Reasoning about Software Defined Networks
description
Transcript of Reasoning about Software Defined Networks
![Page 1: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/1.jpg)
Reasoning about Software Defined Networks
Mooly [email protected]
Tel Aviv UniversityThursday 16-18 (Physics 105)Monday 14-16 Schrieber 317Adviser: Michael Shapira
Hebrew University
http://www.cs.tau.ac.il/~msagiv/courses/rsdn.html
![Page 2: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/2.jpg)
Content
• Challenges in SDNs• Programming Language Abstractions• Programming Language Techniques• Program Language Tools • Other useful tools
![Page 3: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/3.jpg)
Challenges in SDN
• Programming complexity• Reliabilty
![Page 4: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/4.jpg)
The Internet: A Remarkable Story
• Tremendous success– From research experiment
to global infrastructure• Brilliance of under-specifying– Network: best-effort packet delivery– Hosts: arbitrary applications
• Enables innovation in applications– Web, P2P, VoIP, social networks, virtual worlds
• But, change is easy only at the edge… 4
![Page 5: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/5.jpg)
Inside the ‘Net: A Different Story…• Closed equipment– Software bundled with hardware– Vendor-specific interfaces
• Over specified– Slow protocol standardization
• Few people can innovate– Equipment vendors write the code– Long delays to introduce new features
5
Impacts performance, security, reliability, cost…
![Page 6: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/6.jpg)
Do We Need Innovation Inside?
6
Many boxes (routers, switches, firewalls, …), with different interfaces.
![Page 7: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/7.jpg)
How Hard are Networks to Manage?
• Operating a network is expensive– More than half the cost of a network– Yet, operator error causes most outages
• Buggy software in the equipment– Routers with 20+ million lines of code– Cascading failures, vulnerabilities, etc.
• The network is “in the way”– Especially a problem in data centers– … and home networks
7
![Page 8: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/8.jpg)
Creating Foundation for Networking
• A domain, not a discipline– Alphabet soup of protocols– Header formats, bit twiddling– Preoccupation with artifacts
• From practice, to principles– Intellectual foundation for networking– Identify the key abstractions– … and support them efficiently
• To build networks worthy of society’s trust8
![Page 9: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/9.jpg)
Rethinking the “Division of Labor”
9
![Page 10: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/10.jpg)
Traditional Computer Networks
10
Data plane:Packet streaming
Forward, filter, buffer, mark, rate-limit, and measure packets
![Page 11: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/11.jpg)
Traditional Computer Networks
11
Track topology changes, compute routes, install forwarding rules
Control plane:Distributed algorithms
![Page 12: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/12.jpg)
Traditional Computer Networks
12
Collect measurements and configure the equipment
Management plane: Human time scale
![Page 13: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/13.jpg)
Shortest-Path Routing
• Management: set the link weights• Control: compute shortest paths• Data: forward packets to next hop
13
1
1
3
1
1
![Page 14: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/14.jpg)
Shortest-Path Routing
• Management: set the link weights• Control: compute shortest paths• Data: forward packets to next hop
14
1
1
3
1
1
![Page 15: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/15.jpg)
Inverting the Control Plane
• Traffic engineering– Change link weights– … to induce the paths– … that alleviate congestion
15
5
1
3
1
1
![Page 16: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/16.jpg)
Avoiding Transient Anomalies
• Distributed protocol– Temporary disagreement among the nodes– … leaves packets stuck in loops– Even though the change was planned!
16
1 5
1
3
1
1
![Page 17: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/17.jpg)
Death to the Control Plane!
• Simpler management– No need to “invert” control-plane operations
• Faster pace of innovation– Less dependence on vendors and standards
• Easier interoperability– Compatibility only in “wire” protocols
• Simpler, cheaper equipment– Minimal software
17
![Page 18: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/18.jpg)
Software Defined Networking (SDN)
18
API to the data plane(e.g., OpenFlow)
Logically-centralized control
Switches
Smart,slow
Dumb,fast
![Page 19: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/19.jpg)
OpenFlow Networks
19
![Page 20: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/20.jpg)
Data-Plane: Simple Packet Handling
• Simple packet-handling rules– Pattern: match packet header bits– Actions: drop, forward, modify, send to controller – Priority: disambiguate overlapping patterns– Counters: #bytes and #packets
20
1. src=1.2.*.*, dest=3.4.5.* drop 2. src = *.*.*.*, dest=3.4.* forward(2)3. src=10.1.2.3, dest=*.*.*.* send to controller
1. src=1.2.*.*, dest=3.4.5.* drop 2. src = *.*.*.*, dest=3.4.* forward(2)3. src=10.1.2.3, dest=*.*.*.* send to controller
![Page 21: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/21.jpg)
Controller: Programmability
21
Network OS
App #1 App #2 App #3
Events from switchesTopology changes,Traffic statistics,Arriving packets
Commands to switches(Un)install rules,Query statistics,Send packets
![Page 22: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/22.jpg)
OpenFlow in the Wild
• Open Networking Foundation– Creating Software Defined Networking standards– Google, Facebook, Microsoft, Yahoo, Verizon, Deutsche
Telekom, and many other companies• Commercial OpenFlow switches– HP, NEC, Quanta, Dell, IBM, Juniper, …
• Network operating systems– NOX, Beacon, Floodlight, Nettle, ONIX, POX, Frenetic
• Network deployments– Eight campuses, and two research backbone networks– Commercial deployments
22
![Page 23: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/23.jpg)
Dynamic Access Control• Inspect first packet of each connection• Consult the access control policy• Install rules to block or route traffic
23
![Page 24: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/24.jpg)
Seamless Mobility/Migration• See host sending traffic at new
location• Modify rules to reroute the traffic
24
![Page 25: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/25.jpg)
Example Applications
• Dynamic access control• Seamless mobility/migration• Server load balancing• Using multiple wireless access points• Energy-efficient networking• Adaptive traffic monitoring• Denial-of-Service attack detection• Network virtualization
25See http://www.openflow.org/videos/
![Page 26: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/26.jpg)
Challenges of Programming Software Defined Networks
26
![Page 27: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/27.jpg)
Programming OpenFlow Networks
• OpenFlow makes programming possible– Network-wide view at controller– Direct control over data plane
• The APIs do not make it easy– Low level of abstraction
• Challenges– Composition– Concurrency– Correctness– Testing
27
Controller
Switches
![Page 28: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/28.jpg)
A Simple example: Firewall
• A switch connected to two kind of hosts– Trusted hosts via port 1– Untrusted hosts via port 2
• Trusted hosts can freely send packets to untrusted hosts
• An unstrusted host can only send to a trusted destination which previously sent messages to this host
![Page 29: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/29.jpg)
Firewall
12
![Page 30: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/30.jpg)
Firewall Controller Pseudo-code
rel trusted(SW, HO) packetIn(s, p, 1) # packets from trusted hosts send(s, p, 2) # forward the packet to untrusted hosts trusted.insert(s, p.dst) # insert the target of p into trusted controller memory ft.insert(s, p, 1, 2) # insert a per-flow rule to forward future packets
packetIn(s, p, 2) -> # packets from untrusted hosts if trusted(s, p.src) then { send(s, p, 1) # forward the packet to trusted hosts ft.insert (s, p, 2, 1) # insert a per-flow rule to forward future packets }
![Page 31: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/31.jpg)
Firewall Controller Pseudo-code(2)
packetIn(s, p, 1) # packets from trusted hosts send(s, p, 2) # forward the packet to untrusted hosts ft.insert(s, src:p.src, 1, 2) # insert a general rule to forward future packets ft.insert(s, dst:p.dst, 2, 1) # allow future packets from 2
![Page 32: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/32.jpg)
A Learning Switch
• Ttwo hosts (A & B) • An OpenFlow switch with 3 ports• Host A is connected to port 1• and Host B is connected to port 2• Gradually install forwarding rules• Update upon relocation
Host A
Switch1
2Host B
![Page 33: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/33.jpg)
‘A’ sends a message to ‘B’
Host A
Switch1
2Host B
TCP syn dst=B
![Page 34: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/34.jpg)
Forward to the Controller
Host A
Switch1
2Host B
TCP syn dst=B
3
send TCP syn dst=B on port 2
send TCP syn dst=B on port 3
learn that A is connected via port 1
![Page 35: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/35.jpg)
‘B’ sends a message to ‘A’
Host A
Switch1
2Host BTCP ack dst=A
![Page 36: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/36.jpg)
Forward to the Controller
Host A
Switch1
2Host B
TCP ack dst=A
3
send TCP ack dst=A on port 1
learn that B is connected via port 2
Install a rule to forward packets from B to A on port 1
![Page 37: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/37.jpg)
‘A’ sends another message to ‘B’
Host A
Switch1
2Host B
dst=B
![Page 38: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/38.jpg)
Forward to the Controller
Host A
Switch1
2Host B
dst=B
3
Send dst=B on port 2
Install a rule to forward packets from A to B to port 2
![Page 39: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/39.jpg)
Learning Switch Pseudo-code
rel connected (SW, PR, HO)PacketIn(s, p, e) -> connect.insert (s, e, p.src) if connect(s, o, p.dst) then { send (s, p, o) ft.insert(s, p, e, o) } else foreach o in {1, 2, 3} – p # Flood send (s, p, o)
![Page 40: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/40.jpg)
Reasoning about Programs
• Debugging• Testing– Model checking
• Programming language support– Abstraction– Composition– Ease of use
• Program verification– Abstraction
![Page 41: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/41.jpg)
Seminar Benefits
• A cool topic• Reasoning• Critically read an article• Learn to present an article
![Page 42: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/42.jpg)
Seminar Requirements
• Compilers• Read an article (2 weeks)• Prepare presentation (1 week)• Participate in lectures
![Page 43: Reasoning about Software Defined Networks](https://reader034.fdocuments.in/reader034/viewer/2022051218/56815a37550346895dc77565/html5/thumbnails/43.jpg)
Tentative Schedule
October 24 Michael Shapira
Introduction to SDN
October 31 Mooly Sagiv Introduction to Program Reasoning
November 7 ? ?
November 14 ? ?