An Assertion Language for Debugging SDN Applicationsjrex/talks/incremental14.pdf · An Assertion...

37
An Assertion Language for Debugging SDN Applications Ryan Beckett with Princeton University X. Kelvin Zou, Shuyuan Zhang, Sharad Malik, Jennifer Rexford, David Walker 1

Transcript of An Assertion Language for Debugging SDN Applicationsjrex/talks/incremental14.pdf · An Assertion...

An Assertion Language for Debugging SDN Applications!

Ryan Beckett!with!

Princeton University!

X. Kelvin Zou, Shuyuan Zhang, !Sharad Malik, Jennifer Rexford, David Walker!

1!

Data Plane Verification!

•  Find common misconfigurations!

•  Operate in real time!

•  Check fixed network properties!

•  Can report false positives during transitions!

Controller!

Data Plane Verifier!

2!

Stateful Firewall!

client! server!

State!Table!

s1!

A!

c1!

c2!

B!

3!

Stateful Firewall!

client! server!

State!Table!

s1!

A!

c1!

c2!

B!

3!

“A server can only reach a client if the client has communicated with the server”!

Firewall Property:!

Stateful Firewall!

client! server!

State!Table!

s1!

A!

c1!

c2!

B!

X!

3!

“A server can only reach a client if the client has communicated with the server”!

Firewall Property:!

Stateful Firewall!

client! server!

State!Table!

s1!

A!

c1!

c2!

B!

3!

“A server can only reach a client if the client has communicated with the server”!

Firewall Property:!

Stateful Firewall!

reachable(s1, c1)!

client! server!

c1! s1!State!Table!

s1!

A!

c1!

c2!

Firewall Property:!

B!

3!

Stateful Firewall!

reachable(s1, c1) ∧ !

client! server!

c1! s1!

c2! s1!

State!Table!

s1!

A!

c1!

c2!

Firewall Property:!

B! reachable(s1, c2)!

3!

Stateful Firewall!

∀(c,s)∈table, reachable(s, c)!

client! server!

c1! s1!

c2! s1!

State!Table!

s1!

A!

c1!

c2!

Firewall Property:!

B!

3!

Stateful Firewall!

client! server!

c1! s1!

c2! s1!

State!Table!

s1!

A!

c1!

c2!

Firewall Property:!

B!∀c∈clients,∀s∈servers,! reachable(s, c) ↔ (c,s)∈table!

3!

Stateful Firewall!

client! server!

c1! s1!

c2! s1!

State!Table!

s1!

A!

c1!

c2!

Controller Code:!

B!

3!

assert_continuously(f)!!def packet_in(event):! pkt = event.parsed! if pkt.typ != eth.IP_TYP:! return! …!

Stateful Firewall!

client! server!

State!Table!

s1!

A!

c1!

c2!

B!

3!

Controller Code:!assert_continuously(f)!

Stateful Firewall!

client! server!

c1! s1!State!Table!

s1!

A!

c1!

c2!

B!

r1! r2!

3!

Controller Code:!assert_continuously(f)!

Stateful Firewall!

client! server!

c1! s1!State!Table!

s1!

A!

c1!

c2!

B!

r1! r2!

3!

Controller Code:!

stop(f)!

assert_continuously(f)!

assert_continuously(f)!

install(r1)!install(r2)!

Design Overview!

4!

Controller!

Data Plane Verifier!specification!

Design Overview!

4!

Controller!

Data Plane Verifier!specification!

Controller! Assertion Library!

specification!

Property Generator!

Data Plane Verifier!

verification!conditions!

Design Overview!Controller!

Assertion Library!

Data Plane Verifier!

Property Generator!

5!

Design Overview!Controller!

Assertion Library!

Data Plane Verifier!

Property Generator!

5!

event!

Design Overview!Controller!

Assertion Library!

Data Plane Verifier!

Property Generator!

5!

event!rule!

Design Overview!Controller!

Assertion Library!

Data Plane Verifier!

Property Generator!

5!

event!

verification !conditions!

assertion! state !update!

Design Overview!Controller!

Assertion Library!

Data Plane Verifier!

Property Generator!

5!

event!exception!

verification !results!

Incremental Verification!

6!

•  Change in data plane (existing tools handle this)!

•  Change in assertion property!

Incremental Verification!

6!

•  Change in data plane (existing tools handle this)!

•  Change in assertion property!

•  Incrementally generate new verification conditions!

Incremental Verification!

6!

reachable(s1, c1)!

s1!

A!

c1!

c2!

B!

Firewall Property:!

•  Change in data plane (existing tools handle this)!

•  Change in assertion property!

•  Incrementally generate new verification conditions!

Incremental Verification!

6!

reachable(s1, c2)!reachable(s1, c1) ∧!

Firewall Property:!

•  Change in data plane (existing tools handle this)!

•  Change in assertion property!

•  Incrementally generate new verification conditions!

s1!

A!

c1!

c2!

B!

Incremental Verification!

6!

reachable(s1, c1)!

Firewall Property:!

•  Change in data plane (existing tools handle this)!

•  Change in assertion property!

•  Incrementally generate new verification conditions!

•  Precompute and cache intermediate results!

s1!

A!

c1!

c2!

B!

Incremental Verification!•  Change in data plane (existing tools handle this)!

•  Change in assertion property!

•  Incrementally generate new verification conditions!

•  Precompute and cache intermediate results!

6!

reachable(s1, c2)!reachable(s1, c1) ∧!

Firewall Property:!

s1!

A!

c1!

c2!

B!

Incremental Data Structure!

c=c1! c=c2!

s=s1! s=s1!

∀c∈clients,∀s∈servers,! reachable(s,c) ↔ (c,s)∈table!

Firewall Property:!

True!False!

reachable(s1, c1) ↔ (c1,s1)∈table!

∀c!

∀s! ∀s!

7!

Incremental Data Structure!

s=s2! s=s2!

Firewall Property:!

True!False!

∀c∈clients,∀s∈servers,! reachable(s,c) ↔ (c,s)∈table!

c=c1! c=c2!

s=s1! s=s1!

∀c!

∀s! ∀s!

7!

Incremental Data Structure!Firewall Property:!

True!False!

∀c∈clients,∀s∈servers,! reachable(s,c) ↔ (c,s)∈table!

c=c1! c=c2!

s=s1! s=s1!s=s2! s=s2!

c=c3!

s=s1! s=s2!

∀c!

∀s! ∀s! ∀s!

7!

Incremental Data Structure!Firewall Property:!

True!False!

Query data-plane verifier!

∀c∈clients,∀s∈servers,! reachable(s,c) ↔ (c,s)∈table!

c=c1! c=c2!

s=s1! s=s1!s=s2! s=s2!

∀c!

∀s! ∀s!

7!

c=c3!

s=s1! s=s2!

∀s!

Incremental Data Structure!Firewall Property:!

True!False!

∀c∈clients,∀s∈servers,! reachable(s,c) ↔ (c,s)∈table!

c=c1! c=c2!

s=s1! s=s1!s=s2! s=s2!

∀c!

∀s! ∀s!

7!

c=c3!

s=s1! s=s2!

∀s!

Incremental Data Structure!Firewall Property:!

True!False!

∀c∈clients,∀s∈servers,! reachable(s,c) ↔ (c,s)∈table!

c=c1! c=c2!

s=s1! s=s1!s=s2! s=s2!

∀c!

∀s! ∀s!

7!

c=c3!

s=s1! s=s2!

∀s!

Incremental Data Structure!Firewall Property:!

True!False!

∀c∈clients,∀s∈servers,! reachable(s,c) ↔ (c,s)∈table!

c=c1! c=c2!

s=s1! s=s1!s=s2! s=s2!

∀c!

∀s! ∀s!

7!

c=c3!

s=s1! s=s2!

∀s!

Prototype Implementation!

•  Python assertion debugging library!

•  Support for Pyretic, Pox, Ryu!

•  Uses the VeriFlow verification tool!

•  Initial performance is promising!

8!

0!

25!

50!

75!

100!

10! 20! 30! 40! 50!VC

% R

educ

tion!

active hosts (clients)!

Stateful Firewall (incremental vs naive)"

Conclusion!

•  Assertions to verify dynamic properties!

•  Programmatic control over verification timing!

•  Incremental algorithm to verify dynamic assertion properties!

•  Prototype with reasonable performance!

9!