ࡱ> `!5+ W"C(xNAS="CԘHxC `T ƍna=Fu1i$ܺu>uNJvP ߊ6waJnjݡwfhu_$!"k9>񋡝DZ'0v-hH\X #Erɻ8{%6iY\z}/.kx=8>)>Ze|)-М&I~0_qnr&d*thr_yȶr`g V4_5[gM;eor}9)%v|6q ؑUI gN>l+6I躏icA}c3ĬKjxrr)V$߹g݀-;鵼\= z\bN9m!h>t7 }M|u^Ӻ r/E#[465e|2~h `!\$`dlkhvd1$*g*$xڭ{tǶI=B{\/RZ(Z@qw+B=@sy[Y57=dHpq #aS$0A?W% oķnj>}׌_ŷ>۰D0yPVTw7lQčsuNP_ysבx^_dX%!Yc^ֆ̪*RP* F0W%ʹꙻ.j{9fwj:m |ΆA^꾽jݨ6ڹj~=$P0Y @{_PJnɅ\g*ٿ V{Yq'EwHĸ}#":;7s w@ wh͵_6k!b&2! ] \RH*CrDH#AF6Gt[C D(/A1+6@K]W x=ff- NpBZ#]~w_qTK5уuFt]OuSc7O߁\ d{!2PPυz"AFw! ` uB-RحЗj}ȭ[K?ͭ#qLwtKtSHp tY7OruN7Su?$n`'iiv~hGv>dͶ^b`Q6n0pQo%jvn~ڞhTNFsU3HsjjhuT].B Pt[7MJ7J~p}dh-3@ d4 ! d_)K@MN`y 2K_^2Ԓס J^^!oCWK -{h$2) -Fo#r.r(S%/ls+PXװP!z<=]]Q] ZǕѮ,thC\UmMz֥Gl6m :жml{c;Ѽ =kӛ^0m/gfbX36"|GGo%݋3ݨ%:hMⴖ.@NKs`F#!S rMuBDc?3y>}޾jֈXx\`QfhƮ]Ou)18Lwhׯ=a?-;^ϧ}Qؗ|SO`8 sX*~Ř!At,Q*H(#@I\iU'0+muRRLs1s,O|8lkuo5oEyoSG,9QRX̓R^Eᶊ tRǭ\ <7 I򩽬.㬃mřw5NxGM?f6_0 m왡?;s%7YR{%WXy; %2ݹ7873ӎ4-SiULG'x) JkI?fYCocJcMÎ"c(+h*F k>`Mo `}6d?l4,sq0>M))ɻ¼j[ [OZIIk)MQ^ח4yj%9)E9Qu~~T;uvQg+u:X:jlvW-cMݏʹ/XWp,KDz4EC\MT.4c$Ma~!-!y]{_S/vl_ɖclx5$Oʋ B'A" #xV4+e/=uwywvzw-pGTwsOn͚Dş\("ڐFk"3{XoΪVo,tb7=;-FhB-6*qh}v v0,ѓ7Mv͖dYm~̶YF@SW4GߙK9Fb{œUJ70Y˦,hr&f S njI.cUjZ;k:⺮  5zvE,ښpI<"g5lz,/}MjWviv/-lOВ -g -mmc~GG;ϲ2on߲+RYE*.rb+/긪%sb(&&VWFtU@qw<"x4x^>f@| A~62)[̅b9~hq!;<߃1}dxE_WY?7my3??n?y)П"O%"ćDpPQ48 ]NaX߉U2V, ŏVE.zݱ-D _V0Q3ȍwΌ g")WT Fpe&WIq5:m$VfbBlpmoM@,*c+=\@Ns}#fb&ޣex>c]Ft]E Lr!Tx~o׶m+ӶmFI, o{cvnmbNMXZxIی_LOf;W?>| 7y5ӊW[0$awL|JǧP>ACKeUvHUU8/"y*3R<*?`d5XWe,?.]) [e>_cemMVd ?/$2zLt9^.n :zfצ+7`6Ql ^Vm^lzqX&o%%&Boc8&'z|NG|VZM~-V[_,Iۛ!8GN^ĤLR^y笶byy0G:<:sws>}g8@s3q|sa^kG相3 i~\6+ɅelYΙ ق%Ûvnbji糸vs#3c̷#Yڦ93.w{6,_j|`$[ ^)JK ?m u!^+Yt]>M/G瞮nZR鄮hk6V{vtzKuuq7TWqtc7Nwtu_7YqSL7Mt?߱=q:-ҹa.tEBot] 'B53Ӌ^yfȨ:cƈMPP T-Z#P}_Pdz);H! +*HBD ʪ좖+*$D4QEuQ9yUH>Js)g 4n&<".ɚ<r:#O.hK6g\bt Dr;S$D 4(#B_1sp_"1ώ`30aEu,*sQ>V2bdn-C# ZɏT|ʇn'͒- Z9mf9mK]6ɵ87}8~W y]3I K.ˠN˧jR]Q5͕P߻R[WVutѪ*]W]SR~د W `u>>yΓmy6mEFHe3O6XrVp/Ew_TÚ6)ۢ q{ {k,Z ;'bYQݝ-΋I hwe6}S~A|t"ȼ ev2| HC ѥVƥU'ikN;$ߣ`LdfywG9Zld},Bi)CʹPB.Rr ;j9PG.X uoP]v;f!WCF\*Bj9=!Yesȉd 8 $A}va~>7KMSԯ+|Z޿Q_.Ѳ"~%c|WYwăĶ{"~Gʺ~lgN~]%O >FC?O ^ DY]?z?Jzy<^XzxA`^ujs]ܧU}ns׿@^5şT>Yxe \0w3W5Z5 ofXd,ʘ"&)b$& +J1"-%A u_\YЏ <.@V/z QR!:u> \XVDߛ^sʍG[{(`{"B,ˊ~;bF{*kdՏ0 ۧ3}aPr9=N' ˟::{#w\ڕl=7(È]piu_/ߐ1 >@ j0T#!\dS !j2$U1͇j1b9b5bb3oó nHN PSw6b. .T݂xc~ __T[̯b,ƘM *u"Y#^%Nb^*Ţ^("+@▚%!j9hߩGK$D[W357U3-n⤉L~L&5ƤL5Dy@D r'<әEiمo=jٛ/?r(Gj?8j?ߍ]]5D]>J]}VuY^VF'yfuPy@^q)Y׆ H3iQxuu7QxuUV 'ߢ^}?+pODv/(PGQMBy'jj oFzj$i8/sA< ۞Gˊ⭼J,>0s5OYN0x*CMAGsy%unuvA M0=KC3b9ΜeiibN"ϓ,\a }IbfN9sa-ҎZ9BWtz~W'O'ypi}Y}qEA[l~? t2{tB~@Ӓyq\D߲%4^ 1+nb tXwBڕK)Eo]}dҧ!Vl!zfm(=e?a "-m5|WAێ6ɶklVsli:Fб6tIHT,f%;# "oEr%NrĬ#|Id9MN'w,7L3 p49mbhYӐ7hZS&0U)]ׅ~F7t? :J{OE?$-eRW!奈^O$B az<ɥɨ;9I[$ ҽHBb&>o"i [? ŵ&tRy Б{]Y(R]n5v]ݘ^#ݒmi"ӑ.4{IsMӛ8>&5pί/z}h=꟨S m.B!}/ ?2%^fa_0VKF8+.K"bY.JRQON Wh^}_GwSOQIY>!EVae=]`d{VYvfѲ+J^A%1Ea *q8,rFiJV?2>ڬ0/h*b)r,؞c~("Km `^-`NflG D[LFtHHd MJ$oM0&&4_Ahֳ@{zt(x-n==ai0dx JK<+m\4;; 6L#AІNt $c 탪aЄ%MY6߄ Xe_ݧ>+yi|9נtHQ{$&ll ~"X%w60a& P: GY)rv61V{n&5nI bHNGҴE۸䴓s qɏ4Cn9經[nyD"JR6qI>In Hm8Hba/b[ykHQXI`)I,\BO?7c-"R2ۭ :2m!_,aIUww/I $-&ѢZֽ\Uc_>+7}Ƴn:c>eֲEnj+dv`7 srgXb2Uunbp4=OE`G""<%+?#O! hWd)E9K~`CIuPG÷ imcg`3`=X&|6 fkXC*!,/|A=u_Vc\$;yXݡ[ɭFTd%b ;CfNޑ)h]K:Ս36:=]rÕ`\+vub\/?P<,&20ՂYK;,f`k<n uvK3k؃>9D>Wo< <zK]|6>t}ܜҗDH<@;hTjXe[D(=EՓM=!2J겮n]"6`!qE37`|n?2qep?Exڬԗ.<7)]%!) R H J#"!3]s^_z{5aLg# O(t%!GQ7q''x>8;hDfO8___W[#XS<ӹ 89[T7P>D%X/[4^lQ\ڀGjw.8&pOz~i?H])xAR{ĵRI}.+23LN%?pbqgyRrXq>mxR:cd(ZZk_V/K{0Ж5񗬎I'唾)Ǐ,nJ'_ .53eŇyo~j܄r}Fd74R'OM=KeN>byȊp&? #!_K5Ef`OMVm[]֪To\>.'9pClޅXVdGo \k'gMX ܅Cxv؏X؋K,cb4R?NȎLbyIV8wڎK&~߁ټF&#;}&:#;x..s8첕31B#C%%I]4qQqq1ؽ "KmFl8^%"})IM D]e CP(Ww;+Bn7w+<8OQq=O<jG\rɩmQ7LFy"hH9#7րwcZ8Nm:.0201&}DO0 LCX01L,s^$P+s2 ŕT.sQ mC]x NbvL $φ UIJRLT5|*7ke_ ,?Pz8/|3npķ<VnWZn:A0{}Q/:%nġL{XE4@/wzJKy#M`ԨϭoV<f9:2pQwe;Xk`I2pwZX.kY%'@<|)GQCx)Ź$G#jq1i0q{z|S1|bԊWA\r௃TZe}q G Kלo| llwX1MnZ q=GvwY_3q?0qps+Kg96*џ:MKй*Th?zP2p~xn~LA0LɈ2 LD0-&VM\K΢j*K*I\BIIEX#X~ M[`-2g\W<+74(7j1_,<>7e(A}Muk'vL #x߸1\kiD=I b.py߿ecΏ8d|#'t6^J?roF9i߱Ѽq"OP'^]XG"KxjA_G'&f`b9G씔\!!;fb=S d$%@# ]F ZTB>y$!}W"6nH4oVRZ-%(O2_s8uUπŇ XFs=vx3׀+k.Ρ?gaO+t_vD{Hv>迲e -oXi}G쿱Ql9|G~m7?_q]z_ ׋-| >QCoRϳ~kUhD3|zMh&]s>ZhbN(}}yXY'1:ه?XnfҔUcǶ>C}4Ugq (c׫FXSX/tɚ@:OuIX}2(hZ`!,UQ_هZk`,:GTUBD?X 3HD>uY" &f`2lY ne`ְtG4~| +Xu/j +|jX6,}MX, X +={ªu[}E݄̰ boψ &nXD}|tt1{ā&DHyXCo-[?~EߖfK`>6v .Z'GJR#3!eK!ZrWWih-|Vc XҐ`կ0]WTo6Z-9, {<;=t_þid{;%dðV ;vʟ3K1ӡ_{mgckmifn%?䐽A.X8a%7Zi *IfZjjEjv:Lt5n!*)T@<GVv}.:(cgA1-r4[r4IJ%M76InT9g3-+dmM[6I Oo*)ݖvN~QFM ɋAf 9x=VyU Ou3=9tLFNN D|I Mb,1-lܴErޖ1[+ge_ز49kwCf9}oq4*TW SiK'xDt) J -*z$ }ҁ~z^K*Z*f;o+7hq6r%tɞA {^KE156tx mFQI_W5@'|,҆vKhS䥵^~@^ACKvEBأ?h|<5v$D4>%ьҚTH":Rb tz*tqR@m%#$Ihiv#;w 57)=nCFٓ4d=YoCه(@DlRà4sY{YK~uN@Kr|9,>m+kh5LeHŧ/)Šrp:`=i6J*a(mXJG: ұ3KkG]5!{+W,n4bh3\.I5; E!Qm<өrRZ.tRBIR/d!NFD [, $زG^bR1taMGUh`f h E ڻFj)}wc%`jYϖ|;©t"QUtm[`Z_kiI8E}biJK{Tt:sL) }AQ~oUhf6Jbh(@d+Χ:koڠMh~E4(Z[M=a%teTZmg2ȑy)BAb9&ctI2!E"? ~R/ $[r/ Gu}Kg5t0hҚ-lADKdA5 40Á/Ľ `E n[\DD % ZR` 4- ^s_.$86RgI;L]$ڕKѶڔ'hu1u>ɢ #jWAfBZg#舵F|KGq(1M:~׾tT[Zknq5T׭jt^6EoQնjw6;# y񮮓JVR Γ:WR`/Wele2G~AՒrX*EQ/)ugPD uR0PeWndTA l<0ql07X{,!MfDكT((Ff8N=4%8LGt!C>:" vRgJUjp<ͅ 72B5-N$05V$Z Y9HJ{ZxCe%Gi["z.>+同I.IMFRJd$yO/נ&!+Cm<݂Vl`(0 , V̖AjA=iZLG4xǿegA`xG@ͬnysy7VS|U@lxeh"2wVYv:mq螽`i "x6Gfnj,7էd֐Y] *^tX #u vVG;XYk^i>-&L*,ԓ2TIs= fILl?0EQEyCDixI"@%(2+o1@*.d䍈TfSE;mIWDE{j)h1hbeFG>/K)ka_"?k :n'&յz ^'6H&ܪ"^kad"irFzK5E)XN5^?PiO"'o;2[`ZL*It̓j\r#n+ˠ^ `nF] A&^AACYSlSlSq6F8_6YnAjnTAgZCwA.o=1?0_.SuIMw8N0ݤz9Zǐ'n<]2s zJqq[#/?o?l7; ~4iޖ9-fsSJˋ %eB6HG3{mB? u.Q:qj]1BY9%רXkD*OIC}0{WB,g塜'/QkhTθSGiqɬƓjAg#\{)A2A}f#n`b+jm`"X 7?G~Is*} (tN e0>-Ff[GB#1u=ب ؔ 6Ѳm `]"sJq+ r~OpSOaj?Nf臶6 v Pr$NuژN#O/1&Fwk֞3kCq%S KZ%Ȏy۩G]auM6\YOnL8U!_j]c!x:e"4ӷW.#wj@,$fxDWۢ{z=}#xG$[9AI4P02V»?%{-^SI\;rPsL/G¬H욁+hd>h.:[7/Ƞ0EXDf,-5Vw?6~m\C si-_bO8crC$S)kw[W/˫1|U;i%?DkMmj3'>Uob|'{7.uѮvU-+a]NS̘9f\#$ҝڌb&]eyA@P9^>7h1?TdVV+ "W$Emh'7ڵᮆqeo\&.=vE':wh^A y%LKqiMڂӁ:&WDdA h%.^r5}6=},]s\߫%-_had0%%, MղsÔRYdϞsDt?|EgQ۠mK4Zj5{VV+^aV{rqtGUDT5/K~f%]9?^q/%a/M]1wlǃ\ᄡb.?Ds1 <:Vd //TXb8,ы7jK捹6@;mǸ:~& ڗqbjtH߸:C>s[K[:,_єT~'pZS G|BΞBkvmy+j\kXIet-bz"w]D9\Q#^ߘx@mi˝+3ǽ:~1sZDaGBc!'ں:]u-P%xvƆO4?1T߻h Km'vdz#74DT.w͹dC|^!] Ḱ%&Rd:Aړ{ݴ7\M c/AˆΨ8q`ɮnqkP?Ke[ȶ4[u9j\TXr [KZ5MGU:xl*7^KY?2;zԓ-s4%`;7 l7['5:Q8;:=ҙvy ,ys ITCd]YKJZ TQ5 ,+'#=(oLvC8C] 2 ȏofd]x?'p:|7 ˌ ZDd%w]=ˏkغ6շXGq ,' kJxT ./8fcQH\ 2c  D*`W5»-y- mq IZ)L4tA {l;W}P{:o\!ǵ3wz{xN8>- }q*ϧ_ۏqA܇;~tEwMu'?ݐf/$>Om^Ѫ@ifG[ɹzK9_98uy8ap ^ 3q % q 6>=u08f;1"i9Lm0d,QU}A ѳM@݄;|F˵hVC.2X4j1,E޺{k73:YiVڂ6jO^G"M{0W>z*j.q9Ԛ1ird">:OìӃ** ֚\Jm$CLҮ2~BZ]&'٠ezGkYNWi,N͢3ZSk36:Fn=]uV=ZNOi)oF|rkF˥-ZDzkk-ۗ@nUZ j!+Y&J+[9}VՋZKkݦMu-dXii/Dm3򐬨/!]:E.WrLI$m8^kN:Tho٦ePj-UeVrIea믥V4M J-14tHSĒVKF+Y4dxII*܋BZXWq13r8-ڝ7Y h5.Qr - GbÁȋ|1QNZfZUk_+jeM.86ښimwN&PDzoe$xw\bXwg_A~$0}>2i, b ХX``'i>x&QZaxfy {LC/&M<0.: z1 f"ƶļ5D=El,ŵ-}a],WrRL+IQ:E֍>Oy ]]O7MW94tDo~d=viFWi2^i0d%菾tj ެB;!Ξ0}>|kJtIеƷǎJ ۋNxD~#8fqĵ9:]p>Tb`ijuvK>&@ k)c,RˬcKpכ~;P 6S?@]V&T~ o1vm[V9?Y bE#kDl%@IA{.hS<8( \8H::'ca2ܠpoy2EŚ4xHقwT.Fb*} hh0.k.mh\@풏gg}J;!՗ ;6w ix'Y?i KB~U3(Ǧ.V[[Z_6ӗ? g-} XŸ-.>ΚE¬Y]e-/b |18KX"h}-šm}\#YͿϴ=7>[ >NUij{_[\К>VqGٗt5Zc4<]]A}r}]zҥ.wtKmqe.v˫]!<[Lo}o\eWC#:df>y} - k9_@@:6Ƶ_Ҟ-@`0uk}\B4: 4 KEQS{$E'O%/ϑ[g@~@5XTht]$㑸6c{% 8^Ud?ܟD3"#WiB'D>4jT*iZ%LӴԍqcœcr\Ey#a zii2n1MG.p1 r2M۴kHB)|qT_۰}C;|v´~{q{7[ 䆮umkU\eJrK \%.&qs?)pR"⸉u.s{[\ns1חO_sx<@ 8=JBiuȮ0Ew(=PJҹ՝)w\.CL\ʮWw[ד[aMNnp8Oӧ:\h{.ְ@3hd k4\\o$wmJ(-[m3֊β,[<5Io]Q{( 9{HSZ=ĭznt#J]c*SQ 4;)3[:wRm$n%v .tR\xK"a͎et-[n96NY>w VE\J~M\3jڸu]u]^}‚ vE#Q5'o'n#q- 9Oi|srx_߻bЕ *E]Zb t]x*tו繎̵ 9W rLSԜ' >7W߅i*8׋'<$'7|ՍnG8=7<w}x4|oC os,w%]nq?wg?~ D } T#$%,|}b[?9v@.,|!TTFC.tMGUS zewiWZҋs5~sUr@Ƨ#ƹ2=XGr=pwmoJR]2ߤ"%K+VzS˟>8kEigkRߐx?')X~K^alsd \ G9m.u5g.>hzY96s,uszϞ(" ߌou&ط{+^I=>Mf hO/qamkU_V*}su>s}77R)n.t?t̮vv(GGccwn&v7L^N{}h_srȥ/|fu4HWfgk Fr5\oin7HZ:np㴓(7 n΂3B/?fnt3TR(rO}̝kk #PmwI"-)4RbI5.)Ϥ$EA P8MS,I& I]9 "= ^nOBwlOp~ ں࡭ت-wڒ -"Ѣ ! 2ܠJ0hLK."Jk!XJ?hWhpN|_ 5ŗV/_٠  A柂A6+ (s<%Xc]<<8y@(nP 2QA^7!( A#2aU)Vjo­E>\~Tϯq&aFhW{ 8>ș|qc]e0 .0UdrNbiikHv>:{6:[i*ߥI_>+\)DzbCT?1~/0J |pMs٣܌9eΩ<^4ݲK=?hA7\nBny a{Nv"p2lQ:Gc͝bm2ev$m>V3?D\/?ζ,<ΘOBʪRlJqf0Vq9MXKMUyԌfvIJ >Q͕PX*V Q-pVpAe h:?Zh:h4i fц:ՋTմϰ_=GUzoVa5Uک7S-VbhxQ-HhI;x/0kһQXQj(B_hM.BzLuvՑvZ,d\.Ee7np=(QzMⵕG5Y 5UhfTOPW;'|sJt,BoykdEfxe2ɫV}$#Pfxzm4{@h4Db(^&{!f:&O4onU2ZFF( / 0DArialngs.8 08:A 00DSymbolgs.8 08:A 00 DWingdings.8 08:A 00@ .  @n?" dd@  @@``   ;#  +" *!"$%&') *$23567?2$5+ W2$`dlkhvdd$2$37`|n?yE}& 0e0e    } A@ A5% ))     ?A)BCD|E||# "0e@       @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab 333ff@wR0 ʚ;3ʚ;g4:d:dP:A 0ppp@ <4dddd|$ 0. <4BdBd| # 080___PPT10 ?  %O  =60New Directions in Enterprise Network Management11(OAditya Akella University of Wisconsin, Madison MSR Networking Summit June 2006PZP$CEnterprise Network Management(@Very broad topic& Tuning performance and availability of network-attached services Traffic sniffing for trouble-shooting Monitoring utilization Mapping network topology and resources, etc. Several tools (both commercial and free) Tailored to enterprises of different sizes, requirements j)9)9OutlineEnterprises desire specific management functionalities that current tools fundamentally cannot provide Three examples Inability arises from how enterprises are designed and operated today (IP-based) Decentralization and no control over routing Thoughts on enterprise network design principles & Simplified management is a side-effectgPPQP.P1P)PJ Q.1)   $So What s Missing?Cumbersome or impossible to support What-If analysis Effective trouble-shooting Fine-grained resource management Some tools may provide one of these No tool provides all of themL$N$$N$(1. What-If Analysis Decentralized config specification Complex config/policy split across several devices/mechanisms Firewalls, Proxies, NATs, router ACLs, VLANs, port filtering & And across different network layers Hard to reason about cross-layer, cross-device interactionl%Z>Z=ZaZ#>=abD r+2. Trouble-ShootingBWhat is the current  status of my network? Who is talking to who and how? Resource consumption? Avoid overload; control plane trouble shooting Information at arbitrary granularities Users, machines, groups& Ability to go back in time Unexpected patterns of communication; Protocol usageh-PeP'PiP-e'h 2. Trouble-ShootingToday& SNMP for tracking resource consumption Coarse-grained Monitoring key resources Application specific; not network-wide Inference Rely on heuristics, error prone Not fine-grained enough Distributed decision on whether to allow flows Distributed and/or local to services and devices By default all-to-all is allowed Something is undesirable local restrictions Use appropriate mechanism (ACLs, port filters, firewalls etc.) Poll to figure out what s going on, or infer Hard to archive control-plane events&PP1PRPmPRP'(18  #RSRr 3. Resource ManagementRoute around overloaded/failed switches and links Connection latency Availability Control levels of resource consumptions Prioritize applications or users Restrict bandwidth consumption of  sales Middle-boxes and proxies Placed at network choke points Ideally, deploy at diverse locations Route different classes of flows via different middleboxes 2P!P(PLPPPP2!(L  T 3. Resource ManagementhLimited or no support in enterprises today SNMP-based/manual tuning, OSPF, load-balancing using DNS Lack of tight control over routing Forwarding tables, hop-by-hop dst IP based routing inflexible Very little info used for routing Additional info into forwarding tables complexity; slow look-up Aggregation No control over flows or groups of flows Need tighter, app flow-level control Forwarding tables fundamentally insufficient+P:P%P>PP%P-P+:$>I )%  ,   DesiderataXCentralization: Of config specification (who can access what and how) Of enterprise-wide decision-making (should flow X be allowed) What-if analysis or connectivity becomes trivial (Offline) Analysis of a central database of policies Troubleshooting and forensics is simple Current set or complete log of accepted conn requests or active flowsPP5P(PFP5(F  ,!  Desiderata1An Architectural ViewTake all configuration and decision-making out of switches, routers Put all eggs in one basket Central entity tells switches how to forward packets Wire a circuit for each new flow& & Or hand out a source route Switches have no forwarding table Dumb forwarding elements Under the direct control of the central controller (via control channels)DZZ5Z?Z$ZcZD5?2Effect on Management`Control-plane related management or monitoring easy to do How many connections per users? Upgrades violate policy? Who accessed service X? Route different flows differently React to failures/overload  Data-plane management harder to do Band-width related E.g. Restrictions on users; Monitor Utilization\:PP%PCP:%C3Data Plane ManagementSwitches need to be slightly less dumb Minimal management support to enable data plane management? Counters per-flow? Per-flow queuing? Up-to-date link utilization? Push vs pull based?:'<V'<V  Food for ThoughtEnterprise-wide configuration/policy is specified at a central entity Additionally, policy expressed in terms of high-level handles (users, principles, services etc.)  Allow A to talk to B using HTTP via compression- proxy Users initiating connections must contact entity All connections must be ratified by this entity, checked for policy Ga@1DGf&1D  $Food for ThoughtIf a connection is OK, explicitly  wires a layer-2 circuit (or, source route) Place proxies on route Each network device is under the entity s control Entity can poll them for current live connections, ask them to shut off or re-route specific flows Other details Security of the connection ID/source route Policy language Topology collection & OZZ2ZdZZQZO2dQ  Middle-box Integration'Enterprises employ a variety of middle-boxes, proxies HTTP proxies, app-specific gateways, firewalls etc. Often placed at network choke-points To ensure necessary traffic traverses middle-boxes Restricts network design! Single points of failure Compromise could throw policy/security haywire! 6P5P%P4PPJP65%4J  Middle-box IntegrationIdeally& Route different (granularities of) app-level flows via distinct middleboxes  All e-mail between sales and finance must traverse a virus proxy Ability to deploy multiple middleboxes at diverse locations Lack of tight control over routing Forwarding tables, hop-by-hop dst IP based routing inflexible Need tighter, app flow-level control  PLPRP<P$PcPP UG<$c  >J n XC/  ! " %&'*.P  ` 33` Sf3f` 33g` f` www3PP` ZXdbmo` \ғ3y`Ӣ` 3f3ff` 3f3FKf` hk]wwwfܹ` ff>>\`Y{ff` R>&- {p_/̴>?" dd@,|?" dd@   " @ ` n?" dd@   @@``PR    @ ` ` p>> r(    6x  `}  T Click to edit Master title style! !  0  `  RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S  0 ^ `  B*  0X ^   D*  0  ^ `  D*B  s *f޽h ? 3380___PPT10.sz Default Design 0 zr  (     0< M(   P*    0"  (  R*  d  c $ ?4h    0  )c  RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S  6) M   P*    6h/    R*  H  0Bhy ? 3380___PPT10.s }  $(  r  S P  r  S , ` `  H  0޽h ? 33___PPT10i.sp+D=' = @B +}   0 $(   r  S ] `}   r  S ^ `  H  0޽h ? 33___PPT10i.s[6+D=' = @B +}  P$(  r  S ,+ `}   r  S 0. `  H  0޽h ? 33___PPT10i.sJ+D=' = @B +  00(  0x 0 c $Tw `}   x 0 c $PJ `  H 0 0޽h ? 33___PPT10i.sJ+D=' = @B +h  w (  x  c $ `}   x  c $̆    |  6X  p    What will happen if I change X in my network? Policy/control plane level Reason about connectivity before installing changes p40ZV0 Z0 Z4<HL  0+ # p 1 NB   E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4    HA? `ZUUUa9!f3    HA? kUUUa9!f3    HA? UUUa9!f3    HA?0*UUUa9!f3   HA?p+jUUUa9!f3   HA?UUUa9!f3Z  s *kEZ  s *EZ  s *E]Z  s *EZ  s *EZ  s *E-Z  s *f&*p  BΈw ONew link/ network upgradeX  S 0Aj0195384-   B߈ LNew policies for sales  B0  ?`  NAlternate configurationpR  HG H!I 1 %  pb @ HG)HI$SI   BG Hc p @ JNew config stable? Will bottleneck disappear? Will upgrade violate policy?KKAH  0޽h ?0             33___PPT10i.+uP$+D=' = @B +    L(  x  c $ `}   x  c $ p   B   bE`FNQ&UVW}))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud" X  S 0Aj0292020o FB  E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4 \  HA?R @ UUUa9!f3  HA? ZUUUa9!f3  HA?@UUUa9!f3  HA?5 d UUUa9!f3  HA?H  UUUa9!f3  HA?UUUa9!f3FB  E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4)L  c $F\L  c $ FL  c $FL  c $>L  c $ \FL  c $ L  c $ \FL  c $ 6\X  S 0Aj0195384 *> X  S 0Aj0195384*(X  S 0Aj0195384 P e X  S 0Aj0195384   B`'GC@Hhp  P 5How many conns from sales? Who is using access link?:6 (q  B'G HL P GHow many connections from guests? Finance grp protocol usage last week?zH*H  0޽h ?         33___PPT10i.+u@ފW+D=' = @B +  d0(  dx d c $.' `}  ' x d c $/'  ' H d 0޽h ? 33___PPT10i.+u@ފW+D=' = @B +,  ++#*@ *(  @r @ S x5}   r @ S ?'    B @  \E`FNQ&UVW}))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud#" `0 n @B @ E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4py  @ BA?@@UUUa9!f3 @ BA? H UUUa9!f3 @ BA? @ UUUa9!f3  @ BA?#dUUUa9!f3  @ BA?6  UUUa9!f3  @ BA?  UUUa9!f3@B  @ E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4P h F  @ S   F @ S * F @ S *  F @ S  e F @ S * y F @ S  h F @ S |y* F @ S  6\ R @ C *Aj01953842 R @ C *Aj0195384@ : R @ C *Aj0195384R @ C *Aj0195384 @N  @ BA? UUUa9!f3F @ S  @( F @ S (   @ <A'`   7X jr @ BGcH-I;$    @ <E' ( ZSales virus-1 + image-filter + compression6.' &@ <p_'  BProducts virus-2 + compression 6" R '@ C *Aj01953840 ZR (@ C *Aj0195384`f  )@ <,b'P x |*Guests restrict b/w6 *@  0e0e    BC(DE@F } A@   ))     ?A)BCD|E||LH(`0H8HX,hx @     # "0e@  `    @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abH p H @ 0޽h ?`@ @ @@@@@@@ @@@ @@ @ @@@ @@ @ @@ @@@ @@@ @ @@ 33___PPT10i.-u O+D=' = @B +   t0(  tx t c $v'}  ' x t c $Tw' ` ' H t 0޽h ? 33___PPT10i.-u O+D=' = @B +=%   T$L$ !!H"(  HR H B'GHA p  A B using HTTP C D using AIM via proxy A D using AIM via filter & 6HE H B@))?"6@`NNN?N@@r H S ' `}  '  H s *'"`   ' B H  \E`FNQ&UVW}))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud" R H C *Aj0292020 ^ `@B H E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4{ 4 `  H BA? bUUUa9!f3 H BA?  UUUa9!f3  H BA?a   UUUa9!f3  H BA?s < FUUUa9!f3  H BA? q YUUUa9!f3  H BA?D UUUa9!f3@B  H E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4 j F H S 4 C F H S   { F H S b { F H S C F H S 4 F H S j C F H S 4 s F H S Y 4 D R H C *Aj0195384 R H C *Aj0195384  R H C *Aj0195384G(R H C *Aj0195384~`  H B'} ))?"6@ NNN?N 5A H B'} ))?"6@ NNN?N9  5C H B8'} ))?"6@ NNN?N9   5D H 6d'} ))?"6@ NNN?N  5B  H B'Gq^H1   ~,Should AD be allowed?6b !H TG0*Hl)I ))?"0@NNN?N( H H 0޽h ?@H HHHHHHHH HHH HH H HHH HH H HH H H HH!H 33___PPT10i.}`H+D=' = @B +A5   X4P4")2(  x  c $' `}  '    6D'"` P ' xTight control over routing: Centrally pre-ordain the path of each flow No more designing around choke-points Easy to integrate arbitrary number/type of middle-boxes Fine-grained resource control Also aids trouble-shooting and what-if analysisjPQP8PNPQ8NB   \E`FNQ&UVW}))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud" R  C *Aj0292020 ^ `@B  E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4{ 4 `   BA? bUUUa9!f3  BA?  UUUa9!f3  BA?a   UUUa9!f3  BA?s < FUUUa9!f3  BA? q YUUUa9!f3  BA?D UUUa9!f3@B  E(FTQ&UVW0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4 j F  S 4 C F  S   { F  S b { F  S C F  S 4 F  S j C F  S 4 s F  S Y 4 D R  C *Aj0195384 R  C *Aj0195384  R  C *Aj0195384G(R  C *Aj0195384~`   B0'} ))?"6@ NNN?N 5A  B '} ))?"6@ NNN?N9  5C  Bh'} ))?"6@ NNN?N9   5D  6 '} ))?"6@ NNN?N  5B4  B'Gq^H1   FRoute AD (AIM) through s1p1p2s2`$33 #  0e0e    B`CDE@F } A@ 3f  ))     ?A)BCD|E||h4`8`pp@pP` @     # "0e@  `    @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abp 6 $ B'GHE @@ HRoute AD (HTTP) through s1p1s3s2`%B ( 6D))?"0@NNN?N ` `  &  0e0e    B0CDE@F } A@   ))     ?A)BCD|E||Ht$PHpPHXXh@X@p0 @     # "0e@  `    @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab@ H  0޽h ?        $ 33___PPT10i.}`H+D=' = @B +  P0(  x  c $d( `}  ( x  c $o( ` ( H  0޽h ? 33___PPT10i.@쩟+D=' = @B +}  `$(  r  S z( `}  ( r  S d{( ` ( H  0޽h ? 33___PPT10i.@+D=' = @B +}  p$(  r  S ڄ `}   r  S |ۄ `  H  0޽h ? 33___PPT10i.@j+D=' = @B + -K0 @P$(  Pr P S ( `}  ( r P S ( ` ( H P 0޽h ? 33___PPT10i.}ʘ+D=' = @B + -K0 @0(  x  c $( `}  ( x  c $؛( ` ( H  0޽h ? 33___PPT10i.}ʘ+D=' = @B + -K0 ,$(  ,r , S P( `}  ( r , S (  ( H , 0޽h ? 33___PPT10i.&uν)+D=' = @B + -K0 l0(  lx l c $( `}  ( x l c $(  ( H l 0޽h ? 33___PPT10i.&uν)+D=' = @B + 0 ~<(  <^ < S  4h   (x < c $ (  )c  ( H < 0Bhy ? 3380___PPT10.-up"  0 D2(  D^ D S  4h   ( D c $(  )c  ( (H D 0Bhy ? 3380___PPT10.} Uxd$ 0 PT4(  T^ T S  4h   ( T c $(  )c  ( *Z H T 0Bhy ? 3380___PPT10. " 0 `X2(  X^ X S  4h   Z X c $Z  )c  Z (ZH X 0Bhy ? 3380___PPT10. V0 0 h@(  hd h c $ 4h   Z h s *(Z  )c  Z *P H h 0Bhy ? 3380___PPT10.p< 0 p"(  pd p c $ 4h   Z~ p s *p6Z  )c  Z H p 0Bhy ? 3380___PPT10.-up, 0 x<(  xd x c $ 4h   Z x s *PZ  )c  Z &H x 0Bhy ? 3380___PPT10.} Uxd"  0 |2(  |^ | S  4h   Z | c $mZ  )c  Z ( H | 0Bhy ? 3380___PPT10.+` ? 0 "(  d  c $ 4h   Z~  s *yZ  )c  Z H  0Bhy ? 3380___PPT10.+` ? 0 ~ (  ^  S  4h   (x  c $LU(  )c  ( H  0Bhy ? 3380___PPT10./l  0 ~P(  ^  S  4h   Zx  c $Z  )c  Z H  0Bhy ? 3380___PPT10.37" 0 `2(  ^  S  4h   Z  c $lZ  )c  Z ( H  0Bhy ? 3380___PPT10.4- 0 zrp (  X  C  4h   r  S <  )c   H  0Bhy ? 3380___PPT10.ل Q0 0 @(  d  c $ 4h   Z  s *Z  )c  Z *Z H  0Bhy ? 3380___PPT10.Pk-0 0 0@(  d  c $ 4h   Z  s *Z  )c  Z *Z H  0Bhy ? 3380___PPT10.p<r@NFVX [ P ]7 =.?k2XACsEw:GJ4L^NxP$P15RTV"`* X}.Z10*-0m0]3FF( / 0DArialngs+8 08:A 00DSymbolgs+8 08:A 00 DWingdings+8 08:A 00@ .  @n?" dd@  @@``՜.+,D՜.+,    $ %On-screen ShowCarnegie Mellon University{ ArialSymbol WingdingsDefault Design1New Directions in Enterprise Network ManagementEnterprise Network ManagementItem  Properties0JM4PT4X2OL==2 p&5Lp&5LItem  4Properties8BV3EKMEPTY==2 p&5Lp&5LItem APropertiesCRoot EntrydO)p&5L'PictureskCurrent User/2SummaryInformation(      !"#$%()* !"#$%&'()*+,-.<1235679:;=>?@BDEFOutlineSo Whats Missing?1. What-If Analysis2. Trouble-Shooting2. Trouble-Shooting3. Resource Management3. Resource Management Desiderata DesiderataAn Architectural ViewEffect on ManagementData Plane ManagementFood for ThoughtFood for ThoughtMiddle-box IntegrationMiddle-box Integration  Fonts UsedDesign Template Slide Titles_rdmaltzdmaltztya Ake This value indicates the number of saves or revisions. The application is responsible for updating this value after each revision. DocumentLibraryFormDocumentLibraryFormDocumentLibraryForm 0PublishingExpirationDatePublishingStartDate 2018-11-21T15:59:05Z2000-01-01T00:00:00Z   !"#$%&'()*+,-./012345789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%()*Root EntrydO) cCY'@ PictureskCurrent User/GSummaryInformation(PowerPoint Document(6DocumentSummaryInformation8 MsoDataStore p&5Lp&5L3PAUKAWML==2p&5Lp&5L   ;#  +" *!"$%&') *$23567?2$5+ W2$`dlkhvdd$2$37`|n?yE}& 0e0e    } A@ A5% ))     ?A)BCD|E||# "0e@       @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab 333ff@wR0 ʚ;3ʚ;g4:d:dP:A 0ppp@ <4dddd|$ 0h+ <4BdBd| # 080___PPT10 ?  %O  =60New Directions in Enterprise Network Management11(OAditya Akella University of Wisconsin, Madison MSR Networking Summit June 2006PZP$CEnterprise Network Management(@Very broad topic& Tuning performance and availability of network-attached services Traffic sniffing for trouble-shooting Monitoring utilization Mapping network topology and resources, etc. Several tools (both commercial and free) Tailored to enterprises of different sizes, requirements j)9)9OutlineEnterprises desire specific management functionalities that current tools fundamentally cannot provide Three examples Inability arises from how enterprises are designed and operated today (IP-based) Decentralization and no control over routing Thoughts on enterprise network design principles & Simplified management is a side-effectgPPQP.P1P)PJ Q.1)   $So What s Missing?Cumbersome or impossible to support What-If analysis Effective trouble-shooting Fine-grained resource management Some tools may provide one of these No tool provides all of themL$N$$N$(1. What-If Analysis Decentralized config specification Complex config/policy split across several devices/mechanisms Firewalls, Proxies, NATs, router ACLs, VLANs, port filtering & And across different network layers Hard to reason about cross-layer, cross-device interactionl%Z>Z=ZaZ#>=abD r+2. Trouble-ShootingBWhat is the current  status of my network? Who is talking to who and how? Resource consumption? Avoid overload; control plane trouble shooting Information at arbitrary granularities Users, machines, groups& Ability to go back in time Unexpected patterns of communication; Protocol usageh-PeP'PiP-e'h 2. Trouble-ShootingToday& SNMP for tracking resource consumption Coarse-grained Monitoring key resources Application specific; not network-wide Inference Rely on heuristics, error prone Not fine-grained enough Distributed decision on whether to allow flows Distributed and/or local to services and devices By default all-to-all is allowed Something is undesirable local restrictions Use appropriate mechanism (ACLs, port filters, firewalls etc.) Poll to figure out what s going on, or infer Hard to archive control-plane events&PP1PRPmPRP'(18  #RSRr 3. Resource ManagementRoute around overloaded/failed switches and links Connection latency Availability Control levels of resource consumptions Prioritize applications or users Restrict bandwidth consumption of  sales Middle-boxes and proxies Placed at network choke points Ideally, deploy at diverse locations Route different classes of flows via different middleboxes 2P!P(PLPPPP2!(L  T 3. Resource ManagementhLimited or no support in enterprises today SNMP-based/manual tuning, OSPF, load-balancing using DNS Lack of tight control over routing Forwarding tables, hop-by-hop dst IP based routing inflexible Very little info used for routing Additional info into forwarding tables complexity; slow look-up Aggregation No control over flows or groups of flows Need tighter, app flow-level control Forwarding tables fundamentally insufficient+P:P%P>PP%P-P+:$>I )%  ,   DesiderataXCentralization: Of config specification (who can access what and how) Of enterprise-wide decision-making (should flow X be allowed) What-if analysis or connectivity becomes trivial (Offline) Analysis of a central database of policies Troubleshooting and forensics is simple Current set or complete log of accepted conn requests or active flowsPP5P(PFP5(F  ,!  Desiderata1An Architectural ViewTake all configuration and decision-making out of switches, routers Put all eggs in one basket Central entity tells switches how to forward packets Wire a circuit for each new flow& & Or hand out a source route Switches have no forwarding table Dumb forwarding elements Under the direct control of the central controller (via control channels)DZZ5Z?Z$ZcZD5?2Effect on Management`Control-plane related management or monitoring easy to do How many connections per users? Upgrades violate policy? Who accessed service X? Route different flows differently React to failures/overload  Data-plane management harder to do Band-width related E.g. Restrictions on users; Monitor Utilization\:PP%PCP:%C3Data Plane ManagementSwitches need to be slightly less dumb Minimal management support to enable data plane management? Counters per-flow? Per-flow queuing? Up-to-date link utilization? Push vs pull based?:'<V'<V  Food for ThoughtEnterprise-wide configuration/policy is specified at a central entity Additionally, policy expressed in terms of high-level handles (users, principles, services etc.)  Allow A to talk to B using HTTP via compression- proxy Users initiating connections must contact entity All connections must be ratified by this entity, checked for policy Ga@1DGf&1D  $Food for ThoughtIf a connection is OK, explicitly  wires a layer-2 circuit (or, source route) Place proxies on route Each network device is under the entity s control Entity can poll them for current live connections, ask them to shut off or re-route specific flows Other details Security of the connection ID/source route Policy language Topology collection & OZZ2ZdZZQZO2dQ  Middle-box Integration'Enterprises employ a variety of middle-boxes, proxies HTTP proxies, app-specific gateways, firewalls etc. Often placed at network choke-points To ensure necessary traffic traverses middle-boxes Restricts network design! Single points of failure Compromise could throw policy/security haywire! 6P5P%P4PPJP65%4J  Middle-box IntegrationIdeally& Route different (granularities of) app-level flows via distinct middleboxes  All e-mail between sales and finance must traverse a virus proxy Ability to deploy multiple middleboxes at diverse locations Lack of tight control over routing Forwarding tables, hop-by-hop dst IP based routing inflexible Need tighter, app flow-level control  PLPRP<P$PcPP UG<$c  >J n XC/  ! " %&'*.Pr^m]b3 !"#$%&'()*+,-.0Oh+'0 `h    (0New Directions in Enterprise Network ManagementAditya Akella iAditya Akella i378Microsoft PowerPointerp@ye@^s@J YGjg  -7  xf-- @ !x--'@Arial-. !2 qNew Directions inm  ."SystemP-@Arial-. $2 zEnterprise Network i    .-@Arial-. 2 Management .-@Arial-. 2 Aditya  .-@Arial-. 2 Akella  .-@Arial-. 72 k University of Wisconsin, Madison         .-@Arial-. '2 0MSR Networking Summit      .-@Arial-. 2 E June 2006t  .-