Good Network Updates for Bad Packets Arne Ludwig, Matthias Rost, - - PowerPoint PPT Presentation

1

Good Network Updates for Bad Packets

Arne Ludwig, Matthias Rost, Damien Foucard, Stefan Schmid

2

Updates happen

• Network updates happen

– Changing security policies

• Network updates are challenging

– Even with global view

• Potential high damage if fail

– Security policy violation

3

Example

4

Example

5

Example

Waypoint Enforcement (WPE)

6

Example

• Eventual consistency

7

Example

✔ Eventual consistency ➢ Transient consistency?

Bad packet

8

Example

✔ Eventual consistency ➢ Transient consistency?

9

Example

✔ Eventual consistency ➢ Transient consistency?

10

Example

✔ Eventual consistency ➢ Transient consistency?

11

Example

✔ Eventual consistency ➢ Transient consistency?

12

Example

✔ Eventual consistency ✗ Transient consistency

13

Outline

• What could possibly go wrong?
• It's not a trivial thing!
• But we present an optimal solution.

14

Model and a Trivial Compression

Solid lines = current path

15

Model and a Trivial Compression

Solid lines = current path Dashed lines = new path Flow-specific path

16

Model and a Trivial Compression

Solid lines = current path Dashed lines = new path Flow-specific path

17

Model and a Trivial Compression

Solid lines = current path Dashed lines = new path Flow-specific path Safe to be updated Safe to be left untouched

18

Consistency Properties

• WPE = every packet traverses the waypoint at

least once

• LF = loop freedom

19

Update all “simultaneously“?

20

Update all “simultaneously“?

Not possible in practice! What could possibly go wrong?

21

Update all “simultaneously“?

Not possible in practice! What could possibly go wrong? Update times can vary significantly (up to 10x higher than median [Dionysus – SIGCOMM'14])

22

Update all “simultaneously“?

23

Update all “simultaneously“?

• Not waypoint enforced!

24

Delay ?

25

Delay ?

• Not loop free!

26

Update possible?

27

Update possible?

28

Update possible?

29

Update possible?

• Consistent transient states!

30

Rounds

• Round = set of parallel updates
• ➔ Minimize number of rounds / communication
• verhead

31

Greedy Update Fails

• Greedy approach may:

– take up to times more rounds – fail to find solution

See paper!

32

Greedy Update Fails

• Greedy approach may:

– take up to times more rounds – fail to find solution

See paper!

33

WPE - Update Algorithm

1.Switches < WP (new), > WP (old)

34

WPE - Update Algorithm

1.Switches < WP (new), > WP (old)

35

WPE - Update Algorithm

1.Switches < WP (new), > WP (old)

36

WPE - Update Algorithm

1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old)

37

WPE - Update Algorithm

1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old)

38

WPE - Update Algorithm

1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 3.Remaining switches

39

WPE - Update Algorithm

1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 3.Remaining switches Constant in 3 rounds, but not LF!

40

LF and WPE Conflict

41

LF and WPE Conflict

• violate WPE; violate LF

42

Mixed Integer Program

WPE LF Minimize Rounds

43

Mixed Integer Program

Optimal solution Unclassified (stopped 600sec) Not solvable (provably) Mixed Integer Program

44

Solvability Analysis

Greedy MIP Unclear No solution

• % of solvable instances?
• % of failed greedy?
• 1k random permutations per size
• Max duration 600 seconds

45

Solvability Analysis

Greedy MIP Unclear No solution

46

Solvability Analysis

Greedy MIP Unclear No solution

47

Solvability Analysis

Greedy MIP Unclear No solution

48

Conclusion

• Transient consistency is not easy to guarantee
• LF and WPE might even conflict
• Greedy can fail to find consistent updates

Dynamic WPE + LF updates are hard to find!