Abstrac(ons for Model Checking SDN Controllers. Divjyot Sethi, Srinivas Narayana, Prof. Sharad Malik Princeton University
|
|
- Melinda Blankenship
- 5 years ago
- Views:
Transcription
1 Abstrac(ons for Model Checking SDN s Divjyot Sethi, Srinivas Narayana, Prof. Sharad Malik Princeton University
2 Tradi(onal Networking Swt 1 Swt 2 Talk OSPF, RIP, BGP, etc. Swt 3 Challenges: - Difficult to get right. Forwarding data plane Mapping used for forwarding packets. Distributed control plane Logic used to update the mapping. - Inflexible for novel ideas. - No clean abstrac(ons for implemen(ng control.
3 A Fundamental ShiS in Network Design Swt 1 Distributed Control Talk OSPF, RIP, BGP, etc. Swt 2 Swt 1 Centralized Control General purpose sosware Swt 2 Swt 3 Swt 3 Switches programmed by controller by installing rules Centralized control simplifies design and innova(on However, an Achilles heel for correctness.
4 Problem: Bugs in Centralized Control? Security leaks: packet sent to an untrusted host. Network loops: packet looping around in network. Link overload and data center outage. Down(me cost: ~$1 million per outage! ( AWS service commitment: Amazon EC2 and Amazon availability at least 99.95%
5 Challenges in Verifica(on outport(inpkt) = H 1 Swt 1 Swt H 2 2 pkt 1 pkt pkt c 4 Swt 3 Rou(ng Table Port 1 : inpkt.dst = H 1 Port 2 : inpkt.dst = H 3 Port 3 : inpkt.dst = H k Port p : inpkt.dst = H r Port q : inpkt.dst = H a Large number of packets alive in network. Large buffer state. Large number of rules installed in switches. Large network state. Large topology size.
6 Overview Exis(ng approaches and problem statement Abstrac(on on Stateful firewall Experimental case studies Stateful firewall Learning switch Conclusions
7 Overview Exis6ng approaches and problem statement Abstrac(on on Stateful firewall Experimental case studies Stateful firewall Learning switch Conclusions
8 Verifying SoSware Defined Networks: Exis(ng Approaches Updates Updates Configura(on 1 Transient Configura(on 2 Transient Configura(on 3 Phase Phase Network state evolves from configura(on (switch rules) to configura(on as controller updates the rules during transient phase. Category 1: Verify just one configura(on - Symbolic simula(on[kazemian et al. NSDI 12] - Reduc(on to SAT [S. Zhang et al. ATVA 12, H. Mai SIGCOMM 11] - Model Checking [E. Al- Shaer SafeConfig 10] Problem: verifies just one configura(on!
9 Verifying SoSware Defined Networks: Exis(ng Approaches Updates Updates Configura(on 1 Transient Configura(on 2 Transient Configura(on 3 Phase Phase Network state evolves from configura(on (switch rules) to configura(on as controller updates the rules during transient phase. Category 2: Incremental verifica(on, i.e., verify all configura(ons. [Kazemian et al. NSDI 13, A. Khurshid et al. NSDI 12] Problem: property may be violated in transient phase!
10 Verifying SoSware Defined Networks: Exis(ng Approaches Updates Updates Configura(on 1 Transient Configura(on 2 Transient Configura(on 3 Phase Phase Network state evolves from configura(on (switch rules) to configura(on as controller updates the rules during transient phase. Category 3: Full formal verifica(on of - NICE (M. Canini NSDI 12), FlowLog (T. Nelson HotSDN 13) Problem: handle only a bounded number of packets! - - Run(me grows exponen(ally with increasing packets. Can t guarantee proper(es like security as checked for small number of packets.
11 Focus of this Work Updates Updates Configura(on 1 Transient Configura(on 2 Transient Configura(on 3 Phase Phase Network state evolves from configura(on (switch rules) to configura(on as controller updates the rules during transient phase. Full formal verifica6on of using model checking. Extend model checking based approaches with abstrac(ons to handle an unbounded number packets.
12 Overview Exis(ng approaches and problem statement Abstrac6on on Stateful firewall Experimental case studies Stateful firewall Learning switch Conclusions
13 Stateful Firewall H 1 S 1 S H 2 2 Enterprise Host p1 p2 p1 p2 Firewall Internet Hosts Firewall rules: 1) H 1 can contact H 2 or H 3. 2) H 2 /H 3 can contact H 1, only if H 1 has already contacted them. 3) If H 2 /H 3 ini(ates contact first, it must be blocked. Property: If H 2 never contacts H 1 first, it does not get blocked. p3 H 3
14 Abstrac(on for Unbounded Packets: Data State Abstrac(on Key insight: proper(es of interest are per- packet proper(es. - For example a packet from one host cannot reach another. H 1 pkt 1 S 1 pkt S H 2 c 2 pkt H 1 3 S 1 S H pkt 2 c 2 H 3 pkt e pkt e pkt e H 3
15 Abstrac(on for Large Switch State: Network State Abstrac(on H 1 S 1 S H 2 2 Enterprise Host p1 p2 p1 p2 Firewall p3 H 3 Rou(ng Table Internet Hosts output port(pkt) = p 1 : pkt.dst = H 1 p 2 : pkt. dst = H 2 p 3 : pkt. dst = H 3
16 Abstrac(on for Reducing Switch State: Leveraging Data State Abstrac(on pkt c.src = H 1 pkt c.dst = H 2 H 1 S 1 S H 2 2 p1 p2 pkt p1 p2 c Enterprise Host output port(pkt) = Firewall p3 H 3 Abstracted Rou(ng Table p 1 : pkt.dst = H 1 p 2 : pkt. dst = H 2 Internet Hosts non- det: pkt. dst!= {H 1 or H 2 }
17 Overview Exis(ng approaches and problem statement Abstrac(on on Stateful firewall Experimental case studies Stateful firewall Learning switch Conclusions
18 Stateful Firewall H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise Firewall Internet Verified a Murphi model of the firewall with a single host H 2. - Found a bug: H 2 replies to H 1 but s(ll gets blocked! Experiments were done on a 2.40 GHz Intel Core 2 Quad processor, 3.74 GB RAM.
19 Stateful Firewall: Race Condi(on H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise pkt 1 Firewall Internet H 1 sends a packet pkt 1 to H 2
20 Stateful Firewall: Race Condi(on H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise Firewall Internet pkt 1 Switch S 1 no(fies the controller.
21 Stateful Firewall: Race Condi(on H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise Firewall Internet pkt 1 Packet is also forwarded by S 1, to S 2 which sends it to H 2.
22 Stateful Firewall: Race Condi(on H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise Firewall Internet pkt 2 Host H 2 replies with packet pkt 2.
23 Stateful Firewall: Race Condi(on H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise Firewall Internet pkt2 Switch S 2 no(fies about pkt 2.
24 Stateful Firewall: Race Condi(on H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise Firewall Internet If no(fica(on of S 1 reaches aser S 2, thinks that H 2 contacted first and so is an asacker! H 2 gets erroneously blocked! Bug detected in 0.13 sec with 482 states
25 Stateful Firewall: Bug Fix H 1 S 1 S H 2 2 p1 p2 p1 p2 Enterprise Firewall Internet pkt 1 S 1 waits for to acknowledge no(fica(on before forwarding packet pkt 1 to H 2. - Proved correctness for an unbounded number of packets in this case. Correctness proof for the bug free case with unbounded number of packets in 0.19 sec with 613 states
26 Learning Switch Hst A Swt 1 Swt 2 Hst B pkt Swt 3 Hst C When a packet arrives at a switch at an input port: - Switch learns its source host is connected to that port. - Uses this informa(on to route future packets efficiently.
27 Learning Switch: Bug Hst A Swt Swt 2 Hst B Swt 3 Hst C Switches may learn rou(ng informa(on such that packets get stuck in a loop! Loop was found in 0.1 sec with 159 states explored.
28 Learning Switch: Bug Fix Hst A Swt 1 Swt 2 Hst B Swt 3 No packet on this link as not on spanning tree. Hst C Only route on a spanning tree Verified for an arbitrary number of packets exchanged between Hst A and Hst B in 600s with 1.45M.
29 Overview Exis(ng approaches and problem statement Abstrac(on on Stateful firewall Experimental case studies Stateful firewall Learning switch Conclusions
30 Conclusions We presented abstrac(ons for: Verifying proper(es for an arbitrary number of packets. Reducing network state. Verified a stateful firewall and a learning switch using these abstrac(ons.
31 Thank You!
32 Stress test Stress test: Larger fat tree topology with 20 switches, 16 hosts and 48 links. Model checking did not finish for an arbitrarily large number of packets. It finished in 68352s for the single packet case with network state abstrac(on
33 Ques(ons Lines of code? NAT ~1000 Pyswitch ~1000 Bug handled by acknowledgement carrying host info?
Abstractions for Model Checking SDN Controllers. Divjyot Sethi, Srinivas Narayana, Prof. Sharad Malik Princeton University
Abstractions for Model Checking SDN s Divjyot Sethi, Srinivas Narayana, Prof. Sharad Malik Princeton University Traditional Networking Swt 1 Swt 2 Talk OSPF, RIP, BGP, etc. Swt 3 Challenges: - Difficult
More informationData Plane Verification and Anteater
Data Plane Verification and Anteater Brighten Godfrey University of Illinois Work with Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, and Sam King Summer School on Formal Methods and Networks
More informationSoftware-Defined Networking (SDN)
EPFL Princeton University 2 5 A p r 12 Software-Defined Networking (SDN) Third-party Enables new functionality through mability 2 1 at the risk of bugs 3 Software Faults Will make communication unreliable
More informationNetwork Verification: Reflections from Electronic Design Automation (EDA)
Network Verification: Reflections from Electronic Design Automation (EDA) Sharad Malik Princeton University MSR Faculty Summit: 7/8/2015 $4 Billion EDA industry EDA Consortium $350 Billion Semiconductor
More informationFormal Verification of Computer Switch Networks
Formal Verification of Computer Switch Networks Sharad Malik; Department of Electrical Engineering; Princeton Univeristy (with Shuyuan Zhang (Princeton), Rick McGeer (HP Labs)) 1 SDN: So what changes for
More information2 5 A p r 12. Princeton University
EPFL 2 5 A p r 12 Princeton University So8ware-Defined Networking (SDN) Third-party program Enables new funchonality through programmability 2 at the risk of bugs 3 So8ware Faults Will make communicahon
More informationUnderstanding Opera.onal Rou.ng (part II) Geoffrey Xie Naval Postgraduate School
Understanding Opera.onal Rou.ng (part II) Geoffrey Xie Naval Postgraduate School July 6, 2011 Route Aggrega.on Child Route Unallocated Child Prefix: e.g., 10.1.33.0/24 19.1.1.2 Aggregate Route 10.1.1.0/24
More informationAbstrac(ons for Middleboxes. à StonyBrook
Abstrac(ons for Middleboxes Vyas Sekar Intel Labs à StonyBrook Sylvia Ratnasamy UC Berkeley 1 Need for In- Network Func(ons Changing applica(ons Evolving threats Performance Security Compliance Policy
More informationLeveraging SDN Layering to Systema2cally Troubleshoot Networks
Leveraging SDN Layering to Systema2cally Troubleshoot Networks Brandon Heller Colin Sco/ Nick McKeown Sco= Shenker Andreas Wundsam Hongyi Zeng Sam Whitlock Vimalkumar Jeyakumar Nikhil Handigol James McCauley
More informationAbstraction-Driven Network Verification and Design (a personal odyssey) Geoffrey Xie Naval Postgraduate School
Abstraction-Driven Network Verification and Design (a personal odyssey) Geoffrey Xie Naval Postgraduate School xie@nps.edu It started in 2004 A sabbatical at CMU Joined a collaborative project with AT&T
More informationAn Assertion Language for Debugging SDN Applications
An Assertion Language for Debugging SDN Applications Ryan Beckett, X. Kelvin Zou, Shuyuan Zhang, Sharad Malik, Jennifer Rexford, and David Walker Princeton University {rbeckett, xuanz, shuyuanz, sharad,
More informationVeriCon: Towards Verifying Controller Programs in SDNs
VeriCon: Towards Verifying Controller Programs in SDNs Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly Sagiv, Michael Schapira, Asaf Valadarsky 1 Guaranteeing network
More informationA Hypothesis Testing Framework for Network Security
A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois at Urbana-Champaign TSS Seminar, September 15, 2015 Part of the SoS Lablet with David Nicol Kevin Jin Matthew
More informationEnforcing Customizable Consistency Properties in Software-Defined Networks. Wenxuan Zhou, Dong Jin, Jason Croft, Matthew Caesar, Brighten Godfrey
Enforcing Customizable Consistency Properties in Software-Defined Networks Wenxuan Zhou, Dong Jin, Jason Croft, Matthew Caesar, Brighten Godfrey 1 Network changes control applications, changes in traffic
More informationDebugging the Data Plane with Anteater
Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar P. Brighten Godfrey, Samuel T. King University of Illinois at Urbana-Champaign Network debugging is challenging
More informationCS 4226: Internet Architecture
Software Defined Networking Richard T. B. Ma School of Computing National University of Singapore Material from: Scott Shenker (UC Berkeley), Nick McKeown (Stanford), Jennifer Rexford (Princeton) CS 4226:
More informationHow to destroy networks for fun (and profit)
HotNets 205 How to destroy networks for fun (and profit) Nick Shelly Joint work with: Brendan Tschaen, Klaus-Tycho Förster, Michael Chang, Theophilus Benson, Laurent Vanbever The network has become more
More informationLecture 17: Network Layer Addressing, Control Plane, and Routing
Lecture 17: Network Layer Addressing, Control Plane, and Routing COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition:
More informationPolicy-preserving Middlebox Placement in SDN-Enabled Data Centers
Policy-preserving Middlebox Placement in SDN-Enabled Data Centers Bin Tang Computer Science Department California State University Dominguez Hills Some slides are from www.cs.berkeley.edu/~randy/courses/cs268.f08/lectures/22-
More informationEmpowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE
Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA Bruno Barba Systems Engineer Mexico & CACE bbarba@brocade.com Brocade Who is Vyatta? Leader in software-based networking Founded in 2006
More informationCSE 486/586 Distributed Systems
CSE 486/586 Distributed Systems Failure Detectors Slides by: Steve Ko Computer Sciences and Engineering University at Buffalo Administrivia Programming Assignment 2 is out Please continue to monitor Piazza
More informationFailures in Distributed Systems
CPSC 426/526 Failures in Distributed Systems Ennan Zhai Computer Science Department Yale University Recall: Lec-14 In lec-14, we learned: - Difference between privacy and anonymity - Anonymous communications
More informationFOUNDATIONS OF INTENT- BASED NETWORKING
FOUNDATIONS OF INTENT- BASED NETWORKING Loris D Antoni Aditya Akella Aaron Gember Jacobson Network Policies Enterprise Network Cloud Network Enterprise Network 2 3 Tenant Network Policies Enterprise Network
More information5 years of research on GENI: From the Future Internet Back to the Present
5 years of research on GENI: From the Future Internet Back to the Present P. Brighten Godfrey University of Illinois at Urbana-Champaign GENI NICE Workshop November 10, 2015 5 years of research on GENI:
More informationVeriFlow: Verifying Network-Wide Invariants in Real Time
VeriFlow: Verifying Network-Wide Invariants in Real Time Ahmed Khurshid, Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey Department of Computer Science University of Illinois at Urbana-Champaign 201
More informationHEADER SPACE ANALYSIS
HEADER SPACE ANALYSIS Peyman Kazemian (Stanford University) George Varghese (UCSD, Yahoo Labs) Nick McKeown (Stanford University) 1 July 17 th, 2012 Joint Techs 2012 TODAY A typical network is a complex
More informationLink State Rou.ng Reading: Sec.ons 4.2 and 4.3.4
Link State Rou.ng Reading: Sec.ons. and.. COS 6: Computer Networks Spring 0 Mike Freedman hep://www.cs.princeton.edu/courses/archive/spring/cos6/ Inside a router Goals of Today s Lecture Control plane:
More informationIntroduc?on to pmacct
Introduc?on to pmacct Paolo Lucente pmacct GRNOG Workshop #1, Athens May 2017 whoami Paolo Lucente GitHub: paololucente LinkedIn: plucente Digging data out of networks worldwide for fun and profit for
More informationVerifica(on of Concurrent Programs
Verifica(on of Concurrent Programs Parker Aldric Mar With special thanks to: Azadeh Farzan and Zachary Kincaid Research Field: Program Verifica(on Goal is to program code that is safe, i.e. code that produces
More informationLink State Rou.ng Reading: Sec.ons 4.2 and 4.3.4
Link State Rou.ng Reading: Sec.ons. and.. COS 6: Computer Networks Spring 009 (MW :0 :50 in COS 05) Michael Freedman Teaching Assistants: WyaN Lloyd and Jeff Terrace hnp://www.cs.princeton.edu/courses/archive/spring09/cos6/
More informationRouting, Routers, Switching Fabrics
Routing, Routers, Switching Fabrics Outline Link state routing Link weights Router Design / Switching Fabrics CS 640 1 Link State Routing Summary One of the oldest algorithm for routing Finds SP by developing
More informationBuilding Efficient and Reliable Software-Defined Networks. Naga Katta
FPO Talk Building Efficient and Reliable Software-Defined Networks Naga Katta Jennifer Rexford (Advisor) Readers: Mike Freedman, David Walker Examiners: Nick Feamster, Aarti Gupta 1 Traditional Networking
More informationOpenNF: Enabling Innova2on in Network Func2on Control Aditya Akella
OpenNF: Enabling Innova2on in Network Func2on Control Aditya Akella With: Aaron Gember, Raajay Vishwanathan, Chaithan Prakash, Sourav Das, Robert Grandl, and Junaid Khalid Network func2ons, or Middleboxes
More informationJoel Obstfeld Director of Engineering SP CTO team November Cisco and/or its affiliates. All rights reserved. 1
Joel Obstfeld Director of Engineering SP CTO team November 2012 2012 Cisco and/or its affiliates. All rights reserved. 1 Controller architecture that efficiently computes & fits applica9on instances onto
More informationSDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe
SDN TO BE OR NOT TO BE Uwe Richter SE Director Russia/CIS, East and South East Europe uwe@juniper.net FUNDAMENTAL PROBLEMS TO SOLVE Want more innovation in networking Want it more quickly too Want more
More informationLecture 3: Packet Forwarding
Lecture 3: Packet Forwarding CSE 222A: Computer Communication Networks Alex C. Snoeren Thanks: Nick Feamster & Mike Freedman Lecture 3 Overview Cerf & Kahn discussion The evolution of packet forwarding
More informationConcise Paper: In-Band Update for Network Routing Policy Migration
Concise Paper: In-Band Update for Network Routing Policy Migration Shuyuan Zhang, Sharad Malik, Sanjai Narain, Laurent Vanbever Princeton University, {shuyuanz, vanbever, sharad@princeton.edu} Applied
More informationJoint Server Selection and Routing for Geo-Replicated Services
Joint Server Selection and Routing for Geo-Replicated Services Srinivas Narayana Joe Wenjie Jiang, Jennifer Rexford and Mung Chiang Princeton University 1 Large-scale online services Search, shopping,
More informationDesign and Implementa/on of a Consolidated Middlebox Architecture. Vyas Sekar Sylvia Ratnasamy Michael Reiter Norbert Egi Guangyu Shi
Design and Implementa/on of a Consolidated Middlebox Architecture Vyas Sekar Sylvia Ratnasamy Michael Reiter Norbert Egi Guangyu Shi 1 Need for Network Evolu/on New applica/ons Evolving threats Performance,
More informationARP Address Resolu,on Protocol
ARP Address Resolu,on Protocol Security João Paulo Barraca jpbarraca@ua.pt 1 Networking Basics Communica,on in packet networks rely on several layers, with different iden,fiers: Applica,ons use TCP/UDP
More informationIntroduc)on to SDN and NFV. Tomás Lynch Solu/on Architect III Ericsson
Introduc)on to SDN and NFV Tomás Lynch Solu/on Architect III Ericsson SoBware- Defined Networking THE PATH TO SDN Introduc)on to SDN & NFV Ericsson AB 2015 2015-09- 25 Page 2 IP Router Evolu)on In the
More informationONOS and the importance of deployments
ONOS and the importance of deployments Luca Prete (ON.Lab) International OpenFlow/SDN Testbeds Miami April 1 st, 2015 Why this talk? The importance of deployments In general, for ONOS and its community
More informationPacketShader: A GPU-Accelerated Software Router
PacketShader: A GPU-Accelerated Software Router Sangjin Han In collaboration with: Keon Jang, KyoungSoo Park, Sue Moon Advanced Networking Lab, CS, KAIST Networked and Distributed Computing Systems Lab,
More informationC 1. Recap. CSE 486/586 Distributed Systems Failure Detectors. Today s Question. Two Different System Models. Why, What, and How.
Recap Best Practices Distributed Systems Failure Detectors Steve Ko Computer Sciences and Engineering University at Buffalo 2 Today s Question Two Different System Models How do we handle failures? Cannot
More information1/12/11. ECE 1749H: Interconnec3on Networks for Parallel Computer Architectures. Introduc3on. Interconnec3on Networks Introduc3on
ECE 1749H: Interconnec3on Networks for Parallel Computer Architectures Introduc3on Prof. Natalie Enright Jerger Winter 2011 ECE 1749H: Interconnec3on Networks (Enright Jerger) 1 Interconnec3on Networks
More informationSoftware Defined Networking
Software Defined Networking Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 http://www.cs.princeton.edu/courses/archive/spr12/cos461/ The Internet: A Remarkable
More informationInterdomain routing CSCI 466: Networks Keith Vertanen Fall 2011
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationHeader Space Analysis: Static Checking For Networks
Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented by Eviatar Khen (Software Defined Networks Seminar)
More informationGuarded Modules: Adap/vely Extending the VMM s Privileges Into the Guest
Guarded Modules: Adap/vely Extending the VMM s Privileges Into the Guest Kyle C. Hale Peter Dinda Department of Electrical Engineering and Computer Science Northwestern University hip://halek.co hip://presciencelab.org
More informationOutline today. MPLS Overview. We saw tunneling on top of IP. What about tunneling below IP? Introducing Mul<- Protocol Label Switching (MPLS) 3/21/11
UNDERLAYS and MIDDLEBOXES Outline today Network- layer principles Globally unique iden
More informationEC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane
EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane This presentation is adapted from slides produced by Jim Kurose and Keith Ross for their book, Computer Networking:
More informationSlicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More informationOpenContrail as SDN controller for NFV infrastructure in AT&T network Alexey Gorbunov Network Architect CCIE 41088
OpenContrail as SDN controller for NFV infrastructure in AT&T network Alexey Gorbunov Network Architect CCIE 41088 What we re doing: AT&T Wireless Mobility Network We re a suppor+ng a large network infrastructure
More informationDisaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper
Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture White Paper June 2017 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationCluster Communica/on Latency:
Cluster Communica/on Latency: towards approaching its Minimum Hardware Limits, on Low-Power Pla=orms Manolis Katevenis FORTH, Heraklion, Crete, Greece (in collab. with Univ. of Crete) http://www.ics.forth.gr/carv/
More informationSoftware Defined Networks
Software Defined Networks A quick overview Based primarily on the presentations of Prof. Scott Shenker of UC Berkeley The Future of Networking, and the Past of Protocols Please watch the YouTube video
More informationCSC 401 Data and Computer Communications Networks
CSC 40 Data and Computer Communications Networks Network Layer NAT, Routing, Link State, Distance Vector Prof. Lina Battestilli Fall 07 Chapter 4 Outline Network Layer: Data Plane 4. Overview of Network
More informationDesign principles in parser design
Design principles in parser design Glen Gibb Dept. of Electrical Engineering Advisor: Prof. Nick McKeown Header parsing? 2 Header parsing? Identify headers & extract fields A???? B???? C?? Field Field
More informationRouting in the Internet
Routing in the Internet Daniel Zappala CS 460 Computer Networking Brigham Young University Scaling Routing for the Internet 2/29 scale 200 million destinations - can t store all destinations or all prefixes
More informationChapter 5 Network Layer: The Control Plane
Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you
More informationIntroduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN)
Introduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN) Myungjin Lee myungjin.lee@ed.ac.uk Courtesy note: Slides from course CPS514 Spring 2013 at Duke University and
More informationEnforcing Network- Wide Policies in the Presence of Dynamic Middlebox Ac>ons using FlowTags
Enforcing Network- Wide Policies in the Presence of Dynamic Middlebox Ac>ons using FlowTags Seyed K. Fayazbakhsh *, Luis Chiang, Vyas Sekar *, Minlan Yu, Jeffrey Mogul * CMU, Deutsche Telekom, USC, Google
More informationIncremental SDN-Enabled Switch Deployment for Hybrid Software-Defined Networks
Incremental SDN-Enabled Switch Deployment for Hybrid Software-Defined Networks Meitian Huang and Weifa Liang Research School of Computer Science The Australian National University, Canberra, ACT 2601,
More informationNetwork Layer: The Control Plane
Network Layer: The Control Plane 7 th Edition, Global Edition Jim Kurose, Keith Ross Pearson April 06 5- Software defined networking (SDN) Internet network layer: historically has been implemented via
More informationProfessor Yashar Ganjali Department of Computer Science University of Toronto.
Professor Yashar Ganjali Department of Computer Science University of Toronto yganjali@cs.toronto.edu http://www.cs.toronto.edu/~yganjali Today Outline What this course is about Logistics Course structure,
More informationNational Taiwan University. Software-Defined Networking
Software-Defined Networking Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., Email: acpang@csie.ntu.edu.tw http://www.csie.ntu.edu.tw/~acpang June
More informationCOCONUT: Seamless Scale-out of Network Elements
COCONUT: Seamless Scale-out of Network Elements Soudeh Ghorbani P. Brighten Godfrey University of Illinois at Urbana-Champaign Simple abstractions Firewall Loadbalancer Router Network operating system
More informationAlterna(ve Architectures
Alterna(ve Architectures COMS W4118 Prof. Kaustubh R. Joshi krj@cs.columbia.edu hep://www.cs.columbia.edu/~krj/os References: Opera(ng Systems Concepts (9e), Linux Kernel Development, previous W4118s Copyright
More informationRouter Architecture Overview
Chapter 4: r Introduction (forwarding and routing) r Review of queueing theory r Router design and operation r IP: Internet Protocol m IPv4 (datagram format, addressing, ICMP, NAT) m Ipv6 r Generalized
More informationEmbark: Securely Outsourcing Middleboxes to the Cloud
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic
More informationLink Layer. w/ credit to Rick Graziani (Cabrillo) for some of the anima<ons
Link Layer w/ credit to Rick Graziani (Cabrillo) for some of the anima
More informationCS 5114 Network Programming Languages Control Plane. Nate Foster Cornell University Spring 2013
CS 5 Network Programming Languages Control Plane http://www.flickr.com/photos/rofi/0979/ Nate Foster Cornell University Spring 0 Based on lecture notes by Jennifer Rexford and Michael Freedman Announcements
More informationRedes de Computadores. Shortest Paths in Networks
Redes de Computadores Shortest Paths in Networks Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto » What is a graph?» What is a spanning tree?» What is a shortest path tree?» How are
More informationNETWORK VERIFICATION: WHEN CLARKE MEETS CERF
TOOLS FOR PUBLIC CLOUDS, PRIVATE CLOUDS, ENTERPRISE NETWORKS, ISPs,... NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU, MSR, Stanford, UCLA) 1 Model and Terminology
More informationThe Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery
The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery Evan Cooke *, Michael Bailey *, Farnam Jahanian *, Richard Mortier *University of Michigan Microsoft Research - 1 - NSDI 2006
More informationNetSecOps: Policy-Driven, Knowledge-Centric, Holis<c Network Security Opera<ons
NetSecOps: Policy-Driven, Knowledge-Centric, Holis
More informationElas%c Load Balancing, Amazon CloudWatch, and Auto Scaling Sco) Linder
Elas%c Load Balancing, Amazon, and Auto Scaling Sco) Linder Overview Elas4c Load Balancing Features/Restric4ons Connec4on Types Listeners Configura4on Op4ons Auto Scaling Launch Configura4ons Scaling Types
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationETSF10 Internet Protocols Routing on the Internet
ETSF10 Internet Protocols Routing on the Internet 2013, Part 2, Lecture 1.2 Jens Andersson (Kaan Bür) Routing on the Internet Unicast routing protocols (part 2) [ed.5 ch.20.3] Multicast routing, IGMP [ed.5
More informationDistance Vector Routing
ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE Routing in General Distance Vector Routing Jean Yves Le Boudec Fall 22 Contents. Routing in General 2. Distance vector: theory. Distance vector: practice 4. Dynamic
More informationECE 1749H: Interconnec1on Networks for Parallel Computer Architectures. Introduc1on. Prof. Natalie Enright Jerger
ECE 1749H: Interconnec1on Networks for Parallel Computer Architectures Introduc1on Prof. Natalie Enright Jerger Winter 2011 ECE 1749H: Interconnec1on Networks (Enright Jerger) 1 Interconnec1on Networks
More informationIncremental Update for a Compositional SDN Hypervisor
Incremental Update for a Compositional SDN Hypervisor Xin Jin Princeton University xinjin@cs.princeton.edu Jennifer Rexford Princeton University jrex@cs.princeton.edu David Walker Princeton University
More informationEECS 122, Lecture 17. The Distributed Update Algorithm (DUAL) Optimization Criteria. DUAL Data Structures. Selecting Among Neighbors.
EECS 122, Lecture 17 Kevin Fall kfall@cs.berkeley.edu edu The Distributed Update Algorithm (DUAL) J.J. Garcia-Luna Luna-Aceves [SIGCOMM 89] Aims at removing transient loops in both DV and LS routing protocols
More informationChapter 4: network layer. Network service model. Two key network-layer functions. Network layer. Input port functions. Router architecture overview
Chapter 4: chapter goals: understand principles behind services service models forwarding versus routing how a router works generalized forwarding instantiation, implementation in the Internet 4- Network
More informationWhere we are in the Course
Where we are in the ourse More fun in the Network Layer! We ve covered packet forwarding Now we ll learn about roung Applicaon Transport Network Link Physical SE 61 University of Washington 1 Roung versus
More informationAdvanced Topics in Routing
Advanced Topics in Routing EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton and UC
More informationUsing the Cray Gemini Performance Counters
Photos placed in horizontal position with even amount of white space between photos and header Using the Cray Gemini Performance Counters 0 1 2 3 4 5 6 7 Backplane Backplane 8 9 10 11 12 13 14 15 Backplane
More informationECE 1749H: Interconnec1on Networks for Parallel Computer Architectures: Rou1ng. Prof. Natalie Enright Jerger
ECE 1749H: Interconnec1on Networks for Parallel Computer Architectures: Rou1ng Prof. Natalie Enright Jerger Rou1ng Overview Discussion of topologies assumed ideal rou1ng In prac1ce Rou1ng algorithms are
More informationCS4450. Computer Networks: Architecture and Protocols. Lecture 15 BGP. Spring 2018 Rachit Agarwal
CS4450 Computer Networks: Architecture and Protocols Lecture 15 BGP Spring 2018 Rachit Agarwal Autonomous System (AS) or Domain Region of a network under a single administrative entity Border Routers Interior
More informationLayered Network Architecture. CSC358 - Introduction to Computer Networks
Layered Network Architecture Layered Network Architecture Question: How can we provide a reliable service on the top of a unreliable service? ARQ: Automatic Repeat Request Can be used in every layer TCP
More informationCOMP211 Chapter 4 Network Layer: The Data Plane
COMP211 Chapter 4 Network Layer: The Data Plane All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross
More informationI X P A C K. ecuring. nternet change. oints gainst urious. Marco Chiesa Université catholique de Louvain KTH Royal Institute of Technology
S ecuring e I X nternet change Marco Chiesa Université catholique de Louvain KTH Royal Institute of Technology onloo P A C K oints gainst urious ers joint work with Joint work with: Daniel Demmler Marco
More informationSwitching and bridging
Switching and bridging CSCI 466: Networks Keith Vertanen Fall 2011 Last chapter: Overview Crea7ng networks from: Point- to- point links Shared medium (wireless) This chapter: SoCware and hardware connec7ng
More informationNetwork Monitoring using Test Packet Generation
Network Monitoring using Test Packet Generation Madhuram Kabra Modern Education Society s College of Engineering Pune, India Mohammed Sukhsarwala Modern Education Society s College of Engineering Pune,
More informationCS4700/5700: Network fundamentals
Cristina Nita-Rotaru CS4700/5700: Network fundamentals. 1: Organizing network functionality } Networks are built from many components } Networking technologies } Ethernet, Wifi, Bluetooth, Fiber Optic,
More informationNetwork layer overview
Network layer overview understand principles behind layer services: layer service models forwarding versus rou:ng how a router works rou:ng (path selec:on) broadcast, mul:cast instan:a:on, implementa:on
More informationThe (Surprising) Computational Power of the SDN Data Plane
The (Surprising) Computational Power of the SDN Data Plane Calvin Newport Computer Science Department Georgetown University Washington, DC 20057 Email: cnewport@cs.georgetown.edu Wenchao Zhou Computer
More informationMaking the Internet more scalable and manageable
Making the Internet more scalable and manageable Laurent Vanbever Princeton University ETH Zürich March, 17 2014 Human factors are responsible for 50% to 80% of network outages Juniper Networks, What s
More informationFast IP Convergence. Section 4. Period from when a topology change occurs, to the moment when all the routers have a consistent view of the network.
Fast IP Convergence Section 4 2899_05_2001_c1 2001, Cisco Systems, Inc. All rights reserved. 1 IP Convergence Convergence Time Period from when a topology change occurs, to the moment when all the routers
More information