Configuration management at massive scale: System design and experience

Pennsylvania State Univ., University Park, PA
IEEE Journal on Selected Areas in Communications (Impact Factor: 3.45). 05/2009; 27(3):323 - 335. DOI: 10.1109/JSAC.2009.090408
Source: DBLP


The development and maintenance of network device configurations is one of the central challenges faced by large network providers. Current network management systems fail to meet this challenge primarily because of their inability to adapt to rapidly evolving customer and provider-network needs, and because of mismatches between the conceptual models of the tools and the services they must support. In this paper, we present the Presto configuration management system that attempts to address these failings in a comprehensive and flexible way. Developed for and used during the last 5 years within a large ISP network, Presto constructs device-native configurations based on the composition of configlets representing different services or service options. Configlets are compiled by extracting and manipulating data from external systems as directed by the Presto configuration scripting and template language. We outline the configuration management needs of large-scale network providers, introduce the PRESTO system and configuration language, and reflect upon our experiences developing PRESTO configured VPN and VoIP services. In doing so, we describe how PRESTO promotes healthy configuration management practices.

Download full-text


Available from: Albert G. Greenberg, Feb 13, 2015
  • Source
    • "Gottlieb et al. [26] carried forward the template-driven approaches for ISPs to configure connections to new BGP-speaking customers automatically. Enck et al. [27] proposed a system called PRESTO, which can construct devicenative configurations based on the composition of function templates . They also presented the experience of configuring VPN and VoIP services. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Unraveling the characteristics of configurations can offer deep insights into networks. There are many analyses of IPv4 configurations, while few works are focusing on configurations of IPv6. In this paper, we conduct a first-ever study on IPv6 configurations based on the configuration snapshots of a pure IPv6 network - CERNET2 and a dual-stack network - Internet2. We find that configuration commands of IPv6 are a bit more complicated than IPv4 because of the complexity of IPv6 addresses. Configuration command lines of IPv6 are less abundant than IPv4, attributing to the smaller network scale of IPv6 compared with IPv4. Configurations of IPv6 are less complicated than IPv4 in views of referential dependence, but present a higher growth rate than IPv4, which is caused by fast development of IPv6. More importantly, we propose a framework for network configuration recommendation (FNCR) for the studied networks according to our analysis methods and results. Overall, although IPv6 is smaller in scale and less mature than IPv4 currently, it has been experiencing fast development as the next generation networks. Hence understanding configuration characteristics and enhancing configuration management are essential for IPv6 networks.
    Computer Communications 08/2014; 53. DOI:10.1016/j.comcom.2014.07.011 · 1.70 Impact Factor
  • Source
    • "Errors in changing configurations have been known to result in outages, business service disruptions, violations of Service Level Agreements (SLA) and cyber-attacks [7], [8], [9]. Prior works including our own have looked at the systematic design of greenfield networks (i.e., networks yet to be deployed) [1], [10]. However, these works do not consider the redesign of existing networks. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Recent works, have shown the benefits of a systematic approach to designing enterprise networks. However, these works are limited to the design of greenfield (newly deployed) networks, or to incremental evolution of existing networks without altering prior design decisions. In this paper, we focus on redesigning existing networks, allowing for changes to existing decisions. Such redesign (migration) may be desirable from the perspective of improved network performance or lower complexity. However, the key challenge is that the costs of redesign may be high due to the presence of complex dependencies between network configurations. We consider these issues in the context of virtual local area networks (VLANs), an important area of enterprise network design. We make three contributions. First, we present a model to capture VLAN redesign costs. Such costs may arise from the need to reconfigure policies (e.g., security policies) to reflect the changes in VLAN design and ensure the continued correctness of the network. Second, we present a framework that enables operators to systematically determine the best strategies to redesign VLANs so the desired performance goals may be achieved while the costs of redesign are minimized. Finally, we demonstrate the effectiveness of our approach using data obtained from a large-scale campus network.
    INFOCOM, 2011 Proceedings IEEE; 05/2011
  • Source
    • "Why do we still apply these sorts of blocking techniques to the configuration management problem? As Enck [9] points out, two of the primary reasons are the variations of services and the constant change of devices. These underlying characteristics block the introduction of automated solutions, since it will take too much time to update the solution to cope with daily changes. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Network providers are challenged by new requirements for fast and error-free service turn-up. Existing approaches to configuration management such as CLI scripting, device-specific adapters, and entrenched commercial tools are an impediment to meeting these new requirements. Up until recently, there has been no standard way of configuring network devices other then SNMP and SNMP is not optimal for configuration management. The IETF has released NETCONF and YANG which are standards focusing on Configuration management. We have validated that NETCONF and YANG greatly simplify the configuration management of devices and services and still provide good performance. Our performance tests are run in a cloud managing 2000 devices. Our work can help existing vendors and service providers to validate a standardized way to build configuration management solutions.
    Proceedings of LISA 11, 01/2011: pages 267-279; USENIX Association.
Show more