Compiling Path Queries in Software-Defined Networks Srinivas - - PowerPoint PPT Presentation

compiling path queries in software defined networks
SMART_READER_LITE
LIVE PREVIEW

Compiling Path Queries in Software-Defined Networks Srinivas - - PowerPoint PPT Presentation

May 30, 2023 17 likes •300 views

Compiling Path Queries in Software-Defined Networks Srinivas Narayana Jennifer Rexford and David Walker Princeton University Wheres the packet loss? Faulty network device(s) along the way. But where? A B 100 pkts 25 pkts L 2

slide-1
SLIDE 1

Compiling Path Queries in Software-Defined Networks

Srinivas Narayana

Jennifer Rexford and David Walker

Princeton University

slide-2
SLIDE 2

Where’s the packet loss?

A B

Faulty network device(s) along the way. But where?

2

100 pkts 25 pkts L

slide-3
SLIDE 3

A B

Solution idea: Check how far packets get from A to B before being dropped somewhere.

Where’s the packet loss?

Fine-grained packet counters + Forwarding Complex policies

3

100 pkts 25 pkts L

slide-4
SLIDE 4

A B

Instead: nice to get A à B packet counts each step along paths where A à B traffic flows

Where’s the packet loss?

4

100 pkts 25 pkts L 50 100 50 25 25 25 25 50

slide-5
SLIDE 5

Wouldn’t it be nice to ask questions about packet paths in a network? Problem: we only observe a given packet independently at different switches.

5

slide-6
SLIDE 6

We’ve designed a path query system that analyzes packet paths directly in the data plane.

6

slide-7
SLIDE 7

Problem statement

7

  • 1. Operator/application

specifies network path queries

  • 2. Translate into

efficient and direct switch measurements (i.e., data plane rules)

slide-8
SLIDE 8

Problem statement

8

Independent specifications Compiled into data plane rules

Query Query Forwarding

slide-9
SLIDE 9

Solution architecture

9

  • 1. Path query

language Query expressions Statistics

  • 2. Query compiler and runtime

SDN controller Regular expressions of packet location & headers Payloads Statistics

slide-10
SLIDE 10

Path Query Language

10

slide-11
SLIDE 11
  • Count packets reaching switch S1, then S2 with an

internal source IP address (10.0/16) switch=S1 ^ switch=S2, srcip=10.0/16

A hop on the wire

11

Let’s write some queries! (1/3)

slide-12
SLIDE 12

12

Let’s write some queries! (2/3)

0 or more repetitions

  • Capture packets evading a firewall in the network

ingress() ^ (switch != FW)* ^ egress()

ingress egress ingress ingress egress egress

slide-13
SLIDE 13

Let’s write some queries! (3/3)

  • Switch-level traffic matrix:

13

E1 E1

E2 E2 ... ... I1 I1 250 100 ... I2 I2 120 95 ... ... ... ... ...

slide-14
SLIDE 14

Let’s write some queries! (3/3)

  • Switch-level traffic matrix:

ingress() ^ (true)* ^ egress()

14

Count all packets, going from any ingress to any egress.

Flow Flow #pkts pkts

* 1000

slide-15
SLIDE 15

Let’s write some queries! (3/3)

  • Switch-level traffic matrix:

groupby(ingress(), [switch]) ^ (true)* ^ groupby(egress(), [switch])

15

Group counts by packet’s ingress and egress switch!

è Traffic matrix!

Flow Flow #pkts pkts

sw=I1, sw=E1 250 sw=I1, sw=E2 100 ... ...

slide-16
SLIDE 16

Let’s write some queries!

  • More example queries in the paper

16

slide-17
SLIDE 17

The Runtime System

17

slide-18
SLIDE 18

How to analyze packet paths in the data plane?

18

slide-19
SLIDE 19

Packet paths on data plane

  • Main idea: Record path information in packets
  • As such, too much state!

19

[{sw: S1 port: 1 srcmac: ... srcip: ... ...}] [{sw: S1, ...}, {sw: S2 port: 3 srcmac: ... ...}] [{sw: S1, ...}, {sw: S2, ...}, {sw: S3 port: 2 ...}]

slide-20
SLIDE 20

Reducing path state on packets

  • Observation 1: Queries already tell us what’s needed!
  • Only record path state needed by queries
  • Observation 2: Queries are regular expressions
  • Regular expressions è Finite automaton (DFA)
  • Distinguish only paths corresponding to DFA states

20

slide-21
SLIDE 21

Reducing path state on packets

  • Observation 1: Queries already tell us what’s needed!
  • Only record path state needed by queries
  • Observation 2: Queries are regular expressions
  • Regular expressions è Finite automaton (DFA)
  • Distinguish only paths corresponding to DFA states

21

Record only DFA state on packets (1-2 bytes) Use existing “tag” fields (e.g., VLAN)

slide-22
SLIDE 22

Example: Query Compilation (1/3)

Query: (switch=S1, srcip=10.0.0.1) ^ (switch=S2, dstip=10.0.0.3)

22

Q0 Q1 Q2

switch=S1, srcip=10.0.0.1 switch=S2, dstip=10.0.0.3 S1 S2

slide-23
SLIDE 23

Example: Query Compilation (2/3)

23

Q0 Q1 Q2

switch=S1, srcip=10.0.0.1 switch=S2, dstip=10.0.0.3

Switch Switch Match Match Action Action

S1 state=Q0, srcip=10.0.0.1 state=Q1 S2 state=Q1, dstip=10.0.0.3 state=Q2 S2 state=Q1, dstip=10.0.0.3 count DFA transition DFA accept

slide-24
SLIDE 24

Example: Query Compilation (3/3)

24

All acting on the same data plane packets!

Frenetic composition operators (details in paper) DFA- Transitioning Forwarding DFA- Accepting

slide-25
SLIDE 25

Implementation

  • Prototype on the Pyretic (NSDI’13) SDN controller
  • Implementation publicly available online
  • http://frenetic-lang.org/pyretic/
  • Evaluation:
  • Payload collection bandwidth
  • Rule space
  • See paper.

25

slide-26
SLIDE 26

Summary

DFA state can be used to track packet paths directly on the data plane. Measurement and forwarding can be specified independently.

26

slide-27
SLIDE 27

Happy to answer queries ;)

narayana@cs.princeton.edu

27

slide-28
SLIDE 28

28