SNAP: Stateful Network-Wide Abstractions for Packet Processing Mina - - PowerPoint PPT Presentation

snap stateful network wide abstractions for packet
SMART_READER_LITE
LIVE PREVIEW

SNAP: Stateful Network-Wide Abstractions for Packet Processing Mina - - PowerPoint PPT Presentation

Oct 14, 2022 351 likes •718 views

SNAP: Stateful Network-Wide Abstractions for Packet Processing Mina Tahmasbi Arashloo 1 , Yaron Koral 1 , Michael Greenberg 2 , Jennifer Rexford 1 , and David Walker 1 1 Princeton University, 2 Pomona College Early SDN Switch Interfaces

slide-1
SLIDE 1

SNAP: Stateful Network-Wide Abstractions for Packet Processing

Mina Tahmasbi Arashloo1, Yaron Koral1, Michael Greenberg2, Jennifer Rexford1, and David Walker1

1 Princeton University, 2 Pomona College

slide-2
SLIDE 2

Early SDN Switch Interfaces

  • Manipulate packet forwarding rules
  • Read predefined set of counters

2

slide-3
SLIDE 3

Programmable Switch Interfaces

  • P4, OpenState, Open vSwitch, …

– Programmable state (e.g. indexed arrays) – Basic arithmetic operations

3

slide-4
SLIDE 4

SNAP: Stateful Network Wide Programming Language

4

One big stateful switch

slide-5
SLIDE 5

SNAP Contributions

Placement + Routing Modular Stateful Language One Big Stateful Switch

5

slide-6
SLIDE 6

Talk Outline

6

Language through example Compiler Implementation Evaluation Related Work & Conclusion

slide-7
SLIDE 7

7

Language through example Compiler Implementation Evaluation Related Work & Conclusion

slide-8
SLIDE 8

Example - DNS Reflection Attacks

8

Attacker Botnet DNS Resolvers Spoofed DNS Requests Victim DNS Responses

slide-9
SLIDE 9

Detecting DNS Reflection Attacks

  • 1. Log DNS

requests Log requests

  • 2. Match

responses

  • 3. Check

unmatched count

Bohatei: flexible and elastic DDoS defense, Fayaz et.al., USENIX SECURITY 15

9

slide-10
SLIDE 10

DNS Reflection Detection in SNAP

10

  • Seen: Keep track of DNS requests by client and DNS identifier
  • Unmatched: Count DNS responses that don’t match prior requests
  • Susp: Suspected victims receive many unmatched responses
slide-11
SLIDE 11

OBSS Forwarding in SNAP

11

ISP1 ISP2 CS EE

slide-12
SLIDE 12

Single Network Policy

12

;

DNS Reflection Detection Forwarding

slide-13
SLIDE 13

SNAP Applications

13

slide-14
SLIDE 14

Single Network Policy

14

slide-15
SLIDE 15

15

Language through example Compiler Implementation Evaluation Related Work & Conclusion

slide-16
SLIDE 16

SNAP Compiler

Where to place state variables How to forward packets through them

16

slide-17
SLIDE 17

Routing + Placement Jointly

MILP Topology Traffic Matrix State Dependency Packet- State Map Routing Paths State Placement

17

Minimize congestion

slide-18
SLIDE 18

Intermediate Representation (IR)

18

Composable and easily partitioned IR

Distribute the program to switches Maintain all programs in a single data structure

slide-19
SLIDE 19

xFDDs: Extended Forwarding Decision Diagrams

  • Intermediate node:

test on header fields and state

  • Leaf: set of action

sequences

  • Three kinds of tests

– field = value – field1 = field2 – state_var[idx] = val

19

dstip = 10.0.0.1 srcip = dstip s[srcip] = 2 {s[dstip] ← 2} {drop}

True-Solid line False-Dashed

slide-20
SLIDE 20

xFDD for DNS Reflection Detection

20

Maintain all programs in a single data structure

slide-21
SLIDE 21

xFDD for DNS Reflection Detection

21

Fixes the order in which programs access state. We could distribute the programs by placing cuts

slide-22
SLIDE 22

Partitioning to Sub-Programs

CS

22

Distribute the program to switches

slide-23
SLIDE 23

CS

Partitioning to Sub-Programs

23

Distribute the program to switches

slide-24
SLIDE 24

Putting It All Together

ISP1 ISP2 CS EE

24

slide-25
SLIDE 25

Putting It All Together

ISP1 ISP2 CS EE

4

25

slide-26
SLIDE 26

Putting It All Together

ISP1 ISP2 CS EE

4

26

slide-27
SLIDE 27

Putting It All Together

ISP1 ISP2 CS EE

4

27

slide-28
SLIDE 28

28

Language through example Compiler Implementation Evaluation Related Work & Conclusion

slide-29
SLIDE 29

SNAP Implementation

  • Compiler written in Python
  • MILP solver: Gurobi Optimizer
  • Resulting switch code NetASM

(language + software switch)

29

  • M. Shahbaz and N. Feamster. The case for an intermediate representation for programmable data planes. SOSR 2015.
slide-30
SLIDE 30

Talk Outline

30

Language through example Compiler Implementation Evaluation Related Work & Conclusion

slide-31
SLIDE 31

Compiler Evaluation

  • 7 campus and ISP topologies
  • Order of 100s of switches and links
  • Scenarios

– Cold start (freq. weeks) – Policy change (freq. days) – Topology/TM change (freq. minutes)

31

slide-32
SLIDE 32

Compiler Evaluation - Results

1m-6m 0.5m-2m 5s-1m

32

Planned in advance

slide-33
SLIDE 33

Talk Outline

33

Language through example Compiler Implementation Evaluation Related Work & Conclusion

slide-34
SLIDE 34

Related Work

34 Stateful languages Switch level mechanisms Optimizing placement & routing

slide-35
SLIDE 35

Conclusion - SNAP

  • A new modular stateful SDN programming

language with:

– One-big switch programming model – Persistent global arrays

  • Compiler implements algorithms that:

– Jointly optimize routing and state placement – Use efficient IR based on FDDs

  • Evaluated about 20 applications

35