CONMan: Taking the Complexity out of Network Management

• network management 9

http://dl.acm.org/citation.cfm?id=1162645&CFID=722598764&CFTOKEN=57521027

ABSTRACT Network management is difficult, costly, and error prone, and this is becoming more so as network complexity increases. We argue that this is an outcome of two fundamental flaws in the existing architecture: the management plane depends on the data plane, and network device management interfaces are varied, complex, and constantly evolving. In this paper, we present Complexity Oblivious Network Management (CONMan), a network architecture in which the management plane does not depend on the data plane and all data plane protocols expose a simple generic management interface. This restricts the operational complexity of pro- tocols to their implementation and allows the management plane to achieve high level policies in a structured fashion.

A recent survey [18] showed that 80% of the IT budget in enterprises is devoted to maintain just the status quo — in spite of this, configuration errors account for 62% of network downtime.

Today, protocols and devices expose their internal details leading to a deluge of complexity that burdens the management plane.

Error-prone configuration.

Network configuration involves mapping high-level policies and goals to the values of protocol parameters. Since management applications don’t have an understanding of the underlying network in the first place, they often resort to a cycle of setting the parameters and correlating events to see if the high level goal was achieved or not. Apart from being haphazard, the noise in measurements and correlations is often the root-cause of misconfigurations and related errors. The inability to understand the network’s operation also makes debugging these errors very difficult [21].

Fragmentation of tools.

Since devices and their exposed details keep evolving at a frantic pace, management applications tend to lag behind the power curve [26]… put us in a situation where no one management approach suffices … the Internet management plane doesn’t have anything analogous to the IP “thin waist” around which the Internet data-plane is built.

Lack of dependency maintenance.

Management state is highly inter-dependent. These dependencies are not reflected in the existing set-up; thus, when a low-level value changes, the appropriate dependent changes don’t always happen [28]. Instances of improper filtering because the address assigned to some machine changed, or the application was started on some other port are very common. Recent work details the challenges involved in tracking such dependencies in the existing set-up ¹ and gives examples of how failure to track them leads to problems in large networks [20].

These shortcomings indicate that an (extreme) alternative worth exploring is to confine the operational complexity of protocols to their implementation.

The management interface of data-plane protocols should contain as little protocol-specific information as possible.

in this paper we present the design and implementation of a network architecture, Complexity Oblivious Network Management (CONMan)

2.3 Module Abstraction

2.5 Hiding Complexity

Much of the reduction in management plane complexity comes from the fact that the NM operates in terms of the abstract components, while the protocol modules themselves translate these into concrete protocol objects.

reference

• [10] T. Condie, J. M. Hellerstein, P. Maniatis, S. Rhea, and T. Roscoe, “Finally, a Use for Componentized Transport Protocols,” in Proc. of the Fourth Workshop on Hot Topics in Networking, 2005. http://people.inf.ethz.ch/troscoe/pubs/hotnets05-transport.pdf
• [13] G. Goldszmidt, Y. Yemini, and S. Yemini, “Network management by delegation: the MAD approach,” in Proc. of the conference of the Centre for Advanced Studies on Collaborative research (CASCON), 1991. http://dl.acm.org/citation.cfm?id=1925810
• [21] R. R. Kompella, J. Yates, A. Greenberg, and A. C. Snoeren, “ IP Fault Localization Via Risk Modeling ,” in Proc. of 2nd Symp. on Networked Systems Design and Implementation (NSDI), 2005.
• [26] R. Mahajan, D. Wetherall, and T. Anderson, “Understanding BGP misconfiguration,” in Proc. of ACM SIGCOMM, 2002, pp. 3–16.

• [28] D. Oppenheimer, A. Ganapathi, and D. Patterson, “Why do Internet services fail, and what can be done about it,” in Proc. of USENIX Symposium on Internet Technologies and Systems, 2003.

• [20] R. R. Kompella, A. Greenberg, J. Rexford, A. C. Snoeren, and J. Yates, “Cross-layer Visibility as a Service,” in Proc. of workshop on Hot Topics in Networks, 2005.