Presentation is loading. Please wait.

Presentation is loading. Please wait.

Models and techniques for verification of Software Defined Networks Victor AltukhovEugene Chemeritsky Vladislav PodymovVladimir Zakharov Applied Research.

Similar presentations


Presentation on theme: "Models and techniques for verification of Software Defined Networks Victor AltukhovEugene Chemeritsky Vladislav PodymovVladimir Zakharov Applied Research."— Presentation transcript:

1 Models and techniques for verification of Software Defined Networks Victor AltukhovEugene Chemeritsky Vladislav PodymovVladimir Zakharov Applied Research Center for Computer Networks

2 Outline Introduction Software Defined Networks Packet Forwarding Policies Model Policy language Verifying monitor Experiments & Comparison

3 What is Software Defined Network? A B Switch Link HostPort Conventional network Application Forwarding state What is SDN?

4 Conventional network What is SDN? A B Application Forwarding state Topology Task How to forward a packet Packet

5 Conventional network What is SDN? A B Application Forwarding state App FS App FS App FS App FS decentralized control non-uniformity

6 Conventional network What is SDN? A B App FS App FS App FS App FS Controller decentralized control non-uniformity centralized control uniformity SDN

7 What is SDN? A B FS Controller Control plane Data plane OpenFlow Application SDN centralized control uniformity

8 What is SDN? A B FS Controller Control plane Data plane OpenFlow Application Upd Ok, I can do it Don’t know what to do SDN centralized control uniformity

9 What is Packet Forwarding Policy? Example: imposed on a to guarantee that its behavior is What is PFP?

10 A B Example: Reachability Packets from the host A will eventually reach the host B

11 What is PFP? A B Example: No topological loops Packets do not traverse the same switch twice

12 What is PFP? A B Example: Short routes only 1234 All hosts are reached in at most 3 hops

13 What is PFP? Why? Hardware errors Software (application) errors We want to check if PFPs hold in a real SDN and considerPFPs w.r.t. to

14 How to check PFPs? Formal specificationNetwork model Model checking Fast! ⊧ ~ 10μs

15 Packet state A B Switch #1 Port #1 Header #h1 Switch #2 Port #1 Header #h2 Switch #4 Port #1 Header #h3 Switch #4 Port #3 Header #h4 h1 h2 h3 h4

16 Packet state A B Switch #1 Port #1 Header #h1 Switch #2 Port #1 Header #h2 Switch #4 Port #1 Header #h3 Switch #4 Port #3 Header #h4 Switch #w Port #p Header #h

17 Packet state 0…11…10…0 size w size p size h Switch #w Port #p Header #h is the set of all packet states

18 Raw model rule is an explicit description of key SDN components such as:

19 Raw model table rule default is an explicit description of key SDN components such as:

20 Raw model table Switch is an explicit description of key SDN components such as:

21 Relational model

22

23 PFP Specification Language: syntax Atoms: First order logic constructors: State equalities: Closure constructors: + [i1, i2] – transitive closure – bounded transitive closure

24 PFP SL: semantics a PFP SL formula Given a relational model How? defines a relation n times

25 PFP SL: semantics How? Obvious Given a relational model n times a PFP SL formuladefines a relation

26 PFP SL: semantics How? Union Intersection Complement Given a relational model a PFP SL formuladefines a relation n times

27 PFP SL: semantics How? Universal projection Existential projection Given a relational model a PFP SL formuladefines a relation n times

28 PFP SL: semantics How? Given a relational model + [i1, i2] Transitive closure Bounded transitive closure a PFP SL formuladefines a relation n times

29 PFP SL: examples + No topological loops Reachability Short routes only * * + [1, 3]

30 What else? We should be able to We can do it at every instant continuously changes Model should be The update rate for Model should surpass the update rate for Model on-line

31 How does it work? Main usage now: Network Controller Proxy Checker Loader

32 We tested it for 16 switches Fat Tree topology 48 tables forw. rules 1500 ACL rules >100 VLAN Stanford University Network

33 Tool comparison ToolBuild (ms.) Update (ms.) PoliciesOpenFlow concepts VERMONT (2014) FO[TC] (strict superset of others) Full NetPlumber (2013) CTLPartial VeriFlow (2013) > Small fixed setMinimal AP Verifier (2013) Small fixed setMinimal FlowChecker (2010) CTLFull Anteater (2011) ???Small fixed set No

34 The End


Download ppt "Models and techniques for verification of Software Defined Networks Victor AltukhovEugene Chemeritsky Vladislav PodymovVladimir Zakharov Applied Research."

Similar presentations


Ads by Google