12 Oct 2015
Rethinking Enterprise Network Control
Ethan 09 TON
- Ethane allows managers to define a single network-wide fine-grained policy, and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a centralized controller that manages the admittance and routing of flows
- a central controller containing the global policy that determines
the fate of all packets
- results suggest that a single controller could manage thousands of
machiens
- policy-aware
- network policy dictates the nature of connectivity between
communicating entities and therefore naturally affect the paths that
packets take … this is in contrast to today’s networks in which
forwarding and filtering use different mechanism rather than a
single integrated approach.
- policy also specifies service priorities for different classes of
traffic, directing real-time communication over lightly loaded paths
- enterprise security, in many ways, a subset of network
management, but requires a network policy, the ability to control
connectivity, and the means to observe network traffic.
VLAN … for segmentation, isolation, and to enforce coarse-grained
policies …
- conflicts in FSL rules
- independent and do not contain ordering … conflicts are resolved
in two ways. the author can resolve them statically by assigning
priorities using a cascading mechanism. … allows an admin to
quickly relax a security policy by inserting a high priority exception
without having to understand the full policy file …
the controller holds the policy file, which is compiled into a fast
lookup table. when a new flow starts, it is checked against the rules
to see if it should be accepted, denied, or routed through a
waypoint. next, the route computation uses the network topology to
pick the flow’s route. the topology is maintained by the switch
manager, which receives link updates from the switches.