unsafe at any speed
play

Unsafe at Any Speed? Self-Driving Networks without Self-Crashing - PowerPoint PPT Presentation

Dec 04, 2023 •198 likes •731 views

Unsafe at Any Speed? Self-Driving Networks without Self-Crashing Networks Jeff Mogul Google Network Infrastructure 24 August 2018 1 "Self-driving cars": a poor template for Self-Driving Networks How to build a self-driving car:

  1. Unsafe at Any Speed? Self-Driving Networks without Self-Crashing Networks Jeff Mogul Google Network Infrastructure 24 August 2018 1

  2. "Self-driving cars": a poor template for Self-Driving Networks How to build a self-driving car: ● start with a late-model car add lots of sensors, computers, and AI software ● train and test it until it works safely ● That worked out much sooner than most people expected 2

  3. "Self-driving cars": a poor template for Self-Driving Networks How to build a self-driving car: ● start with a late-model car add lots of sensors, computers, and AI software ● train and test it until it works safely ● That worked out much sooner than most people expected So why not build a self-driving network the same way? ● start with a modern network ● add lots of sensors, computers, and AI software train and test it until it works safely ● 3

  4. "Self-driving cars": a poor template for Self-Driving Networks How to build a self-driving car: ● start with a late-model car that any adult can drive safely, even with accidents add lots of sensors, computers, and AI software ● train and test it until it works safely ● That worked out much sooner than most people expected So why not build a self-driving network the same way? ● start with a modern network that any operator can run without frequent outages ● add lots of sensors, computers, and AI software train and test it until it works safely ● 4

  5. "Self-driving cars": a poor template for Self-Driving Networks These exist How to build a self-driving car: ● start with a late-model car that any adult can drive safely, even with accidents add lots of sensors, computers, and AI software ● train and test it until it works safely ● That worked out much sooner than most people expected These do not exist! So why not build a self-driving network the same way? ● start with a modern network that any operator can run without frequent outages ● add lots of sensors, computers, and AI software train and test it until it works safely ● 5

  6. Safety: A key challenge for self-driving networks We need our networks to be "safe": i.e., they meet many kinds of SLOs (uptime, bandwidth, latency) ● Today's networks require a lot of human effort to maintain SLOs and replacing humans with AI doesn't work if the problem is unnecessarily hard ● This talk is about meeting that challenge, and what we can learn from the past 6

  7. Alternate title: Nobody would build a self-driving Corvair 7

  8. Alternate title: Nobody would build a self-driving Corvair "The Chevrolet Corvair is a compact car manufactured by Chevrolet for model years 1960–1969. It was the only American-designed, mass-produced passenger car to use a rear-mounted, air-cooled engine." [Wikipedia] Greg Gjerdingen licensed under the Creative Commons 8 Attribution 2.0 Generic license.

  9. Alternate title: Nobody would build a self-driving Corvair "The Chevrolet Corvair is a compact car manufactured by Chevrolet for model years 1960–1969. It was the only American-designed, mass-produced passenger car to use a rear-mounted, air-cooled engine." [Wikipedia] … and became notorious as the primary example of an inherently-unsafe car, as described by Ralph Nader in Unsafe at Any Speed Greg Gjerdingen licensed under the Creative Commons 9 Attribution 2.0 Generic license.

  10. Alternate title: Nobody would build a self-driving Corvair "The Chevrolet Corvair is a compact car manufactured by Chevrolet for model years 1960–1969. It was the only American-designed, mass-produced passenger car to use a rear-mounted, air-cooled engine." [Wikipedia] … and became notorious as the primary example of an inherently-unsafe car, as described by Ralph Nader in Unsafe at Any Speed … although subsequent studies suggested that the Corvair wasn't uniquely unsafe Greg Gjerdingen licensed under the Creative Commons 10 Attribution 2.0 Generic license.

  11. Unsafe at Any Speed (Ralph Nader, 1965) ● Explained how car designers failed to consider safety, and just how bad the results were. Picked on the Corvair, in particular. ● Instigated many current safety features. ● ● Launched Nader's public career. 11

  12. What can SelfDN-ers learn from auto design? ● Any control system (human or automated) has its limits ● Pushing a control system past its limits can cause crashes Sometimes, the problem is not in the control system! ● I'll illustrate with some analogies drawn from Unsafe at Any Speed ● ○ all quotations in these slides are from Ralph Nader, Unsafe at Any Speed , New York: Grossman Publishers, 1965, unless otherwise noted 12

  13. OK, why not build a self-driving Corvair? Nader's assertion: the Corvair was inherently unsafe ● Even expert drivers found it challenging ("fun") to drive in some conditions Average drivers often found themselves in trouble unexpectedly ● Past a certain point, it was impossible to recover ● ● People were killed or injured unnecessarily ● Various intentional design choices led to these safety problems (and Nader alleges bad intentions on the part of GM, but that's not relevant to my talk) ● 13

  14. OK, why not build a self-driving Corvair? Nader's assertion: the Corvair was inherently unsafe ● Even expert drivers found it challenging ("fun") to drive in some conditions Average drivers often found themselves in trouble unexpectedly ● Past a certain point, it was impossible to recover ● ● People were killed or injured unnecessarily ● Various intentional design choices led to these safety problems (and Nader alleges bad intentions on the part of GM, but that's not relevant to my talk) ● Given these properties, a Corvair would be a poor base for a self-driving car: The control system would have to be especially wonderful, or disaster ensues ● The self-driver would be blamed for accidents outside of its control ● 14

  15. OK, why not build a self-driving Corvair? Nader's assertion: the Corvair was inherently unsafe ● Even expert drivers found it challenging ("fun") to drive in some conditions Average drivers often found themselves in trouble unexpectedly ● Past a certain point, it was impossible to recover ● ● People were killed or injured unnecessarily ● Various intentional design choices led to these safety problems (and Nader alleges bad intentions on the part of GM, but that's not relevant to my talk) ● Given these properties, a Corvair would be a poor base for a self-driving car: The control system would have to be especially wonderful, or disaster ensues ● The self-driver would be blamed for accidents outside of its control ● ● Our networks today are more like 1965 Corvairs than 2018 Volvos. 15

  16. What was wrong with the Corvair? Nader alleged the car was far too unstable in cornering manoeuvers: it "abruptly decides to do the driving for the driver in a wholly untoward manner" because: ● "swing axle" suspension caused rear wheels to "tuck under" and lose contact the unusual rear-heavy weight distribution contributed to this problem ● GM's solution was an unusual/finicky tire-pressure distribution (F=15/R=26 psi) ● ○ instead of building a slightly more expensive fully independent rear suspension + anti-roll bar 16

  17. Tire pressure? Really? Nader writes: ● "Instead of all stability being inherent in the vehicle design, the operator is relied upon to maintain a require [front vs. rear] pressure differential …" "any policy which [burdens the driver with monitoring tire pressure differentials] ● closely and persistently … cannot be described as sound or safe engineering." ● "This responsibility … is passed along to service station attendants, who are notoriously unreliable in abiding by requested tire pressures." "There is also serious doubt whether the owner or service man (sic) is fully ● aware of the importance of maintaining the recommended pressures." ● + "little details" such as the location of the spare tire, and the number of passengers & their luggage, contributed additional complexity 17

  18. What does this have to do with networks? ● Just like cars, networks can be unstable ● We can't really expect automated control planes to cope with arbitrary instability Just as we shouldn't expect non-expert drivers to cope with unstable cars ○ ● It might be better to fix the instabilities rather than trying to create super AIs ○ Or at least, to clearly define and bound the unstable regimes Sometimes, this means moving the stability control "into the network" ● ○ e.g., today's cars come with traction control, anti-lock brakes, and electronic stability control Some examples on the next few slides 18

  19. Some causes of network instability Multiple control loops trying to optimize the same network: ● E.g., traffic engineering and congestion control working at cross purposes Too much latency in the control loop: ● E.g., link flaps faster than the routing system can re-converge ● (Maybe the routing plane can handle one flapping link, but not seven at once) Accidental large-scale synchronization: ● E.g., Sally Floyd and Van Jacobson. 1994. The synchronization of periodic routing messages . IEEE/ACM Trans. Netw. 2, 2 (April 1994) 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UNSAFE AT ANY SPEED: CYBERSECURITY FOR LAWYERS MICHAEL P. HANNIGAN KONICEK & DILLON, P.C.

UNSAFE AT ANY SPEED: CYBERSECURITY FOR LAWYERS MICHAEL P. HANNIGAN KONICEK & DILLON, P.C.

9/19/2018 UNSAFE AT ANY SPEED: CYBERSECURITY FOR LAWYERS MICHAEL P. HANNIGAN KONICEK & DILLON, P.C. UNDERSTANDING THE PROBLEM Insecure Communications vs. Insecure Credentials 1 9/19/2018 IMPORTANT TERMS Phishing Spear

293 views • 6 slides
Cedar Rapids RLR & Speed Des Moines RLR & Speed

Cedar Rapids RLR & Speed Des Moines RLR & Speed

Davenport.RLR & Speed Cedar Rapids RLR & Speed Des Moines RLR & Speed Sioux City.. RLR & Speed Muscatine...RLR & Speed Council

248 views • 11 slides
Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Effects of automated highway speed enforcement: average versus instantaneous speed control 27 th annual ICTCT workshop 16-17 Oct 2014, Karlsruhe - Germany dr. Stijn Daniels, PhD Transportation Research Institute Hasselt University, Belgium

413 views • 9 slides
UNSAFE PORTS: abnormal occurrences and the insurance solution. David Pitlarge Partner Marine,

UNSAFE PORTS: abnormal occurrences and the insurance solution. David Pitlarge Partner Marine,

UNSAFE PORTS: abnormal occurrences and the insurance solution. David Pitlarge Partner Marine, Trade & Energy Hill Dickinson LLP Unsafe Ports: abnormal occurrences Basic warranty Practical terms types of dispute

466 views • 19 slides
Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum

Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum

1 Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum Reporting some recent symmetric-speed discussions, especially from RWC 2020. Not included in this talk: NISTLWC. Short inputs.

411 views • 29 slides
SPEED OF THOUGHT SPEED OF THOUGHT 120m/s SPEED OF THOUGHT COMMUNICATIVE The Artist is Absent:

SPEED OF THOUGHT SPEED OF THOUGHT 120m/s SPEED OF THOUGHT COMMUNICATIVE The Artist is Absent:

amon ge, UDLS 2017 SPEED OF THOUGHT SPEED OF THOUGHT 120m/s SPEED OF THOUGHT COMMUNICATIVE The Artist is Absent: Davey Wreden and The Beginners Guide (https://youtu.be/4N6y6LEwsKc) SPEED OF THOUGHT COMMUNICATIVE words per minute (WPM)

804 views • 54 slides
POWERED STARTUPS Speed@BDD Presentation July 2017 SPEED@BDD IN A NUTSHELL Speed@BDD is a

POWERED STARTUPS Speed@BDD Presentation July 2017 SPEED@BDD IN A NUTSHELL Speed@BDD is a

ROCKET POWERED STARTUPS Speed@BDD Presentation July 2017 SPEED@BDD IN A NUTSHELL Speed@BDD is a Lebanese-grown startup accelerator software 2 acceleration 10 startups 3-month 10% equity idea & early cycles per year per cycle

417 views • 4 slides
Speed Management in NZ

Speed Management in NZ

Speed Management in NZ The agenda 1. Benefits of reduced traffic speed (10 min) 2. Speed Quiz (15 min) 3.

948 views • 46 slides
10 years of Speed Tables Peter da Silva FlightAware What are Speed Tables? What are Speed

10 years of Speed Tables Peter da Silva FlightAware What are Speed Tables? What are Speed

10 years of Speed Tables Peter da Silva FlightAware What are Speed Tables? What are Speed Tables? An array of structures A Key-Value store A NoSQL database A portable API Example CExtension particles 1.0 { CTable quark

476 views • 32 slides
The Aim Take a Haskell program Analyse it Prove statically that there are no unsafe

The Aim Take a Haskell program Analyse it Prove statically that there are no unsafe

CATCH: Case and Termination Checker for Haskell Neil Mitchell (Supervised by Colin Runciman) http://www.cs.york.ac.uk/~ ndm/ The Aim Take a Haskell program Analyse it Prove statically that there are no unsafe pattern matches

420 views • 19 slides
Speed, speed, speed $1000 TCR hashing competition D. J. Bernstein Crowley: I have a problem

Speed, speed, speed $1000 TCR hashing competition D. J. Bernstein Crowley: I have a problem

1 2 Speed, speed, speed $1000 TCR hashing competition D. J. Bernstein Crowley: I have a problem where I need to make some University of Illinois at Chicago; cryptography faster, and Im Ruhr University Bochum setting up a $1000

573 views • 55 slides
WATERFISH | neermeen More people die from unsafe water than from all other forms of violence.

WATERFISH | neermeen More people die from unsafe water than from all other forms of violence.

WATERFISH | neermeen More people die from unsafe water than from all other forms of violence. Including war. United Nations Secretary General Ban Ki-moon 80% of illnesses in developing countries are linked to poor water conditions. but

674 views • 43 slides
Safe Pedestrians, Equines the Environment & Drivers Who are SPEED? The SPEED action group

Safe Pedestrians, Equines the Environment & Drivers Who are SPEED? The SPEED action group

SPEED Safe Pedestrians, Equines the Environment & Drivers Who are SPEED? The SPEED action group was formed after a public meeting to discuss road safety issues and the tragic accident on the A626, involving a horse fatality.

368 views • 13 slides
Unsafe & safe road way design Unsafe & safe road way design for urban roads for

Unsafe & safe road way design Unsafe & safe road way design for urban roads for

PIARC International Road Safety Safety Seminar Seminar PIARC International Road Beijing 18 20 20 October October 2005 2005 Beijing 18 Unsafe & safe road way design Unsafe & safe road way design for urban roads for

1.02k views • 34 slides
Madhya Pradesh. 1. Unsafe Sterilization in violation of SOP. 2. Non compliance of Ramakant Rai

Madhya Pradesh. 1. Unsafe Sterilization in violation of SOP. 2. Non compliance of Ramakant Rai

Doma T. Bhutia. HRLN, Jabalpur Unit. Madhya Pradesh. 1. Unsafe Sterilization in violation of SOP. 2. Non compliance of Ramakant Rai directives of S.C & Jan Adhikar Manch directives of M. P . H.C. in respect to compensation. 3.

475 views • 10 slides
Saf afety ety Obs bservations ervations Turning unsafe behavior into dependable, safe

Saf afety ety Obs bservations ervations Turning unsafe behavior into dependable, safe

5 TIPS FOR IMPACTFUL Saf afety ety Obs bservations ervations Turning unsafe behavior into dependable, safe routines Our presentation begins soon 5 TIPS FOR IMPACTFUL Saf afety ety Obs bservations ervations Turning unsafe behavior into

452 views • 43 slides
#SelfCareWeek2020 Brought to you by CommUNITY Barnet Primary Care Group with NCL CCG WELCOME

#SelfCareWeek2020 Brought to you by CommUNITY Barnet Primary Care Group with NCL CCG WELCOME

Wednesday 18th November #SelfCareWeek2020 Brought to you by CommUNITY Barnet Primary Care Group with NCL CCG WELCOME RORY COOPER, HEALTH AND SOCIAL CARE SENIOR MANAGER COMMUNITY BARNET #SelfCareForLife CCG UPDATE CONAN COWLEY, SENIOR

1.28k views • 104 slides
1. . WHAT IS IS CREATIVE LEADERSHIP TH THINKING? 2. . HOW DOES CREATIVE THIN INKING WORK?

1. . WHAT IS IS CREATIVE LEADERSHIP TH THINKING? 2. . HOW DOES CREATIVE THIN INKING WORK?

1. . WHAT IS IS CREATIVE LEADERSHIP TH THINKING? 2. . HOW DOES CREATIVE THIN INKING WORK? What are the essentials of creative leadership? How to incorporate into your project management portfolio? 3. WHAT ARE CREATIVE TOOLS I CAN

656 views • 24 slides
Tarpey Percival Yates Think Local Act National Co-production National Co-production Personal

Tarpey Percival Yates Think Local Act National Co-production National Co-production Personal

Citizens Voice Chaired by Richard Webb Lynda Sally Martin Tarpey Percival Yates Think Local Act National Co-production National Co-production Personal Advisory Group Advisory Group Citizens Voice Chaired by Richard Webb Sally

459 views • 20 slides
www.sallywaterman.com Physical/Character (Crooked hands, generous, eccentric) Rituals/Habits

www.sallywaterman.com Physical/Character (Crooked hands, generous, eccentric) Rituals/Habits

www.sallywaterman.com Physical/Character (Crooked hands, generous, eccentric) Rituals/Habits (Drinking tea, writing letters, always busy, untidy) Paraphernalia (Geraniums, canary, ornaments, glasses) Shared Activities (Looking through family albums,

356 views • 10 slides
Natural Language Processing 1 Lecture 8: Compositional semantics and discourse processing Katia

Natural Language Processing 1 Lecture 8: Compositional semantics and discourse processing Katia

Natural Language Processing 1 Natural Language Processing 1 Lecture 8: Compositional semantics and discourse processing Katia Shutova ILLC University of Amsterdam 26 November 2018 1 / 45 Natural Language Processing 1 Compositional

1.06k views • 80 slides
Deploying MySQL and MongoDB in Kubernetes Alexander Rubin Percona About me Working with

Deploying MySQL and MongoDB in Kubernetes Alexander Rubin Percona About me Working with

Deploying MySQL and MongoDB in Kubernetes Alexander Rubin Percona About me Working with MySQL for 10-15 years Started at MySQL AB, Sun Microsystems, Oracle (MySQL Consulting) Joined Percona in 2013 2 What is Kubernetes?

734 views • 60 slides
cse 311: foundations of computing Fall 2015 Lecture 27: Infinities and diagonalization [proved

cse 311: foundations of computing Fall 2015 Lecture 27: Infinities and diagonalization [proved

cse 311: foundations of computing Fall 2015 Lecture 27: Infinities and diagonalization [proved on page 86 of Volume II: The above proposition is occasionally useful.] Russells paradox: The set of all sets that do not contain

443 views • 26 slides
Guidance for Domain Specific Modeling in Small and Medium Enterprises 11th Workshop for Domain

Guidance for Domain Specific Modeling in Small and Medium Enterprises 11th Workshop for Domain

Guidance for Domain Specific Modeling in Small and Medium Enterprises 11th Workshop for Domain Specific Modeling Henning Agt, Ralf Kutsche, Timo Wegeler October 24th, 2011 Outline Project Context Partner Survey Guidance for Modeling

407 views • 21 slides

More recommend