Tina Wong holds a Ph.D. (2000) and M.S. (1998) in Computer Science from University of California at Berkeley, and a B.S. (1995) with distinction in Computer Science from University of Washington.
posted by Richard PowerCyLab Chronicles: What aspect of research would you like to highlight?
WONG: Network configuration. It is a well known fact that networks are difficult to manage and operate. Studies have demonstrated that operator errors are common and can be the root causes of 50% of failures in networks and computer systems. In particular, configuring a network is a complex and error-prone task. To configure a network, one needs to configure each router in the network separately. There can be hundreds of routers, each with thousands of configuration commands. A change in one router can potentially affect other routers, or even the whole network. Consequently, misconfigurations are common. Our work aims to improve the dependability, reliability and usability of router configuration.
CyLab Chronicles: What technology are you working on?
WONG: We (myself, Hyong Kim and PhD students) are working on several technologies that automatically simplify, document and verify router configurations.
I will highlight three of them here.
Simplification: As a network evolves, its router configuration become more difficult to understand, extend and debug. Patches are sometimes put into configuration files during firefighting to temporarily deal with a problem, and forgotten and left in place after the pressure of the situation is lifted. Old configurations that have been replaced can remain, just in case the new ones are not completely debugged, or to ensure the network continues to work if the transition is incomplete.
We are working on a system, called NetPiler that detects and reduces superfluous configurations while preserving the intended functions of the configurations (Ph.D. student Sihyung Lee). NetPiler can also be used to confirm intentional redundant configurations are indeed configured correctly. Currently, NetPiler is applied to routing policy configuration. It models routing policy configuration as a program flow graph. This graph represents the set of operations that are executed in the route filters and the order the operations are executed. It also represents the way a route propagates through the route filters in the network. Using this graph, NetPiler identifies two types of ineffective commands that are likely operator errors. The first type is ineffective predicates which do not match any routes. The second type is unreachable commands which are never executed. The program flow graph can also be used to do “what-if scenario” testing on pending changes to configuration.
Documentation Generation: Most networks do not document their routing policies. One of the reasons is that network operators change configurations surprisingly often. Routing policy changes fall into two categories: policy changes and small adjustments to resolve immediate problems. The lack of documentation leads to a number of network management problems.
Network operators know how the main routing policies for their networks are configured but usually cannot remember where and why they have applied small adjustments to the configurations. Every time they introduce routing policy changes or troubleshoot routing problems, they need to read the router configuration files and try to decode them. Personnel changes mean that configurations are edited by multiple engineers with different backgrounds and working styles.
More often than not, operators must extract the high-level intents from files that were written or modified by someone else. We are working on a system, called NetPolis that analyzes network-wide routing policy configurations to abstract high-level operator intents from low-level configuration commands (Ph.D. student Kiki Levanti). This abstraction serves as a form of automated documentation. Documentation for routing policy configurations is useful in many aspects. It validates that high-level intents are indeed configured correctly by low-level commands, assists in modifications, and introduces new engineering personnel to a network’s configuration in a systematic manner.
Verification: Several rule-based solutions have been proposed to deal with the router misconfiguration problem. All compare configurations with a list of constraints or common best practices that a network ought to follow to function correctly. This approach of rule-based analysis makes the assumptions that rules violations are misconfigurations, and is very effective in detecting certain type of clear-cut problems. However, what constitutes an error sometimes depends on the network – what is an error for one network can be common practice for another.
One study looked at configuration files from 31 networks, and concluded each network is so different from another that it is not possible to classify them. We are working on a system, called Minerals that applies data mining on router configuration files across a network to infer local, network-specific policies and detect potential errors that deviate from the inferred policies (Ph.D. student Sihyung Lee). Minerals uses association mining to find patterns of correlation between elements in router configurations across a network – outliers to the discovered patterns are potential misconfigurations.
The underlying assumptions are: there exists common configurations across routers, and the number of properly configured functions is large when compared to the number of their misconfigured counterparts. The obvious drawback of these assumptions is that non-conforming configurations can be classified as errors. To handle this drawback, we are working on incorporating time-series data – that is, historical configurations of a network over time – to train and to improve accuracy of our Minerals.
CyLab Chronicles: What are the unique attributes of your work?
WONG: Many researchers have tackled the router configuration problem using “clean-slate” approaches. Proposals include general network architectures, architectures that aim to specifically ease network management and control, policy-based management framework, and configuration and policy languages. While laudable, “clean-slate” approaches are at least several years away from deployment. Router vendors have little incentives to redesign their software and hardware systems and network operators are reluctant to invest time to learn new configuration languages. One unique attribute of our work is we focus on legacy networks – production networks with deployed routers from vendors such as Cisco and Juniper. Our technology works directly on current router configurations.
CyLab Chronicles: What problem(s) does your work address?
WONG: Misconfigurations have serious financial, security and performance implications. An ISP can be unintentionally providing free transit services if its export routing policies are incorrectly configured. In December 2004, misconfigurations in the routers at Turkish Telecom resulted in the hijacking of 100K+ prefixes, leading to misdirected or lost traffic for tens of thousands of networks. Recently, Pakistan Telecom brought down the popular YouTube website for several hours by hijacking YouTube’s prefixes – Pakistan Telecom claimed it was a misconfiguration on its routers. An enterprise network can be infiltrated if there are errors in its firewalls. Sometimes, misconfigurations are actually insider attacks. Moreever, as a network evolves, its router configurations become difficult to comprehend, extend and debug – creating more room for errors. Our work aims to help network operators to avoid these misconfigurations by simplifying, documenting and verifying router configuration.
CyLab Chronicles: What are the commercial implications of your work?
WONG: We have formed strategic partnerships with a number of production networks, including service providers in the U.S. and Europe, as well as university networks. We have applied our technology on the router configurations from these networks. Our verification data mining technique is able to detect misconfigurations in these networks that have security and financial implications. Our reduction technique is able to simplify the routing policy configuration of one network by 70%. Our abstraction technique is able to generate compact documentation, confirmed by the operators to be accurate, for the routing policy configuration of another network. Our work benefits networks now. Technology transfer is happening right away, not a distant possibility.
See all CyLab Chronicles articles