An approach to implementing dynamic adaptation in c

This paper describes TRAP/C++, a software tool that enables new adaptable behavior to be added to existing C++ programs in a transparent fashion. In previous investigations, we used an aspectoriented approach to manually define aspects for adaptation infrastructure, which were woven into the original application code at compile time. In follow-on work, we developed TRAP, a transparent shaping technique for automatically generating adaptation aspects, where TRAP/J is a specific instantiation of TRAP. This paper presents our work into building TRAP/C++, which was intended to be a port of TRAP/J into C++. Designing TRAP/C++ required us to overcome two major hurdles: lack of reflection in C++ and the incompatibility between the management of objects in C++ and the aspect weaving technique used in TRAP/J. We used generative programming methods to produce two tools, TrapGen and TrapCC, that work together to produce the desired TRAP/C++ functionality. Details of the TRAP/C++ architecture and operation are presented, which we illustrate with a description of a case study that adds dynamic auditing capabilities to an existing distributed C++ application

Structure Preserving Anonymization of Router Configuration Data

IEEE Journal on Selected Areas in Communications, vol. 27, num. 3, pp. 349-358, April 2009.The article of record as published may be found at http://dx.doi.org/10.1145/1028788.1028819A repository of router configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing router configuration files by removing all information that connects the data to the identity of the underlying network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the configuration language. Conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the configuration files of thousands of routers in hundreds of networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. The paper sets out techniques that could be used in an attempt to break the anonymization, and it concludes our anonymization techniques are most applicable to enterprise networks, because the large number of enterprises and the difficulty of probing them from the outside make it hard to recognize an anonymized network based solely on publicly-available information about its topology or configuration. When applied to backbone networks, which are few in number and many of whose properties can be publicly measured, the anonymization might be broken by fingerprinting techniques described in this paper.This research was sponsored by the NSF under awards ANI-0085920, ANI- 0331653, ANI-0114014, and CNS-0721574.This research was sponsored by the NSF under awards ANI-0085920, ANI- 0331653, ANI-0114014, and CNS-0721574

A Clean Slate 4D Approach to Network Control and Management

ACM Computer Communications Review, vol. 35, num. 5, pp. 41-54, October 2005.The article of record as published may be found at http://dx.doi.org/10.1145/1096536.1096541Today's data networks are surprisingly fragile and difficult to manage. We argue that the root of these problems lies in the complexity of the control and management planes--the software and protocols coordinating network elements--and particularly the way the decision logic and the distributed-systems issues are inexorably intertwined. We advocate a complete refactoring of the functionality and propose three key principles--network-level objectives, network-wide views, and direct control--that we believe should underlie a new architecture. Following these principles, we identify an extreme design point that we call "4D," after the architecture's four planes: decision, dissemination, discovery, and data. The 4D architecture completely separates an AS's decision logic from pro-tocols that govern the interaction among network elements. The AS-level objectives are specified in the decision plane, and en-forced through direct configuration of the state that drives how the data plane forwards packets. In the 4D architecture, the routers and switches simply forward packets at the behest of the decision plane, and collect measurement data to aid the decision plane in controlling the network. Although 4D would involve substantial changes to today's control and management planes, the format of data packets does not need to change; this eases the deployment path for the 4D architecture, while still enabling substantial innovation in network control and management. We hope that exploring an extreme design point will help focus the attention of the research and industrial communities on this crucially important and intellectually challenging area.This research was sponsored by the NSF under ITR Awards ANI- 0085920 and ANI-0331653.This research was sponsored by the NSF under ITR Awards ANI- 0085920 and ANI-0331653

On Static Reachability Analysis of IP Networks

The primary purpose of a network is to provide reachability between applications running on end hosts. In this paper, we describe how to compute the reachability a network provides from a snapshot of the configuration state from each of the routers. Our primary contribution is the precise definition of the potential reachability of a network and a substantial simplification of the problem through a unified modeling of packet filters and routing protocols. In the end, we reduce a complex, important practical problem to computing the transitive closure to set union and intersection operations on reachability set representations. We then extend our algorithm to model the influence of packet transformations (e.g., by NATs or ToS remapping) along the path. Our technique for static analysis of network reachability is valuable for verifying the intent of the network designer, troubleshooting reachability problems, and performing "what-if" analysis of failure scenarios

NETKIT: a software component-based approach to programmable networking

While there has already been significant research in support of openness and programmability in networks, this paper argues that there remains a need for generic support for the integrated development, deployment and management of programmable networking software. We further argue that this support should explicitly address the management of run-time reconfiguration of systems, and should be independent of any particular programming paradigm (e.g. active networking or open signaling), programming language, or hardware/ operating system platform. In line with these aims, we outline an approach to the structuring of programmable networking software in terms of a ubiquitously applied software component model that can accommodate all levels of a programmable networking system from low-level system support, to in-band packet handling, to active networking execution environments to signaling and coordination

On static reachability analysis of IP networks

This research was sponsored by the NSF under ITR Awards ANI-0085920, ANI-0331653, and ANI-0114014. Views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of AT&T, NSF, or the U.S. government. A condensed version of this report appears in IEEE INFOCOMM 2005 Proceeding