Simplifying Access Control in Enterprise Networks

Today, access control configuration in large enterprise environments is a highly complex process that involves the manual configuration of a wide range of network devices including routers, VLANs and firewalls. Much of this complexity arises from the asynchrony between routing and access control that often requires contorted network topologies that lack redundant paths, have tight pinning of routes, and physical placement of firewalls along the data path to achieve access control. In this paper, we propose Access Control Routing (ACR), a clean-slate and flexible approach to simplify access control configuration in large-scale enterprise networks. ACR uses a single parameter, class, to couple access control and routing. It requires that each endhost specify its access control policies at the granularity of a class. On the network side, the control plane establishes logical reachability networks for every class, and the data plane explicitly labels each packet with a class based on the source. Unlike traditional access control configuration approaches, ACR can easily adapt to network topology or routing changes and is better suited to handle network failures. ACR eliminates the need for VLANs and also provides the flexibility of automatically routing traffic through arbitrary middle-boxes without physical topology manipulation. Using a software-based router implementation of ACR and access control policies gathered from four large commercial enterprise networks, we show that ACR can easily be adopted in large enterprise environments with little additional performance overhead.