Simpler Network Configuration with State-Based Network Policies

Abstract

Operators make hundreds of changes to a network’s router and switch configurations every day—a painstaking, error-prone process. If the network configuration could instead encode different forwarding behavior for different network states a priori, a network controller could automatically alter forwarding behavior when conditions change. To enable this capability, we introduce state-based network policies, which describe how a network’s forwarding behavior should change in response to arbitrary network events. A state-based network policy comprises many tasks, each of which encodes the forwarding behavior for a single network management operation (e.g., intrusion detection) or part of the network (e.g., a sub-organization), and how that behavior should change when network conditions change. Composing these policies produces a network-wide control program that adapts to different operating conditions. We implement state-based network policies in a system called PyResonance and demonstrate with real-world examples and use cases that PyResonance is expressive enough to specify a wide range of network policies and simple enough for many operators to use. Our evaluation based on event traces from the Georgia Tech campus network shows that PyResonance can achieve good performance in operational settings.