Decoupling Policy From Configuration in Campus and Enterprise Networks

This paper surveys the authors' ongoing work on the use of software-defined networking to simplify two acute policy problems in campus and enterprise network operations: access control and information flow control. The authors describe how the current coupling of high-level policy with low-level configuration makes these problems challenging today. They describe the specific policy problems faced by campus and enterprise network operators; illustrate their approach, which leverages recent trends in separating the network's "Control plane" from the data plane; and show how this approach can be applied to simplify these two enterprise network management tasks.