Proceedings ArticleDOI
Routing design in operational networks: a look from the inside
David A. Maltz,Geoffrey G. Xie,Jibin Zhan,Hui Zhang,Gísli Hjálmtýsson,Albert Greenberg +5 more
- Vol. 34, Iss: 4, pp 27-40
Reads0
Chats0
TLDR
This paper has developed a methodology for reverse engineering a coherent global view of a network's routing design from the static analysis of dumps of the local configuration state of each router.Abstract:
In any IP network, routing protocols provide the intelligence that takes a collection of physical links and transforms them into a network that enables packets to travel from one host to another. Though routing design is arguably the single most important design task for large IP networks, there has been very little systematic investigation into how routing protocols are actually used in production networks to implement the goals of network architects. We have developed a methodology for reverse engineering a coherent global view of a network's routing design from the static analysis of dumps of the local configuration state of each router. Starting with a set of 8,035 configuration files, we have applied this method to 31 production networks. In this paper we present a detailed examination of how routing protocols are used in operational networks. In particular, the results show the conventional model of "interior" and "exterior" gateway protocols is insufficient to describe the diverse set of mechanisms used by architects, and we provide examples of the more unusual designs and examine their trade-offs. We discuss the strengths and weaknesses of our methodology, and argue that it opens paths towards new understandings of network behavior and design.read more
Citations
More filters
Proceedings ArticleDOI
Ethane: taking control of the enterprise
TL;DR: Ethane allows managers to define a single network-wide fine-grain policy, and then enforces it directly, and this design is backwards-compatible with existing hosts and switches.
Journal ArticleDOI
A clean slate 4D approach to network control and management
Albert Greenberg,Gisli Hjalmtysson,David A. Maltz,Andy Myers,Jennifer Rexford,Geoffrey G. Xie,Hong Yan,Jibin Zhan,Hui Zhang +8 more
TL;DR: This work advocate a complete refactoring of the functionality and proposes three key principles--network-level objectives, network-wide views, and direct control--that it believes should underlie a new architecture, called 4D, after the architecture's four planes: decision, dissemination, discovery, and data.
Proceedings Article
SANE: a protection architecture for enterprise networks
Martin Casado,Tal Garfinkel,Aditya Akella,Michael J. Freedman,Dan Boneh,Nick McKeown,Scott Shenker +6 more
TL;DR: SANE offers strong attack resistance and containment in the face of compromise, yet is practical for everyday use, and can easily scale to networks of tens of thousands of nodes.
Proceedings ArticleDOI
FIREMAN: a toolkit for firewall modeling and analysis
TL;DR: Fireman, a static analysis toolkit for firewall modeling and analysis, is introduced and used to uncover several real misconfigurations in enterprise networks, some of which have been subsequently confirmed and corrected by the administrators of these networks.
Patent
Method and apparatus for implementing and managing virtual switches
Martin Casado,Paul S. Ingram,Keith E. Amidon,Peter J. Balland,Teemu Koponen,Benjamin L. Pfaff,Justin Pettit,Jesse E. Gross,Daniel J. Wendlandt +8 more
TL;DR: In this paper, the authors propose a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking, which can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling and notifying the IP network of workload migration.
References
More filters
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
P. Ferguson,D. Senie +1 more
TL;DR: A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
Proceedings ArticleDOI
Measuring ISP topologies with rocketfuel
TL;DR: New Internet mapping techniques that have enabled us to directly measure router-level ISP topologies are presented, finding that these maps are substantially more complete than those of earlier Internet mapping efforts.
Journal ArticleDOI
End-to-end routing behavior in the Internet
TL;DR: It is found that Internet paths are heavily dominated by a single prevalent route, but that the time periods over which routes persist show wide variation, ranging from seconds up to days.
Proceedings ArticleDOI
Heuristics for Internet map discovery
TL;DR: The design of these heuristics and the experiences with Mercator are described, some preliminary analysis of the resulting Internet map is presented, and novel mechanisms for resolving aliases are employed.
Journal ArticleDOI
An empirical study of FORTRAN programs
TL;DR: The principal conclusion which may be drawn is the importance of a program ‘profile’, namely a table of frequency counts which record how often each statement is performed in a typical run; there are strong indications that profile‐keeping should become a standard practice in all computer systems, for casual users as well as system programmers.