![Page 1: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/1.jpg)
The Evolution of Network Configuration:A Tale of Two Campuses
Hyojoon Kim†, Theophilus Benson‡
Aditya Akella‡, Nick Feamster†
†Georgia Tech
‡University of Wisconsin, Madison
1
![Page 2: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/2.jpg)
What is Network Configuration?
• Collection of configuration files
• Express network policy
• Determines the overallnetwork behavior
2
![Page 3: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/3.jpg)
The Network State Changes
• Topology change
• Policy change
Configuration change
3
How does network configuration change over time?
Growth of firewalls in Georgia Tech
![Page 4: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/4.jpg)
Configuration Changes
4
Georgia TechNetwork Devices
Number of line changes
Routers 326,458Firewalls 539,171Switches 353,420
Total 1,219,049
Line changes in the past 5 years
What are causing the changes?
Where are the changes happening?
Is there a noticeable pattern?
![Page 5: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/5.jpg)
Our Contribution
• Examine change patterns over time
• Look at many different types of devices
• Provide better understanding– Help develop better configuration tools• e.g., Change recommendations, feedbacks
– Reduce misconfigurations
5
![Page 6: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/6.jpg)
Our Data
• Configuration data from two campus networks–5 years of accumulated configuration files
• Tools– CVS– RANCID (Really Awesome New Cisco confIg Differ)
6
![Page 7: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/7.jpg)
Collecting Configuration Files
7
Pull configuration
CVS Server
CVS commit
…
RANCID
Remote login(telnet, ssh)
![Page 8: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/8.jpg)
Revision Control on Configuration Files
• When is the change?
• What changed?
• Regenerate eachrevision
8
... 1.51log@Fri Feb 5 15:04:28 EST 2010@text@a141 1 port-object range bootps bootpca160 4object-group service 12-123-12-13-any-udp udp port-object range bootps bootpcobject-group service 12-123-12-14-any-udp udp port-object range bootps bootpcd173 16a188 9object-group service 13-14-15-16-any-udp udp port-object range bootps bootpcobject-group service 14-15-16-17-any-udp udp...
RCS Format
![Page 9: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/9.jpg)
Our Approach
9
Data(RCS)
Revisions
SnapshotAnalysis
Change Analysis
LongitudinalAnalysis
CorrelationAnalysis
Group simultaneouschanges
Take latest snapshot
Compare revisions
Sort revisions by time
![Page 10: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/10.jpg)
Classifying Configuration lines
10
logging buffered 1024000enable secret [deleted]username [deleted]aaa new-model…Interface Port-channel1 description WiSM-A virtual channel switchport trunk encapsulation dot1q switchport trunk allowed vlan 316,805,807-809,816,1296,1312 switchport mode trunk…router ospf xxxx router-id x.x.x.x…ip access-list extended access-vty-in permit tcp x.x.0.0 0.0.255.255 any range 22 telnet log-input permit tcp x.x.0.0 0.0.255.255 any range 22 telnet log-input…
Management
Layer 1
Layer 2
VLAN
Layer 3
ACL
Security
Control Filter
QoS
![Page 11: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/11.jpg)
Overview of Results
• Routers are multi-functional – Univ. of Wisc: Layer 3 changes are 30% of total changes– Georgia Tech: Layer 3 changes are 5% of the total changes
• Firewall changes are concentrated on ACL– Around 87% of the total changes– Steep increase in the access control list lines
• Switches are about providing connectivity– Port-centric changes
11
![Page 12: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/12.jpg)
Change Analysis on Routers
12
Number of line changes in all routers over 5 years - GT
Static ARP
78%
![Page 13: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/13.jpg)
Change Analysis on Firewalls
13
Number of changes in all Georgia Tech firewalls over 5 years
Access Control
87%
![Page 14: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/14.jpg)
Longitudinal Analysis on Firewalls
14
Change in number of Lines in all Georgia Tech firewalls
Change in number of firewallsin Georgia Tech
![Page 15: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/15.jpg)
Change Analysis on Switches
15
Number of line changes in all switches in Univ. of Wisconsin
snmp trap
![Page 16: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/16.jpg)
Correlation Analysis on Switches
16
Univ. of Wisconsin SwitchesCorrelated changes %
ACL, L1 24%L1, VLAN 11%
L1, L2, MGT 11%MGT, L1 10%
VLAN, MGT 9%
![Page 17: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/17.jpg)
Conclusion
• Study on how network configuration changes over time
• Reveal interesting characteristics about network changes– Magnitude and frequency of changes– Causes of changes
17
![Page 18: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/18.jpg)
Conclusion
• Provide better understanding
• Improve current methods of configuring and managing network devices– Change recommendations– Reduce misconfigurations– More automation
18
![Page 19: The Evolution of Network Configuration: A Tale of Two Campuses Hyojoon Kim †, Theophilus Benson ‡ Aditya Akella ‡, Nick Feamster † † Georgia Tech ‡ University](https://reader036.vdocuments.site/reader036/viewer/2022081516/56649ee65503460f94bf7080/html5/thumbnails/19.jpg)
Georgia Tech Network
19
Routers Firewalls Switches Total
16 365 716 1,097