1 / 19

Jennifer Rexford Princeton University MW 11:00am-12:20pm

Data-Plane Verification COS 597E: Software Defined Networking. Jennifer Rexford Princeton University MW 11:00am-12:20pm. Writing SDN Controller Apps. Event-Driven Programming. Application. Network OS. commands. events. Switch. Switch. Switch. OpenFlow 1.0 Switch. Control channel.

jasper
Télécharger la présentation

Jennifer Rexford Princeton University MW 11:00am-12:20pm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data-Plane Verification COS 597E: Software Defined Networking Jennifer Rexford Princeton University MW 11:00am-12:20pm

  2. Writing SDN Controller Apps

  3. Event-Driven Programming Application Network OS commands events Switch Switch Switch

  4. OpenFlow 1.0 Switch Control channel Queue of events Queue of commands ports Queue of packets awaiting controller Flow Table

  5. Receiving a Packet • Switch (aka datapath) • Input port • Reason (no-match, action) • Packet data • Buffer-id for packet OFPPacketIn Switch

  6. Sending a Packet • Switch (aka datapath) • Actions • Packet • Packet data (if any) • Buffer-id for packet (if any) OFPPacketOut Switch How to create a very simple hub?

  7. Installing a Rule • Switch (aka datapath) • Add, modify, delete • Rule • Header fields to match • Set of actions • Hard and soft timeout • Buffered packet to apply to (if any) OFPFlowMod OFPFlowRemoved Switch How to create a more efficient hub?

  8. Creating a Learning Switch • Learning the sender’s location • Learn host’s location when sending a packet • Associate the source MAC with the input port • Forwarding to the destination • Unknown destination: flood • Known destination: unicast How to program this as a controller app?

  9. Collecting Traffic Statistics • Switch (aka datapath) • Header fields to match OFPFlowStatsRequest OFPFlowStatsReply • Byte count • Packet count • Duration • … Switch

  10. Aggregate Traffic Statistics • Switch (aka datapath) • Header fields to match OFPFAggregateStatsRequest OFPAggregateStatsReply • Byte count • Packet count • Duration • … Switch

  11. Topology Changes • Switch (aka datapath) • Reason (add, delete, modify) OFPPortStatus Switch

  12. Data-Plane Verification Header-Space Analysis and VeriFlow

  13. What Bugs to Catch? Application Network OS API Switch Switch Switch

  14. Where to Verify? Application Network OS API Switch Switch Switch

  15. Data-Plane Verification • Input • Snapshot of the rules • Output • Whether an invariant holds • Counter-example(s) • Example • No loops • No blackholes • Access control

  16. Packets in Multiple Dimensions • Packets as points in a geometric space • A dimension for every bit in the header • Policies as functions • Mapping a packet and its location • … to a new packet and location • Many packets treated the same way • E.g., all packets with TCP dest port 80

  17. Two Approaches • Header-space analysis • Ternary symbolic execution • Follow a symbolic packet through the network • Algorithms for checking specific invariants • VeriFlow • Generate equivalence classes of packets • Generate per-class forwarding graphs • Traverse graphs to check specific invariants

  18. Discussion • Efficiency • Usable in real time? • Limitations • What invariants can(not) be checked? • How are invariants specified?

  19. Next Time • Get started on assignment 2 (due Oct 1) • Programming in Ryu • Use the references from assignments page • Reading for Wednesday • Testing and debugging • NICE and ndb

More Related