Presentation is loading. Please wait.

Presentation is loading. Please wait.

Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.

Published byOsborn Gibbs Modified over 9 years ago

Similar presentations

Presentation on theme: "Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented."— Presentation transcript:

1 Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented by Eviatar Khen (Software Defined Networks Seminar)

2 Today  A typical network is a complex mix of protocols  Interact in complex way  Hard to understand, manage and predict the behavior VLAN NAT TCP IPv4 SPANNING TREE MPLS UDP IPv6 ARP

3 Today  Even simple question are hard to answer: “Can host A talk to host B?” “What are all the packet headers from A that can reach B?” “Can packets loop in my network?” “Is Slice X isolated totally from Slice Y”?

4 Earlier Work  Dynamic analysis: Veriflow (not mentioned in the paper)  Static analysis: existing tools are protocol dependent, tailored to IP networks

5 Paper’s Contribution  Header Space Analysis – A general foundation that gives us: A unified view of almost all types of boxes An interface for answering different question about the network

6 Roadmap  The Header Space framework  Use cases: how HSA could be used to detect network failures  Experiments Results

7 Header Space Framework Key observation: A packet is a point in a space of possible headers and a box is a transformer on that space

8 Header Space Framework  Step 1: Model a Packet Header  A Packet Header is a point in space,called the Header Space HeaderData L 0100111…1

9 Header Space Framework  Step 2: Model a switch  A switch is a transformer in the header space Packet Forwarding Port 1 Port 2 Port 3 0xx1…x1 Send to port 3 and Rewrite with 1xx011..x1 Match Action 1xx1…0x Send to port 2 and Rewrite with 1x01xx..x1 Transfer Function:

10 Header Space Framework  Example: Transfer Function of an IPv4 Router 1 3 2 172.24.74.0, 255.255.255.0 Port 1 T(h,p) = (h,1)if dest_ip(h) = 172.24.74.X 172.24.128.0, 255.255.255.0 Port 2 (h,2)if dest_ip(h) = 172.24.128.X 171.67.0.0, 255.255.0.0 Port 3 (h,3)if dest_ip(h) = 172.67.X.X (dec_ttl(h),1)if dest_ip(h) = 172.24.74.X (dec_ttl(h),2)if dest_ip(h) = 172.24.128.X (dec_ttl(h),3)if dest_ip(h) = 172.67.X.X

11 Header Space Framework  Transfer Function Properties: Composable: S1 S3 S2

12 Header Space Framework  Transfer Function Properties: Invertible: Doman (input) Range (output)

13 Header Space Framework  Step 3: Develop an Algebra to work on these spaces  A subspace correspond to a Wildcard  We use this to define set operations on Wildcards: Intersection Complementation Difference

14 Use Cases of Header Space Framework

15 Use Cases  “Can host A talk to host B?” A B Switch 1 Switch 3 Switch 4 Switch 2

16 Complexity  Each input wildcard is matched to each rule at the switch and creates an output wildcard  So for R1 inputs and R2 rules the number of output wildcards can be O(R1R2)  In reality: Linear Fragmentation  Overall: O(dR^2) where d is the max diameter and R is the maximum number of rules

17 Use Cases  “Is there a Loop in the Network?”  Inject the whole header space from EACH port  Follow the packet until it either leaves the network or returns to the injected port Switch 1 Switch 3 Switch 4 Switch 2

18 Use Cases  “Is the loop infinite?”  Complexity O(dPR^2)

19 Use Cases  Slicing a network is a way to share network resources among multiple entities  Could be created using VLAN or FlowVisor  Definition:  A topology consisting of switches, ports and links  a collection of predicates on packets belonging to the slice, one on each ingress port in the slice topology.  “Are two Slices isolated?”

20 Use Cases Box 1 Box 3 Box 2 Box 4

21 Implementation  Header space Library (Hassel)  Written in Python  Header Space class  Encapsulates a union of wildcard expressions  Implements Set operations  Transfer Function class  Implements T and T-1  The Application allows: Reachability, Loop Detection and Slice Isolation checks.

22

23 Performance  Performance result for Stanford Backbone Network on a single machine: 2.66Ghz quad core, 4GB RAM

24 Summary  A General Foundation that gives us: A unified view of almost all type of boxes: Transfer Function An interface for answering different questions about the network T(h,p) and T-1(h,p) Set operations on Header Space  The Python-based implementation can scale to enterprise-size networks on a single laptop

Download ppt "Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented."

Similar presentations

Wireless Communication : LAB 3

Wireless Communication : LAB 3
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Delivery and Forwarding of

Delivery and Forwarding of
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
,< 資 管 Lee 附錄 A0 IGMP vs Multicast Listener Discovery.

,< 資 管 Lee 附錄 A0 IGMP vs Multicast Listener Discovery.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Flow Space Virtualization on Shared Physical OpenFlow Networks Hiroaki Yamanaka, Shuji Ishii, Eiji Kawai (NICT), Masayoshi Shimamura, Katsuyoshi Iida (TITECH),

Flow Space Virtualization on Shared Physical OpenFlow Networks Hiroaki Yamanaka, Shuji Ishii, Eiji Kawai (NICT), Masayoshi Shimamura, Katsuyoshi Iida (TITECH),
Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,

Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
H EADER S PACE A NALYSIS : S TATIC C HECKING F OR N ETWORKS Peyman Kazemian (Stanford University) George Varghese (UCSD, Yahoo Labs) Nick McKeown (Stanford.

H EADER S PACE A NALYSIS : S TATIC C HECKING F OR N ETWORKS Peyman Kazemian (Stanford University) George Varghese (UCSD, Yahoo Labs) Nick McKeown (Stanford.
Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.
CSE331: Introduction to Networks and Security Lecture 7 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 7 Fall 2002.
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.

Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.5 Routing algorithms m Link state m Distance.

Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.5 Routing algorithms m Link state m Distance.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,

Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.

Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.
Networking Feb. 6, 2008 by Larry Finger. Networking Hardware Glossary RJ45 – Official name for 8-pin connector Cat 5, 5E or 6 - Cable suitable for “high”-speed.

Networking Feb. 6, 2008 by Larry Finger. Networking Hardware Glossary RJ45 – Official name for 8-pin connector Cat 5, 5E or 6 - Cable suitable for “high”-speed.
How SDN will shape networking

How SDN will shape networking

Similar presentations

Ads by Google