Nanxi Kang will present her Pre-FPO on Monday, June 29 at 12pm in CS 401.
The members of her committee are: Jennifer Rexford (adviser), David Walker, Sanjay Rao (Purdue), Nick Feamster, Mike Freedman.
Everyone is invited to attend her talk. The the abstract follow below:
Managing large enterprise networks is challenging. Operators need diverse policies such as
routing, access control, QoS and load balancing, for performance, security and
reliability. The best practice to enforce these policies today is to configure rules on
network switches individually. This forces operators to reason about many low-level
details, all at the same time, including the choice of path, the rule-table space limits
on each switch, and the hop-by-hop interaction of rules for forwarding, dropping,
modifying, and monitoring packets. The rule-table space, in particular, is a scarce
commodity on switches. While the rule-tables (e.g., TCAM) are optimized for high-speed
arbitrary packet-header matching and widely used for ACL, QoS and forwarding, they have
small capacities on the order of a few thousand entries.
In this talk, we propose a series of abstractions that enable operators to specify
high-level goals without worry about the configurations of underlying switches, and
algorithms that realize these abstractions within the constrained rule-table
sizes.
We first present the "One-Big-Switch" abstraction, which virtualizes the network topology as a
single switch and allows operators to specify network policies as if configuring a single
switch. The rule placement algorithm is responsible for distributing the rules for this
single switch to the underlying physical switches. With this abstraction, we also
develop a traffic monitoring system, PacketSeer, which acts as "Wireshark" running on
top of the "One-Big-Switch" to aid measurement and troubleshooting.
The second abstraction is "One-Big-Server", which consists of a set of equivalent servers
offering the same services (e.g., websites). Given the desired distribution of server
loads, Niagara algorithms compute forwarding rules on a switch to split incoming traffic
accurately.
Finally, we propose "Attribute-Carrying IPs". ACIP allows operators to define policies
for groups of hosts with the same attributes (e.g., owner role or department). Our ACIP
allocation algorithms effectively compact these policies defined on host attributes (e.g.,
faculty or students, CS or EE) into a small number of switch rules.
Together, these abstractions -- coupled with efficient algorithms for realizing the
abstractions -- enables flexible enterprise network management on commodity switches.