Theophilus Benson Aditya Akella David A Maltz

Slides:

Advertisements

Similar presentations

Theophilus Benson, Aditya Akella, David Maltz University Of Wisconsin-Madison, Microsoft Research 1.

Advertisements

Chapter 1: Introduction to Scaling Networks

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

The subnet /28 has been selected to be further subnetted to support point-to-point serial links. What is the maximum number of serial links.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: EIGRP Advanced Configurations and Troubleshooting Scaling.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

Cisco S3 C5 Routing Protocols. Network Design Characteristics Reliable – provides mechanisms for error detection and correction Connectivity – incorporate.

Cisco Hierarchical Network Model RD-CSY /101.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 RIP version 1 Routing Protocols and Concepts – Chapter 5.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

Understanding and Mitigating the Complexity in Network Configuration and Management Aditya Akella UW-Madison Joint work with Theo Benson (UW-Madison) and.

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

1 Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture David A. Maltz Microsoft Research Joint work with Albert Greenberg,

Network Configuration Management Nick Feamster CS 6250: Computer Networking Fall 2011 (Some slides on configuration complexity from Prof. Aditya Akella)

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.

1 Structure Preserving Anonymization of Router Configuration Data David A. Maltz, Jibin Zhan, Geoffrey Xie, Hui Zhang Carnegie Mellon University Gisli.

Chapter 4: Managing LAN Traffic

Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.

Manipulating Routing Updates Controlling Routing Update Traffic.

1 Route Optimization Chapter Route Filters Use access list to filter out unwanted routes Identifies packets or addresses to be filtered Prevents.

TCOM 515 Lecture 6.

1 Introducing Routing 1. Dynamic routing - information is learned from other routers, and routing protocols adjust routes automatically. 2. Static routing.

Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

1 Routing. 2 Routing is the act of deciding how each individual datagram finds its way through the multiple different paths to its destination. Routing.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.

Router and Routing Basics

CCNA 1 Module 10 Routing Fundamentals and Subnets.

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

Chapter 8: Virtual LAN (VLAN)

Chapter 9. Implementing Scalability Features in Your Internetwork.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

SW REVERSE JEOPARDY Chapter 1 CCNA2 SW Start-up Routing table Routing table Router parts Router parts Choosing a path Choosing a path Addressing Pot.

1 Theophilus Benson*, Aditya Akella*, Aman Shaikh + *University of Wisconsin, Madison + ATT Labs Research.

Institute of Technology Sligo - Dept of Computing Sem 2 Chapter 12 Routing Protocols.

Module 1: Configuring Routing by Using Routing and Remote Access.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.

Basic Routing Principles V1.2. Objectives Understand the function of router Know the basic conception in routing Know the working principle of router.

1 Routing Design in Operational Networks: A Look from the Inside David A. Maltz, Geoffrey Xie, Jibin Zhan, Hui Zhang Carnegie Mellon University Gisli Hjalmtysson,

Routing and Routing Protocols

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

Proactive Network Configuration Validation with Batfish

Hierarchical Topology Design. 2 Topology Design Topology is a map of an___________ that indicates network segments, interconnection points, and user communities.

COS 420 Day 15. Agenda Finish Individualized Project Presentations on Thrusday Have Grading sheets to me by Friday Group Project Discussion Goals & Timelines.

6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.

+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.

Access Control Lists Mark Clements. 17 March 2009ITCN 2 This Week – Access Control Lists What are ACLs? What are they for? How do they work? Standard.

Routing Algorithms Lecture Static/ Dynamic, Direct/ Indirect, Shortest Path Routing, Flooding, Distance Vector Routing, Link State Routing, Hierarchical.

Sem 2 v2 Chapter 12: Routing. Routers can be configured to use one or more IP routing protocols. Two of these IP routing protocols are RIP and IGRP. After.

Yiting Xia, T. S. Eugene Ng Rice University

Multi Node Label Routing – A layer 2.5 routing protocol

Instructor Materials Chapter 1: LAN Design

Instructor Materials Chapter 6: VLANs

Routing and Routing Protocols: Routing Static

Aaron Gember-Jacobson

Chapter 4 Data Link Layer Switching

Chapter 5: Inter-VLAN Routing

Routing and Switching Essentials v6.0

Routing and Routing Protocols: Routing Static

Chapter 2: Static Routing

Chapter 3 VLANs Chaffee County Academy

Presentation transcript:

Theophilus Benson Aditya Akella David A Maltz

 Intricate logical and physical topologies  Diverse network devices  Operating on different layers  Requiring different command sets  Operators constantly tweak network configurations  Implementation of new admin policies  Quick-fixes in response to crises  Diverse goals  E.g. QOS, security, routing  Complex configuration 2

Interface vlan901 ip address ip access-group 9 out ! Router ospf 1 router-id network ! access-list Interface vlan901 ip address ip access-group 9 out ! Router ospf 1 router-id network ! access-list  Adding a new department with hosts spread across 3 buildings Interface vlan901 ip address ip access-group 9 out ! Router ospf 1 router-id network ! access-list Department1 3

 Complexity leads to misconfiguration  Can’t measure complexity of network design  Other communities have benchmarks for complexity  No complexity metric  can’t understand difficulty of future changes  Quick fix now may complicate future changes  Hard to select from alternate configs  Ability to predict difficulty of future changes is essential  Reduce management cost, operator error 4

 Our metrics:  Succinctly describe design complexity  Can be automatically calculated from config files  Align with operator’s mental models ▪ Predict difficulty of future changes  Empirical study of complexity of 7 networks  Validated metrics through operator interviews  Questionnaire: tasks to quantify complexity ▪ Network specific ▪ Common to all operators  Focus on layer 3 Motivation 5

NetworksMean file size Number of routers Univ Univ Univ Univ Enet Enet Enet  Complexity is unrelated to size or line count  Complex  Simple

 Implementation complexity: difficulty of implementing policies  Referential dependence: the complexity behind configuring routers correctly  Roles: the complexity behind identifying roles for routers in implementing a network’s policy (See paper for details)  Inherent complexity: complexity of the policies themselves  Uniformity: complexity due to special cases in policies  Lower-bounds implementation complexity 7

8  Referential complexity  Inherent complexity  Insights into complexity  Related work and conclusion

 Referential graph for shown config  Intra-file links, e.g., passive-interfaces, and access-group.  Inter-file links  Global network symbols, e.g., subnet, and VLANs. 9 1 Interface Vlan901 2 ip ip access-group 9 in 4 ! 5 Router ospf 1 6 router-id passive-interface default 8 no passive-interface Vlan901 9 no passive-interface Vlan network distribute-list in redistribute connected subnets 13 ! 14 access-list 9 permit any 15 access-list 9 deny any 16 access-list 12 permit Interface Vlan901 2 ip ip access-group 9 in 4 ! 5 Router ospf 1 6 router-id passive-interface default 8 no passive-interface Vlan901 9 no passive-interface Vlan network distribute-list in redistribute connected subnets 13 ! 14 access-list 9 permit any 15 access-list 9 deny any 16 access-list 12 permit ospf1 Vlan901 Access-list 9 Access-list 12 Subnet 1 ospf 1 Vlan30 Access-list 11 Access-list 10 Route-map 12

 Operator’s objective: short dependency chains in configuration  Few moving parts (few dependencies)  Referential metric should capture:  Difficulty of setting up layer 3 functionality  Extent of dependencies 10 ospf 1 Vlan30 Access-list 11 Access-list 10 Route-map 12

 Metric: # ref links  greater # links means higher complexity  Normalize by # devices ▪ Holistic view of network  Metric: # routing instances  Routing instance = partition of routing protocols into largest atomic domains of control  Routing instance = adjacent routing process (same protocol)  Difficulty of setting up routing 11

 Complexity unrelated to network size  Complexity based on implementation details  Large network could be simple 12

Task: Add a new subnet at a randomly chosen router  Enet-1, Univ-3: simple routing design  redistribute entire IP space  Univ-1: complex routing design  modify specific routing instances  Multiple routing instances add complexity  Metric not absolute but higher means more complex 13

 Policies determine a network’s design and configuration complexity  Identical or similar policies ▪ All-open or mostly-closed networks ▪ Easy to configure  Subtle distinctions across groups of users: ▪ Multiple roles, complex design, complex referential profile ▪ Hard to configure: requires multiple special cases  Challenges  Mining implemented policies  Quantifying similarities/consistency 14

 Operator’s goal = connectivity matrix between hosts  Reachability set (Xie et al.) = set of packets allowed between 2 routers  One reachability set for each pair of routers (total of N 2 for a network with N routers)  Reachability sets -> connectivity matrix between routers  Affected by data/control plane mechanisms  Router level matrix  More efficient for computing set operations  No loss of information Conducted an empirical study on the location and duration of micro-bursts (congestion) in over 30 data centers 15

 Variability in reachability sets between pairs of routers  Metric: Uniformity  Entropy of reachability sets.  Simplest: log(N)  all routers should have same reachability to a destination C  Most complex: log(N 2 )  each router has a different reachability to a destination C A A B B C C D D E E R(A,C) R(D,C) R(B,C) R(C,C) 16 ABCDE A B C D E ABCDE A B C D E

 Simple policies  Entropy close to ideal  Univ-3 & Enet-1: simple policy  Filtering at higher levels  Univ-1 :  Router was not redistributing local subnet 17 BUG!

 Implementation vs. inherent complexity  A few networks have simple configurations, but most are complex  Most of the networks studied have inherently simple policies  Why is implementation complex? 18

 Network evolution  Univ-1: high referential link count due to dangling references (to interfaces)  Univ-2: caught in the midst of a major restructuring  Optimizing for cost and scalability  Univ-1: simple policy, complex config  Cheaper to use OSPF on core routers and RIP on edge routers ▪ Only RIP is not scalable ▪ Only OSPF is too expensive 19

 Reachability sets  Many studies on mining objectives/policies [e.g. Xie et al.] to check inconsistencies  Measuring complexity  Protocol complexity [Ratnasamy et. al, Candea et al.]  Glue logic [Le et al.]: complexity of route redistribution in networks  Informs clean slate  Inherent support for manageability [e.g., Ethane, 4D] 20

 Metrics that capture complexity of network design  Predict difficulty of making changes  Empirical study of complexity  Evaluated commercial and public enterprises  Results show:  Simple policies are often implemented in complex ways  Complexity introduced by non-technical factors  Future work:  Apply to ISP Networks  Absolute vs. relative complexity 21