Chunks of Network Topologies

This section outlines how to abstract a collection of network devices that can be used in multiple instances of an experiment or different experiments by a network administrators. This abstraction has been designed in order to further reduce the time spent by a network administrator when developing an experiment that has multiple instances of the same block or group of network devices during the design process of a proposed experiment. For example, when designing an enterprise firewall network for a university, there might be a need for multiple instances of a laboratory network. A number of departments can all have a laboratory network with the same number of computers; services running on the computers; wireless routers and firewalls as the case maybe. Abstracting this collection of network devices can amongst others: reduce the time needed to design this block of devices whenever the network administrator encounters such a collection of network devices; reduce the likelihood of mistakes during the design process and ensure the high level policies of this block is the same throughout the proposed network. This motivated us to provide a way of abstracting such blocks for network administrators in an easy and modular way.

This set of abstractions can be used by a network administrator by creating a graph of the proposed block (group of network devices) in exactly the same way as the network layout phase of the system that has been developed for validating our research abstractions. This graph is as described in the Phase II of our system detailed in the previous chapter. Nodes labeled ext are used to indicate where the collection of network devices will be connected to a proposed experiment. It should be noted that there can be more than one connection points for network blocks in any experiment. The following sections show how this can be achieved.

The collection of network devices, or block, can be placed within the network layout graph during the design process. A sample university network will be used to showcase our proposed abstraction technique in this section. The high level firewall policy intention described in Figure3.4above will be used in the example detailed in this section. The network layout graph of the proposed hypothetical university network is depicted in

Figure3.5below.

Figure 3.5: Proposed Hypothetical University Network Layout Diagram

The departments of the proposed university have identical network layouts hence the nodes eDept and cDept have block custom property value of department as they abstractions of such infrastructures. These nodes are abstraction of a collection of network devices used in representing entire departmental networks of the proposed university. Figure3.6below shows the network layout of the collection devices abstracted for the departmental networks.

As indicated in Figure3.6below, all departmental networks will have a set of servers that will be used by staff members of hypothetical university in our example designated as S1, S2 and S3. The network will also have a set of servers for research members of the department designated as R1, R2 and R3 in the same diagram. There is also another abstract network layout representation called Lab for all departmental networks. It should be noted that all the departments in our hypothetical university example have these exact network devices and links as represented in figure3.6below.

CHAPTER 3. PHILOSOPHY OF NETWORK ABSTRACTIONS 42

Figure 3.6: Department Block Net- work Layout Diagram

Figure 3.7: Department Block Net- work Layout Diagram

The laboratory network depicted in Figure3.6is another abstract representation of a collection of network devices specified as node, Lab in the diagram. The laboratory network of our proposed hypothetical university is also representation of lecture halls where students are taught within departments. The network is composed of student laptops/tablets represented as l1, l2 and l3 in figure3.7above. The network also has a server which is a machine connected to a projector typically used by the instructor for teaching. The devices www and nfs are used to represent a web server where students can access course materials directly and a storage server for submitting projects respectively. It is expected that all departmental networks in the university have a similar setup for their laboratories.

The diagram in figure3.8shows the network of how our hypothetical university will look like during low level deployment. As can be seen, both blocks, cDept and eDept, have been added into the final network layout. Likewise the laboratory networks of block Lab nested within the departmental networks has also been added into the final network topology.

Additional departmental networks can be easily integrated into the existing infrastruc- ture by adding more blocks in figure3.5to represent new departments commissioned by the hypothetical university. The network administrators of the university can easily update agreed upon firewall policy intentions or network infrastructures using abstrac- tions on blocks of departments or laboratories. For example, if the management of the university wants to change the network layout of laboratory networks to include additional network devices or change the firewall policy intention realm of some devices within the infrastructure, they can do so easily without disrupting the university network. The single change will also be replicated across all departmental networks.

Figure 3.8: Final Rendered Hypothetical University Network Layout Diagram