Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leveraging SDN Layering to Systematically Troubleshoot Networks Brandon Heller ★ Colin Scott  Nick McKeown ⌘ Scott Shenker  Andreas Wundsam § Hongyi.

Published byAnastasia Augusta Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Leveraging SDN Layering to Systematically Troubleshoot Networks Brandon Heller ★ Colin Scott  Nick McKeown ⌘ Scott Shenker  Andreas Wundsam § Hongyi."— Presentation transcript:

1 Leveraging SDN Layering to Systematically Troubleshoot Networks Brandon Heller ★ Colin Scott  Nick McKeown ⌘ Scott Shenker  Andreas Wundsam § Hongyi Zeng ⌘ Sam Whitlock  Vimalkumar Jeyakumar ⌘ Nikhil Handigol ★ James McCauley  Kyriakos Zarifis∞ Peyman Kazemian ★ HotSDN 2013 Hong Kong ⌘ Stanford  Berkeley ∞USC  ICSI ★ SDN Academy § Big Switch Networks

2 Admin Network skills + tools + knowledge Protocols Configuration Topology Policy connect hosts A + B quarantine virus- infected hosts route guest traffic to an HTTP proxy prioritize SSH +  1: Configure Ethane, overlays, consistency primitives, network programming languages, … 3: Fix Stuff! 2: Troubleshoot This Talk

3 Admin Network skills + tools + knowledge Protocols Configuration Topology Policy connect hosts A + B quarantine virus- infected hosts route guest traffic to an HTTP proxy prioritize SSH +  1: Configure Ethane, overlays, consistency primitives, network programming languages, … 3: Fix Stuff! 2: Troubleshoot #1 request from network admins: Automatic Troubleshooting Source: “Automatic Test Packet Generation”, CoNEXT ‘12, Zeng et al. This Talk

4 How to automate troubleshooting? Network Policy isolate groups A + B route guest traffic to an HTTP proxy block a list of virus- infected hosts Challenging in traditional networks. ~ ? (2) Check behavior against policy: confusing: don’t know lowest-level forwarding behavior distributed: hard to get a meaningful snapshot Two requirements. (1) Know the intended policy: confusing: different config format for each protocol distributed: configuration spread among all nodes hard: must understand all protocols & their interactions difficult to check impractical to infer

5 Control-Plane Layering in SDN Firmware Network Hypervisor App State Layers Logical View Physical View Device State Hardware Policy Code Layers Network OS HW

6 Firmware HW Systematically Troubleshooting an SDN Network OS Network Hypervisor App State Layers Logical View Physical View Device State Hardware Policy Code Layers Observation: Each state layer fully specifies network behavior. Insight: Bugs manifest as mistranslations between layers. Systematic Approach: (1)Binary search to isolate to a code layer. (2)Leverage state to isolate within the code layer.

7 Phase 1: Localizing to a code layer [Operator Intent] Logical View Physical View Device State Hardware Policy ? ~ Apps NetHyperV NetOS Firmware [Actual Behavior] Cause: Firmware Bug Yes No ? ~ Yes No ? ~ Yes No SOFT [CONEXT ‘12] Anteater [SIGCOMM ‘11] Symptom: Hosts unable to communicate

8 Phase 1: Localizing to a code layer [Operator Intent] Logical View Physical View Device State Hardware Policy ? ~ Apps NetHyperV NetOS Firmware [Actual Behavior] Yes No ? ~ Yes No Symptom: Tenant Isolation Breach HSA [NSDI ’12] OFRewind [ATC ‘11] Yes No ? ~ ? ~ Yes No Correspondence Checking Cause: NetHypervisor Bug

9 How to automate troubleshooting? Network Policy isolate groups A + B route guest traffic to an HTTP proxy block a list of virus- infected hosts Possible in Software-Defined Networks ~ ? (2) Check behavior against policy: confusing: don’t know lowest-level forwarding behavior distributed: hard to get a meaningful snapshot Two requirements. (1) Know the intended policy: confusing: different config format for each protocol distributed: configuration spread among all nodes hard: must understand all protocols & their interactions directly accessible directly provided app fewer nodes

10 Takeways Control plane layering enables systematic troubleshooting Thinking about troubleshooting in terms of layers shows us where tools fit in – Reveals missing tools – Highlights choices between tools, with tradeoffs Plenty of opportunities left. Operationalize!

11 Leverage the layers in SDN. Brandon Heller ★ Colin Scott  Nick McKeown ⌘ Scott Shenker  Andreas Wundsam § Hongyi Zeng ⌘ Sam Whitlock  Vimalkumar Jeyakumar ⌘ Nikhil Handigol ★ James McCauley  Kyriakos Zarifis∞ Peyman Kazemian ★ HotSDN 2013 Hong Kong ⌘ Stanford  Berkeley ∞USC  ICSI ★ SDN Academy § Big Switch Networks Questions?

12 How is this different than general distributed systems debugging? Simple answer: it’s not! SDN is an excellent opportunity to draw upon ideas from other distributed systems Subtlety: networks are solving a much more constrained problem than general distributed systems

13 Limitations Correctness only, not performance Side effects not reflected in state No guarantee of finding single code layer No guarantee of individual layer correctness No guarantee of future correctness Layer visibility may be imperfect

14 Plenty of Opportunities Remain Automatic Troubleshooting  Actionable Bug Reports – Filtering the signal from the noise – Creating consistent views of state Improving Invariant Checkers – Scale – Flexible Policy Input Hybrid Traditional + SDN Debugging

15 Plenty of Opportunities Remain Automatic Troubleshooting  Actionable Bug Reports – Filtering the signal from the noise – Creating consistent views of state Packet History: Path + Headers + Forwarding State Forwarding State [HotSDN 2012: Where is the Debugger for My Software-Defined Network?]

16 Plenty of Opportunities Remain Automatic Troubleshooting  Actionable Bug Reports – Filtering the signal from the noise [Berkeley Tech Report: How Did We Get Into This Mess? Isolating Fault-Inducing Inputs to SDN Control Software] Minimal Causal Sequence

17 Isn’t this unnecessary with consistency primitives/languages/etc? No Catch/rule out bugs outside the framework Catch instances where the framework pushes config that breaks the policy

18 What’s novel about this work? Simple answer: nothing!

19 Control-Plane Layering in SDN Firmware Network Hypervisor App State Layers Logical View Physical View Device State Hardware Policy Example Errors Configuration Parsing Error Tenant isolation breach (policy mistranslation) Failover logic error, synchronization bug Register misconfiguration, Router memory corruption Code Layers [Unintended Config] [External Connectivity Error] Network OS HW

Download ppt "Leveraging SDN Layering to Systematically Troubleshoot Networks Brandon Heller ★ Colin Scott  Nick McKeown ⌘ Scott Shenker  Andreas Wundsam § Hongyi."

Similar presentations

New Directions in Enterprise Network Management Aditya Akella University of Wisconsin, Madison MSR Networking Summit June 2006.

New Directions in Enterprise Network Management Aditya Akella University of Wisconsin, Madison MSR Networking Summit June 2006.
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Flow-based Management Language Tim Hinrichs Natasha Gude* Martín Casado John Mitchell Scott Shenker University of Chicago Stanford University ICSI/UC Berkeley.

Flow-based Management Language Tim Hinrichs Natasha Gude* Martín Casado John Mitchell Scott Shenker University of Chicago Stanford University ICSI/UC Berkeley.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Toward Practical Integration of SDN and Middleboxes

Toward Practical Integration of SDN and Middleboxes
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.

Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.

Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.
A SOFT Way for OpenFlow Interoperability Testing Marco Canini TU Berlin / T-Labs [CoNEXT’12]

A SOFT Way for OpenFlow Interoperability Testing Marco Canini TU Berlin / T-Labs [CoNEXT’12]
A SOFT Way for OpenFlow Interoperability Testing Maciej Kuźniar, Peter Perešini, Marco Canini†, Daniele Venzano, Dejan Kostić‡ EPFL †TU Berlin/T-Labs ‡IMDEA.

A SOFT Way for OpenFlow Interoperability Testing Maciej Kuźniar, Peter Perešini, Marco Canini†, Daniele Venzano, Dejan Kostić‡ EPFL †TU Berlin/T-Labs ‡IMDEA.
Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.

Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Application Centric Infrastructure

Application Centric Infrastructure
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
I Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks Nikhil Handigol With Brandon Heller, Vimal Jeyakumar, David Mazières,

I Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks Nikhil Handigol With Brandon Heller, Vimal Jeyakumar, David Mazières,
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.

Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.
What Great Research ?s Can RAMP Help Answer? What Are RAMP’s Grand Challenges ?

What Great Research ?s Can RAMP Help Answer? What Are RAMP’s Grand Challenges ?

Similar presentations

Ads by Google