Presentation is loading. Please wait.

Presentation is loading. Please wait.

NetEgg: Scenario-based Programming for SDN Policies Yifei Yuan, Dong Lin, Rajeev Alur, Boon Thau Loo University of Pennsylvania 1.

Published byEthelbert Banks Modified over 8 years ago

Similar presentations

Presentation on theme: "NetEgg: Scenario-based Programming for SDN Policies Yifei Yuan, Dong Lin, Rajeev Alur, Boon Thau Loo University of Pennsylvania 1."— Presentation transcript:

1 NetEgg: Scenario-based Programming for SDN Policies Yifei Yuan, Dong Lin, Rajeev Alur, Boon Thau Loo University of Pennsylvania 1

2 Software-Defined Networking (SDN) 2 Controller App DstNextHop A2 …… MatchAction Src=Adrop …… Openflow e.g. POX, NOX, Floodlight, etc. APIs distributed protocols Control plane Data plane Programmability

3 Programming Abstractions Declarative Networking [CACM’09] Frenetic [ICFP’11] NetCore [POPL’12] Pyretic [NSDI’13] NetKAT [POPL’14] … 3 C/C++ (NOX) Python (POX) Java (Floodlight) … General-purpose Programming Languages Domain Specific Languages Target: Engineers with good programing skills

4 How about network operators? Do network operators need to program the network? How well can they master programming skills? 4

5 Industry Interviews Interviewed 74 network operators/architects/ engineers in telcos, banks, service providers, campus IT, and router vendors Need for programming skills among network operators (Lack of) programming expertise 5

6 Programming Need 6

7 Lack of Programming Expertise Hard to hire people who know have good knowledge in both programming and network operations Retraining operation teams on programming Hiring software developers who know networking 7

8 8

9 9

10 10 Goal of NetEgg: intuitive & concise programming abstractions targeting non-programmers

11 Controller 11 Policy Work hard! Programming Policies Today Examples behaviors

12 Test examples Controller 12 Test/verify/debug Policy Bad behaviors Work HARDER! Counter examples Programming Policies Today Examples behaviors

13 Test examples Controller 13 Test/verify/debug Policy Bad behaviors Work HARDER! Counter examples Programming Policies Today Examples behaviors

14 Test examples Controller 14 Test/verify/debug Policy Bad behaviors Work HARDER, HARDER.. ! Counter examples Programming Policies Today Examples behaviors

15 Test examples Controller 15 Test/verify/debug Policy Bad behaviors Work HARDER, HARDER.. ! Counter examples Programming Policies Today Examples behaviors

16 NetEgg Overview Example behaviors Controller 16 Action Instructions / Rule installation Network events Synthesizer Interpreter Policy Bad behaviors conflicts

17 Example 17 Learning switch: 1.Learn the mapping between hosts and ports 2.Forward packets according to the learnt mapping 3 A 2 1 B 17 flood fwd( p 1 ) fwd( p 2 ) C

18 A Stateful Policy Model Intuition: states + cases Learning switch: – States: Mapping between hosts and ports – Case 1. Flood packets if the destination is unknown; store the port for the source – Case 2. Forward packets otherwise; store port for source in packets 18

19 19 MatchTestActionUpdate *ST(dst).state=0floodST(src):=(1,port) *ST(dst).state=1fwd(ST(dst).value)ST(src):=(1,port) MACStateValue A11 MACStateValue A11 C13 Controller 3 A 2 1 C B State Table (ST): Policy Table:

20 Synthesizer...... MatchTestActionUpdate *ST(dst).state=0 floodST(src):= (1,port) *ST(dst).state=1 fwd(ST(dst).value) ST(src):= (1,port) 20

21 Synthesis Algorithm Goal: – Consistent with all scenarios – Minimize the number of rules Approach: 1.Greedy search over policy templates 2.Backtrack with pruning 21

22 Synthesis Algorithm Illustration 22 MatchTestActionUpdate *ST(dst).state =0 *ST(dst).state =1 … Increasing # rules Backtrack & pruning Backtrack & pruning MatchTestActionUpdate *ST(dst).state=0 floodST(src):= (1,port) *ST(dst).state=1 fwd(ST(dst).value) ST(src):= (1,port) Details in the paper

23 Rule Installation Idea: Keep rules not updating state tables on the switch 23 MACStateValue A12 B13 MatchTestActionUpdate *ST(dstmac).state=0 floodST(srcmac): =(1,port) *ST(dstmac).state=1 fwd(ST(dstmac). value) ST(srcmac): =(1,port) MatchAction inport=3, srcmac=B, dstmac=Afwd(2) ……

24 Evaluation Is scenario-based programming feasible? – Expressiveness – Programming time – Efficiency Is the performance of synthesized implementations comparable to hand-crafted implementation? – Controller response latency – End-to-end performance 24

25 Expressiveness & Efficiency 25

26 Programming Time 12 graduate students (good in programming) 3 programming assignments: – Mac learner – Stateful firewall – TCP firewall Programming using: – POX – NetEgg 26

27 User Study: Programming Time 50 % less 72 % less 6 % more 27 State Firewall Mac Learner TCP Firewall

28 Pox Code: Stateful firewall 28

29 NetEgg Scenarios: Stateful firewall 29

30 Synthesized Policy Table: Stateful firewall 30

31 Response Time 31

32 End-to-end performance Topology: fattree, 20 switches, 16 hosts Policy: learning switch Setup: – 1 host as HTTP server – other hosts send HTTP requests to the server – benchmark connection time (i.e. time between a request is issued and it is finished.) 32

33 End-to-end performance 33

34 Conclusion Scenario-based programming for SDN policies: – Expressive to program a range of policies – Concise in code size – Comparable performance to hand-crafted implementations Future work: – Expanded user study – Objective-oriented policies: TE, Shorted-path routing – Combine with network monitoring 34

35 Questions? 35 yifeiy@cis.upenn.edu

Download ppt "NetEgg: Scenario-based Programming for SDN Policies Yifei Yuan, Dong Lin, Rajeev Alur, Boon Thau Loo University of Pennsylvania 1."

Similar presentations

Incremental Update for a Compositional SDN Hypervisor Xin Jin Jennifer Rexford, David Walker.

Incremental Update for a Compositional SDN Hypervisor Xin Jin Jennifer Rexford, David Walker.
SDN Applications Jennifer Rexford Princeton University.

SDN Applications Jennifer Rexford Princeton University.
Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Composing Software Defined Networks

Composing Software Defined Networks
Composing Software-Defined Networks Princeton*Cornell^ Chris Monsanto*, Joshua Reich* Nate Foster^, Jen Rexford*, David Walker* www.frenetic-lang.org/pyretic.

Composing Software-Defined Networks Princeton*Cornell^ Chris Monsanto*, Joshua Reich* Nate Foster^, Jen Rexford*, David Walker*
Nanxi Kang Princeton University

Nanxi Kang Princeton University
Jennifer Rexford Princeton University

Jennifer Rexford Princeton University
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.

Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
An Overview of Software-Defined Network Presenter: Xitao Wen.

An Overview of Software-Defined Network Presenter: Xitao Wen.
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.

OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.

Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.

Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.

Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
Software-Defined Networking

Software-Defined Networking
An Overview of Software-Defined Network

An Overview of Software-Defined Network
Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.

Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,

Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.

Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.

Similar presentations

Ads by Google