NCGuard: Network Configuration Safeguard

Sun, 07/13/2008 - 19:13 by Laurent Vanbever • Categories:


Today, most IP networks are still configured manually on a router-by-router basis. This is error-prone and often leads to misconfiguration.

NCGuard is a tool that allows a network architect to apply a safer methodology by generating validated network configuration. NCGuard relies heavily on software engineering techniques.

The methodology behind NCGuard can be divided in three steps. Firstly, NCGuard encourages the network architect to specify formally the objectives of his network. These objectives are defined as a set of rules that must be met by the configuration. Secondly, the network architect writes a high-level representation of his network. This representation avoids redundancy and offers a platform-independent representation that can easily represent multi-vendors networks. Thirdly, NCGuard validates the network representation against the given rules and generates automatically the configuration of each router in their respective configuration languages (e.g., Cisco IOS or Juniper JunOS).

Research project related: 
Routing protocols
Our members: 
Laurent Vanbever
Our members: 
Olivier Bonaventure
Programming language: 
Java, XML
Development State: 
Case study: Abilene related files26.81 KB