Reasoning about Software Defined Networks Mooly Sagiv [email protected]03-640-7606 Tel Aviv University Thursday 16-18 (Physics 105) Monday 14-16 Schrieber 317 Adviser: Michael Shapira Hebrew University http://www.cs.tau.ac.il/~msagiv/courses/rsdn.html
Reasoning about Software Defined Networks. Mooly Sagiv [email protected] 03-640-7606 Tel Aviv University Thursday 16-18 (Physics 105) Monday 14-16 Schrieber 317 Adviser: Michael Shapira Hebrew University. http://www.cs.tau.ac.il/~msagiv/courses/rsdn.html. Content. Challenges in SDNs - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
• A switch connected to two kind of hosts– Trusted hosts via port 1– Untrusted hosts via port 2
• Trusted hosts can freely send packets to untrusted hosts
• An unstrusted host can only send to a trusted destination which previously sent messages to this host
Firewall
12
Firewall Controller Pseudo-code
rel trusted(SW, HO) packetIn(s, p, 1) # packets from trusted hosts send(s, p, 2) # forward the packet to untrusted hosts trusted.insert(s, p.dst) # insert the target of p into trusted controller memory ft.insert(s, p, 1, 2) # insert a per-flow rule to forward future packets
packetIn(s, p, 2) -> # packets from untrusted hosts if trusted(s, p.src) then { send(s, p, 1) # forward the packet to trusted hosts ft.insert (s, p, 2, 1) # insert a per-flow rule to forward future packets }
Firewall Controller Pseudo-code(2)
packetIn(s, p, 1) # packets from trusted hosts send(s, p, 2) # forward the packet to untrusted hosts ft.insert(s, src:p.src, 1, 2) # insert a general rule to forward future packets ft.insert(s, dst:p.dst, 2, 1) # allow future packets from 2
A Learning Switch
• Ttwo hosts (A & B) • An OpenFlow switch with 3 ports• Host A is connected to port 1• and Host B is connected to port 2• Gradually install forwarding rules• Update upon relocation
Host A
Switch1
2Host B
‘A’ sends a message to ‘B’
Host A
Switch1
2Host B
TCP syn dst=B
Forward to the Controller
Host A
Switch1
2Host B
TCP syn dst=B
3
send TCP syn dst=B on port 2
send TCP syn dst=B on port 3
learn that A is connected via port 1
‘B’ sends a message to ‘A’
Host A
Switch1
2Host BTCP ack dst=A
Forward to the Controller
Host A
Switch1
2Host B
TCP ack dst=A
3
send TCP ack dst=A on port 1
learn that B is connected via port 2
Install a rule to forward packets from B to A on port 1
‘A’ sends another message to ‘B’
Host A
Switch1
2Host B
dst=B
Forward to the Controller
Host A
Switch1
2Host B
dst=B
3
Send dst=B on port 2
Install a rule to forward packets from A to B to port 2
Learning Switch Pseudo-code
rel connected (SW, PR, HO)PacketIn(s, p, e) -> connect.insert (s, e, p.src) if connect(s, o, p.dst) then { send (s, p, o) ft.insert(s, p, e, o) } else foreach o in {1, 2, 3} – p # Flood send (s, p, o)
Reasoning about Programs
• Debugging• Testing– Model checking
• Programming language support– Abstraction– Composition– Ease of use
• Program verification– Abstraction
Seminar Benefits
• A cool topic• Reasoning• Critically read an article• Learn to present an article
Seminar Requirements
• Compilers• Read an article (2 weeks)• Prepare presentation (1 week)• Participate in lectures
Tentative Schedule
October 24 Michael Shapira
Introduction to SDN
October 31 Mooly Sagiv Introduction to Program Reasoning