NetQuery: A Knowledge Plane for Reasoning about Network Properties - - PowerPoint PPT Presentation

netquery a knowledge plane for reasoning about network
SMART_READER_LITE
LIVE PREVIEW

NetQuery: A Knowledge Plane for Reasoning about Network Properties - - PowerPoint PPT Presentation

Jan 16, 2023 222 likes •563 views

NetQuery: A Knowledge Plane for Reasoning about Network Properties Alan Shieh , Emin Gn Sirer, Fred B. Schneider Department of Computer Science Cornell University Nicira Networks Problem

slide-1
SLIDE 1

NetQuery: A Knowledge Plane for Reasoning about Network Properties

Alan Shieh†, Emin Gün Sirer, Fred B. Schneider

Department of Computer Science Cornell University

†Nicira Networks

slide-2
SLIDE 2

Problem

slide-3
SLIDE 3

No mechanisms for querying network properties

Clients cannot differentiate between different networks Proper ISP

100 Mb/s 99% uptime

TinCan ISP

1 Mb/s 90% uptime

  • Identical WiFi

base stations!

slide-4
SLIDE 4

No mechanisms for querying network properties

Identical end-points!

Networks cannot differentiate between clients

slide-5
SLIDE 5

No mechanisms for querying network properties

Networks cannot differentiate between other networks

ISP B DoS filter ISP A Forward all packets Identical IP packet delivery interface! Customer AS

slide-6
SLIDE 6

Other examples

!

  • "##$!

%&'()*!+ %&'()*!+

  • " !
  • ,#!
  • !
slide-7
SLIDE 7

Commoditization of Networks

&&

  • – -

– -

  • .
  • – /0

slide-8
SLIDE 8

Goals

  • 12

' – ' – 3 – – 4 –

slide-9
SLIDE 9

A Knowledge Plane

3

&3

  • &55&&&5
  • 6&55&&&5
slide-10
SLIDE 10

Tuplespace Example

H1: Type = Host H1: OS = ... R1: Type = Router R1: FwdTable = ... R1: PhyLinks = ... R2: Type = Router R2: FwdTable = ... R2: PhyLinks = ... R3: Type = Router R3: FwdTable = ... R3: PhyLinks = ...

slide-11
SLIDE 11

Tuplespace Example

H1: Type = Host H1: OS = ... H2: Type = Host R1: Type = Router R1: FwdTable = ... R1: PhyLinks = ... R1: Type = Link R1: Speed = 10 Gb/s R1: Type = Router R1: FwdTable = ... R1: PhyLinks = ... R2: Type = Router R2: FwdTable = ... R2: PhyLinks = ... R3: Type = Router R3: FwdTable = ... R3: PhyLinks = ... H2: Type = Host H2: OS = ... R1: Type = Link R1: Speed = 10 Gb/s

slide-12
SLIDE 12

&3

  • Attribute name

Attribute value

Tuple Abstraction

''"

  • &55&&&&

S: MachineType = Router Principal

slide-13
SLIDE 13

Tuplespace Implementation

'

Global Tuplespace ISP1 Cornell ISP2

) 2 /7'

  • '" 2 /7'2"&'"
  • &

CS ECE CIT

slide-14
SLIDE 14

Factoid Origins

4

  • 83
  • . 39.
  • '33
  • '33

! !

slide-15
SLIDE 15

Trusting Factoids

  • &'

.&

  • ' .
  • ' .
  • – 1&
slide-16
SLIDE 16

Attestation Chains

Atmel says TP speaksfor Atmel on TPM.PlatformHash EK/AIK EK/AIK OS OS

' . ' .

says TPM.PlatformHash = Hash( IOS) OS OS ' . says IOS.LossRate(Link1) = 0.0032 Factoid Factoid

/ / /

slide-17
SLIDE 17

Trusting TPMs

  • ' .

– '

  • – (

– –

  • : ;

– (

slide-18
SLIDE 18

Collecting Factoids

  • 4
  • – 8333'
  • 7
slide-19
SLIDE 19

Reasoning with Factoids

  • &

3

– 556/ !

  • '
  • '
  • – 55:';:#

;

  • 8

&

slide-20
SLIDE 20

Factoid Confidentiality

  • – ,

– – &

Verizon Tuplespace Proof Generator Proof Tree Proof Checker Application

slide-21
SLIDE 21

Factoid Confidentiality

  • – ,

– – &

Verizon Tuplespace One Bit Result + Attestation Certificate Application

' .

slide-22
SLIDE 22

NetQuery Prototype

8 ' #

"

"

< (1 .

slide-23
SLIDE 23

Example applications

'

Over-subscription AS hop count

(1

.

Maximum capacity Failover capacity Wi-Fi access point quality Network redundancy

slide-24
SLIDE 24

NetQuery Prototype

Applications

Network access control

787

Libraries

Server & client 18,286 Logic Framework 2,254

Devices

Host 543 Ethernet switch 1,853 Quagga router 777 SNMP proxy 1,578

Network access control

787 L2/L3 traceroute 483 Oversubscription 356 Maximum capacity 316 Redundancy 333

slide-25
SLIDE 25

Testbed and datasets

$

=3>5?1<9@ A1B

"

"

CD#>B#D%< 0$+ ECFF

76(1 743

slide-26
SLIDE 26

Feasibility evaluation

'

! !

$33

"

slide-27
SLIDE 27

Query microbenchmark

Tuplespace server achieves high throughput Tuplespace server achieves high throughput

slide-28
SLIDE 28

Analysis performance and overhead: CS department network

Completion time (seconds) Network cost (sent/recv'd) L2/L3 traceroute

0.16 s 247 KB (pre-processing) 7.9 s 17 MB

Oversubscription

(pre-processing) 7.9 s (per-switch) 0.1 s 17 MB 0 KB

Best-case capacity

0.16 s 247 KB

Redundancy

12.65 s 24 MB

Analyses are suitable for service selection, slow changing topology Analyses are suitable for service selection, slow changing topology

slide-29
SLIDE 29

ISP topology

76(1 (1

92#(1 %>CFG+ 2

Initialization Steady state Original 5.7 s 62.2 ms With NetQuery 13.5 s 63.4 ms

Tuplespace servers can scale to typical POP size Tuplespace servers can scale to typical POP size Minimal impact on BGP convergence time. Minimal impact on BGP convergence time.

slide-30
SLIDE 30

Summary

&2

slide-31
SLIDE 31
slide-32
SLIDE 32

Proof checking speed: Network Access Control

$

  • 92

8

?&D

$2

"

  • Completion time is appropriate for

connect-time policy enforcement Completion time is appropriate for connect-time policy enforcement

8 factoids 67 ms

slide-33
SLIDE 33

ISP topology

1 74

/ ?H

12 12

Convergence time within ISPs' operational goals (< 1s) Convergence time within ISPs' operational goals (< 1s)

Mean 0.24s Median 0.14s