Advertisement

GCNav: Generic Configuration Navigation System

  • Shankaranarayanan Puzhavakath NarayananEmail author
  • Seungjoon Lee
  • Subhabrata Sen
Chapter

Abstract

Configuration navigation and change-auditing is one of the most complex yet common tasks performed by network operators on a regular basis. Change-auditing router configuration files accurately is a challenging task due to presence of structure and hierarchy in the config content. Generic diff tools do not have the notion of context or syntactic structure while comparing files and produce diff reports (using minimum edit distance) that often do not match operator expectations. Moreover, these tools perform redundant (and expensive) comparison operations across contextually unrelated sections of the config file which makes them scale poorly even for config files of moderate size. On the other hand, vendor specific and customized diff solutions are not generic enough to be applied uniformly across a heterogeneous network. Also, modeling the configuration semantics for different vendors is a non-trivial and expensive process.

In this paper, we introduce GCNav, a system that helps network operators perform general or customized change-auditing at varying levels of granularity on the network. Unlike existing solutions, GCNav makes use of the inherent syntactic structure common to all config files and thereby remains generic without compromising on the accuracy of results. Our experience with the deployment of GCNav on a large operational customer-facing IP network shows that it is able to provide a generic, accurate and scalable solution for change-auditing router config files. Our results show that GCNav’s diff results matches operator expectation while generic diff tools reported at least some misleading diff in 95 % of the files analyzed. We also find that GCNav performs seven times faster than customized auditing tools making it a feasible solution for online and interactive config auditing.

References

  1. 1.
    Apel, S., Liebig, J., Brandl, B., Lengauer, C., Kästner, C.: Semistructured merge: rethinking merge in revision control systems. In: ESEC/FSE, Amsterdam (2011)Google Scholar
  2. 2.
    Caldwell, D., Lee, S., Mandelbaum, Y.: Adaptive parsing of router configuration languages. In: INM, Orlando (2008)Google Scholar
  3. 3.
    Caldwell, D., Lee, S., Sen, S., Yates, J.: Gold standard auditing for router configurations. In: LANMAN, Long Branch (2010)Google Scholar
  4. 4.
  5. 5.
  6. 6.
    Cobéna, G., Abdessalem, T., Hinnach, Y.: A comparative study for xml change detection. Research Report, INRIA Rocquencourt (2002)Google Scholar
  7. 7.
    Cobena, G., Abiteboul, S., Marian, A.: Xydiff tools detecting changes in xml documents. In: ICDE, San Jose (2002)Google Scholar
  8. 8.
    Elmougy, S., Al-Adrousy, W.: A structured-based differencing method for version control system for java codes. In: ISSPIT, Luxor (2010)Google Scholar
  9. 9.
    Feamster, N., Balakrishnan, H.: Detecting BGP configuration faults with static analysis. In: Proceedings of NSDI, Boston (2005)Google Scholar
  10. 10.
  11. 11.
  12. 12.
    Le, F., Lee, S., Wong, T., Kim, H., Newcomb, D.: Detecting network-wide and router-specific misconfigurations through data mining. IEEE/ACM Trans. Netw. 17(1), 66–79 (2009)CrossRefGoogle Scholar
  13. 13.
    Leonardi, E., Bhowmick, S.: Xanadue: a system for detecting changes to xml data in tree-unaware relational databases. In: SIGMOD, Beijing (2007)Google Scholar
  14. 14.
    Liu, A.: Firewall policy change-impact analysis. ACM Trans. Intern. Technol. (TOIT) 11(4), 1–24 (2012)Google Scholar
  15. 15.
    Liu, A., Gouda, M.: Diverse firewall design. IEEE Trans. Parallel Distrib. Syst. 19(9), 1237–1251 (2008)CrossRefGoogle Scholar
  16. 16.
    Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. In: Proceedings ACM SIGCOMM, Pittsburgh (2002)Google Scholar
  17. 17.
    Narain, S.: Network configuration management via model finding. In: Proceedings LISA, San Diego (2005)Google Scholar
  18. 18.
    Sung, Y., Lund, C., Lyn, M., Rao, S., Sen, S.: Modeling and understanding end-to-end class of service policies in operational networks. In: SIGCOMM, Barcelona (2009)Google Scholar
  19. 19.
    Sung, Y., Rao, S., Sen, S., Leggett, S.: Extracting network-wide correlated changes from longitudinal configuration data. In: PAM, Seoul (2009)Google Scholar
  20. 20.
  21. 21.
    The lxml python toolkit. http://lxml.de/
  22. 22.
    Vanbever, L., Pardoen, G., Bonaventure, O.: Towards validated network configurations with ncguard. In: INM, Orlando (2008)Google Scholar
  23. 23.
    Wang, Y., DeWitt, D. J., & Cai, J. Y. (2003, March). X-Diff: An effective change detection algorithm for XML documents. In Data Engineering, 2003. Proceedings. 19th International Conference on (pp. 519–530). IEEE.Google Scholar
  24. 24.

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Shankaranarayanan Puzhavakath Narayanan
    • 1
    Email author
  • Seungjoon Lee
    • 2
  • Subhabrata Sen
    • 2
  1. 1.Purdue UniversityWest LafayetteUSA
  2. 2.AT&T ResearchFlorham ParkUSA

Personalised recommendations