Causal Reasoning in SDNs (NetKAT) Georgiana Caltais, University of - - PowerPoint PPT Presentation

causal reasoning in sdns netkat
SMART_READER_LITE
LIVE PREVIEW

Causal Reasoning in SDNs (NetKAT) Georgiana Caltais, University of - - PowerPoint PPT Presentation

Nov 16, 2023 278 likes •601 views

Causal Reasoning in SDNs (NetKAT) Georgiana Caltais, University of Konstanz Shonan Seminar -Causal Reasoning in Systems 24-27 June, 2019 1 Outline 1. NetKAT - the Language 2. Reasoning & Verification 3. Towards a Framework for

slide-1
SLIDE 1

Causal Reasoning in SDNs (NetKAT)

Georgiana Caltais, University of Konstanz Shonan Seminar -“Causal Reasoning in Systems” 24-27 June, 2019

  • 1
slide-2
SLIDE 2

Outline

  • 1. NetKAT - the Language
  • 2. Reasoning & Verification
  • 3. Towards a Framework for Causality

Sources:

“Programming, Modeling & Reasoning about Networks” (online tutorial by S.Smolka) “NetKAT: Semantic Foundation for Networks” [C.J.Anderson et. al.], POPL’14 “A Fast Complier for NetKAT” [S.Smolka et. al.], ICFP’15

2

slide-3
SLIDE 3
  • 1. NetKAT - the Language

3

slide-4
SLIDE 4

NetKAT Program - Example

4

slide-5
SLIDE 5

NetKAT Syntax & Semantics

slide-6
SLIDE 6

Encoding Switch Forwarding Tables

6

slide-7
SLIDE 7

Encoding Network Topologies (I)

7

slide-8
SLIDE 8

Encoding Network Topologies (II)

8

slide-9
SLIDE 9

Encoding Networks

9

slide-10
SLIDE 10

Encoding Networks

10

slide-11
SLIDE 11

Encoding Networks

11

slide-12
SLIDE 12

Encoding Networks

12

slide-13
SLIDE 13

Encoding Networks

13

slide-14
SLIDE 14
  • 2. Reasoning & Verification

14

slide-15
SLIDE 15

Network Verification

15

  • Sound & Complete Axiomatisation [C.J.Anderson et. al.]
slide-16
SLIDE 16

Network Verification

16

  • Sound & Complete Axiomatisation [C.J.Anderson et. al.]
slide-17
SLIDE 17

Network Verification

17

  • Sound & Complete Axiomatisation [C.J.Anderson et. al.]
slide-18
SLIDE 18

Network Verification

18

  • Sound & Complete Axiomatisation [C.J.Anderson et. al.]

[[p]] = [[q]] iff |— p = q

  • E.g., Reachability:

“Does the network forward from ingress (in) to egress (out)”? NO iff |— in . (switch.topology)* . out = 0 YES iff |— in . (switch.topology)* . out =/= 0

slide-19
SLIDE 19

Reasoning About Correctness

  • f NetKAT Programs
  • Programmer 1 has to implement a switch policy s.t.:

“H1 can only forward to H2”

  • Correctness:
  • H1 can forward to H2 (H1 —>> H2)
  • H1 cannot forward to H3 or H4 (H1 -/->> H3,4)

19

slide-20
SLIDE 20

Reasoning About Correctness

  • f NetKAT Programs

“H1 can only forward to H2”

  • Policy p1 : (pt = 1 . pt <— 5) + (pt = 6 . pt <— 2)

H1 can forward to H2 (H1 —>> H2)

  • |— (pt = 1) . (p1 . t)* . (pt = 2) =/= 0

H1 cannot forward to H3 or H4 (H1 -/->> H3,4)

  • |— (pt = 1) . (p1 . t)* . (pt = 3 + pt = 4) = 0

20

H1 —>> H2 H1 -/->> H3,4 Proven correct based on the axioms!

slide-21
SLIDE 21

Reasoning About Correctness

  • f NetKAT Programs
  • Programmer 2 has to implement a switch policy s.t.:

“H3 can only forward to H4”

  • Correctness:
  • H3 can forward to H4 (H3 —>> H4)
  • H3 cannot forward to H1 or H2 (H3 -/->> H1,2)

21

… shown in a similar fashion…

slide-22
SLIDE 22

Reasoning About Correctness

  • f NetKAT Programs
  • Programmer 1: “H1 can only forward to H2” / switch policy p1
  • Programmer 2: “H3 can only forward to H4” / switch policy p2
  • Assume Programmer 3 implements p as the union of the two correct policies p1 and p2

p = p1 + p2

  • Network becomes (p . t)* = ((p1 + p2) . t)*
  • Does H1 -/->> H3,4 still hold?

22

slide-23
SLIDE 23

Reasoning About Correctness

  • f NetKAT Programs

H1 -/->> H3,4 holds iff |— pt = 1 . ((p1 + p2) . t)* . (pt = 3 + pt = 4) = 0 iff (acc. to NetKAT axioms) |— pt = 1 . pt <— 4 + P = 0

23

What is the cause?

slide-24
SLIDE 24
  • 3. Towards a Framework for Causality

24

slide-25
SLIDE 25

What Is the Cause?

  • Obvious Challenges -

H1 -/->> H3,4 holds iff |— pt = 1 . ((p1 + p2) . t)* . (pt = 3 + pt = 4) = 0 iff (acc. to NetKAT axioms) |— pt = 1 . pt <— 4 + P = 0

provides too little information contains *

25

slide-26
SLIDE 26

What Is the Cause?

  • Obvious Challenges -

H1 -/->> H3,4 holds iff |— pt = 1 . ((p1 + p2) . t)* . (pt = 3 + pt = 4) = 0 iff (acc. to NetKAT axioms) |— pt = 1 . pt <— 4 + P = 0

provides too little information “Star Elimination” in [C.J.Anderson et. al] assumption: no dup, no sw <— uses all axioms to build the Normal Form of P , NF (P) |— P ~ NF(P) … provides too little information as well…

26

slide-27
SLIDE 27

What Is the Cause?

  • Possible Solution -

|— pt = 1 . ((p1 + p2) . t)* . (pt = 3 + pt = 4) = 0 iff (… axioms) |— pt = 1 . pt <— 1 . pt <— 5 . pt <— 6 . pt <— 4 + Psf = 0

Inhibit some of the axioms, e.g.: f <— n . f <— n’ = f <— n’ [PA-MOD-MOD] “Approximate” * (p.t)* = (1 + p.t)^n for some n… and remove *-unfolding axioms

27

slide-28
SLIDE 28

* “Approximation”

28

slide-29
SLIDE 29

Some Terminology…

29

slide-30
SLIDE 30

30

slide-31
SLIDE 31

Questions?

  • Current & Future Work:
  • Trace back the cause into the original code
  • How does the counterfactual look like?
  • Handling other interesting network properties
  • E.g., waypointing…
  • Responsibility, blame

31