投影片 1 - Korenix

Download Report

Transcript 投影片 1 - Korenix

Broadcast Storm
Disaster to Industrial Ethernet Networking
Root Causes and Solutions
Whitepaper
www.korenix.com
Preface
Index
With Ethernet growing popular as an
1. The Root Cause
Industrial application protocol, more and
2. The Result: Worse Than You Think
more users suffer from broadcast storm
3. Is Your Redundant Ring Safe?
especially when a redundant ring technology
4. When Broadcast Storm Happens to
is used in their networks. Broadcast storm,
Redundant Ring
which overwhelms the network and damages
the whole system, is considered as one of the
5. Mitigating Broadcast Storm
most serious problems in Ethernet
6. Korenix Comprehensive Solution
networking.
a) Prevention within a Ring
This whitepaper reveals the root cause of
b) Resilience to RM failure
broadcast storm, and presents how to get
c) Protection beyond a Ring
free from broadcast storm by korenix’s
7. Summary
comprehensive solution: Prevention,
Resilience, and Protection.
Whitepaper
2
www.korenix.com
Root Cause: Loop Topology
Ann
Ethernet Switching Principle
Bob
• Ethernet switch learns how to forward Unicast (1-to-1)
packet according to the destination address of the packet.
Eve
C
D
B
A
B
M
• Managed switch learns how to forward Multicast (1-tomany) packets on demand by the management features.
Cat
Dan
B
• Broadcast (1-to-all) packets are flooded everywhere.
Looping Broadcast Causes Storm
• Broadcast packets are transmitted everywhere. If a
network has a loop topology, a broadcast packet goes
through the loop again and again.
• Endless looping broadcast packets consume all the
bandwidth, overwhelming the network in an instance.
Whitepaper
3
www.korenix.com
Result: Worse Than You Think
Ann
Not only Broadcast Packets Cause Storm
Bob
• Unknown Unicast and Unknown Multicast are packets
that switches have not learned how to forward them yet.
Eve
?
These packets are handled as in the same way as
broadcast which may result in storm as well.
Cat
Dan
Multicast is commonly used in Industrial protocols such as Ethernet/IP, ProfitNet RT,
IEEE 1588, IEC6850-3 GOOSE, video streaming, and so on.
Crash The Whole System
L2
• Broadcast packets are flooded everywhere,
thus a storm will radiate from the origin to
the whole network.
Broadcast
Storm
• Broadcast is received by all network devices.
Endless broadcast traffic created by a storm
Three rings in a LAN share the same broadcast domain
overwhelms every node in the system.
Industrial Ethernet packet sizes are typically small. A 100Mbps fast Ethernet device might possibly
receive more than 100,000 packets within one second when broadcast storm occurs.
Whitepaper
4
www.korenix.com
Is Your Redundant Ring Safe?
Redundant Ring in Danger
Redundant ring technologies are widely used in today’s
B
R
industrial Ethernet networks. However, they are essentially
exposed to the risk of broadcast storm because of their
loop topology by nature.
• The technology relies on one and only one switch
assigned as Ring Manager (RM) to monitor the
completeness of the ring
• If the ring is complete, RM blocks one of its path
• The blocked path works for redundancy. It also cuts off
the loop to prevent broadcast storm
Improper design, configuration or operation may result in
broadcast storm.
Whitepaper
5
www.korenix.com
When Broadcast Storm Happens To Redundant Ring
R
R
R
Broken
1. Link Restoration
2. Network Restart
• Link Restoration fixes a
• Devices’ boot time varies
Broken ring (Loop!)
• Before RM starts to function,
• At the moment any
topology loop and broadcast
broadcast leads to a storm
storm will occur
• RM cannot detect the loop • RM cannot detect the loop
and cannot block its path
and cannot block its path
because of the storm
because of the storm
Whitepaper
6
3. RM Malfunction
• RM is the only manager of
the ring
• An occasional malfunction,
system halt or unexpected
problem may lead to a loop
and broadcast storm
www.korenix.com
Mitigating Broadcast Storm
1. Rate Limit
2. Dividing the Broadcast Domain
Rate limiting constrains broadcast traffic at a
One LAN refers to one single broadcast domain.
specified level and drops broadcast packets
Dividing a single network into smaller LANs by
(either good or bad) once the level is
layer 3 switches protects one another from
exceeded, thus preventing further network
storm attacks. This, however, is a costly
outages.
solution to the problem.
L3
100%
LAN1
LAN2
LAN3
10%
Mitigating is not the solution to root cause. It reduces the problem, but it does not stop the
storm. Duplicated broadcast packets still disturb the system’s normal operation.
Whitepaper
7
www.korenix.com
Korenix’s Comprehensive Solution
1. Prevention within a Ring
Compared to other redundant ring technologies, korenix patented Seamless Restoration solves
the two root causes, link restoration and network restart, by preventing the network from
having loop topology at the first moment when a link is restored to a ring.
• Broadcast storm
• Packet loss
Seamless Restoration
due to loop topology when
• Topology change
• No broadcast storm
a link restoration occurs or
during link restoration or
• No packet loss
a network is restarted
network restart
• No topology change
Whitepaper
8
www.korenix.com
Korenix’s Comprehensive Solution
2. Resilience to RM Failure
Korenix patented RM Redundancy technology is designed
R
R
to solve the single critical point problem of RM.
R
• When the RM fails or stops sending control packets, a
R
R
backup RM is activated, which operates automatically
without any manual configuration.
R
R
R
• It is not primary/secondary but fully redundant. Any
number of RM failures/malfunctions can be recovered
instantly.
The ring is always under control to prevent broadcast storm.
Whitepaper
9
www.korenix.com
Korenix’s Comprehensive Solution
3. Protection beyond the Ring
With korenix patented Loop Protection (pending) enabled, a switch becomes a Protector and
starts to detect if there is any loop in the network. The connection between the protector and
the loop will be disabled if a loop is found. It can:
a) provide a double insurance on a ring in addition to RM redundancy
b) protect different parts of a LAN from each other by a korenix layer 2 switch instead of a
costly layer 3 switch
c) add korenix ring to pre-existing third party network and protect the ring from broadcast
storm
P
L2
P
P
Broadcast
Storm
Broadcast
Storm
K
Rings in a LAN share the same broadcast domain
Whitepaper
10
www.korenix.com
Summary
A broadcast storm occurs to industrial Ethernet
networks, and more typically in those, which
offer a ring for network redundancy. A ring is
exposed to the risk because of its loop
topology which is the root cause of broadcast
storm. Traditional treatment can only mitigate
the problem by rate limit or dividing broadcast
domain through layer 3 switches. However,
either ways does not aim at the root causes
and cannot stop the system being affected.
By offering comprehensive solutions that
include prevention, resilience and protection,
Korenix makes a contribution to the industrial
Ethernet world by enabling users to have a
[email protected]
www.korenix.com
+886-2-8911-1000
Fax
Address
+886-2-2912-3328
F2, No. 188, Pao-Chiao
Rd. Shing-Tien City,
Taipei 23145, Taiwan
reliable network free from broadcast storm.
Whitepaper
Email
Web
Phone
11
www.korenix.com