research-article

Demystifying configuration challenges and trade-offs in network-based ISP services

Authors:

Theophilus Benson,

Aman ShaikhAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 41, Issue 4

Pages 302 - 313

https://doi.org/10.1145/2043164.2018471

Published: 15 August 2011 Publication History

Abstract

ISPs are increasingly offering a variety of network-based services such as VPN, VPLS, VoIP, Virtual-Wire and DDoS protection. Although both enterprise and residential networks are rapidly adopting these services, there is little systematic work on the design challenges and trade-offs ISPs face in providing them. The goal of our paper is to understand the complexity underlying the layer-3 design of services and to highlight potential factors that hinder their introduction, evolution and management. Using daily snapshots of configuration and device metadata collected from a tier-1 ISP, we examine the logical dependencies and special cases in device configurations for five different network-based services. We find: (1) the design of the core data-plane is usually service-agnostic and simple, but the control-planes for different services become more complex as services evolve; (2) more crucially, the configuration at the service edge inevitably becomes more complex over time, potentially hindering key management issues such as service upgrades and troubleshooting; and (3) there are key service-specific issues that also contribute significantly to the overall design complexity. Thus, the high prevalent complexity could impede the adoption and growth of network-based services. We show initial evidence that some of the complexity can be mitigated systematically.

Supplementary Material

JPG File (sigcomm_9_3.jpg)

Download
15.68 KB

MP4 File (sigcomm_9_3.mp4)

Download
168.94 MB

References

[1]

Cisco visual networking index: Forecast and methodology, 2009-2014. http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ ns827/white_paper_c11-481360_ns827_Networking_Solutions_White_Paper.h%tml.

[2]

Virtual routing and forwarding. http://www.cisco.com/en/US/docs/net_mgmt/active_network_abstraction/3.7/ reference/guide/vrf.html.

[3]

Virtual routing and forwarding. http://www.juniper.net/techpubs/software/junos/junos61/swconfig61-routing/html/instance-overview.html#1017937.

[4]

T. Bates, R. Chandra, D. Katz, and Y. Rekhter. Multiprotocol Extensions for BGP-4. RFC 4760 (Draft Standard), Jan. 2007.

[5]

T. Bates, E. Chen, and R. Chandra. BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP). RFC 4456 (Draft Standard), Apr. 2006.

[6]

Z. ben Houidi and M. Meulle. A new VPN routing approach for large scale networks. In Proc. IEEE ICNP, 2010.

Digital Library

[7]

T. Benson, A. Akella, and D. A. Maltz. Unraveling the complexity of network management. In NSDI, April 2009.

Digital Library

[8]

D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford. The cutting edge of IP router configuration. In In Proc. of Hotnets-II, 2003.

[9]

W. Enck, P. Mcdaniel, A. Greenberg, S. Sen, P. Sebos, S. Spoerel, and S. Rao. Configuration management at massive scale: System design and experience. In In 2007 USENIX ATC, pages 73--86, 2007.

Digital Library

[10]

N. Feamster and H. Balakrishnan. Detecting BGP configuration faults with static analysis. In Proceedings of USENIX NSDI, pages 43--56, Berkeley, CA, USA, 2005.

Digital Library

[11]

P. Garimella, Y.-W. E. Sung, N. Zhang, and S. Rao. Characterizing VLAN usage in an operational network. In ACM INM '07, pages 305--306, New York, NY, USA, 2007.

Digital Library

[12]

A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, J. Rexford, G. Xie, H. Yan, J. Zhan, and H. Zhang. A clean slate 4D approach to network control and management. SIGCOMM Comput. Commun. Rev., 35(5):41--54, 2005.

Digital Library

[13]

T. Kamiya, S. Kusumoto, and K. Inoue. Ccfinder: a multilinguistic token-based code clone detection system for large scale source code. IEEE Trans. Softw. Eng., 28(7), 2002.

Digital Library

[14]

C. Kim, A. Gerber, C. Lund, D. Pei, and S. Sen. Scalable VPN routing via relaying. In Proceedings of SIGMETRICS, pages 61--72, New York, NY, USA, 2008. ACM.

Digital Library

[15]

F. Le, G. G. Xie, D. Pei, J. Wang, and H. Zhang. Shedding light on the glue logic of the Internet routing architecture. In Proceedings of ACM SIGCOMM, pages 39--50, New York, NY, USA, 2008.

Digital Library

[16]

R. Mahajan, D. Wetherall, and T. Anderson. Understanding BGP misconfiguration. In Proceedings of ACM SIGCOMM, pages 3--16, New York, NY, USA, 2002.

Digital Library

[17]

A. A. Mahimkar, H. H. Song, Z. Ge, A. Shaikh, J. Wang, J. Yates, Y. Zhang, and J. Emmons. Detecting the performance impact of upgrades in large operational networks. In Proceedings of ACM SIGCOMM, pages 303--314, New York, NY, USA, 2010.

Digital Library

[18]

D. A. Maltz, G. Xie, J. Zhan, H. Zhang, G. Hjálmtýsson, and A. Greenberg. Routing design in operational networks: a look from the inside. In Proceedings of ACM SIGCOMM, pages 27--40, New York, NY, USA, 2004.

Digital Library

[19]

M. Napierala. AT&T MPLS network and VPN services. PLNOG, 2008.

[20]

T. Qiu, Z. Ge, S. Lee, J. Wang, J. Xu, and Q. Zhao. Modeling user activities in a large IPTV system. In Proceedings of ACM IMC, pages 430--441, New York, NY, USA, 2009.

Digital Library

[21]

T. Qiu, Z. Ge, S. Lee, J. Wang, Q. Zhao, and J. Xu. Modeling channel popularity dynamics in a large IPTV system. In Proceedings of ACM SIGMETRICS, pages 275--286, New York, NY, USA, 2009.

Digital Library

[22]

S. Raghunath and K. K. Ramakrishnan. Trade-offs in resource management for Virtual Private Networks. In Proc. IEEE INFOCOM, 2005.

[23]

S. Raghunath, K. K. Ramakrishnan, and S. Kalyanaraman. Measurement-based characterization of IP VPNs. IEEE/ACM Trans. Netw., 15:1428--1441, December 2007.

Digital Library

[24]

Y.-W. E. Sung, C. Lund, M. Lyn, S. G. Rao, and S. Sen. Modeling and understanding end-to-end class of service policies in operational networks. In Proceedings of SIGCOMM, pages 219--230, New York, NY, USA, 2009. ACM.

Digital Library

[25]

D. Turner, K. Levchenko, A. C. Snoeren, and S. Savage. California fault lines: understanding the causes and impact of network failures. In Proceedings of ACM SIGCOMM, pages 315--326, New York, NY, USA, 2010.

Digital Library

[26]

Y. Zhao, Z. Zhu, Y. Chen, D. Pei, and J. Wang. Towards efficient large-scale VPN monitoring and diagnosis under operational constraints. In Proc. IEEE INFOCOM, pages 531--539, 2009.

Cited By

Fang XDing FHuang BWang ZHan GYang RYou LXiang QKong LLiu YShu J(2024)Network Can Help Check Itself: Accelerating SMT-based Network Configuration Verification Using Network Domain KnowledgeIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621215(2119-2128)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621215
Mike Liang CXue HYang MZhou L(2019)The Case for Learning-and-System Co-designACM SIGOPS Operating Systems Review10.1145/3352020.335203153:1(68-74)Online publication date: 25-Jul-2019
https://dl.acm.org/doi/10.1145/3352020.3352031
Aydeger ASaputro NAkkaya K(2019)A moving target defense and network forensics framework for ISP networks using SDN and NFVFuture Generation Computer Systems10.1016/j.future.2018.11.04594(496-509)Online publication date: May-2019
https://doi.org/10.1016/j.future.2018.11.045
Show More Cited By

Index Terms

Demystifying configuration challenges and trade-offs in network-based ISP services
1. Networks
  1. Network services
    1. Network management

Recommendations

Demystifying configuration challenges and trade-offs in network-based ISP services
SIGCOMM '11: Proceedings of the ACM SIGCOMM 2011 conference

ISPs are increasingly offering a variety of network-based services such as VPN, VPLS, VoIP, Virtual-Wire and DDoS protection. Although both enterprise and residential networks are rapidly adopting these services, there is little systematic work on the ...
On Providing End-To-End QoS Introducing a Set of Network Services in Large-Scale IP Networks
NETWORKING '02: Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications

The Differentiated Services (DiffServ) architecture has been proposed as a scalable solution for providing service differentiation among flows. Towards the enhancement of this architecture, new mechanisms for admission control and a new set of network ...
Definition and Performance Evaluation of Network Services Deployed Over a Differentiated Services Network

A vital requirement for next generation IP networks is the provision of services with differentiated behavior and characteristics. The basic reason for that is the need to provide Quality of Service (QoS) to the different types of user traffic produced ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 41, Issue 4

SIGCOMM '11

August 2011

480 pages

ISSN:0146-4833

DOI:10.1145/2043164

Issue’s Table of Contents

SIGCOMM '11: Proceedings of the ACM SIGCOMM 2011 conference
August 2011
502 pages
ISBN:9781450307970
DOI:10.1145/2018436
General Chairs:
Srinivasan Keshav
University of Waterloo, Canada
,
Jörg Liebeherr
University of Toronto, Canada
,
Program Chairs:
John Byers
Boston University, USA
,
Jeffrey Mogul
HP Labs, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 August 2011

Published in SIGCOMM-CCR Volume 41, Issue 4

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
645
Total Downloads

Downloads (Last 12 months)82
Downloads (Last 6 weeks)17

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Fang XDing FHuang BWang ZHan GYang RYou LXiang QKong LLiu YShu J(2024)Network Can Help Check Itself: Accelerating SMT-based Network Configuration Verification Using Network Domain KnowledgeIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621215(2119-2128)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621215
Mike Liang CXue HYang MZhou L(2019)The Case for Learning-and-System Co-designACM SIGOPS Operating Systems Review10.1145/3352020.335203153:1(68-74)Online publication date: 25-Jul-2019
https://dl.acm.org/doi/10.1145/3352020.3352031
Aydeger ASaputro NAkkaya K(2019)A moving target defense and network forensics framework for ISP networks using SDN and NFVFuture Generation Computer Systems10.1016/j.future.2018.11.04594(496-509)Online publication date: May-2019
https://doi.org/10.1016/j.future.2018.11.045
Zhou FQi ZYao JMa RWang BVasilakos AGuan H(2018)FL: Design and Implementation of Distributed Dynamic Fault LocalizationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2016.259988115:3(378-392)Online publication date: 1-May-2018
https://doi.org/10.1109/TDSC.2016.2599881
Gember-Jacobson AViswanathan RAkella AMahajan RBarcellos MCrowcroft JVahdat AKatti S(2016)Fast Control Plane Analysis Using an Abstract RepresentationProceedings of the 2016 ACM SIGCOMM Conference10.1145/2934872.2934876(300-313)Online publication date: 22-Aug-2016
https://dl.acm.org/doi/10.1145/2934872.2934876
Li FYang JWang XPan TAn CWu J(2016)Characteristics analysis at prefix granularity: A case study in an IPv6 networkJournal of Network and Computer Applications10.1016/j.jnca.2016.02.02270(156-170)Online publication date: Jul-2016
https://doi.org/10.1016/j.jnca.2016.02.022
Fukushima MYoshida YTagami AYamamoto SNakao A(2014)Toy Block NetworkingProceedings of the 2014 IEEE 38th International Computer Software and Applications Conference Workshops10.1109/COMPSACW.2014.14(61-66)Online publication date: 21-Jul-2014
https://dl.acm.org/doi/10.1109/COMPSACW.2014.14
Li FYang JWu JZheng ZZhang HWang X(2014)Configuration analysis and recommendationComputer Communications10.1016/j.comcom.2014.07.01153:C(37-51)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1016/j.comcom.2014.07.011
Voellmy AKim HFeamster NFeamster NRexford J(2012)ProceraProceedings of the first workshop on Hot topics in software defined networks10.1145/2342441.2342451(43-48)Online publication date: 13-Aug-2012
https://dl.acm.org/doi/10.1145/2342441.2342451
Hyder MFatima TKhan SArshad S(2023)Countering crossfire DDoS attacks through moving target defense in SDN networks using OpenFlow traffic modificationTransactions on Emerging Telecommunications Technologies10.1002/ett.4853Online publication date: Sep-2023
https://doi.org/10.1002/ett.4853
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents