Page 1
Reasoning about Software Defined Networks
Mooly [email protected]
Tel Aviv UniversityThursday 16-18 (Physics 105)Monday 14-16 Schrieber 317Adviser: Michael Shapira
Hebrew University
http://www.cs.tau.ac.il/~msagiv/courses/rsdn.html
Page 2
Content
• Challenges in SDNs• Programming Language Abstractions• Programming Language Principles• Program Language Tools • Other useful tools
Beyond SDNs
Page 3
Challenges in SDN
• Programming complexity• Modularity• Composing operations• Handling Updates• Reliability• Performance• Testing• Productivity• Non-expert programmers
Page 4
How hard is it to program networks
• Routers with 20+ million lines of code• Cascading failures, vulnerabilities, etc• Low level programming• No abstractions– Virtual memory– Operating Systems– Resource Allocations– Libraries– Types
Page 5
Modularity: Simple Repeater
def repeater(switch): # Repeat Port 1 to Port 2 pat1 = {in_port:1} act1 = [forward(2)] install(switch, pat1, DEFAULT, act1) # Repeat Port 2 to Port 1 pat2 = {in_port:2} act2 = [forward(1)] install(switch, pat2, DEFAULT, act2)
Simple Repeater
1 2
Controller
When a switch joins the network, install two forwarding rules.
Page 6
Composition: Web Traffic Monitor
def web_monitor(switch)): # Web traffic from Internet pat = {inport:2,tp_src:80} install(switch, pat, DEFAULT, []) query_stats(switch, pat) def stats_in(switch, pat, bytes, …) print bytes sleep(30) query_stats(switch, pat)
Monitor Web (“port 80”) traffic
1 2
Web traffic
When a switch joins the network, install one monitoring rule.
Page 7
Composition: Repeater + Monitor
def switch_join(switch): pat1 = {inport:1} pat2 = {inport:2} pat2web = {in_port:2, tp_src:80} install(switch, pat1, DEFAULT, None, [forward(2)]) install(switch, pat2web, HIGH, None, [forward(1)]) install(switch, pat2, DEFAULT, None, [forward(1)]) query_stats(switch, pat2web)
def stats_in(switch, xid, pattern, packets, bytes): print bytes sleep(30) query_stats(switch, pattern)
Repeater + Monitor
Must think about both tasks at the same time.
Page 8
Concurrency: Switch-Controller Delays
• Common programming idiom– First packet goes to the controller– Controller installs rules
8
packets
Page 9
Concurrency: Switch-Controller Delays
• More packets arrive before rules installed?– Multiple packets reach the controller
packets
Page 10
Concurrency: Switch-Controller Delays
• Rules along a path installed out of order?– Packets reach a switch before the rules do
Must think about all possible packet and event orderings.
packets
Page 11
Debugging is hard[Kazemian’NSDI’13]
• Distributed switch tables• Varied delays• Cascading effects on switch tables• Multiple protocols• Human interaction• …
Page 12
SDN Performance
• Given an SDN controller code
• Estimate the cost of routing per packet– Length of the path– Weight of the path– Number of controller interventions
Page 13
Programming Language Abstractions
• Hide the implementation• Interpreter/Compiler guarantees performance• Benefits– Portability– Ease of use– Reliability– Compositionality– Productivity
Page 14
Language Abstractions• Procedures• Abstract data types• Objects• Resources
– Memory management– Garbage collection
• Control abstractions– Exceptions– Iterators– Tree Pattern Matching– Higher order functions– Continuation– Lazy evaluation– Monads
• Libraries• Domain specific languages• Declarative programming
Page 15
Programming Language Principles
• Rigorously define the meaning of programs• Supports abstraction• Prove compiler correctness• Prove that two SDN programs are
observationally equivalent– The same packet transmissions
Page 16
A Simple Example• Numeric Expressions
– <exp> ::= <exp> + <exp> | < exp> * <exp> | number• The semantic of expressions is a number
E: <exp> int• Inductively defined
– En = n– Ee1 + e2 = Ee1 + Ee2– Ee1 * e2 = Ee1 * Ee2
• Compositional• Fully abstract• e1 e2 iff Ee1 = Ee2• 5 + 6 7 + 3 + 1
Page 17
A Simple Example + Var• Numeric Expressions
– <exp> ::= <exp> + <exp> | <exp> * <exp> | number | id• Need to introduce states
Var Int• Examples
– [x 2, y 3] x = – [x 2, y 3] z = 2– [x 2, y 3][z 5] = [x 2, y 3,z 5] – [x 2, y 3][x 5] = [x 5, y 3]– [x 2, y 3][x 5]x = 5– [x 2, y 3][x 5]y = 2
Page 18
A Simple Example + Var• Numeric Expressions
– <exp> ::= <exp> + <exp> | <exp> * <exp> | number | id• The semantic of expressions is a function from states to numbers
E: exp (Var Int) Int• Inductively defined
– En = n– Ee1 + e2 = Ee1 + Ee2
– Ee1 * e2 = Ee1 * Ee2– Eid = id– Ex+2[x 5] = Ex [x 5] + E2 [x 5] = [x 5]x + 2 = 5 + 2 =7 – x + x 2 * x
Page 19
Benefits of formal semantics• Can be done for arbitrary languages• Automatically generate interpreters• Rational language design• Formal proofs of language properties
– Observational equivalence– Type safety
• Correctness of tools– Interpreter– Compiler– Static Analyzer– Model Checker
Page 20
A Simple Controller Language
• No packet changes• No priorities• No statistics• Simple updates– Per-flow installation
Page 21
A Simple Controller Language• <controller> ::= <reld>* <evnt>• <reld> ::= rel <rid> (<tid>*) // auxiliary relations• <evnt> ::= packetIn (sid, pid, <pr>) <com>*• <pr> ::= port(int) • <com> ::= send(<pr>)
| install (sid, pid, <pr>, <opr>) // update flow table | id.insert(<pred>*) // update auxiliary relations | if rid(<exp>*) then <com>* else <com>*
| if rid(<exp>*) then <com>* | <com> ; < com>
• <opr> ::= <pr> |none // drop the package • <exp> ::= id | id (exp) | <pr>
Page 22
Learning Switch with 3 ports
rel connected (Sw, Pr, Ho)PacketIn(s, p, port(1)) -> connected.insert (s, port(1), p.src) if connected(s, port(2), p.dst) then { send (s, p, port(2)) install(s, p, port(1), port(2)) } else if connected(s, port(3), p.dst) then { send (port(3)) install(s, p, port(1), port(3)) } else { // flood send (port(2)) send (port(3)) }PacketIn(s, p, port(2)) -> …PacketIn(s, p, port(3)) -> …
Page 23
The semantics of the controller
• What is the meaning of package sent by a given host?– A set of paths
• Example: Learning Switch
a
1
2 3
Page 24
The semantics of the controller
• What is the meaning of package sent by a given host?– A set of paths
• Dynamically changed– Even for fixed topology
• Unbounded length• But can it be defined?
Page 25
The State of a switch
• The switch table is a relation on ports
• FT = Sw P(Pk Pr Pr {none})• Updated by the controller• Actual nodes depend on the topology graph
input port output port
Page 26
The Semantics of Expressions
• <exp> ::= id | id (exp) | <Pr>• Val = Int Pr
{P(Tt1 … Ttk | t1, …, tk are valid types} • Controller State such that : Var Val• E id = id• Eid (e) = Fid (Ee )• Eport(n) = n
Page 27
The Meaning of Commands• <com> ::= send(<pr>)
| install (<pr>, <opr>) | id.insert(<exp>*) | if RID(<exp>*) then <com>* else <com>*
| if RID(<exp>*) then <com>* | <com> ; < com>
• <opr> ::= <pr> |none • C: <com> (Sw Pk Pr) ( FT) ( FT P(Pr
{none}) event input-state output
Page 28
Atomic Commands
• Csend(pr)sw, pk, ip , ft = , ft, {Epr}
• Cinstall(s, p, prin,prout)sw, pk, ip , ft =
, ft {pk, Eprin, Eprout}, • Cr.insert(e) sw, pk, ip , ft = [r r { Ee}], ft,
Page 29
Conditional Commands
• Cif r(e) then c1 else c2 ev , ft =
C c1 ev , ft
C c2 ev , ft
If Ee r
If Ee r
Page 30
Sequential Composition
• Cc1 ; c2 ev , ft = let ’, ft’, prs1 = Cc1 ev , ft
”, ft”, prs2 = Cc2 ev ’, ft’ in
”, ft”, prs1 prs2
Page 31
Semantics of Events• G: <evnt> (Sw Pk Pr) P(( FT) ( FT P(Pr {none}))
• GpacketIn(s, p, i) c sw, pk, ip = Rwhere
, ft R ’, ft’, portsiff
ip = Ei (op : Pr. pk, ip, op ft)
Cc sw, pk, ip [ssw, ppk], ft = ’, ft’, sp
Page 32
System State
• Comprises of:– Single state of the controller– Flow-table for each switch
• FTS = Sw FT
Page 33
Packet Histories
• Packets can influence the routing of other packets
• Histories can be seen as sequences of packet transmissions
• HST= (SW PR PK (PR {none}))*
Page 34
Small-step semantics (Controller)
• ctrl : ( FTS HST) ( FTS HST)
• , fts, h ctrl ’, fts’, h’ iff
sw : Sw, pk : Pk, ip : Pr, sp : P(Pr), ft’ : FT . , fts sw (Gevnt sw, pk, ip) ’, ft’, sp fts’ = fts[sw ft’] h’ = h sw, ip, pk, jj sp or (sp = and j=none)
Page 35
Small-step Semantics (Switch)
• sw : ( FTS HST) ( FTS HST)
• , fts, h sw ’, fts’, h’ iff=’ fts=fts’ sw : Sw, pk : Pk, ip : Pr, op : Pr
{none}.pk, ip, op fts sw h’ = h sw, ip, pk, op
Page 36
Executions
• Combined step semantics:– = ctrl sw
• A sequence of event processing steps has the from– a1 a2 … an
Page 37
Feasible Histories
• Given a topology graph G over V = Ho (Sw Pr)
• A history h is feasible iff for any packet pk Pk,
• any two consecutive entries for p in h:– sw1, ip1, pk, op1 and sw2, ip2, pk, op2
– there exists an edge between sw1, op1 and sw2, ip2
Page 38
In Pkt Out
Example
a
1
2 3
Port in Packet Port out
Port Host
connected =
Page 39
In Pkt Out
Example
a
1
2 3
Port in Packet Port out
2 1
2 3
Port Host
2
connected =
Page 40
In Pkt Out
3 2
Example
a
1
2 3
Port in Packet Port out
2 1
2 3
3 2
Port Host
2
3
connected =
Page 41
In Pkt Out
3 2
Example
a
1
2 3
Port in Packet Port out
2 1
2 3
3 2
3 2
Port Host
2
3
connected =
Page 42
Useful Programming Language Tools
• Interpreter• Compiler• Parser• Type Checker• Static Program Analysis• Verification Tool• Dynamic Program Analysis– Model checker
Page 43
Interesting Network Properties
Property Meaning
Connectivity Every packet eventually reaches its destination
No forwarding loops
No black holes
No dropping
Access control No paths between certain hosts of certain packets