Composing Software-Defined Networks

Similar documents
HY436: Modular Network Programming with Pyretic

Languages for Software-Defined Networks

Compiling Path Queries

Composing Software Defined Networks

Professor Yashar Ganjali Department of Computer Science University of Toronto

SDN SEMINAR 2017 ARCHITECTING A CONTROL PLANE

It's the last COS 326 class!

Languages for SDN (Frenetic)

Bringing SDN to the Internet, one exchange point at the time

Network Programming Languages. Nate Foster

CoVisor: A Compositional Hypervisor for Software-Defined Networks

CoVisor: A Composi,onal Hypervisor for So6ware- Defined Networks

Frenetic: Functional Reactive Programming for Networks

SDX: A Software Defined Internet Exchange

CoVisor: A Compositional Hypervisor for Software-Defined Networks

Software-Defined Networking:

Software-Defined Networking (Continued)

NetKAT: Semantic Foundations for Networks. Nate Foster Cornell University

Software Defined Networking

Software Defined Networking

Advanced Computer Networks. Network Virtualization

Software-Defined Networking (SDN)

Incremental Update for a Compositional SDN Hypervisor

States on a (Data) Plane. Jennifer Rexford

Extending Dijkstra s Shortest Path Algorithm for Software Defined Networking

Software Defined Networking

Compiling Path Queries in Software-Defined Networks

SNAP: Stateful Network-Wide Abstractions for Packet Processing

Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017

Making Network Functions Software-Defined

Policy-based networking. CSU CS Fall 2017 Instructor: Lorenzo De Carli

Design and development of the reactive BGP peering in softwaredefined routing exchanges

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

Programmable Software Switches. Lecture 11, Computer Networks (198:552)

Some Musings on OpenFlow and SDN for Enterprise Networks. David Meyer Open Networking Summit October 18-19, 2011

UMass Amherst Cornell Princeton

CSC 4900 Computer Networks: Network Layer

SDN-enabled Internet Exchange Point

Software-Defined Networking (SDN) Overview

Quantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer

So#ware- Defined Networks

Taxonomy of SDN. Vara Varavithya 17 January 2018

Outline. SDN Overview Mininet and Ryu Overview Mininet VM Setup Ryu Setup OpenFlow Protocol and Open vswitch Reference

Cloud Networking (VITMMA02) Software Defined Networking (SDN) in the Cloud

Proceedings of the Fourth Engineering Students Conference at Peradeniya (ESCaPe) SDN Flow Caching

IP Fabric Reference Architecture

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

CS 4226: Internet Architecture

OpenState demo. Hands-on activity. NetSoft 15 - April 13, 2015 A.Capone & C. Cascone: OpenState Live Demo 1

Chapter 5 Network Layer: The Control Plane

Configuring Firewall Filters (J-Web Procedure)

Web-Based User Interface for the Floodlight SDN Controller

How SDN Works Introduction of OpenFlow Protocol

VXLAN Overview: Cisco Nexus 9000 Series Switches

2 5 A p r 12. Princeton University

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

Enhanced Malware Monitor in SDN using Kinetic Controller

BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK

SDN AND NFV SECURITY DR. SANDRA SCOTT-HAYWARD, QUEEN S UNIVERSITY BELFAST COINS SUMMER SCHOOL, 23 JULY 2018

Programming Network Policies by Examples: Platform, Abstraction and User Studies

CS-580K/480K Advanced Topics in Cloud Computing. Software-Defined Networking

Kinetic: Verifiable Dynamic Network Control

and controller independence with NetIDE

Configuring Tap Aggregation and MPLS Stripping

Software Defined Networking

Design and Implementation of Virtual TAP for Software-Defined Networks

Advanced Computer Networks. RDMA, Network Virtualization

On the Practical Applicability of SDN Research

DaoliNet A Simple and Smart Networking Technology for Docker Applications

lecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00

Diagnosing Missing Events in Distributed Systems with Negative Provenance

Network Myths and Mysteries. Radia Perlman Intel Labs

TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS

H3C S9800 Switch Series

A Compiler and Run- 1me System for Network Programming Languages

OPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net

Service Mesh and Microservices Networking

OpenFlow Ronald van der Pol

Configuring MLD Snooping

SPARTA: Scalable Per-Address RouTing Architecture

H3C S5130-EI Switch Series

Cisco Nexus Data Broker for Network Traffic Monitoring and Visibility

Frenetic: A High-Level Language for OpenFlow Networks

Lecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall

Hands on SDN and BRO

White Paper. OCP Enabled Switching. SDN Solutions Guide

Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1

Cybersecurity was nonexistent for most network data exchanges until around 1994.

ProgrammableFlow: OpenFlow Network Fabric

Configuring MLD Snooping

OpenADN: A Case for Open Application Delivery Networking

So#ware Defined Networking

SNAP: Stateful Network-Wide Abstractions for Packet Processing. Collaboration of Princeton University & Pomona College

Lesson 9 OpenFlow. Objectives :

DYNAMIC CONTROL OF SOFTWARE-DEFINED NETWORKS XIN JIN A DISSERTATION PRESENTED TO THE FACULTY RECOMMENDED FOR ACCEPTANCE COMPUTER SCIENCE

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

Junos Enterprise Switching

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

SDN CONTROLLERS. SDN Tutorial 1

Transcription:

Composing Software-Defined Networks Chris Monsanto*, Joshua Reich* Nate Foster^, Jen Rexford*, David Walker* www.frenetic- lang.org/pyretic Princeton* Cornell^

Software Defined Networks (SDN) Enable network innovation by decoupling control plane: determines rules data plane: applies rules to packets 2

Software Defined Networks (SDN) Acheived using open standard API 3

Software Defined Networks (SDN) Controller Application Controller Platform Enabling a shift from protocols to applications 4

Running Example Network! Internet SDN Switch w/ labeled ports Servers 1 2 3 A B 5

Programming in OpenFlow Priority 2:match(dstip=A)[fwd(2)] 1:match(* )[fwd(1)] 2:match(dstip=B)[fwd(3)] Route: IP/fwd Counters for each rule - #bytes, #packets 1 dstip!=a dstip!=b Pattern dstip=a 2 3 dstip=b Action A B 6

One API, Many Uses Priority Ordered match(dstmac=a)[fwd(2)] match(dstmac=b)[fwd(3)] match(* )[fwd(1)] Pattern Action Switch: MAC/fwd 1 2 3 A B 7

One API, Many Uses match(srcip=0*,dstip=p)[mod(dstip=a)] match(srcip=1*,dstip=p)[mod(dstip=b)] Pattern Action Load Balancer: IP/mod 1 2 3 A B 8

But Only Half of the Story Controller Application Hardware Interface Controller Platform OpenFlow (assembly) Hardware Flow-Table Rules (Machine Language) 9

But Only Half of the Story Modular & Intuitive Monitor Route FW LB Programmer Interface? Controller Platform Hardware Interface OpenFlow (assembly) Hardware Flow-Table Rules (Machine Language) 10

OpenFlow Isn t Modular Balance then Route match(srcip=0*,dstip=p)[mod(dstip=a)] match(srcip=1*,dstip=p)[mod(dstip=b)] match(dstip=a)[fwd(2)] match(dstip=b)[fwd(3)] match(* )[fwd(1)] Combined Rules? (only one match) match(srcip=0*,dstip=p)[mod(dstip=a)] match(srcip=1*,dstip=p)[mod(dstip=b)] match( dstip=a)[fwd(2) ] match( dstip=b)[fwd(3) ] match(* )[fwd(1) ] Balances w/o Forwarding! 11

OpenFlow Isn t Modular Balance then Route match(srcip=0*,dstip=p)[mod(dstip=a)] match(srcip=1*,dstip=p)[mod(dstip=b)] match(dstip=a)[fwd(2)] match(dstip=b)[fwd(3)] match(* )[fwd(1)] Combined Rules? (only one match) match( dstip=a)[fwd(2) ] match( dstip=b)[fwd(3) ] match(* )[fwd(1) ] match(srcip=0*,dstip=p)[mod(dstip=a)] match(srcip=1*,dstip=p)[mod(dstip=b)] Forwards w/o Balancing! 12

Pyretic (Contributions) Abstracts Providing Supporting Policy Network Packet Compositional Operators Layered Abstract Topologies Extensible Headers Functional Composition Topological Decomposition Policy & Network Abstractions 13

Compositional Operators: A Monitoring Load Balancer IP = 0* A IP = 1* B Traffic to P re-addressed and fowarded to either A or B, based on source Counted if from source X 14

Compositional Operators: A Monitoring Load Balancer IP = 0* A IP = 1* B Module 1: Balance Rewrite dstip P to A, if srcip=0* B, if srcip=1* then Module 2: Route Based on dstip, and Module 3: Monitor count if srcip=x 15

Topology Abstraction: A Legacy Gateway Replacement 1 I E F G 4 2 3 Gateway acts like: Legacy router Legacy switch ARP responder Hybrid MAC-rewriter, legacy router/switch 16

Topology Abstraction: A Legacy Gateway Replacement 1 E 2 F I 4 3 Module 1: MAC- learn Module 2: Forward (ARP or MAC Rewrite) Module 3: IP- Route 17

Pyretic s Design Monitoring Load Balancer Encode policies as functions Compositional operators Queries as forwarding policies MAC-Learning Module Dynamic Policies One Big Switch Topology Abstraction Extensible packet model 18

Pyretic Drop Policy Goal: Drop packets (i.e., OpenFlow drop) Write: drop Means: eval(drop,p) = {} evaluate given policy on packet results in 19

Pyretic Forward Policy Goal: Forward packets out port a Write: fwd(a) Means: eval(fwd(a),p) = {p[outport:=a]} located packet w/ fields for switch inport outport 20

One Pyretic Policy For Each OpenFlow Action drop fwd(port) flood mod(h=v) 0 packets 1 packets 0,1, or more packets 1 packets 21

Pyretic Policy A function mapping a located packet to a set of located packets eval(policy,packet) = {packet} Puts focus on meaning instead of mechanics 22

Enabling Compositional Operators Parallel : Do both C1 and C2 simultaneously eval(c1 C2,p) = eval(c1,p) U eval(c2,p) Sequential >> : First do C1 and then do C2 eval(c1 >> C2,p) = U {eval(c2,p ) for p in eval(c1,p)} match(dstip=a)[fwd(2)] match(dstip=b)[fwd(3)] No priorities needed! ~(match(dstip=a) match(dstip=b))[fwd(1)] 23

Querying as Forwarding bucket(limit,[h]) count_bucket(every,[h]) Abstract location corresponding to a data-structure that store packet-data and callback processing routines b = count_bucket(every=1) b.register_callback(print) match(srcip=x)[fwd(b)] 24

Monitoring Load Balancer balance = match(srcip=0*,dstip=p)[mod(dstip=a)] match(srcip=1*,dstip=p)[mod(dstip=b)] ~match( dstip=p)[id ] route = match(dstip=a)[fwd(2)] match(dstip=b)[fwd(3)] ~(match(dstip=a) match(dstip=b))[fwd(1)] 0* 1* eval(id,p) = {p} 1 2 3 A B b = counts(every=1) b.register_callback(print) monitor = match(srcip=x)[fwd(b)] mlb = (balance >> route) monitor 25

Compared to install_flowmod(5,srcip=x & dstip=p,[mod(dstip=a), fwd(2)]) install_flowmod(4,srcip=0* & dstip=p,[mod(dstip=a), fwd(2)]) install_flowmod(4,srcip=1* & dstip=p,[mod(dstip=b), fwd(3)]) install_flowmod(4,srcip=x & dstip=a,[ fwd(2)]) install_flowmod(4,srcip=x & dstip=b,[ fwd(3)]) install_flowmod(3, dstip=a,[ fwd(2)]) install_flowmod(3, dstip=b,[ fwd(3)]) install_flowmod(2,srcip=x,[ fwd(1)]) install_flowmod(1,*,[ fwd(3)]) 26

Pyretic s Design Monitoring Load Balancer Encode Policies as Functions Compositional Operators Queries as Forwarding Policies MAC-Learning Module Dynamic Policies One Big Switch Topology Abstraction Extensible packet model 27

How Do We Change Policies? Dynamic policy a time-series of policies P t=3 P t=1 P t=0 28

MAC-Learning Module class learn(): def init(self): b = bucket(limit=1,[ srcmac, switch ]) b.register_callback(update) self.p = flood fwd(b) Update current val to flood Otherwise, policy unchanged def update(self,pkt): self.p = if_(match(dstmac=pkt[ srcmac ], If newly learned MAC Forward directly to learned port if_(p,c1,c2) = P[C1] ~P[C2] switch=pkt[ switch ]), fwd(pkt[ inport ]), self.p) 29

class learn(): MAC-Learning Module Time-series object def init(self): b = bucket(limit=1,[ srcmac, switch ]) b.register_callback(update) self.p = flood fwd(b) First packet with unique srcmac, switch Defined momentarily to flood and query Initialize current def update(self,pkt): value of time series self.p = if_(match(dstmac=pkt[ srcmac ], switch=pkt[ switch ]), fwd(pkt[ inport ]), self.p) 30

Pyretic s Design Monitoring Load Balancer Encode Policies as Functions Compositional Operators Queries as Forwarding Policies MAC-Learning Module Dynamic Policies One Big Switch Topology Abstraction Extensible packet model 31

Extensible Pyretic Packet Model Field srcmac dstmac proto srcip... switch inport outport vswitch Val[0] Val[1] All OpenFlow fields Location fields Virtual fields Stacks of values push(h=v) pop(h) Actions and matches use (currently) top value Implemented on OpenFlow by mapping extended field values to VLAN tags/mpls labels 32

One Big Switch Topology Abstraction 1 V 2 S T 1 2 1 2 Simplest of topology abstraction examples Build a distributed middlebox by running centralized middlebox app on V! 33

Topology Abstraction def abstract(ingress,fabric,egress,derived): using 3 partial transformation policies to: handle packets entering abstract switch move packets through abstract switch handle packets exiting abstract switch Returns a new policy for the underlying network (i.e., on nodes S and T) that does the derived policy on the abstract topology (i.e., on node V) 1 V 2 S T 1 2 1 2 34

Implementing abstract() def abstract(ingress,fabric,egress,derived): return ingress >> # defines part of transform derived >> # app run on abstract topo lower_packet >> # built-in fabric >> egress # defines part of transform # defines part of transform Field V 0 V 1 switch S T V inport 1 1 vswitch outport V 2 vinport 1 voutport 2 S 1 V T 1 2 1 2 2 35

Summary: Pyretic Policy Syntax (You may already be a Pyretic programmer!) 8 Actions A ::= drop fwd(port) flood mod(h=v) id push(h=v) pop(h) move(h1=h2) 6 Predicates P ::= all_packets no_packets match(h=v) P & P ( P P ) ~P 2 Query Buckets B ::= bucket(limit,[h]) count_bucket(every,[h]) 5 Policies C ::= A fwd(b) P [C] ( C C ) C >> C 36

Summary: Abstractions Policy Network Packet Pyretic Rich Composition Layered Abstract Topologies Extensible Headers Current APIs Little Composition Concrete Network Fixed OpenFlow Headers 37

Related Work: [Frenetic, Maestro, FRESCO] / [Click] Abstracts Pyretic Current APIs Policy Network Packet Rich Composition Layered Abstract Topologies Extensible Headers Some / Full Composition Concrete Network Fixed OpenFlow Headers But only for a single software switch not multiple hardware switches 38

Related Work: [FlowVisor] / [Nicira NVP, OpenStack Quantum] Abstracts Pyretic Current APIs Policy Network Packet Rich Composition Layered Abstract Topologies Extensible Headers Little Composition Disjoint Slices / Topology Hiding Fixed OpenFlow Headers Both approaches support multi-tenancy, but not topological decomposition (of functional composition) 39

Pyretic Interpreter and Suite of Apps Available at www.frenetic- lang.org/pyretic Monitoring & DPI Load Balancers Hub ARP Firewalls MAC learner Abstractions Big switch (one-to-many) Spanning tree (many-to-many) Gateway (many-to-one) And bigger applications built by combining these. 40

And More! Available at www.frenetic- lang.org/pyretic Features Request Bug reporting Link to github Discuss list Join the project Dev Roadmap Reactive (microflow) runtime Proactive (compilation) runtime Optimizations Caching 41

Thanks for Listening! 42

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback