« Go Phish | Main | NY Times site change »

Simple is not easy

In February, I wrote about choosing simple problems to solve since they're hard enough. But what I didn't know was how to find the research challenges. Someone would suggest a problem, and I'd take a look, see the obvious solution, and conclude there was no research to be done there.

Today, as I draw closer to having a dissertation topic (or else quitting the program to start an enterprise network security company), I've started seeing the hard parts, what some network researchers call the "impedance mismatches" (because we network researchers are all descended from electrical engineers, but we've long since forgotten what any of that electronics stuff is about, we grab random terms from electrical engineering and use them improperly). The key is that I've finally internalized an idea of what it must be like to operate a network. Let me make this maximally cheesy for emphasis: Walking a mile in the user's shoes, getting to know how he really solves problems with the tools at his disposal, has helped me see why simple problems aren't so simple.

I've been trying to understand how a network operator deals with things like assigning machines to VLANs in an ethernet network. How does the operator decide where a PC belongs? It could be based on the physical port where the PC is plugged in ("Ah, this new PC is connected from the engineering wing, so it must belong in the engineering VLAN."). It could be based on the PC's ethernet address. It could even be based on which user has logged into the machine. Making all of these a reality is ostensibly simple, but the problems arise in the details. For instance, that idea of assigning a VLAN based on the user: this means the machine needs to be in a VLAN (to get an IP address) for the user to authenticate to the network, but the proper VLAN for the machine can only be determined after the user authenticates. Just an odd little thing, really, but suddenly my simple problem has some depth.

Two caveats. First, there's a point in all this where I have to step back and say "yes, that's hard, but is that how someone really wants to solve the problem?" And often, the answer is simply "no." It's rarely the case that an operator wants to assign machines to VLANs based only on the user logging in. But that's ok -- it's just time to look for another odd thing to worry about. And the second caveat is that I still don't have a dissertation topic, so I'll have to let you know how all of this really turns out in the end. And finally, I admit, I didn't tell you how I internalized the experience of being a network operator. I don't really know, but I used to watch Pretender a lot.

Posted by Andy on May 13, 2005 11:38 AM |