Yu-Wei Eric Sung

Cloudward bound: planning for beneficial migration of enterprise applications to the cloud

In this paper, we tackle challenges in migrating enterprise services into hybrid cloud-based deployments, where enterprise operations are partly hosted on-premise and partly in the cloud. Such hybrid architectures enable enterprises to benefit from cloud-based architectures, while honoring application performance requirements, and privacy restrictions on what services may be migrated to the cloud. We make several contributions. First, we highlight the complexity inherent in enterprise applications today in terms of their multi-tiered nature, large number of application components, and interdependencies. Second, we have developed a model to explore the benefits of a hybrid migration approach. Our model takes into account enterprise-specific constraints, cost savings, and increased transaction delays and wide-area communication costs that may result from the migration. Evaluations based on real enterprise applications and Azure-based cloud deployments show the benefits of a hybrid migration approach, and the importance of planning which components to migrate. Third, we shed insight on security policies associated with enterprise applications in data centers. We articulate the importance of ensuring assurable reconfiguration of security policies as enterprise applications are migrated to the cloud. We present algorithms to achieve this goal, and demonstrate their efficacy on realistic migration scenarios.

Enabling contribution awareness in an overlay broadcasting system

We consider the design of bandwidth-demanding broadcasting applications using overlays in environments characterized by hosts with limited and asymmetric bandwidth, and significant heterogeneity in outgoing bandwidth. Such environments are critical to consider to extend the applicability of overlay multicast to mainstream Internet environments where insufficient bandwidth exists to support all hosts, but have not received adequate attention from the research community. We leverage the multi-tree framework and design heuristics to enable it to consider host contribution and operate in bandwidth-scarce environments. Our extensions seek to simultaneously achieve good utilization of system resources, performance to hosts commensurate to their contributions, and consistent performance. We have implemented the system and conducted an Internet evaluation on Planet-Lab using real traces from previous operational deployments of an overlay broadcasting system. Our results indicate for these traces, our heuristics can improve the performance of high contributors by 10-240% and facilitate equitable bandwidth distribution among hosts with similar contributions.

Configuration management at massive scale: system design and experience

The development and maintenance of network device configurations is one of the central challenges faced by large network providers. Current network management systems fail to meet this challenge primarily because of their inability to adapt to rapidly evolving customer and provider-network needs, and because of mismatches between the conceptual models of the tools and the services they must support. In this paper, we present the Presto configuration management system that attempts to address these failings in a comprehensive and flexible way. Developed for and used during the last 5 years within a large ISP network, Presto constructs device-native configurations based on the composition of configlets representing different services or service options. Configlets are compiled by extracting and manipulating data from external systems as directed by the Presto configuration scripting and template language. We outline the configuration management needs of large-scale network providers, introduce the PRESTO system and configuration language, and reflect upon our experiences developing PRESTO configured VPN and VoIP services. In doing so, we describe how PRESTO promotes healthy configuration management practices.

Modeling and understanding end-to-end class of service policies in operational networks

Business and economic considerations are driving the extensive use of service differentiation in Virtual Private Networks (VPNs) operated for business enterprises today. The resulting Class of Service (CoS) designs embed complex policy decisions based on the described priorities of various applications, extent of bandwidth availability, and cost considerations. These inherently complex high-level policies are realized through low-level router configurations. The configuration process is tedious and error-prone given the highly intertwined nature of CoS configuration, the multiple router configurations over which the policies are instantiated, and the complex access control lists (ACLs) involved. Our contributions include (i) a formal approach to modeling CoS policies from router configuration files in a precise manner; (ii) a practical and computationally efficient tool that can determine the CoS treatment received by an arbitrary set of flows across multiple routers; and (iii) a validation of our approach in enabling applications such as troubleshooting, auditing, and visualization of network-wide CoS design, using router configuration data from a cross-section of 150 diverse enterprise VPNs. To our knowledge, this is the first effort aimed at modeling and analyzing CoS configurations.

Towards systematic design of enterprise networks

Enterprise networks are important, with size and complexity even surpassing carrier networks. Yet, the design of enterprise networks remains ad hoc and poorly understood. In this paper, we show how a systematic design approach can handle two key areas of enterprise design: virtual local area networks (VLANs) and reachability control. We focus on these tasks given their complexity, prevalence, and time-consuming nature. Our contributions are threefold. First, we show how these design tasks may be formulated in terms of network-wide performance, security, and resilience requirements. Our formulations capture the correctness and feasibility constraints on the design, and they model each task as one of optimizing desired criteria subject to the constraints. The optimization criteria may further be customized to meet operator-preferred design strategies. Second, we develop a set of algorithms to solve the problems that we formulate. Third, we demonstrate the feasibility and value of our systematic design approach through validation on a large-scale campus network with hundreds of routers and VLANs.

A Systematic Approach for Evolving VLAN Designs

Enterprise networks are large and complex, and their designs must be frequently altered to adapt to changing organizational needs. The process of redesigning and reconfiguring enterprise networks is ad-hoc and error-prone, and configuration errors could cause serious issues such as network outages. In this paper, we take a step towards systematic evolution of network designs in the context of virtual local area networks (VLANs). We focus on VLANs given their importance and prevalence, the frequent need to change VLAN designs, and the time-consuming and error-prone process of making changes. We present algorithms for common design tasks encountered in evolving VLANs such as deciding which VLAN a new host must be assigned to. Our algorithms trade off multiple criteria such as broadcast traffic costs, and costs associated with maintaining spanning trees for each VLAN in the network, while honoring correctness and feasibility constraints on the design. Our algorithms also enable automatic detection of network-wide dependencies which must be factored when reconfiguring VLANs. We evaluate our algorithms on longitudinal snapshots of configuration files of a large-scale operational campus network obtained over a two year period. Our results show that our algorithms can produce significantly better designs than current practice, while avoiding errors and minimizing human work. Our unique data-sets also enable us to characterize VLAN related change activity in real networks, an important contribution in its own right.

Extracting Network-Wide Correlated Changes from Longitudinal Configuration Data

IP network operators face the challenge of making and managing router configuration changes to serve rapidly evolving user and organizational needs. Changes are expressed in low-level languages, and often impact multiple parts of a configuration file and multiple routers. These dependencies make configuration changes difficult for operators to reason about, detect problems in, and troubleshoot. In this paper, we present a methodology to extract network-wide correlations of changes. From longitudinal snapshots of low-level router configuration data, our methodology identifies syntactic configuration blocks that changed, applies data mining techniques to extract correlated changes, and highlights changes of interest via operator feedback. Employing our methodology, we analyze an 11-month archive of router configuration data from 5 different large-scale enterprise Virtual Private Networks (VPNs). Our study shows that our techniques effectively extract correlated configuration changes, within and across individual routers, and shed light on the prevalence and causes of system-wide and intertwined change operations. A deeper understanding of correlated changes has potential applications in the design of an auditing system that can help operators proactively detect errors during change management. To demonstrate this, we conduct an initial study analyzing the prevalence and causes of anomalies in system-wide changes.

A toolkit for automating and visualizing VLAN configuration

Virtual Local Area Networks (VLANs) are extensively used in enterprise networks. However, their configuration remains an ad-hoc, complex and error-prone process today. We believe that to eliminate these difficulties, there is need for automation tools, and also need for visualization tools. In this paper, we report on our experience building a VLAN management toolkit, which automates and visualizes common VLAN configuration tasks. We begin by describing common misconfigurations, and their impact on network performance and security. We next present a set of algorithms that automate the VLAN configuration tasks. These algorithms form the back end of the toolkit. The front end of the toolkit consists of an interactive graphical user interface which provides visualization of VLAN operations at multiple granularities, and can be accessed remotely from a web browser. We are in the process of deploying the toolkit at a large campus network which has thousands of switches, and around 800 VLANs. Our initial operational experience shows that the toolkit is effective in both automating configuration tasks, and identifying common misconfigurations. In particular, we have found that (i) more than 40% of the VLANs in the network have redundant links that may lead to security and performance issues. (ii) more than 30% of the VLANs in the network have missing links which may result in connectivity issues and (iii) the root-bridge placements of more than 30% of the VLANs are not optimum, which again may result in performance issues. We believe these insights highlight the benefit and importance of such a toolkit.

Enabling Contribution Awareness in an Overlay Broadcasting System

We consider the design of bandwidth-demanding broadcasting applications using overlays in environments characterized by hosts with limited and asymmetric bandwidth, and significant heterogeneity in upload bandwidth. Such environments are critical to consider to extend the applicability of overlay multicast to mainstream Internet environments where insufficient bandwidth exists to support all hosts, but have not received adequate attention from the research community. We leverage the multitree framework and design heuristics to enable it to consider host contribution and operate in bandwidth-scarce environments. Our extensions seek to simultaneously achieve good utilization of system resources, performance to hosts commensurate to their contributions, and consistent performance. We have implemented the system and conducted an Internet evaluation on PlanetLab using real traces from previous operational deployments of an overlay broadcasting system. Our results indicate for these traces, our heuristics can improve the performance of high contributors by 10-240% and facilitate equitable bandwidth distribution among hosts with similar contributions.