12 Oct 2015

Rethinking Enterprise Network Control

Ethan 09 TON

Ethane allows managers to define a single network-wide fine-grained policy, and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a centralized controller that manages the admittance and routing of flows
a central controller containing the global policy that determines the fate of all packets
results suggest that a single controller could manage thousands of machiens
policy-aware
network policy dictates the nature of connectivity between communicating entities and therefore naturally affect the paths that packets take … this is in contrast to today’s networks in which forwarding and filtering use different mechanism rather than a single integrated approach.
policy also specifies service priorities for different classes of traffic, directing real-time communication over lightly loaded paths
enterprise security, in many ways, a subset of network management, but requires a network policy, the ability to control connectivity, and the means to observe network traffic.

VLAN … for segmentation, isolation, and to enforce coarse-grained policies …

conflicts in FSL rules
independent and do not contain ordering … conflicts are resolved in two ways. the author can resolve them statically by assigning priorities using a cascading mechanism. … allows an admin to quickly relax a security policy by inserting a high priority exception without having to understand the full policy file …

Shadowed Smiley face

the controller holds the policy file, which is compiled into a fast lookup table. when a new flow starts, it is checked against the rules to see if it should be accepted, denied, or routed through a waypoint. next, the route computation uses the network topology to pick the flow’s route. the topology is maintained by the switch manager, which receives link updates from the switches.