Embed Size (px)
Citation preview
1
Fault Analysis for Large-scale Campus-wide Wireless Networks
Jian Chen
01-15-2009
Department of CS, Tsinghua University, Beijing, China
2
Complaints From Users
• Why can not access Internet right here? A stupid wireless network
• Why do I access Internet so slowly, however he is surfing the webs very happy ? A stupid wireless network
• Why can not roam seamlessly from this building to another building? A stupid wireless network
• Why can not get through the authentication right now ?
• Why is the performance of wireless network extremely bad ?
3
Complaints From Users (cont..)
Source from: [Atul Adya 04] Mobicom
Number of wireless related complaints logged by the ITdepartment of a major US corporation
4
Campus-wide Wireless Network Problems
• Coverage– RF Planning
RF holes RF Overlap with same
channel
• Security– Authentication– Authorization– Rogue AP
• Management– Mobility– Misconfiguration
• Performance– PHY
Limited Capacity Broadcast wireless channel Time-varying Signal Noise
Ratio (SNR) Transmitter Power Interference Semiduplex
– 802.11 MAC Random contention Backoff Retransmission Hidden terminal Rate fallback
5
Existing Solutions
• Wireless management system or diagnostic tools– AirWave, Air Magnet, Air Defense– Aruba WMS, Cisco WMS,…..
• Weakness– Measurement data only from AP perspective– Weak analysis function– Too much abundant information – Hard to find the root cause of wireless problems
6
Our Goal of Fault Analysis
•How many rogue APs are there in our campus-wide WLANs ?
•How many misconfigurations and security threats are there in our campus-wide WLANs ?
•What is the impact of existing configuration of AP on performance ?
•What can be done to reduce these rogue APs , misconfigurations , security threats and impact ?
7
Outline
• Background– CNGI (China Next Generation Internet) Campus-wide WLAN
• Measurement data from operational wireless network – MIB– System log
• Fault analysis
• Future work
8
CNGI Campus-wide WLAN
9
CNGI Campus-wide WLAN
• 6 campus-wide wireless sub network–Total AP number : 977–Heterogeneous wireless networks
Aruba AP 61 Cisco AP 1010 GemTek P-720G
–IPv6 support–Roaming support in each wireless sub network
10
Online-User Statistic
11
Traffic Statistic
12
AP Classification
Mobility Controller
1 2 3
Internet
Wired Campus Network
RouterSwitch
Valid
Interfering
Rogue
13
Measurement Data From Operational Wireless Networks
• Collect SNMP info from routers, control switchs and APs of operational wireless networks.– 117 GB– From 1 April ,2008 to present
• Collect syslog from Wireless Management System, Wireless Intrusion Detection System and AAA server.– 600 MB– From 20 Dec, 2008 to present
14
FIT Building, Floor 1, Tsinghua
15
FIT Building, Floor 2, Tsinghua
16
Caoguangbiao Building, Floor 3, Zhejiang University
17
Class Building 9, Floor 1, Zhejiang University
18
Rogue APs
• In FIT building of Tsinghua university– 40 different SSIDs– 37 valid APs– 28 rogue APs– 18 interfering APs
Manufacturer
AP typeAruba Cisco Linksys D-Link TP-Link Netgear Unkown
Valid APs 37
Rogue APs 2 3 1 2 1 19
Interfering APs 3 2 1 12
19
• Misconfigured Privacy Violation
• Misconfigured Short Preamble Violation
• RF hole detected
• Rogue AP
• IDS: Ad-hoc Network Detected
• IDS: Wireless Bridge Detected
• IDS: Node Rate Anomaly
• IDS: Channel Rate Anomaly
Misconfigurations and Security Threats
20
Future Work
• Synthesize data traces and MIB info
• Statistical methods– Make statistical distributions of misconfigurations and
security threats Misconfiguration events distribution Security threats distribution Temporal distribution Frequency distribution
– Analyze correlation model between misconfigurations and security threats Find the relationship between misconfigurations and security
threats
21
Thank you !
