Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Software Defined Networking COMS 6998-8, Fall 2013 Instructor: Li Erran Li (

advertisement 
Software Defined Networking
COMS 6998-8, Fall 2013
Instructor: Li Erran Li
(lierranli@cs.columbia.edu)
http://www.cs.columbia.edu/~lierranli/coms
6998-8SDNFall2013/
10/8/2013: SDN Update
Outline
• Review of Previous Lecture
– SDN Programming Language
– SDN Verification
• SDN Update
– Consistent Update
– Congestion-Free Update
– Network Partition
10/8/13
Software Defined Networking (COMS 6998-8)
2
Review of Previous Lecture
SDN programming language
• Maple is imperative, supports:
– Function in a general purpose language that describes how
a packet should be routed, not how flow tables are
configured.
– Conceptually invoked on every packet entering the
network; may also access network environment state.
• NetKAT/NetCore/Pyretic domain specific languages
are declarative:
– Formal semantics expresses packet forwarding
– Support parallel and sequential composition
10/8/13
Software Defined Networking (COMS 6998-8)
Source: Andreas Voellmy, Yale
3
Review of Previous Lecture (Cont’d)
Composition
• To compose monitoring and routing, what
composition operator to use?
• To compose load balancing and routing, what
composition operator to use?
10/8/13
Software Defined Networking (COMS 6998-8)
Source: Andreas Voellmy, Yale
4
Review of Previous Lecture (Cont’d)
Pattern
srcip=1.2.3.4
Pattern
Actions
Count
Monitor
+
Actions
dstip=3.4.5.6
Fwd 1
dstip=6.7.8.9
Fwd 2
Route
Controller Platform
Pattern
10/8/13
Actions
srcip=1.2.3.4, dstip=3.4.5.6
Fwd 1, Count
srcip=1.2.3.4, dstip=6.7.8.9
Fwd 2, Count
srcip=1.2.3.4
Count
dstip=3.4.5.6
Fwd 1
dstip=6.7.8.9
Fwd 2
Software Defined Networking (COMS 6998-8)
Source: Nate Foster, Cornell
5
Review of Previous Lecture (Cont’d)
Pattern
Pattern
Actions
Actions
srcip=*0
dstip:=10.0.0.1
dstip=10.0.0.1
Fwd 1
srcip=*1
dstip:=10.0.0.2
dstip=10.0.0.2
Fwd 2
Load Balance
;
Route
Controller Platform
Pattern
10/8/13
Actions
srcip=*0
dstip:=10.0.0.1, Fwd 1
srcip=*1
dstip:=10.0.0.2, Fwd 2
Software Defined Networking (COMS 6998-8)
Source: Nate Foster, Cornell
6
Review of Previous Lecture (Cont’d)
SDN verification
• NetPlumber: the System for real time
verification of data plane properties
App
App
App
Controller
10/8/13
App
Logically centralized location
to observe the state changes
NetPlumber
Software Defined Networking (COMS 6998-8)
Source: P. Kazemian, Stanford
7
Review of Previous Lecture (Cont’d)
• NetPlumber graph:
– Creates a dependency graph of all forwarding
rules in the network and uses it to verify policy
– Nodes: forwarding rules in the network
– Directed Edges: next hop dependency of rules
10/8/13
Switch 1
Switch 2
R1
R
2
Software Defined Networking (COMS 6998-8)
8
Review of Previous Lecture (Cont’d)
0
1 X
X
1 001
1 0XX
S
S
Where is the missing edge?
Example NetPlumber graph
10/8/13
Software Defined Networking (COMS 6998-8)
Source: P. Kazemian, Stanford
9
Review of Previous Lecture (Cont’d)
0
1 X
X
1 001
1 0XX
S
S
Example NetPlumber graph
10/8/13
Software Defined Networking (COMS 6998-8)
Source: P. Kazemian, Stanford
10
Outline
• Review of Previous Lecture
– SDN Programming Language
– SDN Verification
• SDN Update
– Consistent Update
– Congestion-Free Update
– Network Partition
10/8/13
Software Defined Networking (COMS 6998-8)
11
Updates Happen
Network Updates
•Maintenance
•Failures
•ACL Updates
Desired Invariants
•No black-holes
•No loops
•No security violations
12
10/8/13
Software Defined Networking (COMS 6998-8)
12
Distributed Programming:
non-atomic table updates
Priority
Predicate
Update one Switch
Action
⊆
Priority
Predicate
Action
10
SSH
Drop
⊆
Priority
Predicate
Action
5
dst_ip = H1
Fwd 1
Priority
Predicate
Action
10
SSH
Drop
5
dst_ip = H1
Fwd 1
update re-ordering
Priority
Predicate
Action
5
dst_ip = H1
Fwd 1
5
dst_ip = H2
Fwd 2
10/8/13
⊆
Priority
Predicate
Action
10
SSH
Drop
5
dst_ip = H1
Fwd 1
5
dst_ip = H2
Fwd 2
Software Defined Networking (COMS 6998-8)
Source: Nate Foster, Cornell
13
Update one Switch (Cont’d)
• Solution: insert barrier messages to enforce
partial ordering of rule updates
10/8/13
Software Defined Networking (COMS 6998-8)
14
Network Updates Are Hard
15
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
15
Network Update Abstractions
Goal
•Tools for whole network update
Approach
•Develop update abstractions
•Endow them with strong semantics
•Engineer efficient implementations
16
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
16
Example: Distributed Access Control
Security Policy
Src
F1
I
Traffic
Web
Non-web
Any
Action
Allow
Drop
Allow
F2
F3
Traffic
17
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
17
Naive Update
Security Policy
Src
F1
I
Traffic
Web
Non-web
Any
Action
Allow
Drop
Allow
F2
Order
F3
F1
F2
F3
I
Traffic
18
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
18
Use an Abstraction!
Security Policy
✓
UPDATE
✓
✓
19
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
19
Atomic Update?
Security Policy
Src
F1
I
Traffic
Web
Non-web
Any
Action
Allow
Drop
Allow
F2
F3
Traffic
20
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
20
Per-Packet Consistent Updates
Per-Packet Consistent Update
Each packet processed with old or new configuration,
but not a mixture of the two.
Security Policy
Obeys policy:
Src
Traffic
Web
Non-web
Any
Action
Allow
Drop
Allow
Obeys policy:
21
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
21
Universal Property Preservation
Theorem: Per-packet consistent updates
preserve all trace properties.
Trace Property
Any property of a single packet’s path through the
network.
Examples of Trace Properties:
Loop freedom, access control, waypointing ...
Trace Property Verification Tools:
NetPlumber, ConfigChecker ...
22
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
22
Formal Verification
Corollary: To check an invariant, verify the old and
new configurations.
Security Policy
Analyzer
✓
Security Policy
✓
Analyzer
Verification Tools
• Anteater [SIGCOMM ’11]
• NetPlumber [SIGCOMM ’13]
• ConfigChecker [ICNP ’09]
23
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
23
Mechanisms
24
10/8/13
Software Defined Networking (COMS 6998-8)
24
2-Phase Update
Overview
•Runtime instruments configurations
•Edge rules stamp packets with version
•Forwarding rules match on version
update(config,topo)
Algorithm (2-Phase Update)
1.Install new rules on internal switches,
leave old configuration in place
Calculate rules,
generate messsages
2.Install edge rules that stamp with the new
version number
25
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
25
2-Phase Update in Action
F1
I
F2
F3
Traffic
26
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
26
Optimized Mechanisms
Optimizations
• Extension: strictly adds paths
• Retraction: strictly removes paths
• Subset: affects small # of paths
• Topological: affects small # of switches
Runtime
• Automatically optimizes
• Power of using abstraction
27
10/8/13
Software Defined Networking (COMS 6998-8)
update(config,topo)
Calculate rules,
generate messsages
Source: M. Reitblatt, Cornell
27
Subset Optimization
F1
I
F2
F3
Traffic
28
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
28
Correctness
Question: How do we convince ourselves these mechanisms are
correct?
Solution: built an operational semantics, formalized our
mechanisms and proved them correct
Example: 2-Phase Update
1.Install new rules on internal switches,
leave old configuration in place
2.Install edge rules that stamp with the
new version number
}
}
Unobservable
One-touch
Theorem: Unobservable + one-touch = per-packet.
29
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
29
Implementation
• Runtime
– NOX Library
– OpenFlow 1.0
– 2.5k lines of Python
– update(config, topology)
– Uses VLAN tags for versions
– Automatically applies optimizations
update(config,topo)
• Verification Tool
– Checks OpenFlow configurations
– CTL specification language
– Uses NuSMV model checker
30
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
30
Evaluation
Question: How much extra rule space is required?
• Setup
– Mininet VM
• Applications
– Routing and Multicast
• Scenarios
– Adding/removing
hosts
– Adding/removing links
– Both at the same time
31
10/8/13
Topologies
Fattree
Small-world
Software Defined Networking (COMS 6998-8)
Waxman
Source: M. Reitblatt, Cornell
31
Results: Routing Application
Fattree
32
10/8/13
Small-world
Software Defined Networking (COMS 6998-8)
Waxman
Source: M. Reitblatt, Cornell
32
Conclusion
• Update abstractions
– Per-packet
– Per-flow
• Mechanisms
– 2-Phase Update
– Optimizations
• Formal model
– Network operational semantics
– Universal property preservation
33
10/8/13
Software Defined Networking (COMS 6998-8)
Source: M. Reitblatt, Cornell
33
Outline
• Review of Previous Lecture
– SDN Programming Language
– SDN Verification
• SDN Update
– Consistent Update
– Congestion-Free Update (zUpdate)
– Network Partition
10/8/13
Software Defined Networking (COMS 6998-8)
34
DCN is constantly in flux
Upgrade  Reboot
New Switch
Switches
Traffic Flows
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
35
DCN is constantly in flux
Switches
Traffic Flows
Virtual Machines
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
36
Network updates are painful for
operators
Switch
Upgrade
Holy C**p
Two weeks before update, Bob has to:
• Coordinate with application owners
Complex
• Prepare a detailed
updatePlanning
plan
• Review and revise the plan with colleagues
At the night
of update, Bob executes
plan by hands, but
Unexpected
Performance
• Application alerts are triggered unexpectedly
Degradation
• Switch failures force
him to backpedal several times.
Eight hours later, Bob is still stuck with update:
• No sleep over night
Laborious
Process
• Numerous application
complaints
• No quick fix in sight
Bob: An operator
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
37
Congestion-free DCN update is the key
• Applications want network updates to be seamless
– Reachability
– Low network latency (propagation, queuing)
– No packet drops
Congestion
• Congestion-free updates are hard
–
–
–
–
10/8/13
Many switches are involved
Multi-step plan
Different scenarios have distinct requirements
Interactions between network and traffic demand changes
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
38
A clos network with ECMP
All switches: Equal-Cost Multi-Path (ECMP)
Link capacity: 1000
CORE
1
2
3
4
150= 920150
620 + 150 + 150
AGG
1
2
300
ToR
3
4
300
300
1
2
3
4
300
5
600
600
10/8/13
6
5
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
39
Switch upgrade: a naïve solution
triggers congestion
Link capacity: 1000
CORE
1
2
3
4
1070
620 + 300
150 + 150 = 920
AGG
1
2
Drain AGG1
ToR
10/8/13
3
4
6
5
600
1
2
3
4
Software Defined Networking (COMS 6998-8)
5
Source: J. Liu, Yale
40
Switch upgrade: a smarter solution
seems to be working
Link capacity: 1000
CORE
1
2
3
4
50 = 1070
970
620 + 300 + 150
AGG
1
2
3
4
Drain AGG1
ToR
10/8/13
6
5
500
1
2
3
4
Software Defined Networking (COMS 6998-8)
100 Weighted
ECMP
5
Source: J. Liu, Yale
41
Traffic distribution transition
Initial Traffic Distribution
Congestion-free
CORE
1
AGG
1
2
2
300
ToR
3
3
4
1
4
6
5
300
300
2
3
4
Final Traffic Distribution
Congestion-free
300
5
Transition
?
CORE
1
AGG
1
2
2
0
ToR
3
3
4
6
5
600
1
4
500
2
3
4
100
5
Simple?
NO!
Asynchronous Switch Updates
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
42
Asynchronous changes can cause
transient congestion
When ToR1 is changed but ToR5 is not yet:
Link capacity: 1000
CORE
1
2
3
4
620 + 300 + 150 = 1070
AGG
1
2
3
4
6
5
Drain AGG1
300
300
600
ToR
1
2
3
4
5
Not Yet
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
43
Solution: introducing an intermediate
step
Final
Initial
CORE
1
2
3
4
CORE
1
AGG
1
2
3
4
Transition
AGG
1
2
300
ToR
3
4
300
1
6
5
300
2
3
Congestion-free
regardless the
asynchronizations
ToR
5
CORE
1
AGG
1
2
1
ToR
?
2
3
400
1
3
2
3
4
4
4
6
5
500
2
3
4
100
5
Congestion-free
regardless the
asynchronizations
6
5
450
4
3
600
Intermediate
200
10/8/13
0
300
4
2
150
5
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
44
How zUpdate performs congestionfree update
Update
Scenario
Operator
Update
requirements
zUpdate
Current Traffic
Distribution
Intermediate
Traffic Distribution
Intermediate
Traffic Distribution
Target Traffic
Distribution
Data Center Network
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
45
Key technical issues
• Describing traffic distribution
• Representing update requirements
• Defining conditions for congestion-free transition
• Computing an update plan
• Implementing an update plan
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
46
Describing traffic distribution
l
f
CORE
l
s4
f
s2,s 4
s5
=150
150
AGG
l
ToR
: flow f’s load on link v, u
v,u
s2
f
s3
=300
300
s1,s 2
s1
f
10/8/13
600
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
47
Representing update requirements
CORE
s4
s5
When s2 recovers
AGG
s2
s3
Drain s2
Constraint: no Constraint: ECMP
equal split
flow to s2
s1
ToR
f
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
48
Switch asynchronization exponentially
inflates the possible load values
Transition from old traffic distribution to new traffic distribution
f
ingress
1
2
4
6
egress
f
8
3
5
7
f
l
7,8
Asynchronous updates can result in 2^5 possible
load values on link (7,8) during transition.
In large networks, it is impossible to check if the
load value exceeds link capacity.
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
49
Two-phase commit reduces the
possible load values to two
Transition from old traffic distribution to new traffic distribution
f
ingress
1
version flip
2
4
6
egress
8
3
5
f
7
• With two-phase commit, f’s load on link (7,8) only has
two possible values throughout a transition
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
50
Flow asynchronization exponentially
inflates the possible load values
f1
1
2
4
6
f1 + f2
8
f2
0
3
5
7
l
f
7,8
Asynchronous updates to N independent flows can
result in 2^N possible load values on link (7,8)
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
51
Handling flow asynchronization
f1
1
2
4
6
8
f2
0
3
5
7
The load on link switch 7 to 8 has four
potential values, but it is no more than the
sum of f1’s maximum potential value and f2’s
maximum potential value.
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
52
Computing congestion-free transition
plan
Linear Programming
Constant:
Current Traffic
Distribution
Constraint:
Congestion-free
Variable:
Intermediate
Traffic Distribution
Constraint:
Update Requirements
Variable:
Intermediate
Traffic Distribution
Variable:
Target Traffic
Distribution
Constraint:
• Deliver all traffic
• Flow conservation
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
53
Implementing an update plan
• Computation time
Weighted-ECMP
ECMP
Critical
Flows
Other Flows
• Switch table size limit
• Update overhead
Flows traversing
bottleneck links
• Failure during transition
• Traffic demand variation
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
54
Evaluations
• Testbed experiments
• Large-scale trace-driven simulations
10/8/13
Software Defined Networking (COMS 6998-8)
55
Testbed setup
Switch: Arista 7050
Link: 10Gbps
ToR6,7: 6.2Gbps
ToR6,7: 6.2Gbps
CORE
1
AGG
1
3
2
2
3
4
5
ToR6,7: 6.2Gbps
ToR6,7: 6.2Gbps
4
4
5
8
9
6
Drain AGG1
ToR
1
2
3
6
7
ToR5: 6Gbps
10
11
12
ToR8: 6Gbps
Traffic Generator
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
56
zUpdate achieves congestion-free
switch upgrade
Initial
CORE
1
AGG
1
2
2
3Gbps
ToR
3
3
4
3Gbps
1
2
Intermediate
5
3Gbps
3
4
4
CORE
1
6
AGG
1
2
2
2Gbps
3Gbps
3
1
4
4
4Gbps
ToR
5
3
6
5
4.5Gbps
2
3
1.5Gbps
4
5
Real-time link utilization
Link Utilization
1.05
Final
1
0.95
CORE
1
AGG
1
2
3
4
0.9
0.85
0.8
0
5
10
15
Time (sec)
Link: CORE1-AGG3
10/8/13
20
Link: CORE3-AGG4
25
2
0
ToR
3
4
6Gbps
1
Software Defined Networking (COMS 6998-8)
2
6
5
5Gbps
3
4
Source: J. Liu, Yale
1Gbps
5
57
One-step update causes transient
congestion
Initial
CORE
1
AGG
1
2
2
3Gbps
ToR
3
3
4
3Gbps
1
4
6
5
3Gbps
2
3
3Gbps
4
5
Real-time link utilization
Final
Link Utilization
1.1
1
CORE
1
AGG
1
2
3
4
0.9
0.8
0.7
0
5
10
Link: CORE1-AGG3
10/8/13
0
15
ToR
Time (sec)
2
3
4
6Gbps
1
2
6
5
5Gbps
3
4
1Gbps
5
Link: CORE3-AGG4
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
58
Large-scale trace-driven simulations
A production DCN topology
CORE
New Switch
AGG
ToR
Flows
Test flows (1%)
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
59
zUpdate beats alternative solutions
Post-transition Loss Rate
Transition Loss Rate
Loss Rate (%)
15
10
5
0
zUpdate
#step
10/8/13
2
zUpdate-OneStep
1
ECMP-OneStep
1
Software Defined Networking (COMS 6998-8)
ECMP-Planned
300+
Source: J. Liu, Yale
60
Conclusion
• Switch and flow asynchronization can cause
severe congestion during DCN updates
• zUpdate provides congestion-free DCN
updates
– Novel algorithms to compute update plan
– Practical implementation on commodity switches
– Evaluations in real DCN topology and update
scenarios
10/8/13
Software Defined Networking (COMS 6998-8)
Source: J. Liu, Yale
61
Outline
• Review of Previous Lecture
– SDN Programming Language
– SDN Verification
• SDN Update
– Consistent Update
– Congestion-Free Update (zUpdate)
– Network Partition
10/8/13
Software Defined Networking (COMS 6998-8)
62
Network Partition
• Out-of-band control network
• Routing and forwarding based on addresses
Policy specification using end-host names
Controller only aware of local name-address
bindings
10/8/13
Software Defined Networking (COMS 6998-8)
63
Network Partition
• Consider policy isolating A from B. A control
network partition occurs. Only possible choices
– Let all packets through (including from A to B)
(Correctness)
– Drop all packets (including from A to D) (Availability)
10/8/13
Software Defined Networking (COMS 6998-8)
64
Solution to Network Partition
• Network can label packets with sender’s
identity
– Route based on identity instead of address
• Inband control
10/8/13
Software Defined Networking (COMS 6998-8)
65
Questions?
10/8/13
Software Defined Networking (COMS 6998-8)
66
Related documents
h. transgenic/knockout animals
h. transgenic/knockout animals
Download
advertisement