skip to main content
10.1145/1592568.1592595acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article
Free Access

Modeling and understanding end-to-end class of service policies in operational networks

Published:16 August 2009Publication History

ABSTRACT

Business and economic considerations are driving the extensive use of service differentiation in Virtual Private Networks (VPNs) operated for business enterprises today. The resulting Class of Service (CoS) designs embed complex policy decisions based on the described priorities of various applications, extent of bandwidth availability, and cost considerations. These inherently complex high-level policies are realized through low-level router configurations. The configuration process is tedious and error-prone given the highly intertwined nature of CoS configuration, the multiple router configurations over which the policies are instantiated, and the complex access control lists (ACLs) involved. Our contributions include (i) a formal approach to modeling CoS policies from router configuration files in a precise manner; (ii) a practical and computationally efficient tool that can determine the CoS treatment received by an arbitrary set of flows across multiple routers; and (iii) a validation of our approach in enabling applications such as troubleshooting, auditing, and visualization of network-wide CoS design, using router configuration data from a cross-section of 150 diverse enterprise VPNs. To our knowledge, this is the first effort aimed at modeling and analyzing CoS configurations.

References

  1. Cisco IP solution center. http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/index.html.Google ScholarGoogle Scholar
  2. DSL forum TR--069. http://www.broadband--forum.org/technical/download/TR--069.pdf.Google ScholarGoogle Scholar
  3. Intelliden. http://www.intelliden.com/.Google ScholarGoogle Scholar
  4. C. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessensand, D. Meyer, T. Bates, D. Karrenberg, and M. Terpstra. Routing policy specification language (RPSL). RFC 2622, June 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. T. Benson, A. Akella, and D. Maltz. Unraveling the complexity of network management. In Proc. NSDI, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. H. Boehm, A. Feldmann, O. Maennel, C. Reiser, and R. Volk. Network-wide inter-domain routing policies: Design and realization. In Proc. NANOG 34, 2005.Google ScholarGoogle Scholar
  7. J. Case, M. Fedor, M. Schoffstall, and J. Davin. A simple network management protocol (SNMP). RFC 1157, May 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Distributed Management Task Force, Inc. http://www.dmtf.org.Google ScholarGoogle Scholar
  9. W. Enck, P. McDaniel, S. Sen, P. Sebos, S. Spoerel, A. Greenberg, S. Rao, and W. Aiello. Configuration management at massive scale: System design and experience. In Proc. USENIX, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. N. Feamster and H. Balakrishnan. Detecting BGP configuration faults with static analysis. In Proc. NSDI, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. A. Feldmann and J. Rexford. IP network configuration for intradomain traffic engineering. In IEEE Network Magazine, Sept. 2001.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. H. Hamed and E. Al-Shaer. Anomaly discovery in distributed firewalls. In Proc. IEEE INFOCOM, 2004.Google ScholarGoogle Scholar
  13. H. Hamed, E. Al-Shaer, and W. Marrero. Modeling and verification of ipsec and vpn security policies. In Proc. IEEE ICNP, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Hazelhurst, A. Attar, and R. Sinnappan. Algorithms for improving the dependability of firewall and filter rule lists. In Proc. DSN, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. P. G. Hinman. Fundamentals of Mathematical Logic. A K Peters Ltd, 2005.Google ScholarGoogle Scholar
  16. F. Le, G. Xie, D. Pei, J. Wang, and H. Zhang. Shedding light on the glue logic of internet routing architecture. In Proc. ACM SIGCOMM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. D. Maltz, G. Xie, J. Zhan, H. Zhang, G. Hjalmtysson, and A. Greenberg. Routing design in operational networks: A look from the inside. In Proc. ACM SIGCOMM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. G. Xie, J. Zhan, D. A. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford. On static reachability analysis of IP networks. In Proc. IEEE INFOCOM, 2005.Google ScholarGoogle ScholarCross RefCross Ref
  19. L. Yuan, C.-N. Chuah, and P. Mohapatra. Progme: Towards programmable network measurement. In Proc. ACM SIGCOMM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. L. Yuan, J. Mai, Z. Su, H. Chen, C.-N. Chuah, and P. Mohapatra. Fireman: A toolkit for firewall modeling and analysis. In Proc. IEEE Symposium on Security and Privacy, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Modeling and understanding end-to-end class of service policies in operational networks

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Conferences
      SIGCOMM '09: Proceedings of the ACM SIGCOMM 2009 conference on Data communication
      August 2009
      340 pages
      ISBN:9781605585949
      DOI:10.1145/1592568
      • cover image ACM SIGCOMM Computer Communication Review
        ACM SIGCOMM Computer Communication Review  Volume 39, Issue 4
        SIGCOMM '09
        October 2009
        325 pages
        ISSN:0146-4833
        DOI:10.1145/1594977
        Issue’s Table of Contents

      Copyright © 2009 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 16 August 2009

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article

      Acceptance Rates

      Overall Acceptance Rate554of3,547submissions,16%

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader