The present embodiments relate to bridged computer networks and are more particularly directed to detecting certain abnormalities such as in a network spanning tree.
Bridged networks have found favor in many applications in the networking industry for various reasons. A bridged network generally includes a number of nodes, some of which are bridge nodes and which have connectivity to other nodes in the network. During network learning, each bridge node typically broadcasts on all of its ports, that is, the bridge node transmits the same message data out of all of its ports, where such message data typically includes the network topology information. In this manner, when another bridge node receives a message that contains topology information, the receiving node does not forward the message; instead, it compares with its distance to the root and decides whether to inform the other bride nodes about this new information with its own ID. Thus, the topology messages are akin to regenerated messages with proper local information, where those regenerated messages may be forwarded to other bridge nodes. After repeating this process with numerous messages and as between various bridge nodes, each bridge node is informed of its connectivity to other neighboring bridge nodes, where in this document the term neighbor (or neighboring) node is intended to mean two bridge nodes that each have a port directly connected to the other. This connectivity information is maintained by each bridge node in one or more respective tables that record information received, or derived from, bridge nodes that replied during the learning process. In addition to bridge nodes, the bridged network includes other nodes, which are referred to with varying names such as user stations or client nodes. With the connectivity of the bridge nodes and client nodes, one or more bridge nodes connect two or more client nodes together and forward messages between the client nodes. Thus, the client nodes communicate with each other as if they are directly attached to the same physical network and with transparency of the bridge node(s) between them.
Within a bridged network, an additional layer of routing may be imposed. As one example, such routing is imposed with one or more spanning trees that thereby define the path along which messages may be communicated within the bridged network. Thus, each spanning tree imposes an additional level of routing restraint for a message communicated along that tree. Typically such restraints are imposed to prevent looping of a network message, that is, preventing multiple copies of a same message from reaching a same bridge node, as could otherwise occur if a loop exists in the physical connectivity of the network. For example, consider a ring of bridge nodes, wherein each bridge node is connected to another bridge node and the entirety of the bridge nodes forms a ring. Without an additional constraint, if one bridge node in the ring broadcasts a message, and assuming all nodes pass onward the broadcast message along the ring, then two copies of the broadcast message will reach (or “loop” to) the destination node in that ring. A spanning tree, however, defines a route as between the bridge nodes, and may be implemented in the ring as merely an imposed block between two bridge nodes on the ring. Thus, when a bridge node adjacent the block receives a message, it is prevented from transmitting the message onward in the direction of the block. As a result, only one copy of the broadcast message may reach the destination node.
By way of additional background, the prior art includes a different bridge priority assigned to each bridge node, and the priority affects the time for re-convergence when a failure (e.g., breakage) occurs in the bridged network. In general, when a failure occurs, control messages are communicated among the bridge nodes that are still connected within the spanning tree in a process known as re-convergence. For example, each control message in one approach is known as a bridge protocol data unit (“BPDU”), which is a message that is exchanged across the bridges nodes and contains information including ports, addresses, and priorities, all of which are used to direct the message to the proper destination. Thus, when a bridge node receives a BPDU in the prior art, the node may update its table information and thereby make changes in the network configuration. Indeed, once re-convergence is complete, a new spanning tree is thereby established based on changes that were made by bridges that received BPDUs during re-convergence. As a result, additional messages may be communicated along the new spanning tree, at least until the failure, which caused the re-convergence, is resolved.
By way of further background, a BPDU also typically includes so-called port path cost (“PPC”) of the bridge node that generated the BPDU. PPC is an efficiency measure of the cost of transmitting along the path from the specified port of the bridge node that generated the BPDU to the “root” bridge node in the spanning tree. This cost is typically indicated in a value of the hop distance from the port at issue to the root bridge node, that is, the number of bridge nodes between the port at issue and the root. Thus, if the port at issue is connected directly to the root bridge node, then the hop distance is one, whereas if the port at issue is connected through one intermediate bridge node to the root bridge node, then the hop distance is two, and so forth. Also in this regard, the root bridge node is a node that is typically given some level of control over the spanning tree, such as by identifying the root node as having the highest priority in the spanning tree, and the root node has access to a network server and database for various purposes of overseeing the spanning tree.
By way of still further background, note that during network learning or re-convergence, each bridge node receives from the network server the bridge node's respective PPC (or hop distance) to the root bridge node. However, during subsequent operation, the same bridge node may again receive a BPDU from a neighboring bridge node, wherein the neighboring bridge node indicates a change in its own PPC. For example, the neighboring bridge node may indicate to the receiving bridge node that the neighboring bridge node has become the root of the spanning tree, wuch as by indicating a PPC of zero. In response, therefore, the receiving bridge node will possibly alter its own configuration, detecting in essence that it is now connected directly to the root bridge node, thereby giving itself a hop distance of one to that root now-neighboring bridge node. Still further, that same receiving bridge node may then communicate its own BPDU to other bridge nodes in the network, notifying them of the now perceived direct-connection to the root bridge note, whereupon it is possible that some of those other bridge nodes may in turn change their own network information as pertaining to the PPC of each such node. Indeed, the changed PPCs may result in an overall change to the spanning tree configuration of the network.
While the preceding technologies have proven beneficial in numerous applications, the present inventors have recognized that drawbacks may occur in the above-described operation in connection with certain types of network abnormalities. For example, an unfortunate reality of contemporary computing is that often users are seeking unauthorized access to computers, and such users are known to attempt to “spoof” in the networking environment, that is, to connect to the network and have their station held out as an authorized network node when in fact it is not. Indeed, such a wrongdoer may seek to connect as a user station yet mimic the behavior of a root network bridge in order to have the access and control that is normally afforded the true root network bridge. To facilitate such an effort, the wrongdoer may cause its user station to issue a BPDU asserting that it is a bridge node and that it has achieved a status of the root bridge node, thereby putting it in a position to receive various information from the other bridge nodes. As another example, an error in a BPDU such as which may be inserted due to an error by an actual bridge node also may cause wrongful information to be circulated to other bridge nodes. In either case, therefore, the other bridge nodes of the network receive the BPDU and may alter their own tabled information in response and also may cause a change to the network configuration in response. Clearly, such changes are undesirable to the extent they cause network changes in response to wrongful information, whether it be propagated by mistake or wrongful intent.
With the above drawbacks, certain solutions to improve spanning tree protocol (“STP”) have been proposed in the prior art. For example, BPDU guard enhancement has been introduced to enhance the STP security by clearly defining the domain borders. Once the BPDU guard is enabled at a port, the port will become disabled if a BPDU is received from the port. This way, any devices that are behind the ports with BPDU guard enabled are not allowed to participate the STP. As a result, active Ethernet topology is stable. As another example, there is a root guard technique. In this technique, root guard is configured on a per-port basis and does not allow the port to become an STP root port. This means that the port is always STP-designated, and if there is a better BPDU received on this port, BPDU guard disables the port, rather than taking the BPDU into account and electing a new STP root. Root guard needs to be enabled on all ports where the root bridge should not appear. As yet another example, encryption algorithms (e.g., MACSec) can be used in the Ethernet. In order to achieve a secure STP, the BPDU messages need to be encrypted.
While the above approaches may assist in various circumstances, they do not protect the STP from bridge malfunction. The port guard only protects the user port. Root guard requires a manual setup and is not flexible or scalable. The MACSec approach requires expensive encryption and a network wide upgrade. Accordingly, greater optimization and application are required, as is achieved by the preferred embodiments, which are further detailed below.