towards correct by construction sdn
play

TOWARDS CORRECT-BY-CONSTRUCTION SDN Leonid Ryzhyk Nikolaj Bjorner - PowerPoint PPT Presentation

Oct 26, 2023 •391 likes •639 views

TOWARDS CORRECT-BY-CONSTRUCTION SDN Leonid Ryzhyk Nikolaj Bjorner Marco Canini Jean-Baptjste Jeannin Nina Narodytska Cole Schlesinger Douglas Terry George Varghese 22 August 2016 INTRODUCTION 2 Cocoon is a high-level

  1. TOWARDS CORRECT-BY-CONSTRUCTION SDN Leonid Ryzhyk Nikolaj Bjorner Marco Canini Jean-Baptjste Jeannin Nina Narodytska Cole Schlesinger Douglas Terry George Varghese 22 August 2016

  2. INTRODUCTION 2 ● Cocoon is a – high-level SDN programming language – verifjcation tool – SDN programming methodology ● … based on the principle of correctness by construction

  3. COCOON IN A NUTSHELL 3 Traditional SDN Verification Workflow Design Implement Run on the Verify generated controller network configuration SDN verification with Cocoon refine refine refine spec implementation Correct by construction

  4. EXAMPLE: CAMPUS NETWORK [Sung et al. Towards Systematic Design of Enterprise Networks] 4 L2 segment Router VLAN Gateway vlan-1 vlan-1 gw router vlan-2 vlan-2 gw router Switch vlan-3 vlan-3 gw router switch router

  5. INTER-VLAN ROUTING: HOP1 5 ACL vlan-1 vlan-1 gw router vlan-2 vlan-2 gw router vlan-3 vlan-3 gw router switch router

  6. INTER-VLAN ROUTING: HOP2 6 ACL vlan-1 vlan-1 gw router vlan-2 vlan-2 gw router vlan-3 vlan-3 gw router switch router

  7. INTER-VLAN ROUTING: HOP3 7 This is messy: ● Large, ad hoc topology ● L2/L3 routing are mixed up ● Complex distributed security policies Typical bugs: ● ACL distribution ● Routing loops ● Black holes vlan-1 vlan-1 gw router Let’s try to untangle this design … vlan-2 vlan-2 gw router vlan-3 vlan-3 gw router switch router

  8. STEP 1: HIGH-LEVEL SPECIFICATION 8 acl() 193.62.*.* 193.63.*.* 193.64.1.*

  9. STEP 2: DISTRIBUTED ACLs 9 acl() 193.62.*.* 193.63.*.* 193.64.1.*

  10. STEP 2: DISTRIBUTED ACLs 10 Gateways aclIn() aclOut() 193.62.*.* 193.63.*.* 193.64.1.* Assumption: acl() ≡ aclOut() Λ aclIn()

  11. STEP 3: L3 ROUTING 11 193.62.*.* 193.63.*.* 193.64.1.*

  12. STEP 3: L3 ROUTING 12 Routers L3NextHop() 193.62.*.* 193.63.*.* 193.64.1.* Assumption: L3NextHop(pkt)* = Gateway(pkt)

  13. STEP 4: L2 SWITCHING 13 193.62.*.* 193.63.*.* 193.64.1.*

  14. STEP 4: L2 SWITCHING 14 193.62.*.* 193.63.*.* 193.64.1.*

  15. STEP 4: L2 SWITCHING 15 L2 switches Assumption: L2NextHop(pkt)* = L3NextHop(pkt)

  16. STEP 4: L2 SWITCHING 16 L2NextHop(pkt.vlan=0) L2NextHop(pkt.vlan=green) L2NextHop(pkt.vlan=red) L2NextHop(pkt.vlan=blue)

  17. SEPARATION OF CONCERNS 17 High-level spec Distributed access control L3 routing L2 switching

  18. WOULDN’T IT BE GREAT TO BUILD SDNs THIS WAY? 18 acl() aclOut() aclIn() 193.62.*.* 193.63.*.* 193.64.1.* 193.62.*.* 193.63.*.* 193.64.1.* With Cocoon, you can! ● Language support for refinement-based programming l3NextHop() ● Automatic compositional verification ● P4 and OpenFlow (via NetKAT) backends 193.62.*.* 193.63.*.* 193.64.1.*

  19. PARAMETERIZED SPECIFICATIONS 19 ● Parameterized specifjcations – Spec may contain undefjned functions , e.g., acl(), l2NextHop(), l3NextHop() – Verifjcation relies on assumptions – These functions are defjned when the network design is instantiated – They can also change at runtime, e.g., in response to link failures – Assumptions are validated when concrete defjnitions are provided (statically or at runtime)

  20. CASE STUDIES 20 Campus network ● [Sung et al. T owards Systematic Design of Enterprise Networks] F10 ● [Liu et al. F10: A Fault-T olerant Engineered Network] B4-style WAN ● [Jain et al. B4: Experience with a Globally-Deployed Software Defjned WAN] iSDX (Software-defjned Internet Exchange) ● [Gupta et al. An Industrial-Scale Software Defjned Internet Exchange Point] NSX-style network virtualization framework ● [Koponen et al. Network Virtualization in Multi-tenant Datacenters] Stag (source-based routing + security labels for fat-tree ● topology)

  21. PERFORMANCE 21 ● All case studies verifjed in ~10 sec, – Compositional verifjcation (1 refjnement at a time) – Parameterized verifjcation amplifjes the power of symbolic reasoning ● No direct comparison (yet) with existing tools like NetKAT, HSA, but expect them to slow down for larger topologies

  22. COCOON VS TRADITIONAL NETWORK VERIFICATION 22 HSA/ NetKAT/ ... Correctness spec

  23. CONCLUSIONS 24 ● Correct-by-construction SDN via iterative refjnement: – Enforces modular design – Enables strong static correctness guarantees – Scales to complex realistic networks

  24. EXAMPLE ASSUMPTION 25 assume (hid_t sid, vid_t vid, MAC dst) (l2distance(sid, vid, dst) > 1) => l2distance(link(sid, l2NextHop(sid, vid, dst)), dst) == (l2distance(sid, vid, dst) - 1)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems ems Robert Constable Cornell University Mark Bickford ATC-NY Robbert Van Renesse Robbert Van Renesse Cornell University Correct by Construction

166 views • 14 slides
Construction Insurance: Tendering Your Claim to the Correct Carrier, Understanding Carriers

Construction Insurance: Tendering Your Claim to the Correct Carrier, Understanding Carriers

Presenting a live 90-minute webinar with interactive Q&A Construction Insurance: Tendering Your Claim to the Correct Carrier, Understanding Carriers Right to Allocate to Others Navigating Indemnity, Contribution and Subrogation to

923 views • 49 slides
Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
Dr. CU 2.0: A Scalable Detailed Routing Framework with Correct-by-Construction Design Rule

Dr. CU 2.0: A Scalable Detailed Routing Framework with Correct-by-Construction Design Rule

Dr. CU 2.0: A Scalable Detailed Routing Framework with Correct-by-Construction Design Rule Satisfaction Haocheng Li , Gengjie Chen, Bentian Jiang, Jingsong Chen, Evangeline F. Y. Young Source code is available at

353 views • 31 slides
Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Procedure at Correct Body Site Patient Safety Solutions CONTENT Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure at Correct Suggested Actions. Looking Forward.

198 views • 3 slides
Part III Part III Gain- -based synthesis based synthesis Gain enabler for correct- -by

Part III Part III Gain- -based synthesis based synthesis Gain enabler for correct- -by

Part III Part III Gain- -based synthesis based synthesis Gain enabler for correct- -by by- -construction design construction design enabler for correct ASP- -DAC01 Tutorial DAC01 Tutorial ASP Patrick Groeneveld

1k views • 87 slides
Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to Practice? Micropipetting is the foundation to many future experiments Correct pipetting insures correct volumes which creates a greater chance

544 views • 19 slides
Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax developments Recent tax cases Requirement to Correct Deadline 30 September ! Requirement to Correct (RTC) RTC obliges taxpayers to make a disclosure

595 views • 38 slides
e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct Improvement p value before after score Micro organisms 51 86 35 (30, 39) <0.001 Good and Bad Microbes 48 86 36 (32, 40) <0.001 Spread

427 views • 29 slides
Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

10/30/19 Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp prediction negative fn tn prediction 1 10/30/19 Precision and recall Precision : % of predicted items that are correct P = tp/

117 views • 11 slides
Construction Projects Vestfold Line Upcoming contracts Project Director Stine Ilebrekke Undrum

Construction Projects Vestfold Line Upcoming contracts Project Director Stine Ilebrekke Undrum

Construction Projects Vestfold Line Upcoming contracts Project Director Stine Ilebrekke Undrum 2 Information is correct as of 10 May 2017, but may be subject to change. and today`s trains use the same track as in 1881 6 Construction

452 views • 28 slides
Summary Summary I Iterative flow Iterative flow vs vs. stepwise refinement . stepwise

Summary Summary I Iterative flow Iterative flow vs vs. stepwise refinement . stepwise

Gain Gain-based synthesis based synthesis enabler for correct enabler for correct-by by-construction design construction design Patrick Patrick Groeneveld Groeneveld (patrick patrick@magma @magma-da da.com) .com) Magma

1.06k views • 46 slides
Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous truism, repeated by all the copybooks, and by eminent people when they are making speeches, that we should cultivate the habit of thinking about

463 views • 29 slides
Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP University VP University WHEN DO YOU USE HYBRI D CONSTRUCTI ON? Hybrid Construction is an economical alternative to conventional steel structures

431 views • 15 slides
What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/ edu/course/homepage/bkp/vt09 Instructor Lars-Henrik Eriksson lhe@it.uu.se, http://www.it.uu.se/katalog/lhe?lang=en Provably Correct Software Page 1 Updated

545 views • 18 slides
Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the

Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the

Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the National Correct Coding Initiative, the CPT code definition of group psychotherapy (90853) has a unit concept of 1 session. Prior to the change,

310 views • 6 slides
Company Foundation Partners 1972 2013 Breda Lorett has been founded in 1972 by Mr. Romi

Company Foundation Partners 1972 2013 Breda Lorett has been founded in 1972 by Mr. Romi

Company Foundation Partners 1972 2013 Breda Lorett has been founded in 1972 by Mr. Romi Orselli General information CORE BUSINESS: PRODUCTION AND SALES OF METAL SPARE PARTS Total surface: 8.252 m 2 Employees: 45 Warehouse: 1.920 m 2

302 views • 19 slides
Spetsmash SPETSMASH SYSTEM DESIGN BUREAU LTD http://skb-specmash.ru "SPETSMASH

Spetsmash SPETSMASH SYSTEM DESIGN BUREAU LTD http://skb-specmash.ru "SPETSMASH

The limited liability company under the laws of Russian Federation System Design Bureau Spetsmash SPETSMASH SYSTEM DESIGN BUREAU LTD http://skb-specmash.ru "SPETSMASH SYSTEM DESIGN BUREAU LTD 2 Activities and details of the

331 views • 15 slides
06.10.2015 Company presentation Industrial Drive Systems Michael Bernhard, Villingen, 8 October

06.10.2015 Company presentation Industrial Drive Systems Michael Bernhard, Villingen, 8 October

06.10.2015 Company presentation Industrial Drive Systems Michael Bernhard, Villingen, 8 October 2015 1 Agenda IDS company presentation Strategic markets and direction Business unit summary Mid-term planning (2015

376 views • 11 slides
Cablecraft Australia P/L Presents the PNEUMATIC CLUTCH BOOSTER Booster Systems Booster

Cablecraft Australia P/L Presents the PNEUMATIC CLUTCH BOOSTER Booster Systems Booster

Cablecraft Australia P/L Presents the PNEUMATIC CLUTCH BOOSTER Booster Systems Booster systems are used in many applications They are used to boost output on: Clutches Brakes Steering Clutch Boosters Are used on heavy

367 views • 25 slides
Arid id and Degraded Land Wala Alshiekh Abdallah, MENAQUA Land Mark Hotel, Amman 13

Arid id and Degraded Land Wala Alshiekh Abdallah, MENAQUA Land Mark Hotel, Amman 13

COCOON Pla lanting Technology in in Arid id and Degraded Land Wala Alshiekh Abdallah, MENAQUA Land Mark Hotel, Amman 13 November, 2018 1 Environmental challenges in the region - Degraded and fragile natural ecosystems. - It is one of

675 views • 11 slides
Success A(ributes Fros%g 20-Year Longitudinal Study What is Success? Success: A

Success A(ributes Fros%g 20-Year Longitudinal Study What is Success? Success: A

3/8/16 Success A(ributes Fros%g 20-Year Longitudinal Study What is Success? Success: A Multidimensional View Educa%onal a9ainment Employment status Social rela%onships Psychological health Family rela%onships Life

442 views • 13 slides
ORGANIC SERICULTURE FOR BIVOLTINE PRODUCTION B.N. Susheelamma Central Sericultural Research and

ORGANIC SERICULTURE FOR BIVOLTINE PRODUCTION B.N. Susheelamma Central Sericultural Research and

ORGANIC SERICULTURE FOR BIVOLTINE PRODUCTION B.N. Susheelamma Central Sericultural Research and Training Institute, Mysore - 570 008, India. Need of Sericulture Industry The soil biological management is very important to improve

733 views • 18 slides
THE WASHINGTON STATE BOARD OF EDUCATION A high-quality education system that prepares all students

THE WASHINGTON STATE BOARD OF EDUCATION A high-quality education system that prepares all students

THE WASHINGTON STATE BOARD OF EDUCATION A high-quality education system that prepares all students for college, career, and life. Title: Student Presentation As Related To: Goal One: Develop and support Goal Three: Ensure that every student

594 views • 17 slides

More recommend