softwarized networks
play

Softwarized Networks Santhosh Prabhu, Gohar Irfan Chaudhry, Brighten - PowerPoint PPT Presentation

Dec 29, 2022 •658 likes •975 views

High-coverage Testing of Softwarized Networks Santhosh Prabhu, Gohar Irfan Chaudhry, Brighten Godfrey, Matthew Caesar Presenter: KY Chou Softwarized Networks Networks are incorporating software components on commodity hardware Easier to

  1. High-coverage Testing of Softwarized Networks Santhosh Prabhu, Gohar Irfan Chaudhry, Brighten Godfrey, Matthew Caesar Presenter: KY Chou

  2. Softwarized Networks  Networks are incorporating software components on commodity hardware – Easier to build sophisticated applications – Increases complexity – Prone to more bugs and misconfiguration  How can we ensure correctness and security of such networks? 2

  3. Example: Stateful Filtering  Stateful filtering (with IPtables) – Only replies to past requests are permitted – Requests and replies are forwarded through different switches – Packet forwarding through switches would be nondeterministic (e.g. ECMP, load-balancing)  Invariants: – Outgoing packets are always allowed – Incoming packets are always blocked, unless they are replies 3

  4. Why this is tricky?  1 st invariant (requests are always allowed) breaks when reverse-path filtering (RPF) is enabled ( rp_filter = 1 ) – RPF: Any packet to the source address of the incoming packet must be routed through the same interface 4

  5. Problem  How do we detect the violation? – Network behavior depends on exactly which software is used – Packet forwarding is nondeterministic • E.g. some violations may only occur when route updates are interleaved with packet delivery 5

  6. Emulation-based Testing  Emulation-based Testing (e.g. CrystalNet) – Emulate the network with real software  Problem – One execution path at a time, no guarantee of exploration  Limitation: low coverage – May miss issues that stem only from a certain specific condition when there is nondeterminism in the network – E.g. Updating routes while packets being delivered 6

  7. Model-based Verification  Model-based Verification (e.g. Plankton) – Uses an abstraction or models of the network to formally verify some attributes (e.g. “Requests are never dropped”)  Good: ensures exploration of all possible executions  Bad: model may be unfaithful to reality – Particularly a problem for software components: behavior dependent on custom designs, versions, bugs, and environmental details – In our example: • Default value of “ rp_filter ” varies for different Linux distributions and different kernel versions. • Even within the same distro, “ rp_filter = 1 ” may still have different semantic meaning in different releases (e.g. RedHat 5 & 6) – Full accuracy would require separate model for each variant  practically impossible 7

  8. Both methods have their own limitations Accuracy Emulation (e.g. CrystalNet) Verification (e.g. Plankton) Coverage 8

  9. Can we get the best from both worlds? Accuracy Emulation (e.g. CrystalNet) ? Verification (e.g. Plankton) Coverage 9

  10. Plankton Overview  A model-based verification framework – Plankton uses manually written models and SPIN model checker to formally verify the network – Overall system state is the combination of the states of all models – Designed to operate on equivalence classes (ECs) , rather than individual packets • Equivalence Class (EC): a logical entity representing a class of packets (e.g. request class, reply class, etc.) 10

  11. Our Approach: Plankton-neo  Incorporating real software in model-checking Plankton-neo – An emulated device with virtual interfaces is created Emulation Hypervisor for each software component  Representative packets for emulation – Instantiate a concrete representative packet for each EC for emulations – Representative packet is injected into the emulation instance – Result of the injected representative packet is interpreted by the data-plane model – If no packet reaches any virtual interfaces after a timeout (50 ms), it’s considered dropped 11

  12. Our Approach: Plankton-neo  Emulation instance needs to be in the intended state before packet injection – E.g. Request packet has arrived, or routes have been updated, …  How to keep track of the emulation states? – Use a model inside Plankton to track emulation states – Emulation state := initial state + update1 + update2 + … – History updates are replayed to bring back the emulation state 12

  13. Our Approach: Plankton-neo  Slower than pure verification (e.g. Plankton) – Instantiate emulations – Restore emulation states Experiment Plankton (model) Plankton-neo (real software) 96-nodes network, full exploration 5.41 seconds 413.84 seconds (~6.90 min) 192-nodes network, full exploration 36.66 seconds 4732.13 seconds (~78.87 min)  We have done some optimizations to mitigate the overhead 13

  14. Optimization to Improve Performance  Hashing history updates – Observations • The same update may be part of multiple update histories • Many update histories may differ from each other only in terms of a few updates – History updates and any sequence of updates are hashed to reduce the memory overhead • Each update is created only once 14

  15. Another Optimization to Improve Performance  Increase the number of emulation instances – It’s possible to use multiple number of emulation instances • More emulation instances means it is more likely for the emulation to be in the intended state – Reduce the time used for state restoration • Using separate emulation for each component reduces execution time by ~39% Experiment Single Emulation Multiple Emulation Experiment setting I 5835.52 seconds 4732.13 seconds Experiment setting II 680.28 seconds 413.84 seconds Experiment setting III 29.22 seconds 27.73 seconds 15

  16. Experimental Results other tenants  Topology: Multi-tenant datacenter – Inspired by COCONUT, Plankton – The figure shows the logical topology that represents the network of one tenant • Traffic: whitelisted/greylisted • Servers: public/private – Each tenant can see all the other tenants in layer 3 – Invariants • All traffic is allowed for public servers • For private servers, whitelisted traffic is always allowed, but greylisted traffic is statefully filtered (only replies to past requests are allowed) 16

  17. Experimental Results  Reclassification of tenants’ traffic – HTTP: greylisted  whitelisted – Update routes in S1 and S2  Policy violation – Reply to past request is blocked – Event ordering • S1 update route update • Sending HTTP request request reply • Receiving HTTP reply  dropped • S2 update 17

  18. Experimental Results  Reclassification of tenants’ traffic – HTTP: greylisted  whitelisted – Update routes in S1 and S2  Policy violation – Reply to past request is blocked – Event ordering • S1 update route update • Sending HTTP request request reply • Receiving HTTP reply  dropped • S2 update 18

  19. Experimental Results  Reclassification of tenants’ traffic – HTTP: greylisted  whitelisted – Update routes in S1 and S2  Policy violation – Reply to past request is blocked – Event ordering • S1 update route update • Sending HTTP request request reply • Receiving HTTP reply  dropped • S2 update 19

  20. Experimental Results  Reclassification of tenants’ traffic – HTTP: greylisted  whitelisted – Update routes in S1 and S2  Policy violation – Reply to past request is blocked – Event ordering • S1 update route update • Sending HTTP request request reply • Receiving HTTP reply  dropped • S2 update 20

  21. Experimental Results  Reclassification of tenants’ traffic – HTTP: greylisted  whitelisted – Update routes in S1 and S2  Policy violation – Reply to past request is blocked – Event ordering • S1 update route update • Sending HTTP request request reply • Receiving HTTP reply  dropped • S2 update 21

  22. Performance (Time/Memory) 0 tenants update 1 tenant updates all tenants update 0 tenants update 1 tenant updates all tenants update 10000 100 10 Memory (MB) Time (second) 1 1000 0.1 0.01 0.001 100 2 4 8 16 32 64 2 4 8 16 32 64 Number of tenants Number of tenants 22

  23. Performance (Time/Memory) 0 tenants update 1 tenant updates all tenants update 0 tenants update 1 tenant updates all tenants update 10000 100 The problem is hardest 10 when there is no tenant reclassifying the traffic Memory (MB) Time (second) 1 1000 0.1 0.01 0.001 100 2 4 8 16 32 64 2 4 8 16 32 64 Number of tenants Number of tenants 23

  24. Performance (Time/Memory) 0 tenants update 1 tenant updates all tenants update 0 tenants update 1 tenant updates all tenants update 10000 100 When there is at least one 10 violation, there is no huge difference in terms of time Memory (MB) Time (second) and memory 1 1000 0.1 0.01 0.001 100 2 4 8 16 32 64 2 4 8 16 32 64 Number of tenants Number of tenants 24

  25. Performance (CDF of Packet Injection Latency) 25

  26. Performance (CDF of Packet Injection Latency) 26

  27. Performance (CDF of Packet Injection Latency) The faster measurements indicate that the packet is processed immediately without restoring the emulation states 27

  28. Performance (CDF of Packet Injection Latency) The faster measurements indicate that the packet is processed immediately without restoring the emulation states The slower measurements may be due to state restoration or waiting for timeout 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Flexible is Your Network? A Proposal to Quantify Flexibility in Softwarized Networks

How Flexible is Your Network? A Proposal to Quantify Flexibility in Softwarized Networks

Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich How Flexible is Your Network? A Proposal to Quantify Flexibility in Softwarized Networks Wolfgang Kellerer Technical University

296 views • 13 slides
Information Visualization networks without networks, couldn't have any of these: Dataset

Information Visualization networks without networks, couldn't have any of these: Dataset

Network data Applications of networks Information Visualization networks without networks, couldn't have any of these: Dataset Types model relationships Networks & Trees 1/2 between things Tables Networks Fields (Continuous)

263 views • 4 slides
Types of networks (social networks, computer networks, entity- relationship networks, )

Types of networks (social networks, computer networks, entity- relationship networks, )

Networks Types of networks (social networks, computer networks, entity- relationship networks, ) Node-link diagrams Layered Internet architecture (encapsulation) The Internet Structure of the Internet core

556 views • 16 slides
Social and Technological Networks: Review Rik Sarkar Networks Networks/graphs are

Social and Technological Networks: Review Rik Sarkar Networks Networks/graphs are

Social and Technological Networks: Review Rik Sarkar Networks Networks/graphs are fundamental in computer science And becoming more important As systems, people, computation become more interconnected Why study networks We

223 views • 21 slides
1 Hardware architectures Point-to-point networks Many different types of networks: One

1 Hardware architectures Point-to-point networks Many different types of networks: One

Networks in embedded systems Networking for Embedded Systems Why we use networks. Network abstractions. Example networks. initial processing more processing Properties of wireless networks. PE sensor PE PE actuator PEs

573 views • 7 slides
Current Network Structure for Pediatrics Hospital Networks Country, state, regional, Academic

Current Network Structure for Pediatrics Hospital Networks Country, state, regional, Academic

Current Network Structure for Pediatrics Hospital Networks Country, state, regional, Academic networks networks Sub-specialty NIH networks networks Foundation networks Trial recruitment networks Disease specific networks Networks for

361 views • 6 slides
Computer Networks I Computer Networks I Networks A networks connection structure is known as

Computer Networks I Computer Networks I Networks A networks connection structure is known as

Computer Networks I Computer Networks I Networks A networks connection structure is known as its network topology . Host nodes source and destination of messages Communication nodes where messages pass through; can be

304 views • 26 slides
NETWORKS Networks There are many types of networks and network effects Physical:

NETWORKS Networks There are many types of networks and network effects Physical:

NETWORKS Networks There are many types of networks and network effects Physical: computers, railways Social: online, family Network externalities: value depends on # users Different fields, different (overlapping) refs, focus

589 views • 36 slides
Topics ! Use of networks ! Network structure ! Implementation of networks Computer Networks

Topics ! Use of networks ! Network structure ! Implementation of networks Computer Networks

Topics ! Use of networks ! Network structure ! Implementation of networks Computer Networks Introduction Lets Get Started! Computer Networks: Our Definition ! Networking today: Where are they? An interconnected collection of

439 views • 8 slides
Routing in Ad-hoc networks P R E S E N T E D B Y - L E W I S T S E N G R A C H I T A G A R W A

Routing in Ad-hoc networks P R E S E N T E D B Y - L E W I S T S E N G R A C H I T A G A R W A

Routing in Ad-hoc networks P R E S E N T E D B Y - L E W I S T S E N G R A C H I T A G A R W A L Ad-hoc networks Infrastructure-less networks No fixed routers (potentially) mobile nodes Dynamically and arbitrarily located

1.15k views • 94 slides
Types of Biological Networks Many important biological networks are defined on molecules such as

Types of Biological Networks Many important biological networks are defined on molecules such as

Marinka Zitnik CS 224W: Biological Networks November 28, 2017 The study of biological networks, their analysis and modeling are important tasks in life sciences today. Most biological networks are still far from being complete and they are often

223 views • 9 slides
Mobility and cellular networks Mobility and cellular networks Cellular radio and PCS networks

Mobility and cellular networks Mobility and cellular networks Cellular radio and PCS networks

Wireless WANs Mobility and cellular networks Mobility and cellular networks Cellular radio and PCS networks Wireless data networks Satellite links and networks Mobility, etc.- 2 Basic concepts and directions in telecommunications

289 views • 7 slides
Networks in economics Lecture 1 - Measuring networks and finance What are networks and why study

Networks in economics Lecture 1 - Measuring networks and finance What are networks and why study

Networks in economics Lecture 1 - Measuring networks and finance What are networks and why study them? A network is a set of items (nodes) connected by edges or links. Units (nodes) Interaction Individuals Friendship Firms Trade Banks

486 views • 29 slides
CONVOLUTIONAL AND RECURRENT NEURAL NETWORKS Neural networks Fully connected networks

CONVOLUTIONAL AND RECURRENT NEURAL NETWORKS Neural networks Fully connected networks

CONVOLUTIONAL AND RECURRENT NEURAL NETWORKS Neural networks Fully connected networks Neuron Non-linearity Softmax layer DNN training Loss function and regularization SGD and backprop Learning rate Overfitting

1.8k views • 86 slides
Branching Networks Introduction River Networks Complex Networks, Course 295A, Spring, 2008

Branching Networks Introduction River Networks Complex Networks, Course 295A, Spring, 2008

Branching Networks Branching Networks Introduction River Networks Complex Networks, Course 295A, Spring, 2008 Definitions Allometry Laws Stream Ordering Hortons Laws Prof. Peter Dodds Tokunagas Law Horton Tokunaga Reducing

1.57k views • 110 slides
Architecture Perceptron Highway Networks Highway Networks Allows training very deep

Architecture Perceptron Highway Networks Highway Networks Allows training very deep

Highway Networks for Visual Question Answering Aaditya Prakash PhD advisor: James Storer Brandeis University Architecture Perceptron Highway Networks Highway Networks Allows training very deep networks Srivastava et al trained

174 views • 16 slides
Enumeration of racks, quandles and Bruck loops Petr Vojt echovsk y University of Denver

Enumeration of racks, quandles and Bruck loops Petr Vojt echovsk y University of Denver

Enumeration of racks, quandles and Bruck loops Petr Vojt echovsk y University of Denver Loops 19 Budapest University of Technology and Economics, Hungary July 713, 2019 Petr Vojt echovsk y (University of Denver) Enumeration

1.63k views • 141 slides
Polynomial Hierarchy, Betti Numbers and a real analogue of Todas Theorem Saugata Basu

Polynomial Hierarchy, Betti Numbers and a real analogue of Todas Theorem Saugata Basu

(Discrete) Polynomial Hierarchy Blum-Shub-Smale Models of Computation Algorithmic Semi-algebraic Geometry Real Analogue of Todas Theorem Proof Polynomial Hierarchy, Betti Numbers and a real analogue of Todas Theorem Saugata Basu

1.23k views • 106 slides
Global Existence and Asymptotic Behavior for a Compressible Energy Transport Model Yong LI

Global Existence and Asymptotic Behavior for a Compressible Energy Transport Model Yong LI

Global Existence and Asymptotic Behavior for a Compressible Energy Transport Model Yong LI Department of Mathematical Sciences, Tsinghua University BEIJING, P. R. CHINA Joint with Ling Hsiao The energy transport model is a degenerate

484 views • 31 slides
Session02 - Open Source Driven Career Speaker: Elshad Agazade May 09, 2020 19:45-20:30, Baku TZ

Session02 - Open Source Driven Career Speaker: Elshad Agazade May 09, 2020 19:45-20:30, Baku TZ

Session02 - Open Source Driven Career Speaker: Elshad Agazade May 09, 2020 19:45-20:30, Baku TZ Kiss.Conf 2020 Host: Sako M Lee Calcote Talks - calcotestudios.com Kiss.Conf 2020 Third step in Cloud Native journey Service meshes will be

446 views • 21 slides
ALICE muon trigger (bakelite RPCs): performance and issues Dark rate Average distribution 2011

ALICE muon trigger (bakelite RPCs): performance and issues Dark rate Average distribution 2011

ALICE muon trigger (bakelite RPCs): performance and issues Dark rate Average distribution 2011 RPC vs Dark rate efficiency distribution 2013 vs time Performance: Efficiency: stable and uniform (>95%) Average RPC current Cluster

337 views • 8 slides
Upgrading to MySQL 8.0+: a More Automated Upgrade Experience Dmitry Lenev, Software Developer

Upgrading to MySQL 8.0+: a More Automated Upgrade Experience Dmitry Lenev, Software Developer

Upgrading to MySQL 8.0+: a More Automated Upgrade Experience Dmitry Lenev, Software Developer Dmitry Lenev, Software Developer Oracle/MySQL, November 2018 Oracle/MySQL, November 2018 Safe Harbor Statement The following is intended to outline

1.43k views • 114 slides
1 Launch Readiness Issues for AIRS A status report on some topics in the FINAL Product Retrieval

1 Launch Readiness Issues for AIRS A status report on some topics in the FINAL Product Retrieval

1 Launch Readiness Issues for AIRS A status report on some topics in the FINAL Product Retrieval System Dr. Christopher Barnet UMBC/JCET & GSFC Sounder Research Team (SRT, Code 910) Feb. 12, 2002 Todays Topics 1. The bias in the cloud

582 views • 18 slides
35t FEMB Status and Noise 20160224 - 35t - B. Kirby TPC Readout Noise - Main Issues Two

35t FEMB Status and Noise 20160224 - 35t - B. Kirby TPC Readout Noise - Main Issues Two

35t FEMB Status and Noise 20160224 - 35t - B. Kirby TPC Readout Noise - Main Issues Two main problems with TPC readout noise (in order of importance): Noise levels are not stable: all FEMB channels have some chance to jump into a

649 views • 22 slides

More recommend