PNG-24 image with transparency
PNG-24 image with transparency

Clean Slate Research Projects

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

6.) A Clean Slate Approach to Enterprise Network Security: Ethane

Started: May 2006

What is Ethane?

Ethane is a new architecture for enterprise networks which provides a powerful yet simple management model and strong security guarantees. Ethane allows network managers to define a single, network-wide, fine-grain policy, and then enforces it at every switch. Ethane policy is defined over human-friendly names (such as "bob, "payroll-server", or "http-proxy) and dictates who can talk to who and in which manner. For example, a policy rule may specify that all guest users who have not authenticated can only use HTTP and that all of their traffic must traverse a local web proxy. Ethane has a number of salient properties difficult to achieve with network technologies today. First, the global security policy is enforced at each switch in a manner that is resistant to spoofing. Second, all packets on an Ethane network can be attributed back to the sending host and the physical location in which the packet entered the network. In fact, packets collected in the past can also be attributed to the sending host at the time the packets were sent -- a feature that can be used to aid in auditing and forensics. Finally, all the functionality within Ethane is provided by very simple hardware switches. The trick behind the Ethane design is that all complex functionality, including routing, naming, policy declaration and security checks are performed by a central controller (rather than in the switches as is done today). Each flow on the network must first get permission from the controller which verifies that the communicate is permissible by the network policy. If the controller allows a flow, it computes a route for the flow to take, and adds an entry for that flow in each of the switches along the path. With all complex function subsumed by the controller, switches in Ethane are reduced to managed flow tables whose entries can only be populated by the controller (which it does after each successful permission check). This allows a very simple design for Ethane switches using only SRAM (no power-hungry TCAMS) and a little bit of logic.


A first implementation of Ethane was built and deployed in Fall of 2006. The deployment consisted of one controller, 19 switches and it managed the traffic from over 300 wired hosts and many more wireless. The switches were built on both wireless and wired platforms and in hardware. Currently, we are working on the second version of Ethane which will have better policy language support and a richer data path supporting such things as NAT, MAC hiding and end-to-end L2 isolation. We plan to deploy this version by early summer. Ultimately, it is our goal to make high fan-out Ethane switches and controller available to other institutions.


Dan Boneh
(Faculty) Associate Professor, Computer Science and Electrical Engineering


David Mazières
(Faculty) Associate Professor of Computer Science

Nick McKeown
(Faculty) Faculty Director, Clean Slate Program

Mendel Rosenblum
(Faculty) Assistant Professor

Greg Watson
(Staff) Senior Research Engineer

Martin Casado
(Student) Fourth Year PHD Student of Computer Science

Michael J. Freedman
(Student) Assistant Professor Computer Science, Princeton University


Ethane is funded by the Stanford Clean Slate Project, the 100x100 Clean Slate Project, NSF under a grant from the FIND program (2006), and from the Disruptive Technology Office (DTO) from the NICIAR program (2006).

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10