Department of Electrical and Computer Engineering Abhishek Dwaraki 1 Srini Seetharaman 2, Sriram Natarajan 3, Tilman Wolf 1 1. Department of Electrical.

Slides:



Advertisements
Similar presentations
Issue 1 It can be argued that the complexity problem associated with the current IP control plane has arisen because of ever evolving network service requirements.
Advertisements

SDN Controller Challenges
A SOFT Way for OpenFlow Interoperability Testing Maciej Kuźniar, Peter Perešini, Marco Canini†, Daniele Venzano, Dejan Kostić‡ EPFL †TU Berlin/T-Labs ‡IMDEA.
Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG
Openflow App Security Chao SHI Stephen Duraski. Background Software-defined networking o Control plane abstraction o Abstract topology view o Abstraction.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.
Network Innovation using OpenFlow: A Survey
Standards & Enterprise Architecture for E-Governance Dr P.Madhav Institute for Electronic Governance.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Conquering Complex and Changing Systems Object-Oriented Software Engineering TJSS System Design Lecture 12 Päivi Ovaska.
Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.
Dr. Kalpakis CMSC 461, Database Management Systems Introduction.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Unicenter Desktop & Server Management Network Challenges -Latest Revision 11/28/2005.
CASE Tools And Their Effect On Software Quality Peter Geddis – pxg07u.
Database Systems: Design, Implementation, and Management Ninth Edition
Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
Software-Defined Networks Jennifer Rexford Princeton University.
Formal Modeling of an Openflow Switch using Alloy Natali Ruchansky and Davide Proserpio.
VeriFlow: Verifying Network-Wide Invariants in Real Time
CSE 403, Software Engineering Lecture 4 Documenting and Using Requirements.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
Module 4: Planning, Optimizing, and Troubleshooting DHCP
University of Toronto Department of Computer Science © Steve Easterbrook. This presentation is available free for non-commercial use with attribution.
Chapter 1 : Introduction §Purpose of Database Systems §View of Data §Data Models §Data Definition Language §Data Manipulation Language §Transaction Management.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
©Silberschatz, Korth and Sudarshan1.1Database System Concepts Chapter 1: Introduction Purpose of Database Systems View of Data Data Models Data Definition.
Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  
SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.
A survey of SDN: Past, Present and Future of Programmable Networks Speaker :Yu-Fu Huang Advisor :Dr. Kai-Wei Ke Date:2014/Sep./30 1.
Extending OVN Forwarding Pipeline Topology-based Service Injection
Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.
SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Programming Languages COS 597E: Software Defined Networking.
Shadow MACs: Scalable Label- switching for Commodity Ethernet Author: Kanak Agarwal, John Carter, Eric Rozner and Colin Dixon Publisher: HotSDN 2014 Presenter:
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 1 Database Systems.
Stochastic Pre-Classification for SDN Data Plane Matching Author : Luke McHale, C. Jasson Casey, Paul V. Gratz, Alex Sprintson Conference: 2014 IEEE 22nd.
Header Space Analysis: Static Checking for Networks Broadband Network Technology Integrated M.S. and Ph.D. Eun-Do Kim Network Standards Research Section.
Authors: Mark Reitblatt, Nate Foster, Jennifer Rexford, Cole Schlesinger, David Walker Presenter: Byungkwon Choi Abstractions for Network Update INA.
Towards Secure and Dependable Software-Defined Networks Fernando M. V. Ramos LaSIGE/FCUL, University of Lisbon
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.
IEEE ICC ‘16 Dynamic M2M Device Attachment and Redirection in Virtual Home Gateway Environments Apostolos Papageorgiou, NEC Labs Europe Roberto Bifulco,
Introduction to DBMS Purpose of Database Systems View of Data
SDN challenges Deployment challenges
A Network-State Management Service
SDN Network Updates Minimum updates within a single switch
Software Project Configuration Management
The DPIaaS Controller Prototype
CIM Modeling for E&U - (Short Version)
100% Exam Passing Guarantee & Money Back Assurance
Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014
IEEE 802 OmniRAN Study Group: SDN Use Case
Software Defined Networking (SDN)
Introduction to DBMS Purpose of Database Systems View of Data
SDN-based OmniRAN Use Cases Summary
OpenSec:Policy-Based Security Using Software-Defined Networking
Protection Mechanisms in Security Management
In-network computation
Control-Data Plane Separation
Intelligent Network Services through Active Flow Manipulation
Presentation transcript:

Department of Electrical and Computer Engineering Abhishek Dwaraki 1 Srini Seetharaman 2, Sriram Natarajan 3, Tilman Wolf 1 1. Department of Electrical and Computer Engineering, University of Massachusetts, Amherst, MA, USA 2. Infinera Inc., San Francisco, CA, USA 3. Deutsche Telekom Inc., Silicon Valley Innovation Center, Mountain View, CA, USA This material is based upon work supported by the National Science Foundation under Grant No GitFlow: Flow Revision Control for Software- Defined Networks

2 Department of Electrical and Computer Engineering Inconsistencies in SDNs Device X Data plane Controller App 1App 2 Rule #Ingress Port Source IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port3) 3Port 2* FWD(Port 4) 1. App1 inserts specific flow rule to direct traffic 2. App2 inserts general rule that diverts traffic elsewhere  Fundamental example, other complex ones may exist  Can be introduced through alternate interfaces, e.g., data plane devices, configuration points

3 Department of Electrical and Computer Engineering Unified Consistent State – Goals and Challenges  Network state abstracted into the SDN framework Goal – Updated network state always available Challenge – Real time performance  Unified, consistent view across framework Goal – Support multiple interfaces Challenge – Concurrency mechanisms to ensure consistency  Up-to-date network state to make control plane decisions Goal – Ensure availability to all entities Challenge – Clean abstraction required Existing approaches Statesman, FortNOX, VeriFlow

4 Department of Electrical and Computer Engineering Required Concurrency Safeguards Author identification Safety and provenance Author Tracking Track state transformation Information generation Change Tracking Control ownership Prevent unauthorized modification State Safety Detect and resolve conflicts Generate matches for mutability, safety Conflict Resolution Metadata generation, storage Useful to tools on top of framework Annotations

5 Department of Electrical and Computer Engineering Network State versus Software Code  Network State State evolves over time Multiple players involved Programmability challenges State conflicts Security violations  Software Code Code evolves over time Multiple code authors Programmability challenges Merge conflicts Authorization violations Revision control (Git) manages this elegantly. Why not treat network state like software code?

6 Department of Electrical and Computer Engineering Existing Solutions Current Solution Author Tracking Change Tracking State SafetyConflict Detection/Resol ution Annotations Statesman ✕✕✔✔✕ FortNOX ✕✕✔✔✕ FlowSpace Firewall ✔✕ partial ✕✕ VeriFlow ✕✕✔✔✕

7 Department of Electrical and Computer Engineering GitFlow Architecture

8 Department of Electrical and Computer Engineering Scenario 1 – Flow Table Evolution  Flow state – evolves over time  Revision control – aids understanding state evolution Controller Rule #Ingress PortSource IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port3) 3Port 2* FWD(Port 4) Rule #Ingress PortSource IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port3) Rule #Ingress PortSource IPDest IPInstructions 1Port 11.2.*.*3.4.5.*DROP 2Port 2**FWD(Port5) 3Port 2* FWD(Port 4) Switch Add Flow Modify Flow

9 Department of Electrical and Computer Engineering Scenario 2 – Identifying security violations  Malicious updates affect packet forwarding behavior  AAA – vets applications/bundles for malicious activity  Revision control + AAA = higher security Revision control – can identify when what was changed and who authorized it AAA – corrective measures to ensure secure operation in future

10 Department of Electrical and Computer Engineering Scenario 3 – Troubleshooting  Previous approaches - identify errant states, cannot prevent reoccurrence  Revision control – can avoid transitions to errant states using annotations  Networks as autonomous entities What is important - Self-healing How it is achieved - automated troubleshooting tools How can revision control help - exercising more intricate level of inspection

11 Department of Electrical and Computer Engineering Summary  Inconsistencies exist in network state information  Revision control is a comprehensive solution  Treat network state like code/files  revision and abstract  Revision control provides required concurrency guarantees  Very relevant use cases in state evolution, troubleshooting  Please refer paper for more details

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.