SNAP: Stateful Network-Wide Abstractions for Packet Processing

Transcription

1 SNAP: Stateful Network-Wide Abstractions for Packet Processing Mina Tahmasbi Arashloo1, Yaron Koral1, Michael Greenberg2, Jennifer Rexford1, and David Walker1 1 Princeton University, 2 Pomona College

2 Early SDN Switch Interfaces Manipulate packet forwarding rules Read predefined set of counters 2

3 Programmable Switch Interfaces P4, OpenState, Open vswitch, Programmable state (e.g. indexed arrays) Basic arithmetic operations 3

4 SNAP: Stateful Network Wide Programming Language One big stateful switch 4

5 SNAP Contributions Modular Stateful Language One Big Stateful Switch Placement + Routing 5

6 Talk Outline Language through example Compiler Implementation Evaluation Related Work & Conclusion 6

7 Language through example Compiler Implementation Evaluation Related Work & Conclusion 7

8 Example - DNS Reflection Attacks Spoofed DNS Requests DNS Resolvers Attacker Botnet Victim DNS Responses 8

9 Detecting DNS Reflection Attacks 1. Log DNS requests 2. Match Log responses requests Bohatei: flexible and elastic DDoSdefense, Fayaz et.al., USENIX SECURITY Check unmatched count 9

10 DNS Reflection Detection in SNAP Seen: Keep track of DNS requests by client and DNS identifier Unmatched: Count DNS responses that don t match prior requests Susp: Suspected victims receive many unmatched responses 10

11 OBSS Forwarding in SNAP ISP1 ISP2 CS EE 11

12 Single Network Policy DNS Reflection Detection Forwarding ; 12

13 SNAP Applications 13

14 Single Network Policy 14

15 Language through example Compiler Implementation Evaluation Related Work & Conclusion 15

16 SNAP Compiler Where to place state variables How to forward packets through them 16

17 Routing + Placement Jointly Topology Traffic Matrix MILP State Dependency Packet- State Map Minimize congestion Routing Paths State Placement 17

18 Intermediate Representation (IR) Maintain all programs in a single data structure Composable and easily partitioned IR Distribute the program to switches 18

19 xfdds: Extended Forwarding Decision Diagrams Intermediate node: test on header fields and state Leaf: set of action sequences Three kinds of tests field = value field1 = field2 state_var[idx] = val dstip = srcip = dstip s[srcip] = 2 {s[dstip] 2} {drop} True-Solid line False-Dashed 19

20 xfdd for DNS Reflection Detection Maintain all programs in a single data structure 20

21 xfdd for DNS Reflection Detection Fixes the order in which programs access state. We could distribute the programs by placing cuts 21

22 Partitioning to Sub-Programs Distribute the program to switches CS 22

23 Partitioning to Sub-Programs Distribute the program to switches CS 23

24 Putting It All Together ISP1 ISP2 CS EE 24

25 Putting It All Together ISP1 ISP2 4 CS EE 25

26 Putting It All Together ISP1 ISP2 4 CS EE 26

27 Putting It All Together ISP1 ISP2 4 CS EE 27

28 Language through example Compiler Implementation Evaluation Related Work & Conclusion 28

29 SNAP Implementation Compiler written in Python MILP solver: Gurobi Optimizer Resulting switch code NetASM (language + software switch) M. Shahbaz and N. Feamster. The case for an intermediate representation for programmable data planes. SOSR

30 Talk Outline Language through example Compiler Implementation Evaluation Related Work & Conclusion 30

31 Compiler Evaluation 7 campus and ISP topologies Order of 100s of switches and links Scenarios Cold start (freq. weeks) Policy change (freq. days) Topology/TM change (freq. minutes) 31

32 Compiler Evaluation - Results 5s-1m 0.5m-2m 1m-6m Planned in advance 32

33 Talk Outline Language through example Compiler Implementation Evaluation Related Work & Conclusion 33

34 Related Work Stateful languages Switch level mechanisms Optimizing placement & routing 34

35 Conclusion - SNAP A new modular stateful SDN programming language with: One-big switch programming model Persistent global arrays Compiler implements algorithms that: Jointly optimize routing and state placement Use efficient IR based on FDDs Evaluated about 20 applications 35