Towards validated network configurations with NCGuard

Authors: Laurent Vanbever, Grégory Pardoen, and Olivier Bonaventure
Internet Network Management Workshop. Orlando, FL, USA (October 2008)


Today, most IP networks are still configured manually on a router-by-router basis. This is error-prone and often leads to misconfiguration. In this paper, we describe the Network Configuration Safeguard (NCGuard), a tool that allows the network architect to apply a safer methodology. The first step is to define his design rules. Based on a survey of the networking literature, we classify the most common types of rules in three main patterns: presence, uniqueness and symmetry and provide several examples. The second step is to write a high-level representation of his network. The third step is to validate the network representation and generate the configuration of each router. This last step is performed automatically by our prototype. Finally, we describe our prototype and apply it to the Abilene network.



	title={Towards validated network configurations with NCGuard},
	author={Vanbever, Laurent and Pardoen, Gregory and Bonaventure, Olivier},
	booktitle={Internet Network Management Workshop, 2008. INM 2008. IEEE},

DOI: 10.1109/INETMW.2008.4660329