Complexity and degrees of freedom in network design
Download
1 / 19

Complexity and Degrees of Freedom in Network Design - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

Complexity and Degrees of Freedom in Network Design. Michael Sinatra University of California, Berkeley 17 July 2007 Internet2/ESCC Joint Techs. Enhanced Gratuitous Logo Slide (EGLS). http://www.simonizusa.com/default.asp. Inspirations.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Complexity and Degrees of Freedom in Network Design' - burke


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Complexity and degrees of freedom in network design

Complexity and Degrees of Freedom in Network Design

Michael Sinatra

University of California, Berkeley

17 July 2007

Internet2/ESCC Joint Techs


Enhanced gratuitous logo slide egls
Enhanced Gratuitous Logo Slide (EGLS)

http://www.simonizusa.com/default.asp


Inspirations
Inspirations

  • Terry Gray, Scott Sagan, Charles Perrow, Todd LaPorte, Martin Landau

  • Poorly-designed networks and network disruption devices

  • Greg Bell, Greg Travis and everyone who sent me interesting examples after the 5-9s talk


Redundancy in systems
Redundancy in Systems

  • Single points of “failure”

  • Probabilistic analysis of redundancy

    • Redundant components can reduce the chances of failure

    • A component with a 10% failure probability can be made redundant with another component with a 10% failure probability and yield a 1% system-failure probability

    • But there’s a BIG assumption here!


Common mode failures
Common-mode failures

  • Components must be fully redundant! Are they?

  • Classic example: aircraft engines

  • Can you think of some networking examples?


Common mode failures example
Common-mode failures - example

Outside

FW

FW

Switch

Inside


Difficult failures
“Difficult” Failures

  • You must be this tall to really break the network.


The jordan baker phenomenon
The Jordan Baker Phenomenon

  • Nick: You're a rotten driver, either you ought to be more careful or you oughtn't drive at all.

  • Jordan: I am careful.

  • Nick: No you're not.

  • Jordan: Well, other people are.

  • Nick: What's that got to do with it?

  • Jordan: They'll keep out of my way, It takes two to make an

  • accident.

  • Nick: Suppose you met somebody just as careless as yourself?

  • Jordan: I hope I never will, I hate careless people. That's why

  • I like you.


The jordan baker phenomenon1
The Jordan Baker Phenomenon

  • The problem is, there are too many careless devices on the network!

Net

Firewall

LB

Server

Client


Virtualization risks
Virtualization risks

  • Adds complexity (but reduces it too!)

  • Tightens coupling!


Common mode failures example1
Common-mode failures - example

Hosts

To border

Router

Switch/FW


High reliability organizations
High-reliability organizations

  • Demanded by high-reliability systems

  • Organizational redundancy

  • Change management

  • Multiple approval/sign-off


High reliability organizations1
High-reliability organizations

  • Organizations can be made redundant in the same way as systems…

  • …with many of the same problems

    • Common-mode failures

    • Non-linear complexity

    • And more…


Social shirking buck passing
Social shirking/buck passing

  • Not really an analogous concept in physical systems

  • Change-management difficulties


Overcompensation
Overcompensation

  • Has to do with the way physical systems are designed and operated

  • Does anycast DNS encourage bad behavior?


Conclusions
Conclusions

  • How do we deal with all of this?

    • Points of failure? Really points of freedom (and that’s a bad thing)

    • We need to reduce degrees of freedom in networks, not necessarily increase redundancy!

    • Networks need to get simpler, not more complex!


Conclusions1
Conclusions

  • Risks exist where we may not expect them

    • Five-nines mentality

    • Virtualization

    • Network disruption devices: duh!

    • Security

  • Maybe we shouldn’t assume that the system can be made fully reliable (Travis)


Conclusions2
Conclusions

  • Need to recognize trade-offs: In complex systems, “win-win scenarios” are very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very, very RARE!



ad