attack) as well as unauthorized access to some services and resources (Password attacks) was prevented by the AAA server. 3. Any attempt to discover the real IP addresses of the network was stopped by the NAT policies.
7
4. SYN flood (randomly opening many TCP ports and tying up the network equipment or computer with so many requests that sessions are thereby denied to others) was stopped by Firewall and IDS devices. 5. Reconfiguration attempts to sensitive devices ( Core switch) was prevented by SSH, ACL and AAA server. 6. VPN technique was very effective in hiding the administration packets from the eyes of the eavesdroppers. 7. Worms, Viruses, and Trojan Horses were removed by the distributed Antivirus software.
Firewall
IDS 1
Router 1
Internet Core Switch 1
Web Server Switch 1
IDS 2 Access point
Switch 6
PC3
Switch 5
Switch 4
Switch 3
VLAN 4
VLAN 3
VLAN 2
PC2
PC1
WLAN PC1
WLAN PC2
Attacker3
AAA SERVER
Attacker1
Management SERVER
ANTI VIRUS SERVER
Attacker 2
Figure(3) :Structure of the experimental network
8
Table (2): The Test Procedures Threat Type
Attack Name
Source
Target
Security Defense
Internal
Ping Sweeps
Attacker 1
All PC’s in other VLAN’s
Internal
Telnet
Attacker 1
Switch 5
ACL VLAN operation AAA Server SSH ACL
Internal
Telnet
Attacker 1
Switch 4
Internal
Telnet
Attacker 1
Switch 3
Internal
Telnet
Attacker 1
Core Switch 1
Internal
Telnet
Attacker 1
AAA Server
Internal
Telnet
Attacker 1
Switch 6
Internal
Ping Sweeps
Attacker 2
Core Switch 1
Internal
Ping Sweeps
Attacker 2
WLANPC1 WLANPC2
Internal
Telnet
Attacker 2
Access point
Internal
Telnet
Attacker 2
Core Switch 1
Ping Sweeps
Attacker 3
Router 1
Ping Sweeps
Attacker 3
Firewall
NAT ACL
Telnet
Attacker 3
Router 1
NAT SSH ACL AAA server
Password Attacks
Attacker 1
All network devices (sequentially)
AAA server SSH ACL
External External
External
Internal
9
AAA Server SSH ACL AAA Server SSH ACL AAA Server SSH ACL AAA Server SSH ACL AAA Server SSH ACL ACL VLAN operation ACL VLAN operation AP security techniques AAA Server ACL VLAN operation AP security techniques AAA Server SSH ACL NAT ACL
Internal
SYN flood attacks
Attacker 1
Web server
Firewall Local IDS software( Installed on the server)
Internal
Misconfiguring router
Attacker 1
Core switch1
SSH ACL AAA server
Password Attacks
Attacker 1
Management server
IDS 2 SSH ACL control
Password Attacks
Attacker 2
SYN flood attacks
Attacker 2
Internal
Internal
Internal
Internal
All network devices (sequentially)
Web server
AAA server SSH ACL AP security techniques Firewall Local IDS software ( Installed on the server) AP security techniques SSH ACL AAA server AP security techniques IDS 2 SSH ACL control AP security techniques
Misconfiguring router
Attacker 2
Core switch1
Password Attacks
Attacker 2
Management server
External
IP Spoofing
Attacker 3
Router 1
NAT SSH
External
SYN flood attacks
Attacker 3
Web server
Packet sniffing on administrator’s VPN traffic
Attacker 2
Administrator’s VPN traffic over WLAN
VPN technique AP security techniques
Internal
Internal
SSH firewall NAT ACL
4. APPLYING RELIABILITY SOLUTIONS Survivability, also known as terminal reliability, refers to keeping at least one path between specified network nodes so that some or all of traffic between nodes is routed through. Survivability in high capacity cooperative networks is crucial as failure of network component such as nodes or links between nodes can potentially bring down parts of the network, as happened in some real-world cases. Adding redundant network components increases the survivability of a network with an associated increase in cost [7-9]. In this paper, different reliability solutions were presented and intended to be applied to Mosul university network. This paper focuses on suggesting a methodology for the transparent addition of various reliability solutions to a previously installed network. In the following sections, several methods and techniques were examined in order to select the best method to serve the purpose of building highly available and more robust network. 10
5. LINKS REDUNDANCY A. Introduction to Spanning Tree Protocol (STP) and Rapid STP (RSTP) The IEEE 802.1D standard Spanning Tree Protocol (STP) has been available for use with managed switches and bridges for several years. This software provides a mechanism for resolving redundant physical connections in order to maintain operation of standard Ethernet LANs that does not allow more than one path for a packet to be in use at a given time. The Spanning Tree Protocol is included with the managed switch software provided by all major Ethernet managed switch product suppliers, and is widely available in the marketplace. Further, STP has proven in general use over many years to be interoperable, and commercial systems utilizing products from multiple vendors are routinely implemented. Standard STP supports redundant configurations of any type: meshes or rings or combinations [8]. Ethernet switches operate by forwarding traffic between their ports. The switch examines each Ethernet frame and records (learns) its MAC address and the port upon which it resides. When a frame arrives for a given MAC address, the switch decides on which outgoing port to send it. If a frame arrives and its destination MAC address is unknown, the switch will "flood" the frame out all of its ports [9]. If switches in the network are connected in a loop a ‘broadcast storm’ will result where a single broadcast frame will circulate endlessly. This condition consumes all available bandwidth on the loop making the network unusable [5]. The Spanning Tree Protocol (IEEE 802.1D) was designed to solve the fundamental problem of traffic loops. The key idea in STP is to prune (looping) links in order to reduce the network topology to that of a tree. The resulting tree "spans" (i.e. connects) all switches, but eliminates loops. The steps in order to best accomplish this process are [9]: 1. Allowing all switches to send messages to each other that convey their identity and link "cost". 2. Electing a single switch, among all the switches in the network to be a "root", or central switch. 3. Permitting all other switches to calculate the direction and cost of the shortest path back to the root using messages received from switches closer to the root. Each switch must have only one way to forward frames to the root. 4. If two switches servicing the same LAN exchange messages with each other, the one with the lowest cost to the root will service the LAN. The other switch will discard all frames received from that LAN, thus opening the link and blocking a traffic loop. The STP protocol has proved to be the tried and tested method for providing path redundancy while eliminating loops. The STP protocol does suffer from a number of drawbacks that limit its applicability, namely [10]: • STP has lengthy failover and recovery times. When a link fails in STP, a backup link to the root requires at least 30 second to recognize that it is the best (or only) path to the root and become usable (actions of different timers of the protocol). • When a failed link returns to service, information about the "better" route will instantly cause a backup link to start blocking. But the portion of the network below the link that is returning to service will be isolated (for about 4 seconds) until that link becomes forwarding. • Another problem with STP is that it requires that all links must pass through a lengthy period of address learning, even if the link is a point-to-point link to a device such as an ordinary PC. As an Alternative, Rapid Spanning tree protocol (RSTP IEEE802.3W) was suggested to solve STP's problem with failover time by a number of means. Whereas STP switches store only the best path to the root switch, RSTP switches store all potential paths. When links fail, RSTP has 11
pre-calculated routes to fall back upon. Additionally, unlike STP switches, an RSTP switch will respond to another switch that advertises an inferior or incorrect route to the root switch. This information allows the switch with incorrect information to be rapidly trained [10]. RSTP solves STP's problem with lengthy recovery time by introducing a procedure called proposing-agreeing. Proposing and agreeing works after a better path to the root is restored by "shuffling" the restored part of the network one hop at a time towards the network edge. This method also enables the network to come up quickly at inception. RSTP also introduces a method for quickly bringing up ports at the edge of the network, while still protecting them against loops. If the port is designated as an "edge" type of port, RSTP will continue to send configuration messages out the port (in order to detect loops) but will allow traffic to flow as soon as the port rises. In the event of a loop, some looped traffic may flow before RSTP quickly seals the network. PC's connected via edge ports can send traffic without the extensive delays imposed by RSTP [11]. B. Etherchannel Technology EtherChannel technology builds upon standards-based 802.3 full-duplex Fast Ethernet to provide network managers a reliable, high-speed solution for the campus network backbone. EtherChannel technology offers bandwidth scalability within the campus by providing fullduplex increments of 200 Mbps to 8 Gbps [12-13]. Fast EtherChannel and Gigabit EtherChannel port bundles allow grouping multiple Fast or Gigabit Ethernet ports into a single logical transmission path between a switch and a router, server, or another switch. Depending on the hardware, EtherChannel can be formed with up to four compatibly configured Fast or Gigabit Ethernet ports on the switch. All ports in an EtherChannel must have the same speed [12-13]. The switch (which supports EtherChannel) distributes frames across the ports in an EtherChannel according to the source and destination Media Access Control (MAC) addresses. The operation that determines which link in an EtherChannel is used is very simple. A connection across an EtherChannel is determined by the source - destination address pairs. The switch performs an XOR operation on the last two bits of the source MAC address and the destination MAC address. This operation yields one of four possible results: (0 0), (0 1), (1 0), or (1 1). Each of these values points to a link in the EtherChannel bundle. Also, various load balancing techniques is used to guarantee fair distribution of traffic between the channels. When the load on a channel exceeds (1%) of its capacity, it is directed to other less load channels [12-13]. EtherChannel technology provides many benefits such as high bandwidth, load sharing and redundancy. This technology provides load balancing and management of each link by distributing traffic across the multiple links in the channel. Unicast, multicast, and broadcast traffic is distributed across the links in the channel. [8-9]. This technology provides redundancy in the event of link failure. If a link is cut in an EtherChannel, traffic is rerouted to one of the other links in less than a few milliseconds, and the convergence is transparent to the user [12-13]. C. Experimental Setup In this section, different techniques are used to enhance the links availability of an experimental network. This network was built to represent a model analogue to that of Mosul university network, see Figure (4). The purpose on these experiments is to find the optimum method in terms of resistance to failures and recovery time.
12
Figure (4): Basic Experimental Setup ● Using Ring Topology A ring topology offers built-in link redundancy and is often the most economical in terms of interconnection costs. The popular method of implementing rings is distributed switch. The distributed switch method, or simple ring (See Figure 5), is employed when network connected clients are geographically distributed. The clients at each location are aggregated onto switches, which are organized into a ring. The connections between switches in the ring may be made using dual redundant links to obviate the possibility of failure at a fiber, connector or port level. Latency in ring networks tends to be greater than in tree networks. The network is tested when using spanning tree protocol and it is found that it takes (30 Sec.) to recover the network against a failed link. The green dots (as shown in Figure (5)) indicates “active port”, while red dots stand for “Blocked port”. On the other hand, using RSTP decreases the recovery time to one second only. When the original link restores its activity, STP needs (4 Sec.) to accomplish this task, while RSTP takes (30 mSec.) only to retrieve the original situation.
Figure (5): Dual link Ring Topology ● Dual Link Star Topology In this experiment, the reliability of star topology was enhanced using a second link in addition to the original link. The operation of both STP and RSTP causes activating one of the links while 13
disabling the other, see Figure (6). Implementing STP on the network indicates that (30 sec.) is needed to recover the network and (4 Sec.) in the case of RSTP. The star topology provides less delay to the packets travels through the network and permits a central control fashion on the whole network.
Figure(6): Dual Link-Star Topology ● Using Star-Ring Topology In this experiment, more robust network is built by adding more redundant links to the network, see Figure (7). The recovery times in this situation is equivalent to the values mentioned earlier in the formal experiments. This topology suffers from higher costs due to the extensive wiring and installation difficulties.
Figure(7): Dual Star-Ring Topology 14
●Using Etherchannel Technology The arrangement shown in Figure (8) makes use of Etherchannel properties to enhance network reliability. In addition to the higher bandwidth provided by this technique, the failure of any link is recovered by less than (5 mSec.) in a transparent fashion to the packet transfer operation (only forwarding the packet to the second link). These brilliant result candidates Etherchannel to be the first choice in the proposed solutions.
Figure(8): Etherchannel Technology ● Using Etherchannel-Ring Topology From the above experiments, the optimum solution could be obtained. The network topology shown in Figure (9) combines both star topology (supported by Etherchannel technology) with ring topology. This arrangement was configured to be subjected to RSTP operation, which disables the ports, denotes with the red dots.
Figure (9): Etherchannel-Ring 15 Topology
This topology has three defense lines against links failure: Dual Etherchannel links and two redundant ring links. The fail over procedure could be accomplished in less time due to the benefits obtained from adopting Etherchannel technique. D. Effect of Links Redundancy Solutions on Network Performance: In this section, the effect of different network recovery solutions on the network applications performance is investigated. Etherchannel-Ring topology is chosen, in which two nodes were ordered to exchange continuous Internet Control Message Protocol (ICMP) messages between them (i.e., PING command). The first case examines the effect of STP when one of network links fails. Figure (10) shows that the flow of data packets paused for (90 Sec.) until STP finish its path finding procedure.
Figure (10): Fail over & STP Effect on Network Performance Repeating the above procedure in the case of using RSTP shows that (30 Sec.) is needed to retrieve the packet exchange procedure between the two nodes, see Figure(11).
Figure(11): Fail over & RSTP Effect on Network Performance The last issue to discuss in this section is the Etherchannel effect on the data transmission operation in the case of the failure of one of its links. Figure (12) shows that the failed link was replaced immediately by the second link in a transparent fashion to the packet transmission operation. 16
Figure(12): Etherchannel Effect on Network Performance Table (3) below, summarize the features of the arrangements mentioned earlier. Table(3): Different Redundancy Solutions Topology
Redundancy
Relative Cost
Recovery Time
Afforded B.W
Star (No redundancy)
Low
Normal
Very High
Normal
Dual Star
Moderate
High
Moderate
Normal
Dual Ring
Moderate
Moderate
High
Normal
Dual Star-Ring
High
High
Moderate
Normal
Etherchannel
High
High
Low
High
Etherchannel-Ring
Very High
High
Low
High
When reflecting these solutions on Mosul university network, a compromise was achieved between the level of link redundancy and the required cost. The most important locations in the network (such as core switch, ISP and data sensitive locations) were supplied with EtherchannelRing topology, while Dual-Ring could be applied on the less important network sectors. 6. RECOMMENDATIONS TOWARDS THE ESTABLISHMENT OF A RELIABLE NETWORK In the previous sections, we have concentrate on different methods to supply the network with links redundancy. In this section, a discussion is made to consider the redundancy of other components of the network. The design goal of a fault tolerant network should be to reduce the service interruption at service level, while keeping the total cost low. However one cannot provide an optimal solution to address both these needs. A sub optimal solution which can provide reasonable amount of reliability at reduced cost can be an achievable solution. The major factor which helps in increasing the reliability is having no single point of failure in a system. Redundancy helps in avoiding a single point of failure in a system. Redundancy can be
17
built into the system at various levels; typically it is at following levels. Each of the following helps in increasing the overall reliability of the network. ● Redundant Servers A server typically performs the functions of providing services in a network. Having a redundant server based architecture helps in achieving few milliseconds (specifically 7 msec. as measured in the Lab) fail over for the network. Needless to say this capability implies that any running applications can easily recover from server failover without any significant data loss. Having few millisecond failover time additionally helps in reducing system requirements (Because less data needs to be stored in the event of a server failure since the redundant server takes over in much less time). The benefits from redundant server architecture can be increased by having additional capabilities like online diagnostics (which help in predicting a server failure), design for synchronization of databases and state information (which help in newly active server know about the current on-going transactions and re-request the same for completion).In our system, the following servers must be redundant : DHCP server, E-mail server, Internet Service Providing(ISP) server, Data Storage server, security server, management server and antivirus server. ● Redundant Switch Components Having a redundant switch fabric implies that the system does not fail when an active switch fabric fails. In normal operation, when two switch fabrics in redundant mode are installed in a system, one is active and the other is in protection mode. The databases of both the switch fabrics are completely in sync indicating the same configuration for both of them. For a port, the incoming user data is routed to both the active and the redundant switch and however the outgoing data at each user port is selected to be from the active switch. In case of a failure of active switch, the other switch fabric board becomes active and user ports are instructed to select the outgoing data from the switch fabric which was working in protected mode earlier. Also, a redundant power supplies in a switch can operate on load sharing principle, that is each power supply unit, though capable of supplying current requirement of entire system, still supplies typically one half of the current requirement, the other half being supplied by the other power supply unit. This helps in increasing the system reliability in two ways, firstly since each of the power supply operates at half of its rated capacity, its components are subjected to much less thermal stress (compared to scenario where it was operating at full rated load), secondly in the event one of the power supply completely fails, the other one takes over the function of supplying the full current requirement of the system and hence system operation is uninterrupted. The most important switches (must subjected to redundancy) in our network are: core switch, ISP Server switch, NAT router and switches lies in front of sensitive data locations. ● Dual/Redundant Power Input In this scheme, the system would have two redundant power input feeds, normal electricity and long live Uninterruptible Power Supply (UPS) unit. Having a dual power input would have the additional effect of keeping the system operational even if one of the power input feeds fail. ● Standards Based Management Plane Having a separate system management plane, which is different from the system control plane, helps in providing a dedicated management plane, which can isolate and report failures. It can help in capturing and reporting unusual events that can cause service disruptions. It supports user defined thresholds and allows the system manager to set early warning levels that allows him to react to a problem before it becomes catastrophic. ● Using Standby Wireless LAN 18
In the event of a sever wiring failure, Wireless networks could be used to keep the network services a live until fixing the wiring system. The design work in this case involves the wise selection of access points locations, the transmitting power, antennas gain (and type) and suitable management plane. For Mosul university network, the typical locations of access points, together with their transmitting power and antenna type are shown in table(4) and Figure(13). Table(4): Suggested WLAN Settings Wireless LAN Outdoor AP/Bridge Model No. SP915G Support IEEE 802.11b and 802.11g wireless standards Support WDS (Wireless Distribution System) up to 6 Links Support multiple operation modes for access point, gateway, bridge and repeater
AP Type
Output power Antenna types
Data Rate Security Frequency band and Radio Modulation
20 dBm 1- Model No. SP920PA2-24 , 2.4GHz Directional Antenna 24 dBi high gain to extend coverage. 2- Model No. SP920MA-12, 2.4GHz Omni-Directional Antenna Provide 12dBi gain to extend coverage 54Mbps auto fallback 64(40)/128-bit WEP Encryption, WPA, 802.1x and Access Control List 2.4 GHz , DSSS / OFDM Mosul University
AP for Service Provider WLAN Bridge with Omni-Directional Antenna
جامعة WLANالموصلصمشى WLAN Access point with Directional Antenna
1.5 km
Figure (13): Map of the suggested WLAN system 19
CONCLUSIONS This paper deals with the transparent addition of security & reliability solutions to a previously installed network. The procedure in which security methods is added guarantees strong resistance against different intrusions and attacks. The proper adoption of different security levels, methods and procedures in a highly integrated fashion safeguard the operation of the network. The design of such a system should provide the balance between creating a highly immune system and good performing, efficiently managed network. Although, Mosul university network is chosen to be the subject of the study, the suggested redundancy methods could be applied on any other network. The design goal of a fault tolerant network should be to reduce the service interruption at service level, while keeping the total cost low. The major factor which helps in increasing the reliability is having no single point of failure in a system. Redundancy helps in avoiding a single point of failure in a system. It should be added to the system at various levels, such as link redundancy, Server Redundancy, Redundant switch components, Dual power input and standby Wireless LAN. REFERENCES [1] Cisco Inc., “Cisco Security Appliance Command Line Configuration Guide”, 2006. [2] Cisco Inc., "Cisco Product Catalog",http://cisco.com/univercd/cc/td/doc/pcat. [3] Cole E., Krutz R. and Conley J., ”Network Security Bible”, 1’st Edition, Wiley Publishing Inc., 2005. [4] Riedmüller S., Brecht U., Sikora A., "IPsec for Embedded Systems", in: H. Weghorn (Ed.), "Proceedings of the 2ndAnnual Meeting on Information Technology & Computer Science at the BA-University of Cooperative Education", ITCS 2005. [5] Stallings W.,”Data & Computer Communications”, Sixth Edition, Prentice Hall Publishing, 2003. [6] Yemini Y., “Emerging Trends in Networks and System Management", Third International Symposium on Integrated Network Management, San Francisco, USA, 1993. [7] Alex K., " Network Reliability and Resiliency in Next Generation Networks at Physical, Data link, and Network Layers ", MSC Thesis , Victoria University of Wellington, 2007. [8] Forouzan B.,”Data Communications and Networking”, 4’Th Edition, Mcgraw-Hill Publishing, 2006. [9] Keiser G.,”Local Area Networks”, Mcgraw-Hill Publishing, 1989. [10] Konak A. and Smith A.E., “A General Upper Bound for All-Terminal Network Reliability and Its Uses”, Proceedings of the Industrial Engineering Research Conference, Banff, Canada, May, CD Rom format, 1998. [11] Srivaree-ratana C., Konak A., and Smith A. “Estimation of all-terminal network reliability using an artificial neural network”. Computers and Operations Research 29 (7): 849–68, 2002. [12] Cisco Systems,”Internetworking technology handbook”, Indianapolis: Cisco Publication, (2001). [13] Cisco Systems, “packet-switching performance over the Fast EtherChannel bundle” Cisco Publication, 2003.
20
