Theophilus Benson, Aditya Akella, and David A. Maltz
Few studies so far have examined the nature of reachability policies
in enterprise networks. A better understanding of reachability
policies could both inform future approaches to network design as
well as current network configuration mechanisms. In this paper, we
introduce the notion of a policy unit, which is an abstract representation
of how the policies implemented in a network apply to different
network hosts. We develop an approach for reverse-engineering a
network’s policy units from its router configuration. We apply this
approach to the configurations of five productions networks, including
three university and two private enterprises. Through our empirical
study, we validate that policy units capture useful characteristics
of a network’s policy. We also obtain insights into the nature of the
policies implemented in modern enterprises. For example, we find
most hosts in these networks are subject to nearly identical reachability
policies at Layer 3.
In Internet Measurement Conference
Publisher Association for Computing Machinery, Inc.
Copyright © 2009 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or email@example.com. The definitive version of this paper can be found at ACM’s Digital Library --http://www.acm.org/dl/.