Routing design in operational networks: a look from the inside
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A clean slate 4D approach to network control and management
ACM SIGCOMM Computer Communication Review
Simulation Study of Firewalls to Aid Improved Performance
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
A first look at modern enterprise traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
SANE: a protection architecture for enterprise networks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
CONMan: a step towards network manageability
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Characterizing VLAN usage in an operational network
Proceedings of the 2007 SIGCOMM workshop on Internet network management
How healthy are today's enterprise networks?
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Unraveling the complexity of network management
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Tesseract: a 4D network control plane
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Mosaic: policy homomorphic network extension
Proceedings of the 4th International Workshop on Large Scale Distributed Systems and Middleware
ACM SIGCOMM Computer Communication Review
Modeling complexity of enterprise routing design
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Minimizing network complexity through integrated top-down design
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Hi-index | 0.00 |
Few studies so far have examined the nature of reachability policies in enterprise networks. A better understanding of reachability policies could both inform future approaches to network design as well as current network configuration mechanisms. In this paper, we introduce the notion of a policy unit, which is an abstract representation of how the policies implemented in a network apply to different network hosts. We develop an approach for reverse-engineering a network's policy units from its router configuration. We apply this approach to the configurations of five productions networks, including three university and two private enterprises. Through our empirical study, we validate that policy units capture useful characteristics of a network's policy. We also obtain insights into the nature of the policies implemented in modern enterprises. For example, we find most hosts in these networks are subject to nearly identical reachability policies at Layer 3.