Ethane: taking control of the enterprise

This paper presents Ethane, a new network architecture for the enterprise. Ethane allows managers to define a single network-wide fine-grain policy, and then enforces it directly. Ethane couples extremely simple flow-based Ethernet switches with a centralized controller that manages the admittance and routing of flows. While radical, this design is backwards-compatible with existing hosts and switches. We have implemented Ethane in both hardware and software, supporting both wired and wireless hosts. Our operational Ethane network has supported over 300 hosts for the past four months in a large university network, and this deployment experience has significantly affected Ethane's design.

[1]  Greg Minshall,et al.  Flow labelled IP: a connectionless approach to ATM , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[2]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[3]  Andrei Z. Broder,et al.  Using multiple hash functions to improve IP lookups , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[4]  Timothy Roscoe,et al.  Predicate routing: enabling controlled networking , 2003, CCRV.

[5]  Giuseppe F. Italiano,et al.  A new approach to dynamic all pairs shortest paths , 2003, STOC '03.

[6]  David A. Maltz,et al.  Network-Wide Decision Making: Toward A Wafer-Thin Control Plane , 2004 .

[7]  Avishai Wool,et al.  The use and usability of direction-based filtering in firewalls , 2004, Comput. Secur..

[8]  Albert G. Greenberg,et al.  The cutting EDGE of IP router configuration , 2004, Comput. Commun. Rev..

[9]  Radia J. Perlman,et al.  Rbridges: transparent routing , 2004, IEEE INFOCOM 2004.

[10]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[11]  David A. Maltz,et al.  Routing design in operational networks: a look from the inside , 2004, SIGCOMM.

[12]  Jason Lee,et al.  A first look at modern enterprise traffic , 2005, IMC '05.

[13]  Hong Yan,et al.  A clean slate 4D approach to network control and management , 2005, CCRV.

[14]  Tal Garfinkel,et al.  SANE: A Protection Architecture for Enterprise Networks , 2006, USENIX Security Symposium.