Amir R. Khakpour and Alex Liu
Quantifying static network reachability is useful in many aspects of network management: troubleshooting, maintenance, design, security auditing, etc. In this paper, for the first time, we propose a suite of algorithms for quantifying reachability based on the static configuration (mainly ACLs) of a network. We also present a network reachability model that considers connectionless and connection-oriented transport protocols, stateless and stateful routers/firewalls, static and dynamic NAT, PAT, etc. We implemented the algorithms in our network reachability monitoring tool called Quarnet and conducted experiments on a university network. Although computing static network reachability is expensive in nature, the experimental results show that Quarnet is efficient enough to be used in practice.
You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format.