ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Rethinking enterprise network control
Full text PdfPdf (929 KB)
Source IEEE/ACM Transactions on Networking (TON) archive
Volume 17 ,  Issue 4  (August 2009) table of contents
Pages 1270-1283  
Year of Publication: 2009
ISSN:1063-6692
Authors
Martín Casado  Stanford University, Stanford, CA
Michael J. Freedman  Princeton University, Princeton, NJ
Justin Pettit  Stanford University, Stanford, CA
Jianying Luo  Stanford University, Stanford, CA
Natasha Gude  Stanford University, Stanford, CA
Nick McKeown  Stanford University, Stanford, CA
Scott Shenker  University of California, Berkeley, Berkeley, CA
Publisher
IEEE Press  Piscataway, NJ, USA
Bibliometrics
Downloads (6 Weeks): 49,   Downloads (12 Months): 49,   Citation Count: 0
Additional Information:

abstract   references   index terms  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: 10.1109/TNET.2009.2026415

ABSTRACT

This paper presents Ethane, a new network architecture for the enterprise. Ethane allows managers to define a single network-wide fine-grain policy and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a centralized controller that manages the admittance and routing of flows. While radical, this design is backwards-compatible with existing hosts and switches. We have implemented Ethane in both hardware and software, supporting both wired and wireless hosts.We also show that it is compatible with existing high-fanout switches by porting it to popular commodity switching chipsets. We have deployed and managed two operational Ethane networks, one in the Stanford University Computer Science Department supporting over 300 hosts, and another within a small business of 30 hosts. Our deployment experiences have significantly affected Ethane's design.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Don Caldwell , Anna Gilbert , Joel Gottlieb , Albert Greenberg , Gisli Hjalmtysson , Jennifer Rexford, The cutting EDGE of IP router configuration, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004  [doi>10.1145/972374.972379]
2
Timothy Roscoe , Steve Hand , Rebecca Isaacs , Richard Mortier , Paul Jardetzky, Predicate routing: enabling controlled networking, ACM SIGCOMM Computer Communication Review, v.33 n.1, p.65-70, January 2003  [doi>10.1145/774763.774773]
3
David A. Maltz , Geoffrey Xie , Jibin Zhan , Hui Zhang , Gísli Hjálmtýsson , Albert Greenberg, Routing design in operational networks: a look from the inside, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
 
4
A. Wool, "The use and usability of direction-based filtering in firewalls," Comput. Security, vol. 26, no. 6, pp. 459-468, 2004.
 
5
A Quantitative Study of Firewall Configuration Errors, Computer, v.37 n.6, p.62-67, June 2004  [doi>10.1109/MC.2004.2]
 
6
Z. Kerravala, "Configuration management delivers business resiliency," The Yankee Group, Nov. 2002.
 
7
"Alterpoint," [Online]. Available: http://www.alterpoint.com/
8
Don Caldwell , Anna Gilbert , Joel Gottlieb , Albert Greenberg , Gisli Hjalmtysson , Jennifer Rexford, The cutting EDGE of IP router configuration, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004  [doi>10.1145/972374.972379]
9
Albert Greenberg , Gisli Hjalmtysson , David A. Maltz , Andy Myers , Jennifer Rexford , Geoffrey Xie , Hong Yan , Jibin Zhan , Hui Zhang, A clean slate 4D approach to network control and management, ACM SIGCOMM Computer Communication Review, v.35 n.5, October 2005  [doi>10.1145/1096536.1096541]
 
10
Martin Casado , Tal Garfinkel , Aditya Akella , Michael J. Freedman , Dan Boneh , Nick McKeown , Scott Shenker, SANE: a protection architecture for enterprise networks, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
 
11
T. Hinrichs, N. Gude, M. Casado, J. Mitchell, and S. Shenker, "Practical declarative network management," presented at the ACM Workshop: Res. Enterprise Netw., 2009.
12
Camil Demetrescu , Giuseppe F. Italiano, A new approach to dynamic all pairs shortest paths, Proceedings of the thirty-fifth annual ACM symposium on Theory of computing, June 09-11, 2003, San Diego, CA, USA  [doi>10.1145/780542.780567]
13
Leslie Lamport, The part-time parliament, ACM Transactions on Computer Systems (TOCS), v.16 n.2, p.133-169, May 1998  [doi>10.1145/279227.279229]
 
14
"NetFPGA," [Online]. Available: http://NetFPGA.org
 
15
"OpenWRT," [Online]. Available: http://openwrt.org/
 
16
"BerkeleyDB," [Online]. Available: http://www.oracle.com/database/ berkeley-db.html
 
17
A. Z. Broder and M. Mitzenmacher, "Using multiple hash functions to improve IP lookups," in Proc. IEEE INFOCOM, Apr. 2001, pp. 1454-1463.
 
18
R. J. Perlman, "Rbridges: Transparent routing," in Proc. INFOCOM, Mar. 2004, pp. 1211-1218.
 
19
A. Myers, E. Ng, and H. Zhang, "Rethinking the service model: Scaling Ethernet to a million nodes," presented at the HotNets, Nov. 2004.
 
20
J. Rexford, A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, G. Xie, J. Zhan, and H. Zhang, "Network-wide decision making: Toward a wafer-thin control plane," presented at the HotNets, Nov. 2004.
 
21
P. Newman, T. L. Lyon, and G. Minshall, "Flow labelled IP: A connectionless approach to ATM," in Proc. INFOCOM, 1996, vol. 3, pp. 1251-1260.
22
Sotiris Ioannidis , Angelos D. Keromytis , Steve M. Bellovin , Jonathan M. Smith, Implementing a distributed firewall, Proceedings of the 7th ACM conference on Computer and communications security, p.190-199, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.353052]
23
Martin Casado , Michael J. Freedman , Justin Pettit , Jianying Luo , Nick McKeown , Scott Shenker, Ethane: taking control of the enterprise, Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, August 27-31, 2007, Kyoto, Japan
 
24
"Microsoft Network Access Protection," [Online]. Available: http://www.microsoft.com/technet/network/nap/default.mspx
 
25
"Cisco Network Admission Control," [Online]. Available: http://www. cisco.com/
 
26
"Consentry," [Online]. Available: http://www.consentry.com/
 
27
"Identity Engines," [Online]. Available: http://www.idengines.com/

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)
      C.2.5 Local and Wide-Area Networks
          Subjects: Ethernet (e.g., CSMA/CD)
  C.4 PERFORMANCE OF SYSTEMS


General Terms:
Design, Management, Performance, Security


Keywords:
architecture, management, network, security


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player