Another Excursion Trail Ridge Road provides spectacular view of the - PowerPoint PPT Presentation

Another Excursion “Trail Ridge Road provides spectacular view of the majestic scenery of RMNP. It is the highest continuous motorway in the United States, with more than eight miles lying above 11,000' and a maximum elevation of 12,183’ ” Route & Pace 
 Grade Bike Rental All negotiable :-) Cost: $40-$55 Hours: 8am-9pm

Deciding NetKAT Equivalence using Derivatives Nate Foster (Cornell) Dexter Kozen (Cornell) Matthew Milano (Cornell) Alexandra Silva (Raboud) Laure Thompson (Cornell)

Network Programming Languages There’s been a lot of recent interest in programmable networks (“software-de fj ned networking”)… …my group been designing high-level languages for programming and reasoning about networks

NetKAT Review

NetKAT Predicates Structures f ::= switch | port | ethsrc | ethdst | ... pk ::= { switch = n ; port = n ; ethsrc = n ; ethdst = n ; … }

NetKAT Predicates Structures f ::= switch | port | ethsrc | ethdst | ... pk ::= { switch = n ; port = n ; ethsrc = n ; ethdst = n ; … } Syntax a,b,c ::= true (* false *) | false (* true *) | f = n (* test *) | a 1 || a 2 (* disjunction *) | a 1 && a 2 (* conjunction *) | ! a (* negation *)

NetKAT Predicates Structures f ::= switch | port | ethsrc | ethdst | ... pk ::= { switch = n ; port = n ; ethsrc = n ; ethdst = n ; … } Syntax a,b,c ::= true (* false *) | false (* true *) | f = n (* test *) | a 1 || a 2 (* disjunction *) | a 1 && a 2 (* conjunction *) | ! a (* negation *) Semantics ⟦ a ⟧ ∈ Packet Set ⟦ true ⟧ = Packet ⟦ false ⟧ = {} ⟦ f = n ⟧ = { pk | pk.f = n } ⟦ a 1 || a 2 ⟧ = ⟦ a 1 ⟧ ∪ ⟦ a 2 ⟧ ⟦ a 1 && a 2 ⟧ = ⟦ a 1 ⟧ ∩ ⟦ a 2 ⟧ ⟦ ! a ⟧ = Packet \ ⟦ a ⟧

NetKAT Policies Structures h ::= 〈 pk 〉 | pk :: h

NetKAT Policies Structures h ::= 〈 pk 〉 | pk :: h Syntax p,q,r ::= fj lter a (* fj lter *) | f := n (* modi fj cation *) | p 1 + p 2 (* union *) | p 1 ; p 2 (* sequence *) | p * (* iteration *) | dup (* duplication *)

NetKAT Policies Structures h ::= 〈 pk 〉 | pk :: h Syntax p,q,r ::= fj lter a (* fj lter *) | f := n (* modi fj cation *) | p 1 + p 2 (* union *) | p 1 ; p 2 (* sequence *) | p * (* iteration *) | dup (* duplication *) Semantics ⟦ p ⟧ ∈ History → History Set ⟦ fj lter a ⟧ pk :: h = { pk :: h } if pk ∈ 〚 a 〛 { {} otherwise ⟦ f := n ⟧ pk :: h= { pk[f:=n] :: h } ⟦ p 1 + p 2 ⟧ h = ⟦ p 1 ⟧ h ∪ ⟦ p 2 ⟧ h ⟦ p 1 • p 2 ⟧ h = ( ⟦ p 1 ⟧ • ⟦ p 2 ⟧ ) h ⟦ p * ⟧ h = ( ∪ i ⟦ p ⟧ i ) h ⟦ dup ⟧ pk :: h = { pk :: pk :: h }

NetKAT Policies Structures h ::= 〈 pk 〉 | pk :: h Syntax p,q,r ::= fj lter a (* fj lter *) | f := n (* modi fj cation *) | p 1 + p 2 (* union *) | p 1 ; p 2 (* sequence *) drop ≜ fj lter false | p * (* iteration *) ` | dup (* duplication *) id ≜ fj lter true Semantics ⟦ p ⟧ ∈ History → History Set if a then p 1 else p 2 ≜ ( fj lter a • p 1 ) + ( fj lter ! a • p 2 ) ⟦ fj lter a ⟧ pk :: h = { pk :: h } if pk ∈ 〚 a 〛 { {} otherwise ⟦ f := n ⟧ pk :: h= { pk[f:=n] :: h } ⟦ p 1 + p 2 ⟧ h = ⟦ p 1 ⟧ h ∪ ⟦ p 2 ⟧ h ⟦ p 1 • p 2 ⟧ h = ( ⟦ p 1 ⟧ • ⟦ p 2 ⟧ ) h ⟦ p * ⟧ h = ( ∪ i ⟦ p ⟧ i ) h ⟦ dup ⟧ pk :: h = { pk :: pk :: h }

Reasoning in NetKAT

Encoding Tables The forwarding tables maintained by switches can be encoded using conditional policies

Encoding Tables The forwarding tables maintained by switches Pattern Actions dstport=22 Drop can be encoded using srcip=10.0.0.0/8 Forward ¡1 conditional policies * Forward ¡2

Encoding Tables The forwarding tables maintained by switches Pattern Actions dstport=22 Drop can be encoded using srcip=10.0.0.0/8 Forward ¡1 conditional policies * Forward ¡2 Table Normal Form fwd ::= f 1 := n 1 • … • f k := n k + fwd | drop pat ::= f = n • pat | true tbl ::= if pat then fwd else tbl | fwd

Encoding Tables The forwarding tables maintained by switches Pattern Actions dstport=22 Drop can be encoded using srcip=10.0.0.0/8 Forward ¡1 conditional policies * Forward ¡2 if dstport = 22 then Table Normal Form drop fwd ::= f 1 := n 1 • … • f k := n k + fwd | drop else if srcip = 10.0.0.0/8 then port := 1 pat ::= f = n • pat | true else tbl ::= if pat then fwd else tbl | fwd port := 2

Encoding Topologies Links can be modeled as policies that forward packets from one end to topo the other, and topologies as unions of links

Encoding Topologies Links can be modeled as policies that forward packets from one end to topo the other, and topologies as unions of links Topology Normal Form lpred ::= switch= n • port= n lpol ::= switch:= n • port:= n link ::= lpred • lpol topo ::= link + topo | drop

Encoding Topologies Links can be modeled as policies that forward packets from one end to topo the other, and topologies as unions of links 1 2 1 2 A B C Topology Normal Form lpred ::= switch= n • port= n switch= A •port= 1 •switch:= B •port:= 2 + switch= B •port= 2 •switch:= A •port:= 1 + lpol ::= switch:= n • port:= n switch= B •port= 1 •switch:= C •port:= 2 + link ::= lpred • lpol switch= C •port= 2 •switch:= B •port:= 1 + topo ::= link + topo | drop drop

Encoding Networks An entire network can be encoded by interleaving policy and topology processing steps arbitrarily many number of times

Encoding Networks An entire network can be encoded by interleaving policy and topology processing steps arbitrarily many number of times

Encoding Networks An entire network can be policy encoded by interleaving policy and topology processing steps arbitrarily many number of times

Encoding Networks An entire network can be policy encoded by interleaving policy and topology processing steps arbitrarily many number of times topo

Encoding Networks An entire network can be policy encoded by interleaving policy and topology processing steps arbitrarily many number of times topo id

Encoding Networks An entire network can be policy encoded by interleaving policy and topology processing steps arbitrarily many number of times topo id + ( policy • topo)

Encoding Networks An entire network can be policy encoded by interleaving policy and topology processing steps arbitrarily many number of times topo id + ( policy • topo) + ( policy • topo • policy • topo)

Encoding Networks An entire network can be policy encoded by interleaving policy and topology processing steps arbitrarily many number of times topo id + ( policy • topo) + ( policy • topo • policy • topo) + ( policy • topo • policy • topo • policy • topo)

Encoding Networks An entire network can be policy encoded by interleaving policy and topology processing steps arbitrarily many number of times topo id + ( policy • topo) + ( policy • topo • policy • topo) + ( policy • topo • policy • topo • policy • topo) … ¡ + (policy • topo)*

Checking Reachability s1 s3 s2 s9 s8 s0 s13 s10 s7 s12 s11 s6 s5 s4 s19 s18 s17 s16 s15 s14 s20 s21 Given: • Ingress predicate: switch = s 1 • Egress predicate: switch = s 21 • Topology: t • Switch program: p Check: • switch = s 1 • switch := s 21 + (p • t) * ~ (p • t) * • switch =s 1 • (p • t ) * • switch = s 21 ~ drop

NetKAT Equational Axioms Kleene Algebra Axioms Boolean Algebra Axioms p + (q + r) ~ (p + q) + r a || (b && c) ~ (a || b) && (a || c) a || true ~ true p + q ~ q + p a || ! a ~ true p + drop ~ p a && b ~ b && a p + p ~ p a && ! a ~ false p • (q • r) ~ (p • q) • r a && a ~ a p • (q + r) ~ p • q + p • r (p + q) • r ~ p • r + q • r Packet Axioms id• p ~ p p ~ p • id f := n • f’ := n’ ~ f’ := n’ • f := n if f ≠ f’ drop • p ~ drop f := n • f’ = n’ ~ f’ = n’ • f := n if f ≠ f’ p • drop ~ drop f := n • f = n ~ f := n id + p • p * ~ p * f = n • f := n ~ f = n id + p * • p ~ p * f := n • f : = n’ ~ f := n’ p + q • r + r ~ r ⇒ p * • q + r ~ r f = n • f = n’ ~ drop if n ≠ n’ dup • f = n ~ f = n • dup p + q • r + q ~ q ⇒ p • r * + q ~q

Metatheory Soundness: If ⊢ p ~ q, then ⟦ p ⟧ = ⟦ q ⟧ Completeness: If ⟦ p ⟧ = ⟦ q ⟧ , then ⊢ p ~ q

Metatheory Soundness: If ⊢ p ~ q, then ⟦ p ⟧ = ⟦ q ⟧ Completeness: If ⟦ p ⟧ = ⟦ q ⟧ , then ⊢ p ~ q NetKAT equivalence is also decidable! ☺ …But our earlier algorithm was based on determining a non-deterministic algorithm using Savitch’s theorem, so it was PSPACE in the best case and the worst case ☹

Metatheory Soundness: If ⊢ p ~ q, then ⟦ p ⟧ = ⟦ q ⟧ Completeness: If ⟦ p ⟧ = ⟦ q ⟧ , then ⊢ p ~ q NetKAT equivalence is also decidable! ☺ …But our earlier algorithm was based on determining a non-deterministic algorithm using Savitch’s theorem, so it was PSPACE in the best case and the worst case ☹ Roadmap: starting from a language model of NetKAT… • Develop coalgebraic structure of NetKAT • Check equivalence using bisimulation • Deploy a host of cunning tricks to make it fast