Title :
On rule width and the unreasonable effectiveness of policy verification
Author_Institution :
Univ. of Texas at Austin, Austin, TX, USA
Abstract :
Policies, such as routing tables and firewalls, are fundamental components of networking infrastructure. Unfortunately, existing policy verification and optimization algorithms require O(nd) time, where n is the number of rules (thousands), and d the number of fields (usually <; 10). However, these algorithms perform very well in practice. In this paper, we provide the explanation for this result: n and d are not the only parameters of interest! Through experimental study of our Parallel Next-step Lookup system PaNeL, as well as the FDD and Probe algorithms for policy verification, we clearly demonstrate the importance of our proposed new metric - the “width index”. Some established algorithms (such as FDD, used for structured firewall design) indeed become intractable for policies with poor width index values. We therefore suggest that the “unreasonable effectiveness” of such algorithms for practical policies is possible because such policies have a reasonable width index.
Keywords :
computer network performance evaluation; firewalls; packet switching; parallel algorithms; telecommunication network routing; FDD algorithm; PaNeL; networking infrastructure; optimization algorithms; parallel next-step lookup system; policy verification; probe algorithm; routing tables; rule width; structured firewall design; width index; Algorithm design and analysis; Arrays; Complexity theory; Indexes; Probes; Routing; Standards;
Conference_Titel :
Local Computer Networks (LCN), 2014 IEEE 39th Conference on
Conference_Location :
Edmonton, AB
Print_ISBN :
978-1-4799-3778-3
DOI :
10.1109/LCN.2014.6925786
