Timed Consistent Network Updates in Software-Defined Networks 2018.3.16 Speaker: CHAO-YU WANG Advisor: KE, KAI-WEI

Outline Introduction Terminology and Notations Worst-Case Analysis Evaluation Discussion

Introduction Network updates, such as policy and routing changes, occur frequently in software-defined networks . Updates should be performed consistently, preventing temporary disruptions, and should require as little overhead as possible.

Introduction (Cont’d) Ordered Update: At each phase the controller waits until all the switches have completed their updates, and only then invokes the next phase in the sequence. Two-Phase Updates: In the first phase the new configuration is installed in all the middle-stage switches of the network. In the second phase the ingress switches are instructed to start using a version tag that represents the new configuration.

Introduction (Cont’d) Assume that switches keep local clocks that are synchronized to a central reference clock by a synchronization protocol or by an accurate time source such as GPS. The controller sends network update messages to switches using an SDN protocol such as OpenFlow. An update message may specify when the corresponding update is scheduled to be performed

Introduction (Cont’d)

Introduction (Cont’d) 只是特例 kphase

Terminology and Notations The Network Model System consists of N + 1 nodes: a controller c, and a set of N switches. It is assumed that every switch maintains a local clock. Network Updates We define consistent forwarding based on the per-packet consistency definition of . A packet is consistently forwarded if it is processed by all switches either according to the new configuration, after the update, or according to the old one, but not according to a mixture of the two.

Terminology and Notations (Cont’d) Delay-Related Notations

Terminology and Notations (Cont’d) Explicit Acknowledgment OpenFlow currently does not support such an acknowledgment mechanism. Hence, one can either use a different SDN protocol that supports explicit acknowledgment or use an update procedure in which the controller waits for a fixed period (Dc) until the switch is guaranteed to complete the update. Observation : In typical settings δ<Dc. Software timeout ACKnowledgment

Worst-Case Analysis Worst-Case Analysis of Untimed Update Worst-Case Analysis of Timed Updates

Worst-Case Analysis (Cont’d) We use Program Evaluation and Review Technique (PERT) charts to illustrate the worst-case update duration analysis. A node labeled Cj,i represents the event ‘the controller starts transmitting a phase j update message to switch Si’. A node labeled Sj,i represents ‘switch Si has completed its phase j update’.

Worst-Case Analysis (Cont’d) Untimed Updates

Worst-Case Analysis (Cont’d) The weight of each edge indicates the maximal delay to complete the transition from one event to another Cstart and Cfin represent the start and finish times of the update procedure, respectively.

Worst-Case Analysis (Cont’d) Untimed Updates

Worst-Case Analysis (Cont’d) Untimed Updates With Garbage Collection

Worst-Case Analysis (Cont’d) Untimed Updates With Garbage Collection

Worst-Case Analysis (Cont’d) Worst-Case-Based Scheduling

Worst-Case Analysis (Cont’d) Timed update

Worst-Case Analysis (Cont’d) Timed vs. Untimed Updates

Worst-Case Analysis (Cont’d) Timed vs. Untimed Updates Proof:

Worst-Case Analysis (Cont’d)

Worst-Case Analysis (Cont’d) Proof

Worst-Case Analysis (Cont’d) Using Acknowledgments

Worst-Case Analysis (Cont’d)

Worst-Case Analysis (Cont’d) We observe that for a sufficiently large value of Dn the timed approach produces a lower update duration. DgT = Dn + δ < Dn + Dc < Dn+ (NG2 - 1) * Δ + Dc = DgUT

Fine Tuning Consistency By setting the update times T1, T2,...,Tk, Tg1,...,Tgk, the controller can play with the consistency- scalability tradeoff; the update overhead can be reduced at the expense of some inconsistency, or vice versa.

Evaluation Timed vs. Untimed Updates

Evaluation (Cont’d) Fine Tuning Consistency Constant delay — each link had a constant delay that was configured to the value we computed as described above. Exponential delay — each link had an exponentially distributed delay.

Evaluation (Cont’d) Simulation: Using ACKs

Evaluation (Cont’d) Simulation: Using ACKs

Evaluation (Cont’d) Simulation: Using ACKs

Discussion Failures Security Considerations If the controller detects a switch failure before an update is scheduled to take place, it can send a cancellation message to all the switches that take part in the scheduled update, thus guaranteeing an all-or-none behavior. Security Considerations This problem can be mitigated by using an explicit acknowledgment mechanism

Reference T. Mizrahi, E. Saat and Y. Moses, "Timed Consistent Network Updates in Software-Defined Networks," in IEEE/ACM Transactions on Networking, vol. 24, no. 6, pp. 3412-3425, December 2016.