Abstractions for Network Update

Similar documents
Formal Specification and Programming for SDN

Frenetic: A Programming Language for OpenFlow Networks

Transactional Support for SDN Control Planes "

Switching in an Enterprise Network

RapidIO Network Management and Diagnostics

Port Trunking. Contents

Abstractions For Software-Defined Networks

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

Port Trunking. Contents

Mail-SeCure Load Balancing

Juniper / Cisco Interoperability Tests. August 2014

Languages for Software-Defined Networks

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Top-Down Network Design

CHAPTER 10 LAN REDUNDANCY. Scaling Networks

Homework 3 TCP/IP Network Monitoring and Management

Automated Formal Analysis of Internet Routing Systems

Objectives. Explain the Role of Redundancy in a Converged Switched Network. Explain the Role of Redundancy in a Converged Switched Network

RSVP- A Fault Tolerant Mechanism in MPLS Networks

Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

Facility Usage Scenarios

HP network adapter teaming: load balancing in ProLiant servers running Microsoft Windows operating systems

Configuring NetFlow Switching

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

Chapter 3. Enterprise Campus Network Design

I. ADDITIONAL EVALUATION RESULTS. A. Environment

Communication Networks. MAP-TELE 2011/12 José Ruela

QoS Parameters. Quality of Service in the Internet. Traffic Shaping: Congestion Control. Keeping the QoS

Table of Contents. Introduction

Names & Addresses. Names & Addresses. Hop-by-Hop Packet Forwarding. Longest-Prefix-Match Forwarding. Longest-Prefix-Match Forwarding

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

A Review on Quality of Service Architectures for Internet Network Service Provider (INSP)

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

Outline. EE 122: Interdomain Routing Protocol (BGP) BGP Routing. Internet is more complicated... Ion Stoica TAs: Junda Liu, DK Moon, David Zats

Hands On Activities: TCP/IP Network Monitoring and Management

Using Adversary Structures to Analyze Network Models,

Towards Correct Network Virtualization. Soudeh Ghorbani Brighten Godfrey UIUC

Internetworking II: VPNs, MPLS, and Traffic Engineering

- Hubs vs. Switches vs. Routers -

TRILL Large Layer 2 Network Solution

Optimizing Enterprise Network Bandwidth For Security Applications. Improving Performance Using Antaira s Management Features

How To Understand and Configure Your Network for IntraVUE

ExamPDF. Higher Quality,Better service!

CS 268: Lecture 13. QoS: DiffServ and IntServ

Quality of Service in the Internet. QoS Parameters. Keeping the QoS. Traffic Shaping: Leaky Bucket Algorithm

: Interconnecting Cisco Networking Devices Part 2 v1.1

A Passive Method for Estimating End-to-End TCP Packet Loss

Interconnecting Cisco Networking Devices Part 2

Additional Information: A link to the conference website is available at:

Dante: Know It, Use It, Troubleshoot It.

NETWORK ADMINISTRATION

ECSE-6600: Internet Protocols Exam 2

Hypothesis Testing for Network Security

ALL8894WMP. User s Manual. 8-Port 10/100/1000Mbps with 4-port PoE. Web Management Switch

Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26

Review Methods Configuration, Administration and Network Monitoring in High-Rate Onboard Networking Standards

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Central Control over Distributed Routing fibbing.net

QoS Switching. Two Related Areas to Cover (1) Switched IP Forwarding (2) 802.1Q (Virtual LANs) and 802.1p (GARP/Priorities)

Per-Packet Load Balancing

IP Routing Configuring Static Routes

GlobalSCAPE DMZ Gateway, v1. User Guide

SECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC

Overview of Routing between Virtual LANs

COURSE NAME: Database Management. TOPIC: Database Design LECTURE 3. The Database System Life Cycle (DBLC) The database life cycle contains six phases;

A Comparison Study of Qos Using Different Routing Algorithms In Mobile Ad Hoc Networks

Design and Implementation of Distributed Process Execution Environment

Solutions Guide. Ethernet-based Network Virtualization for the Enterprise

John Ragan Director of Product Management. Billy Wise Communications Specialist

Technology Solution Guide. Deploying Omnitron PoE Media Converters with Aruba Access Points and AirMesh Routers

NetTESTER Embedded 'Always-On' Network Testing & In-Service Performance Assurance

IP Addressing A Simplified Tutorial

Design and Implementation of Firewall Policy Advisor Tools

Multi-layer switch hardware commutation across various layers. Mario Baldi. Politecnico di Torino.

IxNetwork TM MPLS-TP Emulation

Software Defined Networking

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Windows Server Failover Clustering April 2010

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP LTM for SIP Traffic Management

Chapter 4. Distance Vector Routing Protocols

Chapter 7 Troubleshooting

ELIXIR LOAD BALANCER 2

Comparisons of SDN OpenFlow Controllers over EstiNet: Ryu vs. NOX

Abstract. MEP; Reviewed: GAK 10/17/2005. Solution & Interoperability Test Lab Application Notes 2005 Avaya Inc. All Rights Reserved.

Using IPM to Measure Network Performance

Ensuring End-to-End QoS for IP Applications. Chuck Darst HP OpenView. Solution Planning

J-Sim: An Integrated Environment for Simulation and Model Checking of Network Protocols

QoS for (Web) Applications Velocity EU 2011

Content Distribution Networks (CDN)

Transcription:

Abstractions for Network Update Nate Foster Mark Reitblatt Cole lesinger Jennifer Rexford David Walker

At 12:47 AM PDT on April 21st, a network ange was performed as part of our normal scaling activities... During the ange, one of the steps is to shift traffic off of one of the redundant routers... The traffic shift was executed incorrectly and the traffic was routed onto the er capacity redundant network. This led to a re-mirroring storm... During this re-mirroring storm, the volume of connection attempts was extremely high and nodes began to fail, resulting in more volumes left needing to re-mirror. This added more requests to the re-mirroring storm... The trigger for this event was a network configuration ange.

Network Updates Reasons Routine maintenance Unexpected failure Traffic engineering Fine-grained security Common Problems Lost packets Broken connections Forwarding loops ecurity vulnerabilities

Prior Work

Kinetic: Abstractions for Network Update Main Challenge The network is a distributed system Can only update one element at a time Kinetic Approa Provide programmers h abstractions for updating the whole network at once update(config, topo) Design semantics to ensure reasonable behavior Engineer efficient implementation meanisms - Compiler constructs -level update protocols - Automatically applies optimizations

Example: Distributed Access Control ecurity Policy Ap plic atio n Co ntr olle r rc F1 I F2 Traffic Web Non-web Action Al Drop Any Al F3 Traffic Configuration A Process black-hat traffic on F1 Process white-hat traffic on {F2,F3}? Configuration B Process black-hat traffic on {F1,F2} Process white-hat traffic on F3

Update emantics Atomic Updates eem sensible... but costly to implement... and difficult to reason about, due to behavior on in-flight packets Per-Packet Consistent Updates Every packet processed h old or new configuration, but not a mixture of the two Per-F Consistent Updates Every set of related packets processed h old or new configuration, but not a mixture of the two

Per-Packet Consistency, Formally Global Configuration Update Queue hc, Qi u! hc 0,Q 0 i Queues Keep track of packets waiting to be processed at ea location Record the full processing history of ea packet as a trace Definition (Per-Packet Consistency) An update us is per-packet consistent if for every Q and t su that hc 1,Qi us!? hc 2,Q 0 i and t Q, there exist Q i and Q su that hc 1,Q i i!? hc 1,Q 00 i or hc 2,Q i i!? hc 2,Q 00 i and t Q.

Properties Trace: sequence of port-packet pairs Property: prefix-closed set of traces atisfaction: Q = P : every trace in Q an element of P C = P : every queue generated by C satisfies P Definition (Universal Property Preservation) An update us is universal property preserving if for all properties P su that C 1 and and all executions hc 1,Qi us!? = P C 2 = P hc 2,Q 0 i we have that Q 0 = P. Theorem An update us is per-packet consistent if and only if it is universal property preserving.

Consistent Update Classes One-Tou Update Packets traverse updated region of the network at most once Example: Loop-free single s update Example: Ingress port update Unobservable Update et of traces generated by new configuration unanged Example: Internal s update Theorem (Composition Principle) The composition of an unobservable update and a per-packet consistent update is a per-packet consistent update.

Implementation Aritecture Co ntr olle r Co ntr ol P lan e Da ta P lan e Co ntr ol P lan e Da ta P lan e Co ntr ol P lan e Da ta P lan e Co ntr ol P lan e Da ta P lan e

Implementation Two-phase commit Construct versioned internal and edge configurations Phase 1: Install internal configuration Phase 2: Install edge configuration Pure Extension Update strictly adds paths Fre net ic ion update(config,topo) Fre net ic Pure Retraction Update strictly removes paths Ru n-t im NO XC ub-space update Update modifies a small number of paths ub-topology update Update affects a small number of ses Ap plic at e yst em Calculate rules, generate messsages ont rol ler Raw control messages

The Abstractions at Work # Configuration A I_configA = [Rule({IN_PORT:1},[forward(5)]), Rule({IN_PORT:2},[forward(5)]), # Configuration B Rule({IN_PORT:3},[forward(6)]), I_configB = [Rule({IN_PORT:1},[forward(5)]), Rule({IN_PORT:4},[forward(7)])]) Rule({IN_PORT:2},[forward(6)]), F1_configA = [Rule({TP_DT:80}, [forward(2)]), Rule({IN_PORT:3},[forward(7)]), Rule({TP_DT:22}, [])]) Rule({IN_PORT:4},[forward(7)])]) F2_configA = [Rule({},[forward(2)])] F1_configB = [Rule({TP_DT:80}, [forward(2)]), F3_configA = [Rule({},[forward(2)])] Rule({TP_DT:22}, [])]) configa = {I:Configuration(I_configA), F2_configB = [Rule({TP_DT:80}, [forward(2)]), F1:Configuration(F1_configA), Rule({TP_DT:22}, [])]) F2:Configuration(F2_configA), F3_configB = [Rule({},[forward(2)])] F3:Configuration(F3_configA)} configb = {I:Configuration(I_configB), F1:Configuration(F1_configB), F2:Configuration(F2_configB), F3:Configuration(F3_configB)} # Main Function topo = NXTopo(...) per_packet_update(configa, topo)...wait for traffic load to shift... per_packet_update(configb, topo) Other Examples Point-to-point routing Multicast routing Application load balancer

Demo

Formal Verification Universal Preservation Corollary To verify that a property is invariant, simply eck that the old and new configurations satisfy it Properties Connectivity Loop freedom Blackhole freedom Access control Waypointing Totality Kripke tructure CTL Property Model Checker

Per-F Consistency Use Cases In-order delivery Load balancer Per-Packet Consistent Update Every set of related packets processed h old or new configuration, but not a mixture of the two. Main allenge Need to identify active fs Implementation meanisms rules h timeouts Wildcard cloning End-host feedback

Ongoing Work Other abstractions Loop-free updates Destination-preserving updates Update ynthesis Programmer specifies an invariant Compiler generates an update that preserves it Better responsiveness Act quickly when failures occur Monotonic updates? Enhanced fault tolerance Use compiler to harden configurations Pre-load a backup Leverage end hosts Help identify active fs Consistent source routing?

Thank You! Collaborators hrutarshi Basu (Cornell) Mike Freedman (Princeton) Rob Harrison (UMA West Point) Chris Monsanto (Princeton) Mark Reitblatt (Cornell) Gün irer (Cornell) Cole lesinger (Princeton) Alec tory (Cornell) Jen Rexford (Princeton) Dave Walker (Princeton) http://frenetic-lang.org Funding

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information