More Web Proxy on the site http://driver.im/

research-article

Free access

Demystifying configuration challenges and trade-offs in network-based ISP services

Authors:

Theophilus Benson,

Aman ShaikhAuthors Info & Claims

SIGCOMM '11: Proceedings of the ACM SIGCOMM 2011 conference

Pages 302 - 313

https://doi.org/10.1145/2018436.2018471

Published: 15 August 2011 Publication History

Abstract

ISPs are increasingly offering a variety of network-based services such as VPN, VPLS, VoIP, Virtual-Wire and DDoS protection. Although both enterprise and residential networks are rapidly adopting these services, there is little systematic work on the design challenges and trade-offs ISPs face in providing them. The goal of our paper is to understand the complexity underlying the layer-3 design of services and to highlight potential factors that hinder their introduction, evolution and management. Using daily snapshots of configuration and device metadata collected from a tier-1 ISP, we examine the logical dependencies and special cases in device configurations for five different network-based services. We find: (1) the design of the core data-plane is usually service-agnostic and simple, but the control-planes for different services become more complex as services evolve; (2) more crucially, the configuration at the service edge inevitably becomes more complex over time, potentially hindering key management issues such as service upgrades and troubleshooting; and (3) there are key service-specific issues that also contribute significantly to the overall design complexity. Thus, the high prevalent complexity could impede the adoption and growth of network-based services. We show initial evidence that some of the complexity can be mitigated systematically.

Supplementary Material

MP4 File (sigcomm_9_3.mp4)

Download
168.94 MB

References

[1]

Cisco visual networking index: Forecast and methodology, 2009-2014. http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ ns827/white_paper_c11-481360_ns827_Networking_Solutions_White_Paper.h%tml.

[2]

Virtual routing and forwarding. http://www.cisco.com/en/US/docs/net_mgmt/active_network_abstraction/3.7/ reference/guide/vrf.html.

[3]

Virtual routing and forwarding. http://www.juniper.net/techpubs/software/junos/junos61/swconfig61-routing/html/instance-overview.html#1017937.

[4]

T. Bates, R. Chandra, D. Katz, and Y. Rekhter. Multiprotocol Extensions for BGP-4. RFC 4760 (Draft Standard), Jan. 2007.

[5]

T. Bates, E. Chen, and R. Chandra. BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP). RFC 4456 (Draft Standard), Apr. 2006.

[6]

Z. ben Houidi and M. Meulle. A new VPN routing approach for large scale networks. In Proc. IEEE ICNP, 2010.

Digital Library

[7]

T. Benson, A. Akella, and D. A. Maltz. Unraveling the complexity of network management. In NSDI, April 2009.

Digital Library

[8]

D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford. The cutting edge of IP router configuration. In In Proc. of Hotnets-II, 2003.

[9]

W. Enck, P. Mcdaniel, A. Greenberg, S. Sen, P. Sebos, S. Spoerel, and S. Rao. Configuration management at massive scale: System design and experience. In In 2007 USENIX ATC, pages 73--86, 2007.

Digital Library

[10]

N. Feamster and H. Balakrishnan. Detecting BGP configuration faults with static analysis. In Proceedings of USENIX NSDI, pages 43--56, Berkeley, CA, USA, 2005.

Digital Library

[11]

P. Garimella, Y.-W. E. Sung, N. Zhang, and S. Rao. Characterizing VLAN usage in an operational network. In ACM INM '07, pages 305--306, New York, NY, USA, 2007.

Digital Library

[12]

A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, J. Rexford, G. Xie, H. Yan, J. Zhan, and H. Zhang. A clean slate 4D approach to network control and management. SIGCOMM Comput. Commun. Rev., 35(5):41--54, 2005.

Digital Library

[13]

T. Kamiya, S. Kusumoto, and K. Inoue. Ccfinder: a multilinguistic token-based code clone detection system for large scale source code. IEEE Trans. Softw. Eng., 28(7), 2002.

Digital Library

[14]

C. Kim, A. Gerber, C. Lund, D. Pei, and S. Sen. Scalable VPN routing via relaying. In Proceedings of SIGMETRICS, pages 61--72, New York, NY, USA, 2008. ACM.

Digital Library

[15]

F. Le, G. G. Xie, D. Pei, J. Wang, and H. Zhang. Shedding light on the glue logic of the Internet routing architecture. In Proceedings of ACM SIGCOMM, pages 39--50, New York, NY, USA, 2008.

Digital Library

[16]

R. Mahajan, D. Wetherall, and T. Anderson. Understanding BGP misconfiguration. In Proceedings of ACM SIGCOMM, pages 3--16, New York, NY, USA, 2002.

Digital Library

[17]

A. A. Mahimkar, H. H. Song, Z. Ge, A. Shaikh, J. Wang, J. Yates, Y. Zhang, and J. Emmons. Detecting the performance impact of upgrades in large operational networks. In Proceedings of ACM SIGCOMM, pages 303--314, New York, NY, USA, 2010.

Digital Library

[18]

D. A. Maltz, G. Xie, J. Zhan, H. Zhang, G. Hjálmtýsson, and A. Greenberg. Routing design in operational networks: a look from the inside. In Proceedings of ACM SIGCOMM, pages 27--40, New York, NY, USA, 2004.

Digital Library

[19]

M. Napierala. AT&T MPLS network and VPN services. PLNOG, 2008.

[20]

T. Qiu, Z. Ge, S. Lee, J. Wang, J. Xu, and Q. Zhao. Modeling user activities in a large IPTV system. In Proceedings of ACM IMC, pages 430--441, New York, NY, USA, 2009.

Digital Library

[21]

T. Qiu, Z. Ge, S. Lee, J. Wang, Q. Zhao, and J. Xu. Modeling channel popularity dynamics in a large IPTV system. In Proceedings of ACM SIGMETRICS, pages 275--286, New York, NY, USA, 2009.

Digital Library

[22]

S. Raghunath and K. K. Ramakrishnan. Trade-offs in resource management for Virtual Private Networks. In Proc. IEEE INFOCOM, 2005.

[23]

S. Raghunath, K. K. Ramakrishnan, and S. Kalyanaraman. Measurement-based characterization of IP VPNs. IEEE/ACM Trans. Netw., 15:1428--1441, December 2007.

Digital Library

[24]

Y.-W. E. Sung, C. Lund, M. Lyn, S. G. Rao, and S. Sen. Modeling and understanding end-to-end class of service policies in operational networks. In Proceedings of SIGCOMM, pages 219--230, New York, NY, USA, 2009. ACM.

Digital Library

[25]

D. Turner, K. Levchenko, A. C. Snoeren, and S. Savage. California fault lines: understanding the causes and impact of network failures. In Proceedings of ACM SIGCOMM, pages 315--326, New York, NY, USA, 2010.

Digital Library

[26]

Y. Zhao, Z. Zhu, Y. Chen, D. Pei, and J. Wang. Towards efficient large-scale VPN monitoring and diagnosis under operational constraints. In Proc. IEEE INFOCOM, pages 531--539, 2009.

Cited By

Hyder MFatima TKhan SArshad S(2023)Countering crossfire DDoS attacks through moving target defense in SDN networks using OpenFlow traffic modificationTransactions on Emerging Telecommunications Technologies10.1002/ett.4853Online publication date: Sep-2023
https://doi.org/10.1002/ett.4853
Mirkhanzadeh BTaheri NKhorsandi S(2021)SDxVPN: A software-defined solution for VPN service providersNOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS.2016.7502811(180-188)Online publication date: 10-Mar-2021
https://dl.acm.org/doi/10.1109/NOMS.2016.7502811
Hyder MFatima T(2021)Towards Crossfire Distributed Denial of Service Attack Protection Using Intent-Based Moving Target Defense Over Software-Defined NetworkingIEEE Access10.1109/ACCESS.2021.31038459(112792-112804)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3103845
Show More Cited By

Index Terms

Demystifying configuration challenges and trade-offs in network-based ISP services
1. Networks
  1. Network services
    1. Network management

Recommendations

Demystifying configuration challenges and trade-offs in network-based ISP services
SIGCOMM '11

ISPs are increasingly offering a variety of network-based services such as VPN, VPLS, VoIP, Virtual-Wire and DDoS protection. Although both enterprise and residential networks are rapidly adopting these services, there is little systematic work on the ...
On Providing End-To-End QoS Introducing a Set of Network Services in Large-Scale IP Networks
NETWORKING '02: Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications

The Differentiated Services (DiffServ) architecture has been proposed as a scalable solution for providing service differentiation among flows. Towards the enhancement of this architecture, new mechanisms for admission control and a new set of network ...
Scaling Network Services Using Programmable Network Devices

The NEon system offers an integrated approach to architecting, operating, and managing network services. NEon uses policy rules defining the operation of individual network services and produces a unified set of rules that generic packet-processing ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '11: Proceedings of the ACM SIGCOMM 2011 conference

August 2011

502 pages

ISBN:9781450307970

DOI:10.1145/2018436

General Chairs:
Srinivasan Keshav
University of Waterloo, Canada
,
Jörg Liebeherr
University of Toronto, Canada
,
Program Chairs:
John Byers
Boston University, USA
,
Jeffrey Mogul
HP Labs, USA

ACM SIGCOMM Computer Communication Review Volume 41, Issue 4
SIGCOMM '11
August 2011
480 pages
ISSN:0146-4833
DOI:10.1145/2043164
Issue’s Table of Contents

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 August 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCOMM '11

Sponsor:

SIGCOMM

SIGCOMM '11: ACM SIGCOMM 2011 Conference

August 15 - 19, 2011

Ontario, Toronto, Canada

Acceptance Rates

SIGCOMM '11 Paper Acceptance Rate 32 of 223 submissions, 14%;

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
638
Total Downloads

Downloads (Last 12 months)75
Downloads (Last 6 weeks)14

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hyder MFatima TKhan SArshad S(2023)Countering crossfire DDoS attacks through moving target defense in SDN networks using OpenFlow traffic modificationTransactions on Emerging Telecommunications Technologies10.1002/ett.4853Online publication date: Sep-2023
https://doi.org/10.1002/ett.4853
Mirkhanzadeh BTaheri NKhorsandi S(2021)SDxVPN: A software-defined solution for VPN service providersNOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS.2016.7502811(180-188)Online publication date: 10-Mar-2021
https://dl.acm.org/doi/10.1109/NOMS.2016.7502811
Hyder MFatima T(2021)Towards Crossfire Distributed Denial of Service Attack Protection Using Intent-Based Moving Target Defense Over Software-Defined NetworkingIEEE Access10.1109/ACCESS.2021.31038459(112792-112804)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3103845
Liang CXue HYang MZhou LZhu LLi ZWang ZChen QZhang QLiu CDai WGavrilovska AZadok E(2020)AutoSysProceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference10.5555/3489146.3489168(323-336)Online publication date: 15-Jul-2020
https://dl.acm.org/doi/10.5555/3489146.3489168
Abhashkumar AGember-Jacobson AAkella ABhagwan RPorter G(2020)TiramisuProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388257(201-220)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388257
Zhang PHuang YGember-Jacobson AShi WLiu XYang HZuo ZZhao BZheng HMadhyastha HPadmanabhan V(2020)Incremental Network Configuration VerificationProceedings of the 19th ACM Workshop on Hot Topics in Networks10.1145/3422604.3425936(81-87)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.1145/3422604.3425936
Subramanian KAbhashkumar AD'Antoni LAkella ADonaldson ATorlak E(2020)Detecting network load violations for distributed control planesProceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3385412.3385976(974-988)Online publication date: 11-Jun-2020
https://dl.acm.org/doi/10.1145/3385412.3385976
Chen QWang TLegunsen OLi SXu TDevanbu PCohen MZimmermann T(2020)Understanding and discovering software configuration dependencies in cloud and datacenter systemsProceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3368089.3409727(362-374)Online publication date: 8-Nov-2020
https://dl.acm.org/doi/10.1145/3368089.3409727
Subramanian KD'Antoni LAkella A(2019)Synthesis of Fault-Tolerant Distributed Router ConfigurationsACM SIGMETRICS Performance Evaluation Review10.1145/3308809.330885346:1(87-89)Online publication date: 17-Jan-2019
https://doi.org/10.1145/3308809.3308853
SHIOMOTO K(2018)Research Challenges for Network Function Virtualization - Re-Architecting Middlebox for High Performance and Efficient, Elastic and Resilient Platform to Create New Services -IEICE Transactions on Communications10.1587/transcom.2017EBI0001E101.B:1(96-122)Online publication date: 2018
https://doi.org/10.1587/transcom.2017EBI0001
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents