| | |
Summary: Mining Policies From Enterprise Network Configuration
Theophilus Benson
, Aditya Akella
and David A. Maltz
University of Wisconsin, Madison and
Microsoft Research
{tbenson,akella}@cs.wisc.edu, dmaltz@microsoft.com
ABSTRACT
Few studies so far have examined the nature of reachability poli-
cies in enterprise networks. A better understanding of reachability
policies could both inform future approaches to network design as
well as current network configuration mechanisms. In this paper, we
introduce the notion of a policy unit, which is an abstract representa-
tion of how the policies implemented in a network apply to different
network hosts. We develop an approach for reverse-engineering a
network's policy units from its router configuration. We apply this
approach to the configurations of five productions networks, includ-
ing three university and two private enterprises. Through our empir-
ical study, we validate that policy units capture useful characteristics
|
