Upload
loren-chavez
View
221
Download
1
Tags:
Embed Size (px)
Citation preview
Models and techniquesfor verification of
Software Defined Networks
Victor Altukhov Eugene Chemeritsky
Vladislav Podymov Vladimir Zakharov
Applied Research Center for Computer Networks
OutlineIntroduction
Software Defined Networks SDN
Packet Forwarding Policies PFP
Model
Policy language FO[TC]
Verifying monitor VERMONT
Experiments & Comparison
What is Software Defined Network?
A
B
Switch Link
Host Port
Conventional networkApplication
Forwarding state
What is SDN?
Conventional network
What is SDN?
A
B
Application
Forwarding state
Topology
TaskHow to forward a packet
…Packet PacketPacket
Conventional network
What is SDN?
A
B
Application
Forwarding state
AppFS
AppFS
AppFS
AppFS
decentralized control
non-uniformity
Conventional network
What is SDN?
A
B
AppFS
AppFS
AppFS
AppFS
Controllerdecentralized control
non-uniformity
centralized control
uniformity
SDN
What is SDN?
A
BFS
FS
FSFS
Controller
Control plane
Data planeOpenFlow
Application
SDN
centralized control
uniformity
What is SDN?
A
BFS
FS
FSFS
Controller
Control plane
Data planeOpenFlow
ApplicationUpdUpd
Ok, I cando it
Don’t know what to do
SDN
centralized control
uniformity
What is Packet Forwarding Policy?Example:
REQUIREMENTS imposed on a
SAFEto guarantee that its behavior is
NETWORK
CORRECT
SECURE
…
What is PFP?
What is PFP?
Why ?
Hardware errors
Software (application) errors
We want to check if PFPs hold in a real SDN
and consider STATIC PFPs
TIMELINEw.r.t. to
How to check PFPs?
NETWORK POLICIES
Formal specificationNetwork model
Model checking
Fast!
Fast!
M P
M P⊧
~ 10μs
~ 10μs
Packet state
A
B
Switch #1Port #1Header #h1
Switch #2Port #1Header #h2 Switch #4
Port #1Header #h3
Switch #4Port #3Header #h4
h1h2 h3
h4
Packet state
A
B
Switch #1Port #1Header #h1
Switch #2Port #1Header #h2 Switch #4
Port #1Header #h3
Switch #4Port #3Header #h4
Switch #wPort #pHeader #h
Packet state
Switch #WPort #PHeader #H
0 … 1 1 … 1 0 … 0
sizew sizep sizeh
Switch #wPort #pHeader #h
S is the set of all packet states
Raw model
rule(p, h)
(p1, h1)
…
is an explicit description of key SDN componentssuch as:
(p2, h2)
(pk, hk)
Raw model
tablerulerulerulerule
default
…
is an explicit description of key SDN componentssuch as:
(p, h)
(p1, h1)(p2, h2)
(pk, hk)
Raw model
table …table
…
…
…
Switch
is an explicit description of key SDN componentssuch as:
(p, h)
(p1, h1)(p2, h2)
(pk, hk)
PFP Specification Language: syntax
Atoms:
First order logic constructors:
State equalities:
Closure constructors:
In OutStep (x, y) (x) (x)
⋁ & ⌝ ∃∀x = y
x.w = constx.p = y.p
x.h = const
F (x, y)+
F (x, y)[i1, i2]
– transitive closure
– bounded transitive closure
x = constx.w = y.w
x.p = constx.h = y.h
PFP SL: semantics
a PFP SL formula F(x1, …, xn)
RF
Given a relational model (Step, In, Out, …)
How?
defines a relation
n times
⊆ S × … × S
PFP SL: semantics
How?Obvious
… = …
RF
Given a relational model (Step, In, Out, …)
n times
⊆ S × … × S
InOutStep (x, y) (x)
(x)
a PFP SL formula F(x1, …, xn) defines a relation
PFP SL: semantics
How? F1(…) ⋁ F2
(…) Union
F1(…) F2
(…) Intersection&
F (…)⌝ Complement
RF
Given a relational model (Step, In, Out, …)a PFP SL formula F(x1, …, xn) defines a relation
n times
⊆ S × … × S
PFP SL: semantics
How? F (…) Universal projection
∃
∀
F (…) Existential projection
RF
Given a relational model (Step, In, Out, …)
x
x
a PFP SL formula F(x1, …, xn) defines a relation
n times
⊆ S × … × S
PFP SL: semantics
How?
RF
Given a relational model (Step, In, Out, …)
F (x, y)+
F (x, y)[i1, i2]
Transitive closure
Bounded transitive closure
a PFP SL formula F(x1, …, xn) defines a relation
n times
⊆ S × … × S
PFP SL: examples
In (x)
Step (y, z)+
y.w = z.w
No topological loops
A(x) B (y)Reachability
In (x) Out (y)Short routes only
∀x & Step (x, y)*
⌝ ∃x,y,z & Step (x, y)* &
&
⌝ ∃x,y &
Step (x, y)+
&
& Step (x, y)[1, 3]
⌝
∃y
What else?
ADEQUATE
We should be able to UPDATE
We can do it not discussed
at every instant
NETWORK continuously changes
Model should be
The update rate for Modelshould surpass the update rate for
(to some extent)
Model
NETWORK
on-line
We tested it for
• 16 switches• Fat Tree topology• 48 tables• 757000 forw. rules• 1500 ACL rules• >100 VLAN
Stanford University Network
Tool comparisonTool Build
(ms.)Update(ms.)
Policies OpenFlow concepts
VERMONT (2014)
4600 100 - 600 FO[TC](strict superset of others)
Full
NetPlumber (2013)
37000 2 - 1000 CTL Partial
VeriFlow (2013)
> 4000 68-100 Small fixed set Minimal
AP Verifier (2013)
1000 0.1 Small fixed set Minimal
FlowChecker (2010)
1200000 350 - 67000 CTL Full
Anteater (2011)
400000 ??? Small fixed set No