Ethernet Topology Discovery: A Survey



Similar documents
Ethernet Topology Discovery: A Survey

Finding Ethernet-Type Network Topology is Not Easy

Network Discovery Protocol LLDP and LLDP- MED

Network Discovery Protocol LLDP and LLDP- MED

Graph Theory Applications in Network Security

IP NETWORK MONITORING AND AUTOMATIC ANOMALY DETECTION

IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 12, NO. 3, JUNE

TOPOLOGIES NETWORK SECURITY SERVICES

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Network Discovery Tool

IBM Tivoli Network Manager software

Internet Traffic Measurement

Research Article Volume 6 Issue No. 4

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

Cisco Active Network Abstraction 4.0

Constella: A Complete IP Network Topology Discovery Solution

Configuring and Managing Token Ring Switches Using Cisco s Network Management Products

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Cisco Change Management: Best Practices White Paper

A Topology-Aware Relay Lookup Scheme for P2P VoIP System

SSVVP SIP School VVoIP Professional Certification

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

OAM Operations Administration and Maintenance

TRILL Large Layer 2 Network Solution

International Journal of Advanced Research in Computer Science and Software Engineering

A Link Layer Discovery Protocol Fuzzer

A Network Management Framework for Emerging Telecommunications Network.

IBM Security QRadar Risk Manager

Network Virtualization for Large-Scale Data Centers

Definition. A Historical Example

Quality of Service Routing Network and Performance Evaluation*

IP Network Topology Discovery Using SNMP

Networking 4 Voice and Video over IP (VVoIP)

Network Topology. White Paper

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

Research on P2P-SIP based VoIP system enhanced by UPnP technology

Microsoft Windows Server 2008: MS-6435 Designing Network and Applications Infrastructure MCITP 6435

Automated Service Discovery for Enterprise Network Management

PROPOSAL AND EVALUATION OF A COOPERATIVE MECHANISM FOR HYBRID P2P FILE-SHARING NETWORKS

Deploying IP Telephony with EX-Series Switches

Network System Design Lesson Objectives

How To Manage A Network Management System (Hitachi)

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

Cisco. A Beginner's Guide Fifth Edition ANTHONY T. VELTE TOBY J. VELTE. City Milan New Delhi Singapore Sydney Toronto. Mc Graw Hill Education

Computer Networking Networks

NOS for Network Support (903)

Graph Theory and Complex Networks: An Introduction. Chapter 08: Computer networks

The WestNet Advantage: -- Textbooks, ebooks, ecourses -- Instructor Resourse Center -- Student Resource Center

Facility Usage Scenarios

Secure Networks for Process Control

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Network-Wide Class of Service (CoS) Management with Route Analytics. Integrated Traffic and Routing Visibility for Effective CoS Delivery

Effective Network Monitoring

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

CompTIA Network+ (Exam N10-005)

The impact of active network devices mis-configuration in network security

HARTING Ha-VIS Management Software

IBM QRadar Security Intelligence Platform appliances

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

TRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems

International journal of Engineering Research-Online A Peer Reviewed International Journal Articles available online

How To Create An Intelligent Infrastructure Solution

Network Virtualization and Data Center Networks Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

Auditing the LAN with Network Discovery

Routing & Traffic Analysis for Converged Networks. Filling the Layer 3 Gap in VoIP Management

DEMYSTIFYING ROUTING SERVICES IN SOFTWAREDEFINED NETWORKING

Designing a Windows Server 2008 Network Infrastructure

Juniper / Cisco Interoperability Tests. August 2014

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

Analysis of Internet Topologies

Varalakshmi.T #1, Arul Murugan.R #2 # Department of Information Technology, Bannari Amman Institute of Technology, Sathyamangalam

Load Distribution in Large Scale Network Monitoring Infrastructures

Multicast vs. P2P for content distribution

QRadar Security Intelligence Platform Appliances

Huawei One Net Campus Network Solution

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE. CTS 2655 and CNT 2102 with grade of C or higher in both courses

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Current Trends of Topology Discovery in OpenFlow-based Software Defined Networks

Packet Sampling and Network Monitoring

Building Reliable, Scalable AR System Solutions. High-Availability. White Paper

A Peer-to-Peer File Sharing System for Wireless Ad-Hoc Networks

A Framework for End-to-End Proactive Network Management

An MPI Tool for Automatically Discovering the Switch Level Topologies of Ethernet Clusters

Kaseya Traverse. Kaseya Product Brief. Predictive SLA Management and Monitoring. Kaseya Traverse. Service Containers and Views

Cisco Network Optimization Service

SSVP SIP School VoIP Professional Certification

Resiliency in Ethernet Based Transport Networks

IP Telephony Management

Portable Wireless Mesh Networks: Competitive Differentiation

On the Deficiencies of Active Network Discovery Systems

Transcription:

Journal of Communication and Computer 10 (2013) 951-959 Kamal A. Ahmat Department of Information Technology, City University of New York, New York 10075, USA Received: May 10, 2012 / Accepted: June 12, 2012 / Published: July 31, 2013. Abstract: Ethernet networks have undergone impressive growth since the past few decades. This growth can be appreciated in terms of the equipment, such as switches and links, that have been added, as well as in the number of users that it supports. In parallel to this expansion, over the past decade the networking research community has shown a growing interest in discovering and analyzing the Ethernet topology. Research in this area has concentrated on the theoretical analysis of Ethernet topology as well as developing tools and methods for mapping the network layout. These efforts have brought us to a crucial juncture for Ethernet topology measurement infrastructures: while, previously, these were both small (in terms of number of measurement points), people are starting to see the deployment of large-scale distributed systems composed of hundreds or thousands of monitors. As all look forward to this next generation of systems, all take stock of what has been achieved so far. In this survey, the authors discuss past and current mechanisms for discovering the Ethernet topology from theoretical and practical prospective. In addition to discovery techniques, the authors provide insights into some of the well-known open issues related to Ethernet topology discovery. Key words: Ethernet topology, topology survey, link layer topology, NP-hard. 1. Introduction This survey focuses on measurements of the Ethernet network topology, i.e., the representation of the interconnection between directly connected peers in the Ethernet network. While information about network devices (i.e. nodes) and connections can be obtained by processing the data collected from the network and passive measurements, researchers largely obtain information about network nodes, topology and its characteristics from active measurements. There are three different levels at which to describe the network topology: the link layer topology, the network layer topology, sometimes referred to generically as the internet topology, and the overlay topology. The internet topology can itself be seen at four different levels. The first one, the IP interface level, considers IP interfaces of routers and end-systems. Usually, this topology is obtained by Corresponding author: Kamal A. Ahmat, researcher associate, research fields: networking and security. E-mail: kamal.ahmat@live.lagcc.cuny.edu. using data collected with a probing tool such as trace route [1]. The second level, the router level [2, 3], treats each router as a single node in the topology graph. It can be obtained by aggregating IP interfaces through a technique called alias resolution [2-5]. The PoP (point of presence) level, is a third level, that can be obtained by further aggregating the routers, or directly aggregating the interfaces, that are identified as being geographically co-located. Finally, the AS level provides information about the connectivity of ASes (autonomous systems). This information is not primarily drawn from active measurements, but rather from inter-domain routing information and address databases. However, a deep description of the Internet topology discovery mechanisms is beyond the scope of this article. A typical overlay topology would be the topology of a peer-to-peer system. An overlay topology can be unstructured or structured. Structured overlays are exemplified by distributed hash tables, such as Chord [6] or CAN [7]. As explained by Stutzbach et al. [8]

952 peers select neighbors through a predominantly random process. An overlay topology is influenced by peer participation (i.e., join and leave mechanisms) as well as the protocol behavior (i.e., neighbor selection). Characterizing an overlay topology can be done by examining properties of snapshots of the overlay. These snapshots can be gathered using a topology crawler, an engine that query peers for a list of their neighbors [8, 9]. As stated by Stutzback et al. [9] a deep understanding of the topological characteristics in overlay systems is required to meaning fully simulate and evaluate the actual performance of the proposed search and replication techniques. The overlay topology has drawn the attention of the net- in this article; we are not directly concerned with peer-to-peer systems. Consequently, describing the overlay topology in more detail would be beyond the scope of this survey. Interested readers might refer to the work of Ripeanu et al. [10], Stutzbach et al. [9] and Liang et al. [11]. The link layer topology, the subject of this article, as defined by Breitbart et al. [12], refers to the characterization of the physical connectivity relationships that exist among entities in a communications network. In other words, it is the description of how data link layer devices, switches and bridges, are interconnected and how the different hosts are connected to them. Fig. 1 depicts a simple typical Ethernet network. Maintaining an accurate and complete knowledge of the link layer topology is a prerequisite to many critical network management tasks such as network diagnostics and resource management. There is considerable scientific literature devoted to techniques for the discovery of link-layer topology. This research was mainly led by Breitbart et al. [12], Lowekamp et al. [3], Black et al. [13], Bejerano [14, 15], and more recently, Gobjuka and Breitbart [16-19]. The rest of the paper is organized as follows: The Section 2 describes the motivation behind discovering topology of Ethernet networks; Section 3 methods used to discover Layer-2 network elements; In Section Fig. 1 Simple Ethernet network.

953 4, the authors focus on topology discovery methods presented in the literature; Section 5 describes limitations and issues related to Data Link topology discovery; Finally, Section 6 concludes the paper. 2. Motivations Network topology information can be valuable in a variety of situations; it can be used for network administration (including fault-detecting and avoiding [12, 13], network inventory and planning [12, 20], protocol and routing algorithm development [21], performance prediction [2] and monitoring as well as accurate network simulation [22]. From a network security perspective, topology information can find application in threat detection one, network monitoring [23], network access control [24] and forensic investigations [25, 26]. Manual network mapping is becoming increasingly difficult [27] (if not impossible [28]) due to the size and dynamic behavior of networks. Automatic topology discovery tools and algorithms will therefore play an important role in network security, management and administration. Research efforts concerned with physical topology discovery have focused mainly on cooperative network environments [13] where it is assumed that network elements are intelligent and can be queried for topology related information. 2.1 Administration and Planning Network administrators are often faced with network problems where fault-detecting and avoiding need to be performed [13, 29]. In order to troubleshoot network problems, a topology map of the network can effectively be used to isolate the problem area [15]. The topology map can also help identify infrastructural vulnerabilities and the network can then be adapted to provide more redundancy. From network management prospective, network topology information can be applied to network management. Network topology information is useful in deciding where to add new routers and to figure out whether current hardware is correctly configured. It also allows network managers to find bottlenecks and failures in the network. Also, network expansion planning and decisions regarding the placement of new infrastructure are also aided by accurate knowledge of the network topology. NMS (network management systems) also employ topology information to help with network administration. The most notable systems include IBM s Tivoli1, Hewlett-Packard s OpenView2 and the open source Open-NMS3. 2.2 Performance Prediction In a second application area, that of performance prediction, topology information can be used to optimize the performance of network aware applications as well as the performance of distributed, either grid or cluster, applications. Topology knowledge can help determine if a given network would provide a certain QoS (quality of service). As an example, in order to determine if a network would support multimedia technologies such as VOIP (voice over IP), knowledge of the network topology is essential. Multimedia content is increasingly shared between Ethernet network users. In order to improve the QoS (quality of service) offered to users and provide a high availability of the shared data, it is common to store the data in replicated servers distributed across the internet. The replication of data over different machines makes the choice of its location a challenging problem that can be addressed with knowledge of the internet topology. 2.3 Algorithm and Protocol Design Protocol design can use network topology knowledge. For instance, Radoslavov et al. [30] discuss the impact of topology on the design and

954 evaluation of four multicast protocols. Also, a network s topology influences the dynamics of routing protocols [30] and should therefore be taken into account during the design of the protocols [7]. Large network topology visualization has proved to be a challenging task and algorithms have been developed for effectively presenting the topology information [7]. 2.4 Simulation The accuracy of network simulations, a fourth application area, depends on realistic and accurate network topologies [8]. Generated topologies for use in simulation do not always match real-world topologies [9] and create the need for accurately measuring real-world network topologies. Network simulation can not only help researchers understand the current behavior of a network, but also the effects of possible future changes to the network. 2.5 Security Knowledge of the internet topology might have some applications in security. For instance, Burch and Cheswick [27] propose to use internet topology information to track anonymous packets back to their source. Firewalls have traditionally been placed at the network edge to protect against external threats. Insider threats to networks have become more common and it is estimated that they account for around 30% of security incidents. These security incidents also lead to significant financial losses [24]. Firewall placement and the management of a network security policy should therefore be influenced by the network topology. Another perimeter defense mechanism, IDS (intrusion detection systems) can also benefit by taking network topology information into account. If an IDS is not placed correctly, it could generate both false positives and false negatives. The problems with firewall and intrusion detection systems have generated research interest in the areas of NAC (network access control, also called network admission control [24]). These systems are proactive and attempt to enforce a network security policy at either layer 2 or 3 of the network [24]. Devices that do not conform to the security policy can for example be denied access to the network infrastructure by physically disabling switch ports. A lack of knowledge about the network s topology and the connected devices can however seriously hamper the effectiveness of NAC solutions [24]. 3. Network Node Discovery The first step in gaining knowledge about an Ethernet network is identifying unique network nodes. Ethernet network nodes can be active, or passive. While the first type of nodes (e.g., switches) can be used to obtain information that can be used in the node and topology discovery process, passive nodes (e.g., hubs) do not provide any useful information that can be used for the discovery process. Nodes in an Ethernet network are uniquely identified by their MAC addresses at layer 2, but this raw number by itself does not provide a lot of information about the node. Other sources of information were therefore combined, where possible, with this number to provide more information about each node. Even though dumb network devices, such as hubs, may be transparent to the network, influence the performance and behavior of the network. Thus, it is significantly important to discover the presence of such nodes and their accurate locations and interconnectivity with other visible devices. 4. Network Topology Inference A network s physical topology can potentially correspond to several logical topologies depending on the level of abstraction used. In 2000, Breitbart et al. [12] realized that network management tools as well as previous research efforts focused on layer 3

955 topology discovery and ignored the connectivity of layer 2 network elements. Where layer 2 topology discovery tools did exist, they were found to specifically target single vendor products [12]. Breitbart et al. therefore developed algorithms that could perform layer 2 topology discovery in multi-vendor (heterogeneous) networks (Fig. 2) by using standard SNMP (simple network management protocol) MIB (management information base) data. The initial algorithm developed by Breitbart et al. [12] depended on perfect AFT (address forwarding table) data collected from every single element in the network. Breitbart et al. also observed that for multi-subnet networks the network topology may not be unique even for the set of complete AFTs obtained from a simple Ethernet network. Breitbart et al. [20] proposed a newer algorithm that could successfully discover the target network topology, provided that the network was uniquely described by the SNMP MIB data obtained. In such a case, finding an exact topology is not possible. However, their algorithm from generates some network fragments that can be uniquely determined. Lowekamp et al. [2] relaxed the dependency on complete AFTs information and proposed a necessary and sufficient condition for two AFTs to be connected (directly or indirectly). Their work also addressed the topologies that may contain uncooperative nodes, which are the nodes that can appear in other nodes AFTs but do not provide access to their own AFTs. The work described in Ref. [2] could discover the topology with only limited AFT data collected from SNMP enabled network elements. However, their approach may fail to discover the topology even in simple networks as observed by Gobjuka and Breitbart [17, 18]. Bejerano et al. [14] proposed the first formal algorithm to discover the topology in presence of uncooperative elements (i.e. hubs). Uncooperative elements do not speak SNMP, do not allow access or do not even have layer 2 addresses. The main issue with this algorithm was its complexity; the algorithm Fig. 2 A typical multi-vendor, multi-protocol based network.

956 was too complex to understand and implement in practice. Furthermore, this method may not discover any topology if the given input set of AFTs defines an on-unique topology. Sun et al. [31, 32] proposed an algorithm based on connections reasoning technique that was claimed to be necessary and sufficient to discover the layer 2 topology even when the information provided by nodes MIBs is incomplete. However, their claim was not supported by proofs. Furthermore, the incorrectness of these claims was shown by Gobjuka and Breitbart [17, 18] by proving that discovering Ethernet topology when AFTs are incomplete is, in fact, an NP-hard problem, even if the network comprises a single subnet. Further work by Bejerano [15] showed the limitations of the algorithms developed by Lowekamp et al. [2] and Breitbart et al. [12, 20] in multi-subnet networks or in the presence of uncooperative switches and hubs. Bejerano s algorithm was simple and could discover the topology in most of cases. However, it can not guarantee a topology discovery. Also, his method also requires a completeness of input AFTs. Research by Stott [33] also employed SNMP MIB data, but instead of using forwarding table data, the algorithm used data from the Bridge-MIB. However, the method described in this paper assumes that each device has knowledge of the spanning tree root, which does not happen always in practice. Gobjuka and Breitbart [16, 34] described the first formal method to determine whether a given set of complete AFTs define a unique topology when the network does not contain hubs. They also showed that there is proportional relationship between the number of subnets in the network and non-uniqueness of the discovered topology. Further work by Gobjuka and Breitbart [19] described the first practical algorithm to discover the Ethernet network topology when the network contains hubs. Their methods discover the all network topologies when the MIB information defines more than one topology. Furthermore, they proposed criteria to decide the uniqueness of network topology from a complete set of AFTs when the network contains hubs. More recently, Gobjuka and Breitbart [17, 18] investigated the problem of finding the layer 2 topology for networks that may include uncooperative nodes when the available AFTs are incomplete. They proved that finding a layer 2 network topology for a given set of incomplete AFTs is an NP-hard problem even for single subnet networks and deciding whether a given set of AFTs defines a unique network topology is a co-np-hard problem. The authors showed that the topology discovery problem is NP-hard even if there are two nodes a and b in the network such that node a appears in some AFTs and node b appears in some AFTs but neither a nor b appears in all AFTs. This condition was probably the strongest which makes the problem NP-hard as they also showed that the topology can be discovered in polynomial time if all AFTs include node a. They also proposed heuristic algorithms to find network topology [17, 18]. They also described methods for inferring complete AFTs from incomplete information. This approach is used in heuristic that discovers the topology from incomplete AFTs. The IETF (internet engineering task force) attempted to create a standard for SNMP topology discovery by creating the Physical Topology MIB, but adoption of the proposal was hampered by the fact that it did not include details on how to actually populate the required MIB objects. To remedy the situation, the IEEE developed the LLDP (link layer discovery protocol) as part of the 802.1AB-2005 standard. The LLDP allows neighboring devices to become aware of each other and populate their physical Topology MIBs. The efforts surrounding LLDP clearly shows an industry need for topology discovery in heterogeneous networks at layer 2;

957 however, LLDP can not easily be deployed on legacy equipment. All the layer 2 topology discovery techniques and algorithms discussed thus far depend on SNMP enabled network elements. The reliance on SNMP can prove problematic in quite a number of network environments. As networks grow and management becomes decentralized it can not be assumed that SNMP would be enabled or that administrative SNMP access would be granted. A lot of small business, home office and branch office networks are built using consumer-grade network equipments that do not even support SNMP. A need for topology discovery techniques that do not require network cooperation and for tools that can augment SNMP-based techniques therefore exists. A technique for layer 2 topology discovery without network element cooperation has been implemented by Black et al. [13]. The technique exploits the packet forwarding properties of network elements, specifically those of switches. The algorithm requires specialized software on many edge nodes (hosts) that are controlled from a master node to execute the distributed discovery algorithm [13]. Cooperating hosts train switches they are connected to in order to only pass packets with specific addresses. The master node then instructs other hosts to send probe packets with the specific addresses. Depending on where the probe packets are delivered to (or not), a picture of the network internals can be formed. The problem with this method is that special software agents have to be installed on network hosts. Other efforts worth mentioning are proprietary protocols by network vendors used prior to the standardization of the LLDP. These include the CDP (Cisco discovery protocol), Enterasys Networks CDP (also Cabletron discovery protocol), Extreme Networks EDP (extreme discovery protocol) and Nortel Networks NDP (Nortel discovery protocol). The use of Ethernet as an access technology, especially in the telecommunication industry, has also led to efforts to add and standardize Ethernet capabilities for OAM (operational, administration and maintenance) management. The main operational issues addressed are discovery, link monitoring, and fault signaling and remote loopback. The added functionality is not aimed specifically at topology discovery in enterprise networks, but could potentially be used. 5. Limitations and Issues Even though the techniques used for network layer topology discovery so far can discover the topology in wide range of case, there are several important cases where these methods may fail to discover the Ethernet network topology. In practice, network topology can change during the discovery process. Furthermore, AFTs can be stale. Both situations can result in AFTs that are not consists with the actual network topology. Unfortunately, none of the methods published so far in the research community or industry addresses this important issue. Another limitation with Ethernet topology discovery is the existence of VLANs. In fact, it is very common for Ethernet networks to have VLANs. VLANs are used similarly to subnets but it not necessary and they allow Ethernet networks to spread over large geographical distance. The main issue with networks that have VLANs is that the network may have cycles and the topology is no longer tree. Breitbart et al. [20] described method to discover the topology in the presence of VLANs. However, since VLANs can spread large geographical areas, and consequently network devices, it is impractical to assume that AFTs will be complete in the presence of VLANs. Fig. 3 depicts a typical VLAN and its topological layout. The third limitation with the current approaches occurs with the existence of wireless and mobile nodes. Wireless and mobile nodes do not follow the classical AFT approach to communicate with other network devices. Consequently, the current methods

958 Fig. 3 A typical VLAN and its Topology layout. can not be reused to infer the topology in the presence of wireless and mobile networks. 6. Conclusions The past ten years have seen the rise of a new networking measurement area: the internet Topology discovery. Due to its particular structure, the network topology can be understood at various levels. In this article, the authors focused on the work performed by the research community on the network layer topology, sometimes also called the internet topology. In this article, the authors first explained that the internet topology discovery is driven by important questions. For instance, one might want to model the internet in order to reproduce its behavior in a laboratory. However, although the amount of work performed by the research community is huge, this is not the end of the story. All are starting to see the deployment of large-scale distributed measurement infrastructures made of hundreds or thousands References [1] E. Gavron, NANOG Trace Route, ftp://ftp.login.com/pub/software/traceroute/. [2] R. Govindan, H. Tangmunarunkit, Heuristics for internet map discovery, in: Proc. IEEE INFOCOM, Miami, FL, 2000. [3] N. Spring, R. Mahajan, D. Wetherall, Measuring ISP topologies with rocket fuel, in: Proc. ACM SIGCOMM, Marseille, France, 2002. [4] D. Apostal, T.F. Lennox, T. Markham, A. Down, R. Lu, D.O. Brien, Checkmate network security modeling, in: DARPA Information Survivability Conference & Exposition II, Anaheim, California, 2001. [5] B. Lowekamp, D.O. Hallaron, T. Gross, Topology discovery for Large Ethernet networks, in: Proc. ACM SIGCOMM, San Diego, CA, USA, 2001. [6] I. Stoica, Chord: A scalable peer-to-peer lookup protocol for internet applications, IEEE/ACM Trans. 11 (2003) 17-32. [7] S. Ratnasamy, A scalable content addressable network, in: Proc. ACM SIGCOMM, San Diego, CA, USA, 2001. [8] D. Stutzbach, R. Rejaie, Capturing accurate snapshots of the Gnutella network, in: Proc. IEEE Global Internet Symp., Miami, FL, USA, 2005. [9] D. Stutzbach, R. Rejaie, S. Sen, Characterizing unstructured overlay topologies in modern p2p file-sharing systems, in: Proc. ACM SIGCOMM Internet

959 Measurement Conf. (IMC), Berkeley, California, USA, 2005. [10] M. Ripeanu, I. Foster, A. Iamnitchi, Mapping the Gnutella network: Properties of large-scale peer-to-peer systems and implications for system design, IEEE Internet Computing Journal 6 (2002). [11] J. Liang, R. Kumar, K.W. Ross, The kazaa overlay: A measurement study, Computer Networks 49 (2005). [12] Y. Breitbart, M. Garofalakis, C. Martin, R. Rastogi, S. Seshadri, Topology discovery in heterogeneous IP networks, in: Proc. IEEE INFOCOM, Miami, FL, 2000. [13] R. Black, A. Donnelly, C. Fournet, Ethernet topology discovery without network assistance, in: Proc. ICNP, Berlin, Germany, 2004. [14] Y. Bejerano, Y. Breitbart, M. Garofalakis, R. Rastogi, Physical topology discovery for large multi-subnet networks, in: Proc. IEEE INFOCOM, San Franciso, CA, USA, 2003. [15] Y. Bejerano, Taking the skeletons out of the closets: A simple and efficient topology discovery scheme for large multi subnet networks, in: Proc. of IEEE INFOCOM, Barcelona, Spain, 2006. [16] H. Gobjuka, Y. Breitbart, Characterization of layer-2 unique topologies in multi subnet local networks, in: Proc. IEEE LCN, Tampa, Florida, USA, 2006. [17] H. Gobjuka, Y. Breitbart, Ethernet topology discovery for networks with incomplete information, in: Proc. IEEE ICCCN, Glasgow, Scotland, 2007. [18] H. Gobjuka, Y. Breitbart, Finding Ethernet-Type Network Topology is Not Easy, Technical Report: Kent State University, 2007. [19] H. Gobjuka, Y. Breitbart, Discovering network topology of large multi subnet Ethernet networks, in: Proc. IEEE LCN, Dublin, Ireland, 2007. [20] Y. Breitbart, M. Garofalakis, B. Jai, C. Martin, R. Rastogi, A. Silberschatz, Topology discovery in heterogeneous IP networks: The net inventory system, IEEE/ACM Transactions on Networking 12 (2004) 401-414. [21] K.C. Clay, CAIDA: Visualizing the internet, IEEE Internet Computing 5 (2001) 21-23. [22] M. Piringer, J. Schmitt, R. Steinmetz, On realistic network topologies for simulation, in: MoMeTools 03: Proceedings of the ACM SIGCOMM Workshop on Models, Methods and Tools for Reproducible Network Research, ACM Press, New York, NY, USA, 2003. [23] G. Vigna, F. Valeur, J. Zhou, R.A. Kemmerer, Composable tools for network discovery and security analysis, in: ACSAC 02: Proceedings of the 18th Annual Computer Security Applications Conference, USA, 2002. [24] Cisco Network Admission Control (NAC), White Paper, Cisco Systems, 2006. [25] V. Corey, C. Peterman, S. Shearin, M.S. Greenberg, J.V. Bokkelen, Network forensics analysis, IEEE Internet Computing 6 (2002) 60-66. [26] W. Ren, H. Jin, Distributed agent-based real time network intrusion forensics system architecture design, in: AINA 05: Proceedings of the 19th International Conference on Advanced Information Networking and Applications, Washington, DC, USA, 2005. [27] H. Burch, B. Cheswick, Mapping the internet, Computer 32 (1999) 98-102. [28] D.G. Waddington, F. Chang, R. Viswanathan, B. Yao, Topology discovery for public IPv6 networks, SIGCOMM Computer Communication Review 33 (2003) 59-68. [29] W. Bumpus, The continuing evolution of distributed systems management, IEICE Transactions on Information and Systems 86 (2003) 2256-2261. [30] P. Radoslavov, On Characterizing Network Topologies and Analyzing Their Impact on Protocol Design, Computer Science Department, University of Southern California, Tech. Rep., 2000. [31] Y. Sun, Z. Wu, Z. Shi, The physical topology discovery for switched Ethernet based on connection reasoning, in: Proc. ISCIT, Beijing, China, 2005. [32] Y. Sun, Z. Shi, Z. Wu, A discovery algorithm for physical topology in switched networks, in: Proc. IEEE LCN, Sydney, Australia, 2005. [33] D.T. Stott, Layer-2 Path Discovery Using Spanning Tree MIBs, Technical Report: Avaya Laboratories, 2002. [34] Y. Breitbart, H. Gobjuka, Characterization of layer-2 unique topologies, Information Processing Letters 105 (2008) 52-57.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information