Field of the Invention
The present invention relates generally to computer network management and security and more particularly to scalable and autoconfigurable systems and methods for controlling networks.
Description of Related Art
Many current enterprises have large and sophisticated networks comprising links, switches, hubs, routers, servers, workstations and other networked devices, which support a variety of connections, applications and systems. Co-pending application Ser. No. 11/970,976, filed Jan. 8, 2008, now published as U.S. Patent Application Publication 2008/0189769, the contents of which are incorporated herein by reference, advanced the state of the art of network management. However, despite these and other significant commercial and academic efforts to ease the burden of network administrators, these networks remain difficult to manage and secure.
Certain of the problems encountered by these network administrators can be best illustrated with reference to differences in the development of host and network operating systems. In the early days of computing, programs were written in machine languages that had no common abstractions for the underlying physical resources. This made programs hard to write, port, reason about, and debug. Modern operating systems were developed to facilitate program development by providing controlled access to high-level abstractions for resources such as memory, storage, communication and information in files, directories, etc. These abstractions enable programs to carry out complicated tasks on a wide variety of computing hardware.
In contrast, networks are typically managed through low-level configuration of individual components. Network configurations often depend on the underlying network: for example, blocking a user's access with an access control list (“ACL”) entry requires knowing the user's current IP address. More complicated tasks require more extensive network knowledge: forcing guest users' port 80 traffic to traverse an HTTP proxy requires knowing the current network topology and the location of each guest. Conventional networks resemble a computer without an operating system, with network-dependent component configuration playing the role of hardware-dependent machine-language programming.