Enforcing Customizable Consistency Properties in Software-Defined - - PowerPoint PPT Presentation

enforcing customizable consistency properties in software
SMART_READER_LITE
LIVE PREVIEW

Enforcing Customizable Consistency Properties in Software-Defined - - PowerPoint PPT Presentation

Feb 28, 2024 249 likes •480 views

Enforcing Customizable Consistency Properties in Software-Defined Networks Wenxuan Zhou , Dong Jin, Jason Croft, Matthew Caesar, Brighten Godfrey 1 Network changes control applications, changes in traffic load, system upgrades,

slide-1
SLIDE 1

Enforcing Customizable Consistency Properties in Software-Defined Networks

Wenxuan Zhou, Dong Jin, Jason Croft, Matthew Caesar, Brighten Godfrey

1

slide-2
SLIDE 2

2

Keeping network correct consistently over time.

  • - Network Consistency

Network changes

  • control applications,
  • changes in traffic load,
  • system upgrades,
slide-3
SLIDE 3

3

What is Correctness?

  • firewall traversal,
  • access control,
  • balanced load,
  • loop freedom,
  • 1. Correctness at every step
  • 2. Customizable properties
  • 3. With efficient update installation
slide-4
SLIDE 4

Problem Statement

  • 1. Consistency at every step
  • 2. Customizable consistency properties
  • 3. Efficient updates installation

4

Is it possible to efficiently ensures customizable correctness properties as the network evolves?

slide-5
SLIDE 5

Prior Work

Network Verification Dionysus Consistent Updates Fixed Consistency Property

slide-6
SLIDE 6

Ideally given arbitrary invariants, a sequence with minimized

  • verhead is produced

6

Controller Stream of Updates

No loop, no black hole, Resource isolation, No suboptimal routing, ...

Magic engine

slide-7
SLIDE 7

Our design: Customizable Consistency Generator

Key insight:

7

CCG Stream of Updates Fail Buffer of pending updates Network Model Verification Engine Confirmations Pass Controller No loop/black hole, Resource isolation, No suboptimal routing, No VLAN leak, ...

Synthesis Verification

slide-8
SLIDE 8

Our design: Customizable Consistency Generator

Challenges:

  • Greedy algorithm may get stuck

identify the scope of cases that guarantees no deadlock

For other cases, a more heavyweight update technique as a fallback, triggered rarely in practice

  • Distributed nature of networks

(uncertainty)

compact uncertain forwarding graph

verification optimization

8

CCG Network Model Verification Engine Stream of Updates Fail Buffer of pending updates Confirmations Pass

slide-9
SLIDE 9

Network Uncertainty

The “uncertainty” of an observation point tasked with instilling updates in knowing the current network state. May deviate network behavior away from desired properties.

9

0$2"1$%#34$%.% 5-$467$-8% #34$%.% +'()!*%9% #34$%/% +'()!*%:% ;",)#"44$#% <,&)644%#34$%/% !"#$%&'

slide-10
SLIDE 10

Uncertainty-aware Modeling Basis: VeriFlow

10

VeriFlow Controller VeriFlow

slide-11
SLIDE 11

Uncertainty-aware Modeling Basis: VeriFlow

11

VeriFlow

Generate Forwarding Graphs Generate Equivalence Classes Run Queries Updates

Equivalence class: Packets experiencing the same forwarding actions throughout the network.

Forwarding graphs:

slide-12
SLIDE 12

Uncertainty-aware Modeling

Naively, represent every possible network state O(2^n) Uncertain graph: represent all possible combinations

12

When to change “uncertain” to “certain”? How to verify the network under “uncertainty”? The model captures packets’ view of the network, assuming controller initiates changes.

slide-13
SLIDE 13

Consistency under Uncertainty

Enforcing consistency with max parallelism

13

heuristically

CCG

Uncertainty

  • aware

Model

Verification Engine Stream of Updates Fail Buffer of pending updates Confirmations Pass

Waypoint Properties: flows are required to traverse a set of waypoints

  • connectivity,
  • waypointing,
  • access control,
  • service chaining, …

Theorem: Segment independent properties is guaranteed by the heuristic.

slide-14
SLIDE 14

Consistency under Uncertainty

14

CCG

Uncertainty- aware Network Model

Verification Engine Stream of Updates Fail Buffer of pending updates Confirmations Pass

FallBack Mechanism

Even with FB triggered, CCG achieves better efficiency than using FB alone.

slide-15
SLIDE 15

System Structure

15

Uncertainty-aware Network Model

Verification Engine Controller Fail Pass Buffer of pending

Confirmations

No loop/black hole, Resource isolation, No suboptimal routing, No VLAN leak, ...

Fallback Mechanism Stream of Updates

CCG

slide-16
SLIDE 16

Evaluation

Can CCG verify network invariants in real time? Can CCG achieve performance gain during network transitions with its algorithm for maximizing the parallelism of applying updates?

  • Segment-independent Policies
  • Non-segment-independent Policies
  • Emulations
  • Testbed experiments

16

slide-17
SLIDE 17

Speed Analysis

17

0.2 0.4 0.6 0.8 1 1 10 100 1000 10000 100000 1e+06 Fraction of trials Microsecond Uncertain-100 Uncertain-1000 Uncertain-10000 VeriFlow

Simulated network: BGP RIBs and update trace from RouteViews injected into 172-router AS 1755 topology, checking reachability invariant 15X less memory overhead (540MB vs. 9GB)

slide-18
SLIDE 18

Emulation: Segment-independent Policies

  • Local (4ms)
  • Wide area (100ms)

Measure: path completion time

18

NOX (Shortest path & load balancing)

CCG

Mininet

… …

Controller-switch delay = network delay + processing delay

slide-19
SLIDE 19

Emulation: Segment-independent Policies

19

0.2 0.4 0.6 0.8 1 50 100 150 200 250 Fraction of trials Millisecond Optimal CCG CCG-waypoint Dionysus Consistent Updates Incremental CU

Local

0.2 0.4 0.6 0.8 1 200 400 600 800 1000 1200 1400 1600 1800 2000 Fraction of trials Millisecond Optimal CCG CCG-waypoint Dionysus Consistent Updates Incremental CU

Wide area No fallback triggered No additional memory

slide-20
SLIDE 20

Emulation: Non-segment-independent Policies

Traces from a enterprise network with 200+ layer-3 devices. One day, one snapshot per hour, 24 transitions, 4ms delay.

  • New rules were added first, then old rules deleted.

Rules overlapped with longest prefix match, not segment-independent.

20

Fallbacks happened rarely. Overhead close to Immediate Update, with no transient connectivity violations.

25000$ 20000$ 15000$ 10000$ 5000$ 0$ 7/22/2014$ 22:00:00$ 7/22/2014$ 23:00:00$ 7/23/2014$ 0:00:00$ 7/23/2014$ 1:00:00$

//$ //$ //$ //$ //$ //$

Time$ Number$of$Rules$ in$the$Network$

7/22/2014$ 22:00:02$ 7/22/2014$ 23:00:02$ 7/23/2014$ 0:00:02$ 7/23/2014$ 1:00:02$

Immediate Update GCC Consistent Updates

Comple?on$ Time$

}

CCG

slide-21
SLIDE 21

Conclusion

Uncertainty problem with network control Uncertainty-aware network model GCC, a system that

  • enforces customizable network consistency properties with
  • heuristically optimized efficiency.

Ongoing work:

  • Study the generality of segment independency
  • Test with more data traces, and compare against the original

implementation of Dionysus

  • Handle changes initiated from the network.

21