An Assertion Language for Debugging SDN Applications Ryan Beckett - - PowerPoint PPT Presentation

an assertion language for debugging sdn applications
SMART_READER_LITE
LIVE PREVIEW

An Assertion Language for Debugging SDN Applications Ryan Beckett - - PowerPoint PPT Presentation

Nov 04, 2023 202 likes •581 views

An Assertion Language for Debugging SDN Applications Ryan Beckett with X. Kelvin Zou, Shuyuan Zhang, Sharad Malik, Jennifer Rexford, David Walker Princeton University 1 Data Plane Verification Controller Find

slide-1
SLIDE 1

An Assertion Language for Debugging SDN Applications

Ryan Beckett

with

Princeton University

  • X. Kelvin Zou, Shuyuan Zhang,

Sharad Malik, Jennifer Rexford, David Walker

1

slide-2
SLIDE 2

Data Plane Verification

  • Find common misconfigurations
  • Operate in real time
  • Check fixed network properties
  • Can report false positives during

transitions

Controller Data Plane Verifier

2

slide-3
SLIDE 3

Stateful Firewall

client client server server

State Table

s1 A c1 c2 B

3

slide-4
SLIDE 4

Stateful Firewall

client client server server

State Table

s1 A c1 c2 B

3

“A server can only reach a client if the client has communicated with the server” Firewall Property: Firewall Property:

slide-5
SLIDE 5

Stateful Firewall

client client server server

State Table

s1 A c1 c2 B

X

3

“A server can only reach a client if the client has communicated with the server” Firewall Property: Firewall Property:

slide-6
SLIDE 6

Stateful Firewall

client client server server

State Table

s1 A c1 c2 B

3

“A server can only reach a client if the client has communicated with the server” Firewall Property: Firewall Property:

slide-7
SLIDE 7

Stateful Firewall

reachable(s1, c1) client client server server c1 s1

State Table

s1 A c1 c2

Firewall Property: Firewall Property:

B

3

slide-8
SLIDE 8

Stateful Firewall

reachable(s1, c1) ∧ client client server server c1 s1 c2 s1

State Table

s1 A c1 c2

Firewall Property: Firewall Property:

B

reachable(s1, c2)

3

slide-9
SLIDE 9

Stateful Firewall

∀(c,s)∈table, reachable(s, c) client client server server c1 s1 c2 s1

State Table

s1 A c1 c2

Firewall Property: Firewall Property:

B

3

slide-10
SLIDE 10

Stateful Firewall

client client server server c1 s1 c2 s1

State Table

s1 A c1 c2

Firewall Property: Firewall Property:

B

∀c∈clients,∀s∈servers, reachable(s, c) ↔ (c,s)∈table

3

slide-11
SLIDE 11

Stateful Firewall

client client server server c1 s1 c2 s1

State Table

s1 A c1 c2

Controller Code: Controller Code:

B

3

assert_continuously assert_continuously(f)

  • def packet_in(event):

pkt = event.parsed if pkt.typ != eth.IP_TYP: return …

slide-12
SLIDE 12

Stateful Firewall

client client server server

State Table

s1 A c1 c2 B

3

Controller Code: Controller Code:

assert_continuously(f)

slide-13
SLIDE 13

Stateful Firewall

client client server server c1 s1

State Table

s1 A c1 c2 B

r1 r2

3

Controller Code: Controller Code:

assert_continuously(f)

slide-14
SLIDE 14

Stateful Firewall

client client server server c1 s1

State Table

s1 A c1 c2 B

r1 r2

3

Controller Code: Controller Code:

stop(f) assert_continuously(f) assert_continuously(f)

install(r1) install(r2)

slide-15
SLIDE 15

Design Overview

4

Controller Data Plane Verifier

specification

slide-16
SLIDE 16

Design Overview

4

Controller Data Plane Verifier

specification

Controller

Assertion Library

specification

Property Generator Data Plane Verifier

verification conditions

slide-17
SLIDE 17

Design Overview

Controller

Assertion Library

Data Plane Verifier Property Generator

5

slide-18
SLIDE 18

Design Overview

Controller

Assertion Library

Data Plane Verifier Property Generator

5

event

slide-19
SLIDE 19

Design Overview

Controller

Assertion Library

Data Plane Verifier Property Generator

5

event rule

slide-20
SLIDE 20

Design Overview

Controller

Assertion Library

Data Plane Verifier Property Generator

5

event verification conditions assertion state update

slide-21
SLIDE 21

Design Overview

Controller

Assertion Library

Data Plane Verifier Property Generator

5

event exception verification results

slide-22
SLIDE 22

Incremental Verification

6

  • Change in data plane (existing tools handle this)
  • Change in assertion property
slide-23
SLIDE 23

Incremental Verification

6

  • Change in data plane (existing tools handle this)
  • Change in assertion property
  • Incrementally generate new verification conditions
slide-24
SLIDE 24

Incremental Verification

6

reachable(s1, c1)

s1 A c1 c2 B

Firewall Property: Firewall Property:

  • Change in data plane (existing tools handle this)
  • Change in assertion property
  • Incrementally generate new verification conditions
slide-25
SLIDE 25

Incremental Verification

6

reachable(s1, c2) reachable(s1, c1) ∧

Firewall Property: Firewall Property:

  • Change in data plane (existing tools handle this)
  • Change in assertion property
  • Incrementally generate new verification conditions

s1 A c1 c2 B

slide-26
SLIDE 26

Incremental Verification

6

reachable(s1, c1)

Firewall Property: Firewall Property:

  • Change in data plane (existing tools handle this)
  • Change in assertion property
  • Incrementally generate new verification conditions
  • Precompute and cache intermediate results

s1 A c1 c2 B

slide-27
SLIDE 27

Incremental Verification

  • Change in data plane (existing tools handle this)
  • Change in assertion property
  • Incrementally generate new verification conditions
  • Precompute and cache intermediate results

6

reachable(s1, c2) reachable(s1, c1) ∧

Firewall Property: Firewall Property:

s1 A c1 c2 B

slide-28
SLIDE 28

Incremental Data Structure

c=c1 c=c2 s=s1 s=s1

∀c∈clients,∀s∈servers, reachable(s,c) ↔ (c,s)∈table

Firewall Property: Firewall Property:

True False reachable(s1, c1) ↔ (c1,s1)∈table ∀c ∀s ∀s

7

slide-29
SLIDE 29

Incremental Data Structure

s=s2 s=s2

Firewall Property: Firewall Property:

True False

∀c∈clients,∀s∈servers, reachable(s,c) ↔ (c,s)∈table

c=c1 c=c2 s=s1 s=s1

∀c ∀s ∀s

7

slide-30
SLIDE 30

Incremental Data Structure

Firewall Property: Firewall Property:

True False

∀c∈clients,∀s∈servers, reachable(s,c) ↔ (c,s)∈table

c=c1 c=c2 s=s1 s=s1 s=s2 s=s2 c=c3 s=s1 s=s2

∀c ∀s ∀s ∀s

7

slide-31
SLIDE 31

Incremental Data Structure

Firewall Property: Firewall Property:

True False

Query data-plane verifier

∀c∈clients,∀s∈servers, reachable(s,c) ↔ (c,s)∈table

c=c1 c=c2 s=s1 s=s1 s=s2 s=s2

∀c ∀s ∀s

7

c=c3 s=s1 s=s2

∀s

slide-32
SLIDE 32

Incremental Data Structure

Firewall Property: Firewall Property:

True False

∀c∈clients,∀s∈servers, reachable(s,c) ↔ (c,s)∈table

c=c1 c=c2 s=s1 s=s1 s=s2 s=s2

∀c ∀s ∀s

7

c=c3 s=s1 s=s2

∀s

slide-33
SLIDE 33

Incremental Data Structure

Firewall Property: Firewall Property:

True False

∀c∈clients,∀s∈servers, reachable(s,c) ↔ (c,s)∈table

c=c1 c=c2 s=s1 s=s1 s=s2 s=s2

∀c ∀s ∀s

7

c=c3 s=s1 s=s2

∀s

slide-34
SLIDE 34

Incremental Data Structure

Firewall Property: Firewall Property:

True False

∀c∈clients,∀s∈servers, reachable(s,c) ↔ (c,s)∈table

c=c1 c=c2 s=s1 s=s1 s=s2 s=s2

∀c ∀s ∀s

7

c=c3 s=s1 s=s2

∀s

slide-35
SLIDE 35

Prototype Implementation

  • Python assertion debugging library
  • Support for Pyretic, Pox, Ryu
  • Uses the VeriFlow verification tool
  • Initial performance is promising

8

25 50 75 100 10 20 30 40 50 VC % Reduction active hosts (clients)

Stateful Firewall (incremental vs naive)

slide-36
SLIDE 36

Conclusion

  • Assertions to verify dynamic properties
  • Programmatic control over verification timing
  • Incremental algorithm to verify dynamic assertion properties
  • Prototype with reasonable performance

9

slide-37
SLIDE 37