Reducing complexity of large-scale network configuration management

The configuration of large-scale networks is known to be difficult and error-prone. It is a low-level device-specific task and has to deal with subtle dependencies between multiple devices across a network. Network misconfiguration is a key cause of network disruptions and may also lead to security problems in networks. The complexity of network configuration is rapidly increasing as configurations change over time as a result, there are more human errors that greatly degrade the connectivity of networks and increase management costs.We implement the four network management modules and evaluate their effectiveness with configurations from four production networks. The Verification module discovers more than a hundred errors that are confirmed and corrected by the network administrators. Some of these misconfigurations can result in loss of connectivity, access to protected networks, and financial implications by providing free transit services. The Simplification module reduces up to 70% of commands related to routing policies. We also go over a few reduction types and show that such simplification does improve the manageability of the configuration. The Correlation/Visualization module decreases operation and service deployment time from hours to minutes and increased its accuracy from 70% to nearly 100%. The Classification module identifies configurations that impact route advertisements to more than 100 peers. This module also finds routing sessions that result in more than 100 GB of loss within a few seconds if not properly protected.We believe that our systems significantly improve accuracy and reduce time of network configuration. The proposed ideas can benefit many different types of networks, especially in large installations, such as service provider networks, enterprise networks, data-center networks, and power grids.To reduce the complexity of network configuration, we propose four network management modules: Verification, Simplification, Correlation/Visualization, and Classification. The Verification module consists of a complete configuration model and an automatic policy inference system. Using the model and the policy inference system, the Verification module evaluates a variety of network-wide policies, both within a single technology and across multiple technologies (e.g., packet filtering and routing policies). The Simplification module streamlines policies in a configuration so that the configurations are easier to understand and update in this manner, it demonstrates the potential for improving comprehensibility of network configurations. The Correlation/Visualization module visualizes high-level, intended policies by correlating low-level configurations. This module helps operators to understand distributed low-level configurations more quickly and accurately. Finally, the Classification module identifies critical elements in a network. This identification allows operators to focus their time on higher-priority problems, thus reducing the complexity of network management.