Alpaca: Compact Network Policies With Attribute-Encoded Addresses

In enterprise networks, policies (e.g., QoS or security) are often defined based on the categorization of hosts along dimensions, such as the organizational role of the host (faculty versus student) and department (engineering versus sales). While current best practices (virtual local area networks) help when hosts are categorized along a single dimension, policy may often need to be expressed along multiple orthogonal dimensions. In this paper, we make three contributions. First, we argue for attribute-encoded IPs (ACIPs), where the IP address allocation process in enterprises considers attributes of a host along all policy dimensions. ACIPs enable flexible policy specification in a manner that may not otherwise be feasible owing to the limited size of switch rule-tables. Second, we present Alpaca, algorithms for realizing ACIPs under practical constraints of limited-length IP addresses. Our algorithms can be applied to different switch architectures, and we provide bounds on their performance. Third, we demonstrate the importance and viability of ACIPs on data collected from real campus networks.

[1]  Tal Mizrahi,et al.  Compressing forwarding tables , 2013, 2013 Proceedings IEEE INFOCOM.

[2]  Eric Torng,et al.  TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs , 2007, 2007 IEEE International Conference on Network Protocols.

[3]  Richard Wang,et al.  OpenFlow-Based Server Load Balancing Gone Wild , 2011, Hot-ICE.

[4]  Martín Casado,et al.  Rethinking enterprise network control , 2009, TNET.

[5]  Eric Torng,et al.  Topological Transformation Approaches to TCAM-Based Packet Classification , 2011, IEEE/ACM Transactions on Networking.

[6]  Eric Torng,et al.  Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs , 2009, 2009 17th IEEE International Conference on Network Protocols.

[7]  Martín Casado,et al.  The Design and Implementation of Open vSwitch , 2015, NSDI.

[8]  Ori Rottenstreich,et al.  Optimal Rule Caching and Lossy Compression for Longest Prefix Matching , 2017, IEEE/ACM Transactions on Networking.

[9]  Praveen Yalagandula,et al.  Minimizing Rulesets for TCAM Implementation , 2009, IEEE INFOCOM 2009.

[10]  Eric Torng,et al.  Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs , 2012, IEEE/ACM Transactions on Networking.

[11]  Alex C. Snoeren,et al.  High-fidelity switch models for software-defined network emulation , 2013, HotSDN '13.

[12]  Jennifer Rexford,et al.  Alpaca: compact network policies with attribute-carrying addresses , 2015, CoNEXT.

[13]  Haim Kaplan,et al.  Optimal In/Out TCAM Encodings of Ranges , 2016, IEEE/ACM Transactions on Networking.

[14]  David A. Maltz,et al.  Mining policies from enterprise network configuration , 2009, IMC '09.

[15]  Xin Jin,et al.  SoftCell: scalable and flexible cellular core network architecture , 2013, CoNEXT.

[16]  Eric Torng,et al.  Split: Optimizing Space, Power, and Throughput for TCAM-Based Classification , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[17]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[18]  H. Jonathan Chao,et al.  Block permutations in Boolean Space to minimize TCAM for packet classification , 2012, 2012 Proceedings IEEE INFOCOM.

[19]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[20]  Ronald van der Pol,et al.  Performance Analysis of OpenFlow Hardware , 2012 .

[21]  Minlan Yu,et al.  A survey of virtual LAN usage in campus networks , 2011, IEEE Communications Magazine.

[22]  Nick Feamster,et al.  Concise Encoding of Flow Attributes in SDN Switches , 2017, SOSR.

[23]  Tuomas Sandholm,et al.  Compressing Two-Dimensional Routing Tables , 2003, Algorithmica.

[24]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[25]  Brian Zill,et al.  Constructing optimal IP routing tables , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[26]  David S. Johnson,et al.  Compressing rectilinear pictures and minimizing access control lists , 2007, SODA '07.

[27]  Minlan Yu,et al.  Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags , 2014, NSDI.

[28]  Patrick Th. Eugster,et al.  Exploiting Order Independence for Scalable and Expressive Packet Classification , 2016, IEEE/ACM Transactions on Networking.

[29]  Nick Feamster,et al.  NetAssay: providing new monitoring primitives for network operators , 2015, SIGCOMM 2015.