tolerating application failures with legosdn
play

Tolerating Application Failures with LegoSDN Balakrishnan - PowerPoint PPT Presentation

Jul 06, 2023 •204 likes •540 views

Tolerating Application Failures with LegoSDN Balakrishnan Chandrasekaran Theophilus Benson Duke University Quality of Code In C, I never learned to use the debugger, so I used to never make mistakes I went millions and millions

  1. Tolerating Application Failures with LegoSDN Balakrishnan Chandrasekaran Theophilus Benson Duke University

  2. Quality of Code “In C, I never learned to use the debugger, so I used to never make mistakes …” “I went millions and millions of hours with no problems—probably tens of millions of hours with no problems.” — Arthur Whitney, creator of A , K and Q . ACM Queue, Feb 2009. October 28, 2014 HotNets 2014 | LegoSDN 2

  3. Bugs are endemic in software! § Bugs can be deterministic or non- deterministic § [STS] Pox Premature PacketIn – l2_multi routing module failed unexpectedly with a KeyError. October 28, 2014 HotNets 2014 | LegoSDN 3

  4. Cascading Crashes App1 App2 … A A A Controller in out October 28, 2014 HotNets 2014 | LegoSDN 4

  5. Cascading Crashes App1 App2 … A A A Controller in out October 28, 2014 HotNets 2014 | LegoSDN 5

  6. Cascading Crashes App1 App2 … A A A Controller in out October 28, 2014 HotNets 2014 | LegoSDN 6

  7. LegoSDN § Availability is of utmost importance – Second only to security October 28, 2014 HotNets 2014 | LegoSDN 7

  8. Fate-sharing § Fate-sharing relationships between – the SDN controller and the SDN application(s) (also between SDN applications) – the SDN application and the network § Failure in any one SDN application brings down the other applications, and the SDN controller. October 28, 2014 HotNets 2014 | LegoSDN 8

  9. Three-pronged approach 1 App1 App2 … A A A Controller Contain c crash in out October 28, 2014 HotNets 2014 | LegoSDN 9

  10. Three-pronged approach App1 App2 … A A A Controller Undo c changes es in out 2 October 28, 2014 HotNets 2014 | LegoSDN 10

  11. Three-pronged approach App1 App2 … A A A Controller Handle m e mes essage in 3 out October 28, 2014 HotNets 2014 | LegoSDN 11

  12. Controller architecture must support two new abstractions October 28, 2014 HotNets 2014 | LegoSDN 12

  13. Current architecture App1 App2 A A Controller October 28, 2014 HotNets 2014 | LegoSDN 13

  14. Isolate SDN-Apps from the controller Sandbox Sandbox App1 App2 A A Controller October 28, 2014 HotNets 2014 | LegoSDN 14

  15. Isolate SDN-Apps from the controller Sandbox Sandbox App1 App2 A A Controller October 28, 2014 HotNets 2014 | LegoSDN 15

  16. Isolate SDN-Apps from the controller Sandbox Sandbox App1 App2 A A Controller October 28, 2014 HotNets 2014 | LegoSDN 16

  17. Isolate SDN-Apps from the network Sandbox App1 A Controller a October 28, 2014 HotNets 2014 | LegoSDN 17

  18. Isolate SDN-Apps from the network Sandbox App1 A Controller a October 28, 2014 HotNets 2014 | LegoSDN 18

  19. LegoSDN Sandbox Ap AppVisor S Stub App1 Lightweight wrapper A AppVisor Stub Ap AppVisor P Proxy xy AppVisor Proxy Message dispatcher Controller SDN-App is treated as a black-box. a NetLog Stub and proxy allow SDN-Apps to talk to controller. NetLog Ne tLog Transactional support October 28, 2014 HotNets 2014 | LegoSDN 19

  20. LegoSDN Sandbox Built o on t top o of F FloodLight App1 A Ported three applications bundled with AppVisor Stub FloodLight to LegoSDN AppVisor Proxy Controller a NetLog October 28, 2014 HotNets 2014 | LegoSDN 20

  21. Three-pronged approach App1 App2 … A A A Controller Handle m e mes essage in 3 out October 28, 2014 HotNets 2014 | LegoSDN 21

  22. How do you handle the crash inducing message? October 28, 2014 HotNets 2014 | LegoSDN 22

  23. 1. Crash and burn § Halt the application – SDN-App cannot continue processing – Other SDN-Apps can continue unaffected § No Compromise – Think of security related SDN-Apps Correctness : SDN-App’s ability to implement its functionality without change, according to the specification. October 28, 2014 HotNets 2014 | LegoSDN 23

  24. 2. Induce amnesia § Ignore or drop the crash inducing message – SDN-App will not see the message again § Complete Compromise October 28, 2014 HotNets 2014 | LegoSDN 24

  25. 3. Apply transformations § Transform the offending message into another one that the application can handle – application will continue with a modified input § Equivalence Compromise October 28, 2014 HotNets 2014 | LegoSDN 25

  26. Course of action? No Compromise Apply T ransformation(s) Complete Compromise Operator October 28, 2014 HotNets 2014 | LegoSDN 26

  27. Related work § Fault tolerance – via reboots – applying Paxos for leader selection § Debugging SDN-Apps or the controller October 28, 2014 HotNets 2014 | LegoSDN 27

  28. Message equivalence § How do you determine two messages are equivalent? October 28, 2014 HotNets 2014 | LegoSDN 28

  29. Rollbacks are non-trivial § Rollback of one or more rules installed changes controller’s view of the state of network – Might induce crashes of other SDN applications that rely on a consistent view of network state October 28, 2014 HotNets 2014 | LegoSDN 29

  30. Error propagation § Last message received by the SDN-App prior to the crash need not be the culprit! – How far along should we go back in history to find the root cause of the crash? – Recovery from an earlier checkpoint; How many checkpoints should we maintain? October 28, 2014 HotNets 2014 | LegoSDN 30

  31. Road ahead § Rethink controller architecture – LegoSDN is only the tip of the iceberg. § Resilient controllers can catalyze adoption § Failures need to be a first-class citizen October 28, 2014 HotNets 2014 | LegoSDN 31

  32. October 28, 2014 HotNets 2014 | LegoSDN 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TOLERATING BUSINESS FAILURES IN HOSTED APPLICATIONS Jean-Sbastien Lgar Dutch T. Meyer,

TOLERATING BUSINESS FAILURES IN HOSTED APPLICATIONS Jean-Sbastien Lgar Dutch T. Meyer,

TOLERATING BUSINESS FAILURES IN HOSTED APPLICATIONS Jean-Sbastien Lgar Dutch T. Meyer, Mark Spear, Alexandru Totolici, Sara Bainbridge, Kalan MacRow, Robert Sumi, Quinlan Jung, Dennis Tjandra, David Williams-King, William Aiello, Andrew

567 views • 29 slides
Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison Current state of OS-hardware interaction Many device drivers assume device perfection Common Linux

779 views • 45 slides
Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator shall establish procedures for analyzing accidents and failures, including the selection of samples of the failed facility or equipment for

948 views • 55 slides
Protection and Restoration Introduction Fact: Networks fail. Types of failures: Path

Protection and Restoration Introduction Fact: Networks fail. Types of failures: Path

SYSC 5801 Protection and Restoration Introduction Fact: Networks fail. Types of failures: Path failures Link failures Node failures Results: packet losses, waste of resources, and higher delay. What IGP does in the event

721 views • 35 slides
Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009

Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009

Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009 Benjamin Wester 1 , James Cowling 2 , Edmund B. Nightingale 3 , Peter M. Chen 1 , Jason Flinn 1 , Barbara Liskov 2 University of Michigan 1 , MIT CSAIL 2 ,

664 views • 27 slides
Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin

Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin

Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology G oteborg, Sweden June 29, 2009 Introduction

432 views • 13 slides
Failures and Consensus Failures and Consensus Coordination Coordination If the solution to

Failures and Consensus Failures and Consensus Coordination Coordination If the solution to

Failures and Consensus Failures and Consensus Coordination Coordination If the solution to availability and scalability is to decentralize and replicate functions and data, how do we coordinate the nodes? data consistency update

712 views • 36 slides
Dynamically Detecting and Tolerating IF-Condition Data Races Shanxiang Qi (Google), Abdullah

Dynamically Detecting and Tolerating IF-Condition Data Races Shanxiang Qi (Google), Abdullah

Dynamically Detecting and Tolerating IF-Condition Data Races Shanxiang Qi (Google), Abdullah Muzahid (University of San Antonio), Wonsun Ahn , Josep Torrellas University of Illinois at Urbana-Champaign HPCA-2014, Feb 2014 Background: Data

266 views • 22 slides
Tolerating Faults in Disaggregated Datacenters Amanda Carbonari , Ivan Beschastnikh University

Tolerating Faults in Disaggregated Datacenters Amanda Carbonari , Ivan Beschastnikh University

Tolerating Faults in Disaggregated Datacenters Amanda Carbonari , Ivan Beschastnikh University of British Columbia To appear at HotNets17 Current Datacenters 2 The future: Disaggregation ToR CPU blade Memory blade Storage Blade 3 The

769 views • 37 slides
Tolerating Architectural Mismatches Rogrio de Lemos University of Kent at Canterbury, UK

Tolerating Architectural Mismatches Rogrio de Lemos University of Kent at Canterbury, UK

Tolerating Architectural Mismatches Rogrio de Lemos University of Kent at Canterbury, UK Cristina Gacek, Alexander Romanovsky University of Newcastle upon Tyne, UK R. de Lemos, C. Gacek, A. Romanovsky ICSE WADS May 2002 1 Motivation

264 views • 9 slides
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex;

1.63k views • 95 slides
Software Failures Perdita Stevens perdita@inf.ed.ac.uk

Software Failures Perdita Stevens perdita@inf.ed.ac.uk

Software Failures Perdita Stevens perdita@inf.ed.ac.uk http://www.inf.ed.ac.uk/teaching/courses/sapm/ Original slides: Dr James A. Bednar & Dr David Robertson, changes by Dr Massimo Felici, Mr Conrad Hughes, me SAPM Spring 2010: Failures

771 views • 27 slides
s rsrt Market failures Tyler Moore

s rsrt Market failures Tyler Moore

s rsrt Market failures Tyler Moore When markets fail Market failures occur when the free-market outcome is inefficient Monopolies/oligopolies Public goods Information

301 views • 15 slides
MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability Clustering & disasters Geographical Redundancy power failures network failures Clustering Technologies hardware failures software failures

593 views • 47 slides
Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/

Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/

Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/ / 1 Failure sources HW failures Network element failures Type failures Manufacturing or design failures Turns out at the testing

553 views • 31 slides
Political Market Failures and Corruption November 2008 () Political Market Failures and

Political Market Failures and Corruption November 2008 () Political Market Failures and

Political Market Failures and Corruption November 2008 () Political Market Failures and Corruption November 2008 1 / 9 When Does Political Competition Lead to Optimal Provision of Public Goods? Political economy models predict that policy in

103 views • 9 slides
Local search algorithms Chapter 4, Sections 12 of; based on AIMA Slides c Artificial

Local search algorithms Chapter 4, Sections 12 of; based on AIMA Slides c Artificial

Local search algorithms Chapter 4, Sections 12 of; based on AIMA Slides c Artificial Intelligence, spring 2013, Peter Ljungl Stuart Russel and Peter Norvig, 2004 Chapter 4, Sections 12 1 Outline Hill-climbing Simulated

306 views • 12 slides
Constraint Satisfaction Problems: Local Search Alice Gao Lecture 7 Based on work by K.

Constraint Satisfaction Problems: Local Search Alice Gao Lecture 7 Based on work by K.

1/19 Constraint Satisfaction Problems: Local Search Alice Gao Lecture 7 Based on work by K. Leyton-Brown, K. Larson, and P. van Beek 2/19 Outline Learning Goals Introduction to Local Search Local Search Algorithms Hill climbing

361 views • 19 slides
PANEL ON JORDAN PETERSON, NOV. 15/18 12 RULES FOR LIFE AND THE MILLENNIAL IDENTITY CRISIS

PANEL ON JORDAN PETERSON, NOV. 15/18 12 RULES FOR LIFE AND THE MILLENNIAL IDENTITY CRISIS

PANEL ON JORDAN PETERSON, NOV. 15/18 12 RULES FOR LIFE AND THE MILLENNIAL IDENTITY CRISIS GORDON E. CARKNER, RON DART , MARVIN MCDONALD WHATS THE ATTRACTION? Scientific (exclusive) humanism proves inadequate to our natural quest for

568 views • 21 slides
Division of labor Parietal: Where are things relative to me? (ego) RSC: Where am I and which

Division of labor Parietal: Where are things relative to me? (ego) RSC: Where am I and which

3/3/17 1 Division of labor Parietal: Where are things relative to me? (ego) RSC: Where am I and which direction am I facing? Hippocampus: (allo) Where are other places? PPA: what is this? 1 3/3/17 Neural Navigation I: constructing a

369 views • 17 slides
UNIVERSITY OF MASSACHUSETTS BOSTON- GRADUATE STUDENT GRANT WRITING WORKSHOP Laura L. Hayman,

UNIVERSITY OF MASSACHUSETTS BOSTON- GRADUATE STUDENT GRANT WRITING WORKSHOP Laura L. Hayman,

UNIVERSITY OF MASSACHUSETTS BOSTON- GRADUATE STUDENT GRANT WRITING WORKSHOP Laura L. Hayman, PhD, MSN, FAAN Professor, Department of Nursing College of Nursing & Health Sciences University of Massachusetts Boston November 28, 2017

655 views • 33 slides
Local search algorithms Chapter 4, Sections 12 Chapter 4, Sections 12 1 Review Chapter

Local search algorithms Chapter 4, Sections 12 Chapter 4, Sections 12 1 Review Chapter

Local search algorithms Chapter 4, Sections 12 Chapter 4, Sections 12 1 Review Chapter 3: uninformed and informed searching were systematic algorithms for solving problems with following characteristics: Observable Deterministic

424 views • 17 slides
The example of neuroscience journals ? Seena Fazel Overview measures of impact Individual

The example of neuroscience journals ? Seena Fazel Overview measures of impact Individual

Beyond the impact factor: The example of neuroscience journals ? Seena Fazel Overview measures of impact Individual Institutional Journal Why it matters Judgements made on individuals and institutions BRC application and

482 views • 29 slides
11/8/2016 Little Brains, Big Future: The Impact of Traumatic Brain Injury in Young Children

11/8/2016 Little Brains, Big Future: The Impact of Traumatic Brain Injury in Young Children

11/8/2016 Little Brains, Big Future: The Impact of Traumatic Brain Injury in Young Children Ashley Graves, Project Development Specialist Center for Safe Schools / Pennsylvania Safe Kids Mission Statement Traumatic Brain Injury (TBI)

253 views • 14 slides

More recommend