Complexity Metrics:
Questions in this
section are meant to gather feedback on our work
1. How relevant
are the complexity metrics described in the presentation?
2. Does being
able to track the evolution of complexity within your network provide you with any
benefits?
3. What sort of
metrics would you find beneficial?
Automation &
Tools
Questions in this
section are meant to survey the tools used by operators
1. How often do
you manually alter the Router/switch/etc configurations (on the devices
themselves)?
2. List the
tools (like RANCID) used to manage and automate changed to devices configurations
in your network, and how are they used? By whom? Can low-level (helpdesk/tier1/tier2/noc/etc)
staff use them, too? Which of these tools are home-grown?
3. Suppose we
decompose a configuration file into the following elements; forwarding (layer 3
and Routing), filtering (ACL, route-maps), distribution (switching & vlans), and physical (interfaces). On which of these 4 elements do these tools
operate on? How many operate on all four?
Configuration Changes
Question in this
section are meant to help us understand an operator’s thought process
1. If you modified
ACL 110
After
making this change, would you change any other configuration files? Why?
2. Simiarly, if you changed a rule in ACL 100
After
making this change, would you change any other configuration files? Why?
3. How would
you go about restricting access from hosts in subnet 128.104.0.243/28 to hosts in 72.33.92.3/22? What devices would need to be changed?
Network Architecture:
Question in this
section are meant to help us better understand your network
Our models show that this network contains a two-level hierarchy,
with 3 core routers and about 8 edge devices.
Do you agree with this conclusion?
Does your network place restrictions on communication
between hosts in your network?
We observed that your network places no restrictions on
traffic between hosts in your network. Has
access control been moved somewhere else in the network, perhaps to a middlebox (firewall?) or to end hosts?
Are there policies currently being implemented that we have missed?
Which Cisco commands are used to implement them?
Alternative Designs:
Question in this
section are meant to help us understand an operator’s thought process
Your network appears complex in terms of the number or
routing instances and the dependencies between components. Suppose that we replaced the RIP routing
instance with ospf to reduce the number of routing
instance to one. Would this provide a
simpler network? Why isn’t this being
done?
The network consists of multiple partitioned vlan, why include each subnet individually as a network
statement, when declaring the routing protocol?
Wouldn’t it be easier to declare the routing protocols with a blanked
0.0.0.0 network?
Scenarios:
Question in this
section are meant to help us understand an operator’s thought process
adding new a group of users: as a result of
recent growth, a new department is added, and a new range of IP addressed are
allocated for this department. What
steps would be taken to incorporate this new department into the network?
Assume that this group requires the same filtering
restrictions as an existing group?
Assume it requires special filtering restrictions?
adding new equipment; Due to the previously
mention growth, your company is adding a few more devices to the current
setup. Imagine adding two different devices, a core
with similar properties to r-cssc-core and and edge with similar properties to r-chem-node .
How would you choose where to place a new router? User distribution? Traffic-Matrix? How would the previously mentioned automation
tools factor into this upgrade? If not used, what renders them useless?
Emergency response: A severe worm outbreak or security issue
appears that targets vulnerabilities in applications widely used in your
network. How would you go about
protecting the hosts?