Networks are created to provide reachability; yet, network reachability is not well understood due to the many sophisticated network security policies configured on network devices to limit reachability for security and privacy purposes and the various factors such as routing that may affect reachability in unexpected ways. Due to the lack of distributed network security policy management tools, network operators have been using primitive tools to manage the increasingly complex reachability issues following a ``trial and error'' approach, which leads to many policy and reachability errors. While providing more reachability than necessary opens doors to unwanted traffic, providing less reachability than necessary may disrupt normal business operations. This project employs proactive approaches to reachability management and helps operators to design, verify, analyze, troubleshoot, and optimize distributed network security policies. The new concepts, models, theorems, and algorithms developed in this project advance our knowledge and understanding of network reachability, and the comprehensive network reachability toolkits developed in this project significantly improve network security and reliability. The rigorous models and mathematical formulations of network reachability serves as the theoretical foundation of future work on this fundamental network security issue. The comprehensive toolkit for network reachability quantification, verification, query, monitoring, analysis, and optimization can be used by network operators to troubleshoot and debug reachability problems. This technology enables the seamless collaboration of distributed network security policies and ensure the right amount of reachability is enforced. To promote learning, this effort actively involves high school, undergraduate, graduate students, especially students from under-represented minorities.
