NetQuery: A General-Purpose Channel for Reasoning about Network

Although the configuration of modern networks has a significant impact on the performance, robustness, and security of applications, networks lack support for reporting these differences. This paper presents the design and implementation of NetQuery, a novel, general-purpose channel for disseminating the properties of networks and their participants. NetQuery implements a distributed, decentralized, tuple-based attribute store that records information about network entities. Operators can add new tuples into this store and can also annotate existing tuples with new, custom attributes, thus allowing the system to support network entities and properties not anticipated at the time of deployment. NetQuery clients can query this attribute store for the current network state and install event triggers to detect future state transitions, thus establishing long-running guarantees over the behavior of the network. We have implemented NetQuery and deployed networks with NetQuery-enabled devices that leverage commodity trusted hardware to provide strong assurance over the accuracy of reported properties. We describe the NetQuery system, outline the types of new applications enabled by NetQuery, and report on the performance of the system from deployments of real devices and from simulations of ISP networks.

[1]  David Wetherall,et al.  Reverse engineering the Internet , 2004, CCRV.

[2]  Arun Venkataramani,et al.  iPlane: an information plane for distributed services , 2006, OSDI '06.

[3]  Bert Wijnen,et al.  An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks , 2002, RFC.

[4]  Martín Casado,et al.  Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks , 2006, 200614th IEEE International Workshop on Quality of Service.

[5]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[6]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .

[7]  Nick Feamster,et al.  Design and implementation of a routing control platform , 2005, NSDI.

[8]  Scott Shenker,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM.

[9]  Hong Yan,et al.  A clean slate 4D approach to network control and management , 2005, CCRV.

[10]  A T Karygiannis,et al.  Wireless Network Security: 802.11, Bluetooth and Handheld Devices , 2002 .

[11]  Martín Abadi,et al.  Unified Declarative Platform for Secure Netwoked Information Systems , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[12]  Michalis Faloutsos,et al.  Analyzing BGP policies: methodology and tool , 2004, IEEE INFOCOM 2004.

[13]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[14]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[15]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[16]  Antony I. T. Rowstron,et al.  Network exception handlers: host-network control in enterprise networks , 2008, SIGCOMM '08.