towards correct
play

Towards Correct Network Virtualization Soudeh Ghorbani Brighten - PowerPoint PPT Presentation

Apr 16, 2023 •368 likes •876 views

Towards Correct Network Virtualization Soudeh Ghorbani Brighten Godfrey UIUC HotSDN 2014 Virtualization App App App App App App VM VM VM Hypervisor x86 Soudeh Ghorbani and Brighten Godfrey HotSDN 2014 Virtualization

  1. Towards Correct Network Virtualization Soudeh Ghorbani Brighten Godfrey UIUC HotSDN 2014

  2. Virtualization App App App App App App VM VM VM Hypervisor x86 Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  3. Virtualization Load- Firewall balancer Router App App App App App App L2 bridge VM VM VM Hypervisor Network Virtualization x86 Physical Network Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  4. Virtualization Load- Firewall balancer Router App App App App App App L2 bridge VM VM VM Hypervisor Network Virtualization x86 Diagram inspired by Teemu Koponen’s NSDI 2014 talk on “ Network Virtualization in Multi-tenant Datacenters”. Physical Network Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  5. Is the physical implementation a faithful reproduction of the virtual network? Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  6. Virtual firewall Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server. Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  7. Virtual firewall Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server. Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  8. Virtual firewall X Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server. Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  9. Virtual firewall Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server. Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  10. Virtual firewall Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server. Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  11. Virtual firewall app Firewall Switch Prio Flow Action rity 10 srcip=130.126.*.* Send to controller, fwd(1) 0 * Send to controller Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  12. Virtual firewall app Firewall Switch Prio Flow Action rity 10 srcip=130.126.*.* Send to controller, fwd(1) 0 * Send to controller Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  13. Virtual firewall app Firewall Switch Prio Flow Action rity 10 srcip=130.126.*.* Send to controller, fwd(1) 0 * Send to controller Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  14. Virtual firewall app Firewall Switch Prio Flow Action rity 10 srcip=130.126.*.* Send to controller, fwd(1) 0 * Send to controller (Part of the) Firewall switch(msg.getType()) { case PACKET_IN: if ( internal.contains(msg.srcMAC()) ) { whitelisted[msg.dstMAC()][msg.srcMACA()] = true; Controller App }else { if (whitelisted[msg.srcMAC()][msg.dstMAC()] ){ whitelist(sw, msg); }else{ blacklist(sw, msg); } } Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  15. Virtual firewall app Firewall Switch Prio Flow Action rity 10 srcip=130.126.*.* Send to controller, fwd(1) 0 * Send to controller Packet-in from an internal client? Save state: dst server is allowed to send back. (Part of the) Firewall switch(msg.getType()) { case PACKET_IN: if ( internal.contains(msg.srcMAC()) ) { whitelisted[msg.dstMAC()][msg.srcMACA()] = true; Controller App }else { if (whitelisted[msg.srcMAC()][msg.dstMAC()] ){ whitelist(sw, msg); }else{ blacklist(sw, msg); } } Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  16. Virtual firewall app Firewall Switch Prio Flow Action rity 10 srcip=130.126.*.* Send to controller, fwd(1) 0 * Send to controller Packet-in from an (Part of the) Firewall switch(msg.getType()) { external server? case PACKET_IN: if ( internal.contains(msg.srcMAC()) ) { If the server is • whitelisted[msg.dstMAC()][msg.srcMACA()] = true; Controller App allowed to send, }else { install rules to if (whitelisted[msg.srcMAC()][msg.dstMAC()] ){ whitelist(sw, msg); allow bidirectional }else{ traffic. blacklist(sw, msg); Else, blacklist the • } external server. } Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  17. Virtual firewall Firewall App 1 Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  18. Virtual firewall Firewall App 2 1 Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  19. Virtual firewall Firewall App 2 1 3 Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  20. Virtual firewall Firewall App 2 4 1 3 Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  21. Virtual firewall Firewall App 2 5 4 1 3 Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  22. Firewall + virtualization = bug Firewall App Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  23. Firewall + virtualization = bug Firewall Flow Action App src=130.126.*.* Send to controller, fwd(1) * Send to controller Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  24. Firewall + virtualization = bug Firewall Flow Action App src=130.126.*.* Send to controller, fwd(1) * Send to controller Flow Action * Send to controller Flow Action src=130.126.*.* Send to controller, fwd(1) Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  25. Firewall + virtualization = bug Firewall App Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  26. Firewall + virtualization = bug Firewall App Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  27. Firewall + virtualization = bug Firewall App X Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  28. Network virtualization: What could go wrong? App Virtualization Incorrect-behavior technique Stateful firewall One-to-many Blacklisting the legitimate mapping hosts NAT One-to-many Dropping requested packets mapping Load-balancer One-to-many Overloading some servers and mapping leaving some underutilized Firewall & router Many-to-one Blacklisting the legitimate mapping hosts Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  29. Related work  Incorrect behavior caused by moving, observed in: 1. “ LIME: Transparent, Live Migration of a Software-Defined Network ”, Soudeh Ghorbani, Cole Schlesinger, Matthew Monaco, Eric Keller, Matthew Caesar, Jennifer Rexford, David Walker, under submission. 2. “ OpenNF: Enabling Innovation in Network Function Control ”, Aaron Gember-Jacobson, Raajay Viswanathan, Chaithan Prakash, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella, SIGCOMM 2014.  These existing solutions are: ◦ Only a short-term fix while virtual network is being moved. ◦ Infeasible when incorrect behavior is permanent rather than transient. Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  30. Root-cause of the incorrect behavior Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  31. Firewall + virtualization = bug Firewall App X Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  32. Firewall + virtualization = bug Firewall App X Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  33. Firewall + virtualization = bug Firewall App Root-cause: forwarding decision has some dependency on the history , the sequence of previous ‘send’ and ‘receive’ events. X Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  34. Who programs the network?  The entities that can make or influence the forwarding decisions: ◦ Controller ◦ Switch : random forwarding like ECMP ◦ Data packet : indirectly through local state, e.g., idle-timers Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  35. Who programs the network?  The entities that can make or influence the forwarding decisions: ◦ Controller ◦ Switch : random forwarding like ECMP ◦ Data packet : indirectly through local state, e.g., idle-timers Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  36. Can existing correctness definitions detect the incorrect behavior? Correctness conditions: 1. Per-packet/flow consistency: prevents loops, black- holes,… Consensus Routing [NSDI’08], Consistent Updates [SIGCOMM’12] 2. Congestion freedom zUpdates [SIGCOMM’13], SWAN [SIGCOMM’13], On Consistent Updates in Software-Defined Networks [HotNets’13] Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

  37. Can existing correctness definitions detect the incorrect behavior? 1 Correctness conditions: None of these conditions were violated in our examples! 1. Per-packet/flow consistency: prevents loops, black- holes,… Consensus Routing [NSDI’08], Consistent Updates [SIGCOMM’12] 2. Congestion freedom zUpdates [SIGCOMM’13], SWAN [SIGCOMM’13], On Consistent Updates in Software-Defined Networks [HotNets’13] Soudeh Ghorbani and Brighten Godfrey HotSDN 2014

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Procedure at Correct Body Site Patient Safety Solutions CONTENT Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure at Correct Suggested Actions. Looking Forward.

198 views • 3 slides
Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to Practice? Micropipetting is the foundation to many future experiments Correct pipetting insures correct volumes which creates a greater chance

544 views • 19 slides
Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax developments Recent tax cases Requirement to Correct Deadline 30 September ! Requirement to Correct (RTC) RTC obliges taxpayers to make a disclosure

595 views • 38 slides
e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct Improvement p value before after score Micro organisms 51 86 35 (30, 39) <0.001 Good and Bad Microbes 48 86 36 (32, 40) <0.001 Spread

427 views • 29 slides
Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

10/30/19 Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp prediction negative fn tn prediction 1 10/30/19 Precision and recall Precision : % of predicted items that are correct P = tp/

117 views • 11 slides
Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous truism, repeated by all the copybooks, and by eminent people when they are making speeches, that we should cultivate the habit of thinking about

463 views • 29 slides
Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems ems Robert Constable Cornell University Mark Bickford ATC-NY Robbert Van Renesse Robbert Van Renesse Cornell University Correct by Construction

166 views • 14 slides
What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/ edu/course/homepage/bkp/vt09 Instructor Lars-Henrik Eriksson lhe@it.uu.se, http://www.it.uu.se/katalog/lhe?lang=en Provably Correct Software Page 1 Updated

545 views • 18 slides
Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the

Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the

Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the National Correct Coding Initiative, the CPT code definition of group psychotherapy (90853) has a unit concept of 1 session. Prior to the change,

310 views • 6 slides
ITE Exam Results Spring 2012 Summer 2012* Difference Number of residents 86 95 % Correct % Correct

ITE Exam Results Spring 2012 Summer 2012* Difference Number of residents 86 95 % Correct % Correct

ITE Exam Results Spring 2012 Summer 2012* Difference Number of residents 86 95 % Correct % Correct Overall 66.3 56.2 -10.1 GTS - Overall 67.8 58.4 -9.4 Trachea/Bronchi 52.2 45.0 -7.2 Diaphragm 63.4 46.6 -16.8 Pleura 63.1 48.7 -14.4 Mediastinum 69.0

271 views • 3 slides
Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian

Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian

Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian Graves, Adam Procter, Bill Harrison & Gerard Allwein FPT 2015 Introduction Provably Correct Development, Bird-Wadler Style Reference

397 views • 24 slides
The keyword list thus far: Creating Correct Programs Creating Correct Programs Complete list

The keyword list thus far: Creating Correct Programs Creating Correct Programs Complete list

Topic 16 The keyword list thus far: Creating Correct Programs Creating Correct Programs Complete list of Java keywords: Complete list of Java keywords: abstract default if private this boolean do implements protected

447 views • 8 slides
0 0 A. OMGBBQPIZZA, so amazing! B. It's pretty cool C. Meh D. Whatever CORRECT

0 0 A. OMGBBQPIZZA, so amazing! B. It's pretty cool C. Meh D. Whatever CORRECT

1 = 3 108m/s? How amazing is that 0 0 A. OMGBBQPIZZA, so amazing! B. It's pretty cool C. Meh D. Whatever CORRECT ANSWER CORRECT ANSWER OMGBBQPIZZA, so amazing! Consider a large parallel plate capacitor as shown, charging

708 views • 22 slides
(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of Dsseldorf FMCO 2008 Nice Sophia-Antipolis PART 1: BACKGROUND BACKGROUND DeCCo (Demonstrably Correct Compiler) By Susan Stepney, Logica + AWE

827 views • 56 slides
Reminders Homework #3 is out Should cover proofs (including some from today) Due next

Reminders Homework #3 is out Should cover proofs (including some from today) Due next

Reminders Homework #3 is out Should cover proofs (including some from today) Due next Tuesday (September 24) Office hours Wednesday and Thursday Is this Proof Correct? Is this Proof Correct? Is this Proof Correct? CMSC 203:

792 views • 12 slides
NEFMC Staff Whiting PDT Chair Council meeting December 5, 2019 Southern red hake Survey

NEFMC Staff Whiting PDT Chair Council meeting December 5, 2019 Southern red hake Survey

6. Small-Mesh Multispecies (Dec. 3 - 5, 2019) #0 Revised Andrew Applegate NEFMC Staff Whiting PDT Chair Council meeting December 5, 2019 Southern red hake Survey biomass 2 3 4 2018 Red hake Catch 5 6 Conceptual approaches Post-

626 views • 17 slides
Dealing with Nonfunctional Requirements as the Hero, not the Witch Andre Gous Requirements

Dealing with Nonfunctional Requirements as the Hero, not the Witch Andre Gous Requirements

Dealing with Nonfunctional Requirements as the Hero, not the Witch Andre Gous Requirements Engineer & Founder Precision Quality Software, Inc., Fallon, NV andre@pqsw.com Definitions [Karl E. Wiegers, Software Requirements, 2nd Edition ]

289 views • 10 slides
Limiting the witch hunt: recovering from the South Sea Bubble Helen Julia Paul University of

Limiting the witch hunt: recovering from the South Sea Bubble Helen Julia Paul University of

Limiting the witch hunt: recovering from the South Sea Bubble Helen Julia Paul University of Southampton, England hjp@soton.ac.uk The South Sea Bubble of 1720 Famous crash Traditional history: gambling mania Depth of crisis

216 views • 5 slides
WITCHES AND WORKING WOMEN HOW THE MYTH OF THE MIDWIFE -WITCH GAVE BIRTH TO MAN-MIDWIFERY a

WITCHES AND WORKING WOMEN HOW THE MYTH OF THE MIDWIFE -WITCH GAVE BIRTH TO MAN-MIDWIFERY a

WITCHES AND WORKING WOMEN HOW THE MYTH OF THE MIDWIFE -WITCH GAVE BIRTH TO MAN-MIDWIFERY a presentation by Jennifer Sveda INTRODUCTION European Witch-Hunt, 1450-1750 C.E. Decline of Female Midwives Man-Midwifery Impact of

117 views • 11 slides
Transparency, Policy Surveillance, and Levels of Effort: Assessing and Comparing INDCs Keigo

Transparency, Policy Surveillance, and Levels of Effort: Assessing and Comparing INDCs Keigo

Transparency, Policy Surveillance, and Levels of Effort: Assessing and Comparing INDCs Keigo Akimoto: RITE Joseph E. Aldy: Harvard University and RFF Carlo Carraro: University of Venice and FEEM Raymond Kopp: RFF William A. Pizer: Duke University

530 views • 16 slides
WITCH FEEM, Italy Valentina Bosetti Tsukuba, Japan, 17 September 2009 Key Design

WITCH FEEM, Italy Valentina Bosetti Tsukuba, Japan, 17 September 2009 Key Design

http://www.feem-web.it/witch/ WITCH FEEM, Italy Valentina Bosetti Tsukuba, Japan, 17 September 2009 Key Design Characteristics Participating Model : World Induced Technical Change Hybrid model Model Type : Optimal Growth Integrated

384 views • 10 slides
Reality of residential wastewater organic and hydraulic loads Consequences with respect to

Reality of residential wastewater organic and hydraulic loads Consequences with respect to

Reality of residential wastewater organic and hydraulic loads Consequences with respect to testing small WWTP for CE marking Dr. Anne CAUCHI Technical Department VEOLIA WATER Anne CAUCHI Expert Eaux Uses et Boues 16 th International EWA

395 views • 18 slides
Q1 2019 FILA Group Results Disclaimer This document has been prepared by F.I.L.A. S.p.A.

Q1 2019 FILA Group Results Disclaimer This document has been prepared by F.I.L.A. S.p.A.

Q1 2019 FILA Group Results Disclaimer This document has been prepared by F.I.L.A. S.p.A. (F.I.L.A. or the Company), for information purposes only, exclusively with the aim of assisting you to understand and assess F.I.L.A.s

308 views • 11 slides

More recommend