An abstraction-driven approach to systematic enterprise network design, configuration, and validation
Abstract
Enterprise network management is ad-hoc, manual, error-prone, and a black art. Design faults and configuration errors account for a substantial number of network problems [1, 2] and are exploited by as high as 65% of the cyber-attacks [3]. In this thesis, we argue that "achieving fundamental progress towards automating enterprise network management requires abstractions that go beyond merely modeling the low-level mechanism and configuration". We explore and develop abstractions that are (i) task-driven, i.e., capture the intended performance, security, or resilience of a network design; and (ii) network-wide, i.e., capture the requirements of the network as a whole rather than of individual devices. The abstractions we have developed were guided by insights into operational challenges and design patterns gleaned from operational network datasets and extensive interaction with network operators. A distinguishing aspect of the thesis is its empirical use of real configuration datasets, and the derived insights have significantly advanced the community's understanding of enterprise management tasks such as Virtual Local Area Network (VLAN) design, reachability control using Access Control Lists (ACLs), network design changes, and Class of Service (CoS) policies. Equipped with empirical knowledge, we devise techniques to leverage the abstractions for bottom-up validation of network configuration and top-down network design, migration, and configuration. Specifically, our contributions include (i) abstractions and techniques for extracting network-wide dependencies from longitudinal configuration data, (ii) a formal abstraction that precisely captures CoS policies, and (iii) novel abstractions and algorithms for systematic VLAN design and reachability control, and (iv) for assurable migration of reachability policies from the enterprise to the cloud. Evaluations using operational datasets show that systematic network management is feasible, and carefully selected abstractions are an important step towards automated enterprise network management.
Degree
Ph.D.
Advisors
Rao, Purdue University.
Subject Area
Computer Engineering|Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.