Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reasoning about Software Defined Networks Shachar Itzhaky & Mooly Sagiv 03-640-7606 Tel Aviv University Thursday 16-18 (Physics 105) Monday.

Published byRoberta Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Reasoning about Software Defined Networks Shachar Itzhaky & Mooly Sagiv 03-640-7606 Tel Aviv University Thursday 16-18 (Physics 105) Monday."— Presentation transcript:

1 Reasoning about Software Defined Networks Shachar Itzhaky & Mooly Sagiv msagiv@acm.org 03-640-7606 Tel Aviv University Thursday 16-18 (Physics 105) Monday 14-16 Schrieber 317 Adviser: Michael Shapira Hebrew University http://www.cs.tau.ac.il/~msagiv/courses/rsdn.html Some slides from J. Rexford POPL’12 invited talk

2 Some Lessons from Michael’s talk Some tasks are more suitable for distribution – Frequently Executed – Simple – Regular – Can be implemented in hardware – Data is distributed Some tasks can be executed sequentially without effecting scalablity – Complicated – Rarely executed – Increase the effectiveness of the distributed process The SDN provides an interesting compromise OpenFlow is a reasonable realization

3 Content Challenges in SDNs Programming Language Abstractions Programming Language Principles Program Language Tools Other useful tools Beyond SDNs

4 Challenges in SDN Programming complexity Modularity Composing operations Handling Updates Reliability Performance Testing Productivity Non-expert programmers

5 How hard is it to program networks Routers with 20+ million lines of code Cascading failures, vulnerabilities, etc Low level programming No abstractions – Virtual memory – Operating Systems – Resource Allocations – Libraries – Types

6 Modularity: Simple Repeater def repeater(switch): # Repeat Port 1 to Port 2 pat1 = {in_port:1} act1 = [forward(2)] install(switch, pat1, DEFAULT, act1) # Repeat Port 2 to Port 1 pat2 = {in_port:2} act2 = [forward(1)] install(switch, pat2, DEFAULT, act2) def repeater(switch): # Repeat Port 1 to Port 2 pat1 = {in_port:1} act1 = [forward(2)] install(switch, pat1, DEFAULT, act1) # Repeat Port 2 to Port 1 pat2 = {in_port:2} act2 = [forward(1)] install(switch, pat2, DEFAULT, act2) Simple Repeater 12 Controller When a switch joins the network, install two forwarding rules.

7 Composition: Web Traffic Monitor def web_monitor(switch)): # Web traffic from Internet pat = {inport:2,tp_src:80} install(switch, pat, DEFAULT, []) query_stats(switch, pat) def stats_in(switch, pat, bytes, …) print bytes sleep(30) query_stats(switch, pat) def web_monitor(switch)): # Web traffic from Internet pat = {inport:2,tp_src:80} install(switch, pat, DEFAULT, []) query_stats(switch, pat) def stats_in(switch, pat, bytes, …) print bytes sleep(30) query_stats(switch, pat) Monitor Web (“port 80”) traffic 12 Web traffic When a switch joins the network, install one monitoring rule.

8 Composition: Repeater + Monitor def switch_join(switch): pat1 = {inport:1} pat2 = {inport:2} pat2web = {in_port:2, tp_src:80} install(switch, pat1, DEFAULT, None, [forward(2)]) install(switch, pat2web, HIGH, None, [forward(1)]) install(switch, pat2, DEFAULT, None, [forward(1)]) query_stats(switch, pat2web) def stats_in(switch, xid, pattern, packets, bytes): print bytes sleep(30) query_stats(switch, pattern) def switch_join(switch): pat1 = {inport:1} pat2 = {inport:2} pat2web = {in_port:2, tp_src:80} install(switch, pat1, DEFAULT, None, [forward(2)]) install(switch, pat2web, HIGH, None, [forward(1)]) install(switch, pat2, DEFAULT, None, [forward(1)]) query_stats(switch, pat2web) def stats_in(switch, xid, pattern, packets, bytes): print bytes sleep(30) query_stats(switch, pattern) Repeater + Monitor Must think about both tasks at the same time.

9 Concurrency: Switch-Controller Delays Common programming idiom – First packet goes to the controller – Controller installs rules 9 packets

10 Concurrency: Switch-Controller Delays More packets arrive before rules installed? – Multiple packets reach the controller packets

11 Concurrency: Switch-Controller Delays Rules along a path installed out of order? – Packets reach a switch before the rules do Must think about all possible packet and event orderings. packets

12 Debugging is hard[Kazemian NSDI’13] Distributed switch tables Varied delays Cascading effects on switch tables Multiple protocols Human interaction …

13 SDN Performance Given an SDN controller code Estimate the cost of routing per packet – Length of the path – Weight of the path – Number of controller interventions

14 Programming Language Abstractions Hide the implementation Interpreter/Compiler guarantees performance Benefits – Portability – Ease of use – Reliability – Compositionality – Productivity

15 Language Abstractions Procedures Data Types – Enumerated types – Arrays Abstract data types Classes and Objects Resources – Memory management – Garbage collection Control abstractions – Exceptions – Iterators – Tree Pattern Matching – Higher order functions – Continuation – Lazy evaluation – Monads Libraries Domain specific languages Declarative programming

16 Programming Language Principles Rigorously define the meaning of programs Supports abstraction Prove compiler correctness Prove that two SDN programs are observationally equivalent – The same packet transmissions

17 A Simple Example Numeric Expressions – ::= + | * | number The semantic of expressions is a number E  :  int Inductively defined – E  n  = n – E  e 1 + e 2  = E  e 1  + E  e 2  – E  e 1 * e 2  = E  e 1  * E  e 2  Compositional Fully abstract e 1  e 2 iff E  e 1  = E  e 2  5 + 6  7 + 3 + 1

18 A Simple Example + Var Numeric Expressions – ::= + | * | number | id – ::= skip | id := exp | ; Need to introduce states Var  Int Examples – [x  2, y  3] x = – [x  2, y  3] z = – [x  2, y  3][z  5] = [x  2, y  3,z  5] – [x  2, y  3][x  5] = [x  5, y  3] – [x  2, y  3][x  5]x = 5 – [x  2, y  3][x  5]y = 2

19 A Simple Example + Var Numeric Expressions – ::= + | * | number | id The semantic of expressions is a function from states to numbers E  :  (Var  Int)  Int Inductively defined – E  n   = n – E  e 1 + e 2   = E  e 1   + E  e 2   – E  e 1 * e 2   = E  e 1   * E  e 2   – E  id   =  id – E  x+2  [x  5] = E  x  [x  5] + E  2  [x  5] = [x  5]x + 2 = 5 + 2 =7 – x + x  2 * x – e1 + e2  e2 + e1

20 The semantics of commands Commands – ::= skip | id := exp | ; | id The semantic of command is a function from states to states C  :  (Var  Int)  (Var  Int) Inductively defined – C  skip   =  – C  id := e   =  [ id  E  e   ] – C  c 1 ; c 2   = C  c 2  (C[c 1 ]  ) – c ; skip  skip ; c  c – c 1 ; (c 2 ; c 3 )  (c 1 ; c 2 ) ; c 3

21 Benefits of formal semantics Can be done for arbitrary languages Automatically generate interpreters Rational language design Formal proofs of language properties – Observational equivalence – Type safety Correctness of tools – Interpreter – Compiler – Static Analyzer – Model Checker

22 A Simple Controller Language No packet changes No priorities No statistics Simple updates – Per-flow installation

23 A Simple Controller Language ::= * ::= rel ( *) // auxiliary relations ::= packetIn (sid, pid, )  ::= port(int) ::= skip | send( ) | install (sid, pid,, ) // update flow table | rid.insert( *) // update auxiliary relations | if rid( *) then * else * | if rid( *) then * | ; ::= |none // drop the package ::= id | exp. id |

24 Learning Switch with 3 ports rel connected (Sw, Pr, Ho) PacketIn(s, p, port(1)) -> connected.insert (s, port(1), p.src) if connected(s, port(2), p.dst) then { send (port(2)) install(s, p, port(1), port(2)) } else if connected(s, port(3), p.dst) then { send (port(3)) install(s, p, port(1), port(3)) } else { // flood send (port(2)) send (port(3)) } PacketIn(s, p, port(2)) -> … PacketIn(s, p, port(3)) -> …

25 The semantics of the controller What is the meaning of package sent by a given host? – A set of paths Example: Learning Switch a   1 2 3 

26 The semantics of the controller What is the meaning of package sent by a given host? – A set of paths Dynamically changed – Even for fixed topology Unbounded length But can it be defined?

27 The State of a switch The switch table is a relation between packets input and output ports FT = Sw  P(Pk  Pr  Pr  {none}) Updated by the controller Actual nodes depend on the topology graph input portoutput port

28 The Semantics of Expressions ::= id | exp.id | Val = Int  Pr  {P(T  t 1   … T  t k  | t 1, …, t k are valid types} Controller State  such that  : Var  Val E  id   =  id E  exp.id   = F  id  (E  e   ) E  port(n)   = n

29 The Meaning of Commands ::= skip | send( ) | install (sid, pid,, ) | rid.insert( *) | if RID( *) then * else * | if RID( *) then * | ; ::= |none C  :  (   FT)  (   FT  P(Pr  {none}) input-stateoutput

30 Atomic Commands C  skip  , ft  = , ft,  C  send(pr)  , ft  = , ft, {E  pr  }  C  install(sw, pk, pr in,pr out )  , ft  =  , ft[sw  ft(sw)  {  pk, E  pr in , E  pr out   },   C  r.insert(e)  , ft  =   [ r   r  {  E  e   } ], ft,  

31 Conditional Commands C  if r(e) then c 1 else c 2  , ft  = C  c 1  , ft  C  c 2  , ft  If  E  e     r If  E  e     r

32 Sequential Composition C  c 1 ; c 2  , ft  = let  ’, ft’, prs 1  = C  c 1  , ft   ”, ft”, prs 2  = C  c 2   ’, ft’  in  ”, ft”, prs 1  prs 2 

33 Semantics of Events G  :  (Sw  Pk  Pr)  P((   FT)  (   FT  P(Pr  {none})) G  packetIn(s, p, i)  c   sw, pk, ip  = R where , ft  R  ’, ft’, ports  Iff (  op : Pr.  pk, ip, op   ft)  C  c   [s  sw, p  pk,i  ip], ft  =  ’, ft’, sp 

34 Packet Histories Packets can influence the routing of other packets Histories can be seen as sequences of packet transmissions HST= ( Sw  Pr  Pk  (Pr  {none}) ) *

35 Small-step semantics (Controller)  ctrl : (   FT  HST)  (   FT  HST) , ft, h   ctrl  ’, ft’, h’  iff  sw : Sw, pk : Pk, ip : Pr, sp : P(Pr). , ft, sw  ( G  evnt   sw, pk, ip  )  ’, ft’, sp   h’ = h   sw, ip, pk, j  j  sp  (sp =   j=none)

36 Small-step Semantics (Switch)  sw : (   FT  HST)  (   FT  HST) , ft, h   switch  ’, ft’, h’  iff  =  ’  ft=ft’   sw : Sw, pk : Pk, ip : Pr, op : Pr  {none}.  pk, ip, op   ft sw  h’ = h   sw, ip, pk, op 

37 Executions Combined step semantics: –  =  ctrl   switch A sequence of event processing steps has the from – a 1  a 2  …  a n

38 Feasible Histories Given a topology graph G over V = Ho  (Sw  Pr) A history h is feasible w.r.t. a given topology graph G iff for any packet pk  Pk: – any two consecutive entries for p in h:  sw 1, ip 1, pk, op 1  and  sw 2, ip 2, pk, op 2  there exists an edge between  sw 1, op 1  and  sw 2, ip 2  in G

39 InPktOut Example a   1 2 3 Port inPacketPort out PortHost connected =

40 InPktOut Example a   1 2 3  Port inPacketPort out 21 23  PortHost 2  connected =

41 InPktOut 3  2 Example a   1 2 3  Port inPacketPort out 21 23 32   PortHost 2  3  connected =

42 InPktOut 3  2 Example a   1 2 3  Port inPacketPort out 21 23 32 32   PortHost 2  3  connected =

43 Properties of the Semantics Compositional Allows free packets Assume that (controller) actions executed atomically – Ignores delays in switch rule instantiations

44 Useful Programming Language Tools Interpreter Compiler Parser Type Checker Static Program Analysis Verification Tool Dynamic Program Analysis – Model checker

45 Verification Process Controller Code Required properties  VC gen Verification Condition T   P  “  ”  SAT Solver Counterexample Proof Topology T

46 Interesting Network Properties PropertyMeaning ConnectivityEvery packet eventually reaches its destination No forwarding loopsA switch sw never receives a packet sent by sw No black holesNo packet should be dropped in the network Access controlNo paths between certain hosts of certain packets Direct pathsOnce a packet reached its destination future packets are not going to the controller Strict direct pathsOnce two packets travel both ways between a source and destination Data structure integrity The controller data structures ``correctly’’ records the network states

Download ppt "Reasoning about Software Defined Networks Shachar Itzhaky & Mooly Sagiv 03-640-7606 Tel Aviv University Thursday 16-18 (Physics 105) Monday."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
SDN Applications Jennifer Rexford Princeton University.

SDN Applications Jennifer Rexford Princeton University.
Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.
NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.

NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
Composing Software-Defined Networks Princeton*Cornell^ Chris Monsanto*, Joshua Reich* Nate Foster^, Jen Rexford*, David Walker* www.frenetic-lang.org/pyretic.

Composing Software-Defined Networks Princeton*Cornell^ Chris Monsanto*, Joshua Reich* Nate Foster^, Jen Rexford*, David Walker*
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
David Walker Princeton University Joint work with Nate Foster, Michael J. Freedman, Rob Harrison, Christopher Monsanto, Mark Reitblatt, Jennifer Rexford,

David Walker Princeton University Joint work with Nate Foster, Michael J. Freedman, Rob Harrison, Christopher Monsanto, Mark Reitblatt, Jennifer Rexford,
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space 03-640-760603-640-5358 html://www.cs.tau.ac.il/~msagiv/courses/sem03.html.

Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Semantics with Applications Mooly Sagiv Schrirber 317 03-640-7606 html://www.cs.tau.ac.il/~msagiv/courses/sem08.html Textbooks:Winskel The.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
Delivery, Forwarding, and Routing

Delivery, Forwarding, and Routing
MULTICASTING Network Security.

MULTICASTING Network Security.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 21 Introduction to Computer Networks.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 21 Introduction to Computer Networks.
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,

Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.

Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429 Introduction to Computer Networks Lecture 8: Bridging Slides used with permissions.

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429 Introduction to Computer Networks Lecture 8: Bridging Slides used with permissions.

Similar presentations

Ads by Google