Predicate Routing in Enterprise Data Centers
Predicate Routing in Enterprise Data Centers
Motivation:
A major problem in enterprise computing is the correct configuration of a plethora of firewalls, routers, VLAN switches, etc. to provide security and resource isolation, without impacting essential application connectivity.
Predicate Routing is an existing formalism for representing network state which unifies routing and firewalling/filtering into a single model, and allows strong assertions to be made about inter-application connectivity.
Goals:
Identify how the Predicate Routing model needs to be extended to cover the network state in an Enterprise network, and the mechanisms necessary to synchronise the model with the real networking equipment, so that security and resource policies can be enforced and validated in a real environment.
Implement predicate routing on a small testbed, and use it to demonstrate configuration of routers and switches, and also forensic reasoning about unexpected packets.
Technologies:
Networking, Routers, Firewalls, Logic
Previous:
A Wide-area Lock Service
Home
2012 Google Anita Borg Scholarship for Nihal Dindar
Systems Group Retreat
