This invention relates generally to test instruments for local area networks (LANs) and in particular to a method in a test instrument for analyzing and testing a switched LAN.
Increasingly complex LANs now connect more and more types of devices including personal computers, work stations, file servers, and printers. Network hubs are often the central devices in a network through which information flows. Each client device connects to the LAN via adapters called network interface cards (NICs) to form nodes. Connecting the nodes to the hubs are network links which may be unshielded twisted pair (UTP) wire, coaxial cable, or fiber optic cable.
Network protocols for controlling the communication of information between the nodes have been developed, including Ethernet which is defined according to the IEEE 802.3 standard and Token Ring which is defined according to the IEEE 802.5 standard. Ethernet uses a method called carrier-sensing multiple access with collision detection (CSMA/CD) to control information flow and resolve collisions between nodes. A node can send information on the network only if no other node is currently sending information. If a node tries to send information at the same time as another node, a collision occurs and each node operates according to a defined "back off" procedure to resolve the collision. Each node will wait a random period of time to attempt to send the information again.
Because Ethernet is typically implemented in a baseband, broadcast network, every node receives the information sent by every other node within the collision domain. In order to minimize the burden on the software operating in host personal computers (PC's) connected to the network, a hardware layer with a hardware or media access control (MAC) address passes along to the software layer only the information appropriate for that node. Such information may be in the form of a "broadcast" message intended for all nodes in the network or as a message only for the intended node with the MAC address.
Information sent over an Ethernet network is in the form of discrete packets defined according to the seven layer Open Systems Interconnection (OSI) standard maintained by the American National Standards Institute (ANSI). OSI is a layered structure in which the highest layers take advantage of the capabilities of the lower layers to send information between nodes. Information is passed between nodes in the form of discrete packets containing data or control information supplied by the various OSI layers. The highest layers are the Application layer, the Presentation layer, and the Session layer which may include Telnet, File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Domain Name System (DNS).
The Transport layer typically includes the Transmission Control Protocol (TCP) along with the User Datagram Protocol (UDP), among others, which provide for the delivery of the data to a desired device and the division of the information into discrete packets for sending. Received packets are reassembled in a like manner. The Network layer (level 2) routes messages back and forth between a source node and a destination node according to Internet Protocol (IP) addresses by adding an IP header to each packet indicating the source and destination IP addresses. The lowest layer is the physical link layer in which the hardware MAC addresses are used.
The original Ethernet baseband model, in which all of the network devices reside on the same collision domain, typically linked together on a common coaxial cable or by using a shared hub in the 10BASE-T environment, is commonly referred to as a shared LAN. Because of increasing demands for available bandwidth, shared LANs are rapidly giving way to switched LANs in which a switched hub (switch) replaces or supplants the shared hub. Now, each collision domain may be separated into segments, with the switch selectively switching traffic between various segments of the LAN. The most common architecture of a switched LAN is to provide a switch between a number of segments, with each segment typically comprising separate work groups and with the majority of network traffic traveling between the server and each of the segments. With the exception of the segment that the server is on, each of the other segments benefit from increased bandwidth because they do not see the network traffic from the other segments. Because the server's segment typically becomes the performance bottleneck in the LAN, its maximum speed is increased, for example from 10 Mbps to 100 Mbps, to increase overall network performance.
IP broadcast messages on one segment are forwarded to other segments within the same broadcast domain. Higher level switching functions such as virtual LAN (VLAN) have been implemented which determine the scope of a broadcast domain.
Network managers need to have the ability to control network devices and monitor the traffic patterns within a given LAN using a central console which uses network management software to control multiple switches, routers, bridges, and other network devices. Built-in processing capability operating according to known standards is typically provided within each of these network devices, allowing them to be remotely programmed and queried to provide data back to the central console via SNMP (simple network management protocol) commands. SNMP is the current TCP/IP network management protocol defined according to RFC 1157. The built-in processing capability in the network devices operates in software as an SNMP agent which keeps control and status information that the network manager can access in the form of a MIB (management information base). A MIB specifies the data items a device must keep and the operations allowed on each data item.
Because no single vendor owns the TCP/IP technology, the Internet Architecture Board (IAB), and the Internet Engineering Task Force (IETF) which operates under the IAB, sets the standards using a series of technical reports called Requests for Comments (RFCs). Further information about the IAB, IETF, and RFCs may be found in Comer, Douglas, E., "Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture", Prentice-Hall, Inc., 1995.
The standard TCP/IP MIB is known as MIB-II, which is defined according to RFC 1213. Network devices may support other MIBs in addition to the standard MIB-II. RMON (remote monitoring) MIBs, defined according to RFC 1757, provide additional information not available from MIB-II, such as more detailed statistical and error information on any particular port of a switch. Transmission MIBs, including Ethernet according to RFC 1643, FDDI (fiber distribution data interface) according to RFC 1285 and 1512, and Token Ring according to RFC 1748, are tailored to provide information particular to the network media. Bridge MIBs, defined according to RFC 1493, contain a table of MAC addresses attached to various ports of the switch. Finally, a vendor may choose to adopt their own private MIBs, which, although adhering to agreed upon protocols defined according to the RFCs, contain proprietary commands and data items. The number of MIBs continues to expand as network devices gain improved capabilities and functionality.
While network management software provides for overall network control as well as detailed monitoring of any particular condition on the network using the available MIBs, the capability of such software to troubleshoot and find errors may be overwhelmed by the volume of information that may be collected. No capability is provided to selectively obtain information pertinent for troubleshooting and analysis. The problem is exacerbated by the increasing use of switches which divide the network traffic into segments, thus making the use of such diagnostic tools as protocol analyzers impractical. Therefore, it would be desirable to provide a method for testing switched LANs by using the information gathered from the set of available MIBs in the switch to provide useful diagnostic information to the user.