Review for Hinrichs2009FML

[Jeff Rasley]

Authors: U. Chicago (T. Hinrichs), Stanford, and S. Shenker

Context: WREN '09, SIGCOMM workshop

This paper presents the declarative policy language called Flow-based Management Language (FML) which is used to manage enterprise networks. This work builds off of the previous work by NOX and Ethane and is directly implemented within NOX. They group created FML to provide a high level mechanism to create network policies, throughout the paper they use the following example applications: ACLs, NAT, QoS, & Admission Controls.

The primary contribution of this work is the FML language itself and its resulting implementation. The authors also state that its expressiveness to work with various applications and its efficient implementation are also contributions.

The only real previously related work to this is DATALOG and XACML, which are both declarative languages. Additionally, an interesting aspect of FML is how it deals with conflicts. Policies that conflict have static rules about how the conflict is resolved, for example allow/deny flows will always defer to the deny rule, this seems potentially restricting and/or cumbersome for certain rules. The authors discuss ways around it with the use of what they call FML Cascades, which are policies with ordering priorities.

Comment: The authors mention that they implemented all of the applications they list except for QoS, however this seems to be the most difficult/interesting of the applications listed. I am curious about how specifically one could enforce jitter, latency and bandwidth policies in the same concrete way as an ACL. I know there exists a decent amount of recent work in trying to enforce bandwidth guarantees. I guess the authors are just saying that if we had efficient mechanisms to enforce these features then FML would be a good way for network operators to set them without having to deal with the low-level details.