The Experts below are selected from a list of 198 Experts worldwide ranked by ideXlab platform
Jennifer Rexford - One of the best experts on this subject based on the ideXlab platform.
-
Structure preserving anonymization of Router Configuration data
IEEE Journal on Selected Areas in Communications, 2009Co-Authors: David A Maltz, Jennifer Rexford, Jibin Zhan, Geoffrey G Xie, Gisli Hjalmtýsson, Albert Greenberg, Hui ZhangAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the underlying network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language. Conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of thousands of Routers in hundreds of networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. The paper sets out techniques that could be used in an attempt to break the anonymization, and it concludes our anonymization techniques are most applicable to enterprise networks, because the large number of enterprises and the difficulty of probing them from the outside make it hard to recognize an anonymized network based solely on publicly-available information about its topology or Configuration. When applied to backbone networks, which are few in number and many of whose properties can be publicly measured, the anonymization might be broken by fingerprinting techniques described in this paper.
-
structure preserving anonymization of Router Configuration data
Internet Measurement Conference, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
Internet Measurement Conference - Structure preserving anonymization of Router Configuration data
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement - IMC '04, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
The cutting EDGE of IP Router Configuration
ACM SIGCOMM Computer Communication Review, 2004Co-Authors: Don Caldwell, Gisli Hjalmtýsson, Albert Greenberg, Anna C. Gilbert, Joel Gottlieb, Jennifer RexfordAbstract:Human error in configuring Routers undermines attempts to provide reliable, predictable end-to-end performance on IP networks. Manual Configuration, while expensive and error-prone, is the dominant mode of operation, especially for large enterprise networks. These networks often lack the basic building blocks---an accurate equipment inventory, a debugged initial Configuration, and a specification of local Configuration policies---to support the holy grail of automation. We argue the migrating an existing network to automated Configuration is a rich and challenging research problem rooted in data analysis and in the modeling of network protocols and operational practices. We propose a novel, bottom-up approach that proceeds in three phases: (i)analysis of Configuration data to summarize the existing network state and uncover Configuration problems; (ii) data mining to identify the network's local Configuration policies and violations of these policies; and ultimately (iii)boot-strapping of a database to drive future Configuration changes. The first stage reduces the number of errors, the second normalizes the local policies, and the third prevents new errors and reduces the manpower needed to configure the network. We describe the architecture of our EDGE tool for steps (i) and (ii), and present some examples from our experiences applying the tool to several large enterprise networks.
-
IP network Configuration for intradomain traffic engineering
IEEE Network, 2001Co-Authors: Anja Feldmann, Jennifer RexfordAbstract:The smooth operation of the Internet depends on the careful Configuration of Routers in thousands of autonomous systems throughout the world. Configuring Routers is extremely complicated because of the diversity of network equipment, the large number of Configuration options, and the interaction of Configuration parameters across multiple Routers. Network operators have limited tools to aid in configuring large backbone networks. Manual Configuration of individual Routers can introduce errors and inconsistencies with unforeseen consequences for the operational network. In this article we describe how to identify Configuration mistakes by parsing and analyzing Configuration data extracted from the various Routers. We first present an overview of IP networking from the viewpoint of an Internet service provider and describe the kinds of errors that can appear within and across Router Configuration files. To narrow the scope of the problem, we then focus our attention on the Configuration commands that relate to traffic engineering-tuning the intradomain routing protocol to control the flow of traffic through the ISP network. We present a case study of a prototype tool, developed in collaboration with AT&T IP Services, for checking the Configuration of the AT&T IP Backbone and providing input to other systems visualization and traffic engineering.
Hui Zhang - One of the best experts on this subject based on the ideXlab platform.
-
Structure preserving anonymization of Router Configuration data
IEEE Journal on Selected Areas in Communications, 2009Co-Authors: David A Maltz, Jennifer Rexford, Jibin Zhan, Geoffrey G Xie, Gisli Hjalmtýsson, Albert Greenberg, Hui ZhangAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the underlying network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language. Conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of thousands of Routers in hundreds of networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. The paper sets out techniques that could be used in an attempt to break the anonymization, and it concludes our anonymization techniques are most applicable to enterprise networks, because the large number of enterprises and the difficulty of probing them from the outside make it hard to recognize an anonymized network based solely on publicly-available information about its topology or Configuration. When applied to backbone networks, which are few in number and many of whose properties can be publicly measured, the anonymization might be broken by fingerprinting techniques described in this paper.
-
structure preserving anonymization of Router Configuration data
Internet Measurement Conference, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
Internet Measurement Conference - Structure preserving anonymization of Router Configuration data
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement - IMC '04, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
David A Maltz - One of the best experts on this subject based on the ideXlab platform.
-
Structure preserving anonymization of Router Configuration data
IEEE Journal on Selected Areas in Communications, 2009Co-Authors: David A Maltz, Jennifer Rexford, Jibin Zhan, Geoffrey G Xie, Gisli Hjalmtýsson, Albert Greenberg, Hui ZhangAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the underlying network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language. Conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of thousands of Routers in hundreds of networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. The paper sets out techniques that could be used in an attempt to break the anonymization, and it concludes our anonymization techniques are most applicable to enterprise networks, because the large number of enterprises and the difficulty of probing them from the outside make it hard to recognize an anonymized network based solely on publicly-available information about its topology or Configuration. When applied to backbone networks, which are few in number and many of whose properties can be publicly measured, the anonymization might be broken by fingerprinting techniques described in this paper.
-
structure preserving anonymization of Router Configuration data
Internet Measurement Conference, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
Internet Measurement Conference - Structure preserving anonymization of Router Configuration data
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement - IMC '04, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
Gisli Hjalmtýsson - One of the best experts on this subject based on the ideXlab platform.
-
Structure preserving anonymization of Router Configuration data
IEEE Journal on Selected Areas in Communications, 2009Co-Authors: David A Maltz, Jennifer Rexford, Jibin Zhan, Geoffrey G Xie, Gisli Hjalmtýsson, Albert Greenberg, Hui ZhangAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the underlying network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language. Conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of thousands of Routers in hundreds of networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. The paper sets out techniques that could be used in an attempt to break the anonymization, and it concludes our anonymization techniques are most applicable to enterprise networks, because the large number of enterprises and the difficulty of probing them from the outside make it hard to recognize an anonymized network based solely on publicly-available information about its topology or Configuration. When applied to backbone networks, which are few in number and many of whose properties can be publicly measured, the anonymization might be broken by fingerprinting techniques described in this paper.
-
structure preserving anonymization of Router Configuration data
Internet Measurement Conference, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
Internet Measurement Conference - Structure preserving anonymization of Router Configuration data
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement - IMC '04, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
The cutting EDGE of IP Router Configuration
ACM SIGCOMM Computer Communication Review, 2004Co-Authors: Don Caldwell, Gisli Hjalmtýsson, Albert Greenberg, Anna C. Gilbert, Joel Gottlieb, Jennifer RexfordAbstract:Human error in configuring Routers undermines attempts to provide reliable, predictable end-to-end performance on IP networks. Manual Configuration, while expensive and error-prone, is the dominant mode of operation, especially for large enterprise networks. These networks often lack the basic building blocks---an accurate equipment inventory, a debugged initial Configuration, and a specification of local Configuration policies---to support the holy grail of automation. We argue the migrating an existing network to automated Configuration is a rich and challenging research problem rooted in data analysis and in the modeling of network protocols and operational practices. We propose a novel, bottom-up approach that proceeds in three phases: (i)analysis of Configuration data to summarize the existing network state and uncover Configuration problems; (ii) data mining to identify the network's local Configuration policies and violations of these policies; and ultimately (iii)boot-strapping of a database to drive future Configuration changes. The first stage reduces the number of errors, the second normalizes the local policies, and the third prevents new errors and reduces the manpower needed to configure the network. We describe the architecture of our EDGE tool for steps (i) and (ii), and present some examples from our experiences applying the tool to several large enterprise networks.
Albert Greenberg - One of the best experts on this subject based on the ideXlab platform.
-
Structure preserving anonymization of Router Configuration data
IEEE Journal on Selected Areas in Communications, 2009Co-Authors: David A Maltz, Jennifer Rexford, Jibin Zhan, Geoffrey G Xie, Gisli Hjalmtýsson, Albert Greenberg, Hui ZhangAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the underlying network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language. Conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of thousands of Routers in hundreds of networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. The paper sets out techniques that could be used in an attempt to break the anonymization, and it concludes our anonymization techniques are most applicable to enterprise networks, because the large number of enterprises and the difficulty of probing them from the outside make it hard to recognize an anonymized network based solely on publicly-available information about its topology or Configuration. When applied to backbone networks, which are few in number and many of whose properties can be publicly measured, the anonymization might be broken by fingerprinting techniques described in this paper.
-
structure preserving anonymization of Router Configuration data
Internet Measurement Conference, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
Internet Measurement Conference - Structure preserving anonymization of Router Configuration data
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement - IMC '04, 2004Co-Authors: David A Maltz, Jibin Zhan, Geoffrey G Xie, Hui Zhang, Gisli Hjalmtýsson, Albert Greenberg, Jennifer RexfordAbstract:A repository of Router Configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, Configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing Router Configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing Configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the Configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the Configuration files of more than 7600 Routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.
-
The cutting EDGE of IP Router Configuration
ACM SIGCOMM Computer Communication Review, 2004Co-Authors: Don Caldwell, Gisli Hjalmtýsson, Albert Greenberg, Anna C. Gilbert, Joel Gottlieb, Jennifer RexfordAbstract:Human error in configuring Routers undermines attempts to provide reliable, predictable end-to-end performance on IP networks. Manual Configuration, while expensive and error-prone, is the dominant mode of operation, especially for large enterprise networks. These networks often lack the basic building blocks---an accurate equipment inventory, a debugged initial Configuration, and a specification of local Configuration policies---to support the holy grail of automation. We argue the migrating an existing network to automated Configuration is a rich and challenging research problem rooted in data analysis and in the modeling of network protocols and operational practices. We propose a novel, bottom-up approach that proceeds in three phases: (i)analysis of Configuration data to summarize the existing network state and uncover Configuration problems; (ii) data mining to identify the network's local Configuration policies and violations of these policies; and ultimately (iii)boot-strapping of a database to drive future Configuration changes. The first stage reduces the number of errors, the second normalizes the local policies, and the third prevents new errors and reduces the manpower needed to configure the network. We describe the architecture of our EDGE tool for steps (i) and (ii), and present some examples from our experiences applying the tool to several large enterprise networks.
