Demystifying configuration challenges and trade-offs in network-based ISP services

ISPs are increasingly offering a variety of network-based services such as VPN, VPLS, VoIP, Virtual-Wire and DDoS protection. Although both enterprise and residential networks are rapidly adopting these services, there is little systematic work on the design challenges and trade-offs ISPs face in providing them. The goal of our paper is to understand the complexity underlying the layer-3 design of services and to highlight potential factors that hinder their introduction, evolution and management. Using daily snapshots of configuration and device metadata collected from a tier-1 ISP, we examine the logical dependencies and special cases in device configurations for five different network-based services. We find: (1) the design of the core data-plane is usually service-agnostic and simple, but the control-planes for different services become more complex as services evolve; (2) more crucially, the configuration at the service edge inevitably becomes more complex over time, potentially hindering key management issues such as service upgrades and troubleshooting; and (3) there are key service-specific issues that also contribute significantly to the overall design complexity. Thus, the high prevalent complexity could impede the adoption and growth of network-based services. We show initial evidence that some of the complexity can be mitigated systematically.

[1]  David A. Maltz,et al.  Unraveling the Complexity of Network Management , 2009, NSDI.

[2]  Stefan Savage,et al.  California fault lines: understanding the causes and impact of network failures , 2010, SIGCOMM '10.

[3]  Hong Yan,et al.  A clean slate 4D approach to network control and management , 2005, CCRV.

[4]  Nan Zhang,et al.  Characterizing VLAN usage in an operational network , 2007, INM '07.

[5]  Carsten Lund,et al.  Scalable VPN routing via relaying , 2008, SIGMETRICS '08.

[6]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[7]  Zied Ben-Houidi,et al.  A new VPN routing approach for large scale networks , 2010, The 18th IEEE International Conference on Network Protocols.

[8]  Albert G. Greenberg,et al.  Configuration management at massive scale: system design and experience , 2007, IEEE Journal on Selected Areas in Communications.

[9]  David A. Maltz,et al.  Routing design in operational networks: a look from the inside , 2004, SIGCOMM.

[10]  Yao Zhao,et al.  Towards Efficient Large-Scale VPN Monitoring and Diagnosis under Operational Constraints , 2009, IEEE INFOCOM 2009.

[11]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[12]  Franck Le,et al.  Shedding light on the glue logic of the internet routing architecture , 2008, SIGCOMM '08.

[13]  Yin Zhang,et al.  Detecting the performance impact of upgrades in large operational networks , 2010, SIGCOMM '10.

[14]  Shinji Kusumoto,et al.  CCFinder: A Multilinguistic Token-Based Code Clone Detection System for Large Scale Source Code , 2002, IEEE Trans. Software Eng..

[15]  Dave Katz,et al.  Multiprotocol Extensions for BGP-4 , 1998, RFC.

[16]  K. K. Ramakrishnan,et al.  Trade-offs in resource management for virtual private networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[17]  Carsten Lund,et al.  Modeling and understanding end-to-end class of service policies in operational networks , 2009, SIGCOMM '09.

[18]  Seungjoon Lee,et al.  Modeling user activities in a large IPTV system , 2009, IMC '09.

[19]  Albert G. Greenberg,et al.  The cutting EDGE of IP router configuration , 2004, Comput. Commun. Rev..

[20]  Kadangode K. Ramakrishnan,et al.  Measurement-based characterization of IP VPNs , 2007 .

[21]  Seungjoon Lee,et al.  Modeling channel popularity dynamics in a large IPTV system , 2009, SIGMETRICS '09.

[22]  Enke Chen,et al.  BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) , 2006, RFC.