Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Electrical and Computer Engineering Abhishek Dwaraki 1 Srini Seetharaman 2, Sriram Natarajan 3, Tilman Wolf 1 1. Department of Electrical.

Published byClaude King Modified over 7 years ago

Similar presentations

Presentation on theme: "Department of Electrical and Computer Engineering Abhishek Dwaraki 1 Srini Seetharaman 2, Sriram Natarajan 3, Tilman Wolf 1 1. Department of Electrical."— Presentation transcript:

1 Department of Electrical and Computer Engineering Abhishek Dwaraki 1 Srini Seetharaman 2, Sriram Natarajan 3, Tilman Wolf 1 1. Department of Electrical and Computer Engineering, University of Massachusetts, Amherst, MA, USA 2. Infinera Inc., San Francisco, CA, USA 3. Deutsche Telekom Inc., Silicon Valley Innovation Center, Mountain View, CA, USA This material is based upon work supported by the National Science Foundation under Grant No. 1421448 GitFlow: Flow Revision Control for Software- Defined Networks

2 2 Department of Electrical and Computer Engineering Inconsistencies in SDNs Device X Data plane Controller App 1App 2 Rule #Ingress Port Source IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port3) 3Port 2*10.1.1.1FWD(Port 4) 1. App1 inserts specific flow rule to direct traffic 2. App2 inserts general rule that diverts traffic elsewhere  Fundamental example, other complex ones may exist  Can be introduced through alternate interfaces, e.g., data plane devices, configuration points

3 3 Department of Electrical and Computer Engineering Unified Consistent State – Goals and Challenges  Network state abstracted into the SDN framework Goal – Updated network state always available Challenge – Real time performance  Unified, consistent view across framework Goal – Support multiple interfaces Challenge – Concurrency mechanisms to ensure consistency  Up-to-date network state to make control plane decisions Goal – Ensure availability to all entities Challenge – Clean abstraction required Existing approaches Statesman, FortNOX, VeriFlow

4 4 Department of Electrical and Computer Engineering Required Concurrency Safeguards Author identification Safety and provenance Author Tracking Track state transformation Information generation Change Tracking Control ownership Prevent unauthorized modification State Safety Detect and resolve conflicts Generate matches for mutability, safety Conflict Resolution Metadata generation, storage Useful to tools on top of framework Annotations

5 5 Department of Electrical and Computer Engineering Network State versus Software Code  Network State State evolves over time Multiple players involved Programmability challenges State conflicts Security violations  Software Code Code evolves over time Multiple code authors Programmability challenges Merge conflicts Authorization violations Revision control (Git) manages this elegantly. Why not treat network state like software code?

6 6 Department of Electrical and Computer Engineering Existing Solutions Current Solution Author Tracking Change Tracking State SafetyConflict Detection/Resol ution Annotations Statesman ✕✕✔✔✕ FortNOX ✕✕✔✔✕ FlowSpace Firewall ✔✕ partial ✕✕ VeriFlow ✕✕✔✔✕

7 7 Department of Electrical and Computer Engineering GitFlow Architecture

8 8 Department of Electrical and Computer Engineering Scenario 1 – Flow Table Evolution  Flow state – evolves over time  Revision control – aids understanding state evolution Controller Rule #Ingress PortSource IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port3) 3Port 2*10.1.1.1FWD(Port 4) Rule #Ingress PortSource IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port3) Rule #Ingress PortSource IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port5) 3Port 2*10.1.1.1FWD(Port 4) Switch Add Flow Modify Flow

9 9 Department of Electrical and Computer Engineering Scenario 2 – Identifying security violations  Malicious updates affect packet forwarding behavior  AAA – vets applications/bundles for malicious activity  Revision control + AAA = higher security Revision control – can identify when what was changed and who authorized it AAA – corrective measures to ensure secure operation in future

10 10 Department of Electrical and Computer Engineering Scenario 3 – Troubleshooting  Previous approaches - identify errant states, cannot prevent reoccurrence  Revision control – can avoid transitions to errant states using annotations  Networks as autonomous entities What is important - Self-healing How it is achieved - automated troubleshooting tools How can revision control help - exercising more intricate level of inspection

11 11 Department of Electrical and Computer Engineering Summary  Inconsistencies exist in network state information  Revision control is a comprehensive solution  Treat network state like code/files  revision and abstract  Revision control provides required concurrency guarantees  Very relevant use cases in state evolution, troubleshooting  Please refer paper for more details

Download ppt "Department of Electrical and Computer Engineering Abhishek Dwaraki 1 Srini Seetharaman 2, Sriram Natarajan 3, Tilman Wolf 1 1. Department of Electrical."

Similar presentations

Issue 1 It can be argued that the complexity problem associated with the current IP control plane has arisen because of ever evolving network service requirements.

Issue 1 It can be argued that the complexity problem associated with the current IP control plane has arisen because of ever evolving network service requirements.
SDN Controller Challenges

SDN Controller Challenges
A SOFT Way for OpenFlow Interoperability Testing Maciej Kuźniar, Peter Perešini, Marco Canini†, Daniele Venzano, Dejan Kostić‡ EPFL †TU Berlin/T-Labs ‡IMDEA.

A SOFT Way for OpenFlow Interoperability Testing Maciej Kuźniar, Peter Perešini, Marco Canini†, Daniele Venzano, Dejan Kostić‡ EPFL †TU Berlin/T-Labs ‡IMDEA.
Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG 19.04.2013.

Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG
Openflow App Security Chao SHI Stephen Duraski. Background Software-defined networking o Control plane abstraction o Abstract topology view o Abstraction.

Openflow App Security Chao SHI Stephen Duraski. Background Software-defined networking o Control plane abstraction o Abstract topology view o Abstraction.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.

Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.
Network Innovation using OpenFlow: A Survey

Network Innovation using OpenFlow: A Survey
Standards & Enterprise Architecture for E-Governance Dr P.Madhav Institute for Electronic Governance.

Standards & Enterprise Architecture for E-Governance Dr P.Madhav Institute for Electronic Governance.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Conquering Complex and Changing Systems Object-Oriented Software Engineering TJSS System Design Lecture 12 Päivi Ovaska.

Conquering Complex and Changing Systems Object-Oriented Software Engineering TJSS System Design Lecture 12 Päivi Ovaska.
Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.

Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.
Dr. Kalpakis CMSC 461, Database Management Systems Introduction.

Dr. Kalpakis CMSC 461, Database Management Systems Introduction.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,

Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Unicenter Desktop & Server Management Network Challenges -Latest Revision 11/28/2005.

Unicenter Desktop & Server Management Network Challenges -Latest Revision 11/28/2005.
CASE Tools And Their Effect On Software Quality Peter Geddis – pxg07u.

CASE Tools And Their Effect On Software Quality Peter Geddis – pxg07u.
Database Systems: Design, Implementation, and Management Ninth Edition

Database Systems: Design, Implementation, and Management Ninth Edition
Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

Similar presentations

Ads by Google