ABSTRACT
This paper presents Ethane, a new network architecture for the enterprise. Ethane allows managers to define a single network-wide fine-grain policy, and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a centralized controller that manages the admittance and routing of flows. While radical, this design is backwards-compatible with existing hosts and switches.
We have implemented Ethane in both hardware and software, supporting both wired and wireless hosts. Our operational Ethane network has supported over 300 hosts for the past four months in a large university network, and this deployment experience has significantly affected Ethane's design.
- Alterpoint. http://www.alterpoint.com/.Google Scholar
- BerkeleyDB. http://www.oracle.com/database/berkeley-db.html.Google Scholar
- Cisco network admission control. http://www.cisco.com/.Google Scholar
- Consentry. http://www.consentry.com/.Google Scholar
- Identity engines. http://www.idengines.com/.Google Scholar
- Microsoft network access protection. http://www.microsoft.com/technet/network/nap/default.mspx.Google Scholar
- Netfpga home page. http://NetFPGA.org.Google Scholar
- Openwrt home page. http://openwrt.org/.Google Scholar
- A. Z. Broder and M. Mitzenmacher. Using multiple hash functions to improve ip lookups. In Proc. INFOCOM, Apr. 2001.Google ScholarCross Ref
- D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford. The cutting edge of ip router configuration. SIGCOMM Computer Comm. Rev., 2004. Google ScholarDigital Library
- D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford. The cutting edge of ip router configuration. SIGCOMM Computer Comm. Rev., 34(1):21--26, 2004. Google ScholarDigital Library
- M. Casado, T. Garfinkel, A. Akella, M. J. Freedman, D. Boneh, N. McKeown, and S. Shenker. SANE: A protection architecture for enterprise networks. In USENIX Security Symposium, Aug. 2006. Google ScholarDigital Library
- C. Demetrescu and G. Italiano. A new approach to dynamic all pairs shortest paths. In Proc. STOC'03, 2003. Google ScholarDigital Library
- A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, J. Rexford, G. Xie, H. Yan, J. Zhan, and H. Zhang. A clean slate 4D approach to network control and management. In SIGCOMM Computer Comm. Rev., Oct. 2005. Google ScholarDigital Library
- S. Ioannidis, A. D. Keromytis, S. M. Bellovin, and J. M. Smith. Implementing a distributed firewall. In ACM Conference on Computer and Communications Security, pages 190--199, 2000. Google ScholarDigital Library
- Z. Kerravala. Configuration management delivers business resiliency. The Yankee Group, Nov. 2002.Google Scholar
- A. Myers, E. Ng, and H. Zhang. Rethinking the service model: Scaling ethernet to a million nodes. In Proc. HotNets, Nov. 2004.Google Scholar
- P. Newman, T. L. Lyon, and G. Minshall. Flow labelled IP: A connectionless approach to ATM. In INFOCOM (3), 1996. Google ScholarDigital Library
- R. Pang, M. Allman, M. Bennett, J. Lee, V. Paxson, and B. Tierney. A first look at modern enterprise traffic. In Proc. Internet Measurement Conference, Oct. 2005. Google ScholarDigital Library
- R. J. Perlman. Rbridges: Transparent routing. In Proc. INFOCOM, Mar. 2004.Google Scholar
- J. Rexford, A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, G. Xie, J. Zhan, and H. Zhang. Network-wide decision making: Toward a wafer-thin control plane. In Proc. HotNets, Nov. 2004.Google Scholar
- T. Roscoe, S. Hand, R. Isaacs, R. Mortier, and P. Jardetzky. Predicate routing: Enabling controlled networking. SIGCOMM Computer Comm. Rev., 33(1), 2003. Google ScholarDigital Library
- A. Wool. The use and usability of direction-based filtering in firewalls. Computers & Security, 26(6):459--468, 2004.Google ScholarDigital Library
- A. Wool. A quantitative study of firewall configuration errors. IEEE Computer, 37(6):62--67, 2004. Google ScholarDigital Library
- G. Xie, J. Zhan, D. A. Maltz, H. Zhang, A. Greenberg, and G. Hjalmtysson. Routing design in operational networks: A look from the inside. In Proc. SIGCOMM, Sept. 2004. Google ScholarDigital Library
Index Terms
- Ethane: taking control of the enterprise
Recommendations
Ethane: taking control of the enterprise
This paper presents Ethane, a new network architecture for the enterprise. Ethane allows managers to define a single network-wide fine-grain policy, and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a ...
Rethinking enterprise network control
This paper presents Ethane, a new network architecture for the enterprise. Ethane allows managers to define a single network-wide fine-grain policy and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a ...
Practical declarative network management
WREN '09: Proceedings of the 1st ACM workshop on Research on enterprise networkingWe present Flow-based Management Language (FML), a declarative policy language for managing the configuration of enterprise networks. FML was designed to replace the many disparate configuration mechanisms traditionally used to enforce policies within ...
Comments