Ethane

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

Ethane: taking control of the enterprise

Full text

Pdf (675 KB)

Source

ACM SIGCOMM Computer Communication Review archive
Volume 37 , Issue 4 (October 2007) table of contents

SESSION: Enterprise networks table of contents

Pages: 1 - 12

Year of Publication: 2007

ISSN:0146-4833

Also published in ...

Authors

Martin Casado	Stanford University, Stanford, CA
Michael J. Freedman	Stanford University, Stanford, CA
Justin Pettit	Stanford University, Stanford, CA
Jianying Luo	Stanford University, Stanford, CA
Nick McKeown	Stanford University, Stanford, CA
Scott Shenker	UC Berkeley, Berkeley, CA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 19, Downloads (12 Months): 183, Citation Count: 24

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1282427.1282382 What is a DOI?

Warning: The download time has expired please click on the item to try again.

ABSTRACT

This paper presents Ethane, a new network architecture for the enterprise. Ethane allows managers to define a single network-wide fine-grain policy, and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a centralized controller that manages the admittance and routing of flows. While radical, this design is backwards-compatible with existing hosts and switches.

We have implemented Ethane in both hardware and software, supporting both wired and wireless hosts. Our operational Ethane network has supported over 300 hosts for the past four months in a large university network, and this deployment experience has significantly affected Ethane's design.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Alterpoint. http://www.alterpoint.com/.
	2	BerkeleyDB. http://www.oracle.com/database/berkeley-db.html.
	3	Cisco network admission control. http://www.cisco.com/.
	4	Consentry. http://www.consentry.com/.
	5	Identity engines. http://www.idengines.com/.
	6	Microsoft network access protection. http://www.microsoft.com/technet/network/nap/default.mspx.
	7	Netfpga home page. http://NetFPGA.org.
	8	Openwrt home page. http://openwrt.org/.
	9	A. Z. Broder and M. Mitzenmacher. Using multiple hash functions to improve ip lookups. In Proc. INFOCOM, Apr. 2001.
	10	Don Caldwell , Anna Gilbert , Joel Gottlieb , Albert Greenberg , Gisli Hjalmtysson , Jennifer Rexford, The cutting EDGE of IP router configuration, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004 [doi>10.1145/972374.972379]
	11	Don Caldwell , Anna Gilbert , Joel Gottlieb , Albert Greenberg , Gisli Hjalmtysson , Jennifer Rexford, The cutting EDGE of IP router configuration, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004 [doi>10.1145/972374.972379]
	12	Martin Casado , Tal Garfinkel , Aditya Akella , Michael J. Freedman , Dan Boneh , Nick McKeown , Scott Shenker, SANE: a protection architecture for enterprise networks, Proceedings of the 15th conference on USENIX Security Symposium, p.10-10, July 31-August 04, 2006, Vancouver, B.C., Canada
	13	Camil Demetrescu , Giuseppe F. Italiano, A new approach to dynamic all pairs shortest paths, Proceedings of the thirty-fifth annual ACM symposium on Theory of computing, June 09-11, 2003, San Diego, CA, USA [doi>10.1145/780542.780567]
	14	Albert Greenberg , Gisli Hjalmtysson , David A. Maltz , Andy Myers , Jennifer Rexford , Geoffrey Xie , Hong Yan , Jibin Zhan , Hui Zhang, A clean slate 4D approach to network control and management, ACM SIGCOMM Computer Communication Review, v.35 n.5, October 2005 [doi>10.1145/1096536.1096541]
	15	Sotiris Ioannidis , Angelos D. Keromytis , Steve M. Bellovin , Jonathan M. Smith, Implementing a distributed firewall, Proceedings of the 7th ACM conference on Computer and communications security, p.190-199, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.353052]
	16	Z. Kerravala. Configuration management delivers business resiliency. The Yankee Group, Nov. 2002.
	17	A. Myers, E. Ng, and H. Zhang. Rethinking the service model: Scaling ethernet to a million nodes. In Proc. HotNets, Nov. 2004.
	18	P. Newman, T. L. Lyon, and G. Minshall. Flow labelled IP: A connectionless approach to ATM. In INFOCOM (3), 1996.
	19	R. Pang, M. Allman, M. Bennett, J. Lee, V. Paxson, and B. Tierney. A first look at modern enterprise traffic. In Proc. Internet Measurement Conference, Oct. 2005.
	20	R. J. Perlman. Rbridges: Transparent routing. In Proc. INFOCOM, Mar. 2004.
	21	J. Rexford, A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, G. Xie, J. Zhan, and H. Zhang. Network-wide decision making: Toward a wafer-thin control plane. In Proc. HotNets, Nov. 2004.
	22	Timothy Roscoe , Steve Hand , Rebecca Isaacs , Richard Mortier , Paul Jardetzky, Predicate routing: enabling controlled networking, ACM SIGCOMM Computer Communication Review, v.33 n.1, p.65-70, January 2003 [doi>10.1145/774763.774773]
	23	A. Wool. The use and usability of direction-based filtering in firewalls. Computers & Security, 26(6):459--468, 2004.
	24	A Quantitative Study of Firewall Configuration Errors, Computer, v.37 n.6, p.62-67, June 2004 [doi>10.1109/MC.2004.2]
	25	David A. Maltz , Geoffrey Xie , Jibin Zhan , Hui Zhang , Gísli Hjálmtýsson , Albert Greenberg, Routing design in operational networks: a look from the inside, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA

CITED BY 24

	Dilip A. Joseph , Arsalan Tavakoli , Ion Stoica, A policy-aware switching layer for data centers, ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
	Natasha Gude , Teemu Koponen , Justin Pettit , Ben Pfaff , Martín Casado , Nick McKeown , Scott Shenker, NOX: towards an operating system for networks, ACM SIGCOMM Computer Communication Review, v.38 n.3, July 2008
	Manigandan Radhakrishnan , Jon A. Solworth, NetAuth: supporting user-based network services, Proceedings of the 17th conference on Security symposium, p.227-241, July 28-August 01, 2008, San Jose, CA
	Qi Liao , Andrew Blaich , Aaron Striegel , Douglas Thain, ENAVis: enterprise network activities visualization, Proceedings of the 22nd conference on Large installation system administration conference, p.59-74, November 09-14, 2008, San Diego, California
	Nick McKeown , Tom Anderson , Hari Balakrishnan , Guru Parulkar , Larry Peterson , Jennifer Rexford , Scott Shenker , Jonathan Turner, OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Computer Communication Review, v.38 n.2, April 2008
	Sandeep Sarat , Andreas Terzis, On the detection and origin identification of mobile worms, Proceedings of the 2007 ACM workshop on Recurring malcode, November 02-02, 2007, Alexandria, Virginia, USA
	Albert Greenberg , Parantap Lahiri , David A. Maltz , Parveen Patel , Sudipta Sengupta, Towards a next generation data center architecture: scalability and commoditization, Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow, August 22-22, 2008, Seattle, WA, USA
	Hideyuki Shimonishi , Takashi Yoshikawa , Atsushi Iwata, Off-the-path flow handling mechanism forhigh-speed and programmable traffic management, Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow, August 22-22, 2008, Seattle, WA, USA
	Thomas Karagiannis , Richard Mortier , Antony Rowstron, Network exception handlers: host-network control in enterprise networks, ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
	Jad Naous , David Erickson , G. Adam Covington , Guido Appenzeller , Nick McKeown, Implementing an OpenFlow switch on the NetFPGA platform, Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, November 06-07, 2008, San Jose, California
	Adam Greenhalgh , Felipe Huici , Mickael Hoerdt , Panagiotis Papadimitriou , Mark Handley , Laurent Mathy, Flow processing and the rise of commodity network hardware, ACM SIGCOMM Computer Communication Review, v.39 n.2, April 2009
	Theophilus Benson , Aditya Akella , David Maltz, Unraveling the complexity of network management, Proceedings of the 6th USENIX symposium on Networked systems design and implementation, p.335-348, April 22-24, 2009, Boston, Massachusetts
	Martín Casado , Michael J. Freedman , Justin Pettit , Jianying Luo , Natasha Gude , Nick McKeown , Scott Shenker, Rethinking enterprise network control, IEEE/ACM Transactions on Networking (TON), v.17 n.4, p.1270-1283, August 2009
	Katerina Argyraki , David R. Cheriton, Scalable network-layer defense against internet bandwidth-flooding attacks, IEEE/ACM Transactions on Networking (TON), v.17 n.4, p.1284-1297, August 2009
	Lorenzo De Carli , Yi Pan , Amit Kumar , Cristian Estan , Karthikeyan Sankaralingam, PLUG: flexible lookup modules for rapid deployment of new protocols in high-speed routers, ACM SIGCOMM Computer Communication Review, v.39 n.4, October 2009
	Sihyung Lee , Tina Wong , Hyong S. Kim, NetPiler: detection of ineffective router configurations, IEEE Journal on Selected Areas in Communications, v.27 n.3, p.291-301, April 2009
	Fang Hao , T. V. Lakshman , Sarit Mukherjee , Haoyu Song, Enhancing dynamic cloud-based services using network virtualization, Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures, August 17-17, 2009, Barcelona, Spain
	Jad Naous , Ryan Stutsman , David Mazieres , Nick McKeown , Nickolai Zeldovich, Delegating network security with more information, Proceedings of the 1st ACM workshop on Research on enterprise networking, August 21-21, 2009, Barcelona, Spain
	Minlan Yu , Jennifer Rexford, Hash, don't cache: fast packet forwarding for enterprise edge routers, Proceedings of the 1st ACM workshop on Research on enterprise networking, August 21-21, 2009, Barcelona, Spain
	Ran Giladi , Niv Yemini, A programmable, generic forwarding element approach for dynamic network functionality, Proceedings of the 2nd ACM SIGCOMM workshop on Programmable routers for extensible services of tomorrow, August 21-21, 2009, Barcelona, Spain
	Timothy L. Hinrichs , Natasha S. Gude , Martin Casado , John C. Mitchell , Scott Shenker, Practical declarative network management, Proceedings of the 1st ACM workshop on Research on enterprise networking, August 21-21, 2009, Barcelona, Spain
	Hang Zhao , Chi-Kin Chau , Steven M. Bellovin, ROFL: routing as the firewall layer, Proceedings of the 2008 workshop on New security paradigms, September 22-25, 2008, Lake Tahoe, California, USA
	Ankur Kumar Nayak , Alex Reimers , Nick Feamster , Russ Clark, Resonance: dynamic access control for enterprise networks, Proceedings of the 1st ACM workshop on Research on enterprise networking, August 21-21, 2009, Barcelona, Spain
	Theophilus Benson , Aditya Akella , David A. Maltz, Mining policies from enterprise network configuration, Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, November 04-06, 2009, Chicago, Illinois, USA