Add to collection(s) Add to saved
  1. Math
  2. Applied Mathematics

Compiling Path Queries in Software-Defined Networks

advertisement 
Compiling Path Queries in
Software-Defined Networks
Srinivas Narayana
Jennifer Rexford and David Walker
Princeton University
Where’s the packet loss?
Faulty network device(s) along the way. But where?
A
100 pkts
B
25 pkts 
2
Where’s the packet loss?
Solution idea: Check how far packets get from A to B
before being dropped somewhere.
A
B
25 pkts 
100 pkts
Fine-grained packet counters
+ Forwarding
Complex policies
3
Where’s the packet loss?
Instead: nice to get A  B packet counts each step
along paths where A  B traffic flows
25
25
A
50
25
B
100
25
100 pkts
50
0
50
25 pkts 
4
Wouldn’t it be nice to ask questions about
packet paths in a network?
Problem: we only observe a given packet
independently at different switches.
5
We’ve designed a path query system
that analyzes packet paths
directly in the data plane.
6
Problem statement
1. Operator/application
specifies network path
queries
2. Translate into
efficient and direct
switch measurements
(i.e., data plane rules)
7
Problem statement
Independent
specifications
Query
Query
Forwarding
Compiled into
data plane rules
8
Solution architecture
1. Path query
language
Query expressions
Statistics
Regular
expressions of
packet location
& headers
2. Query compiler and runtime
SDN controller
Payloads
Statistics
9
Path Query Language
10
Let’s write some queries! (1/3)
• Count packets reaching switch S1, then S2 with an
internal source IP address (10.0/16)
switch=S1
^
A hop on the wire
switch=S2, srcip=10.0/16
11
Let’s write some queries! (2/3)
• Capture packets evading a firewall in the network
ingress
egress
ingress
egress
ingress
ingress()
^
(switch != FW)*
^
egress()
egress
0 or more
repetitions
12
Let’s write some queries! (3/3)
• Switch-level traffic matrix:
E1
E2
...
I1
250
100
...
I2
120
95
...
...
...
...
...
13
Let’s write some queries! (3/3)
• Switch-level traffic matrix:
ingress()
Flow
#pkts
*
1000
^
(true)*
^
Count all
packets, going
from any
ingress to any
egress.
egress()
14
Let’s write some queries! (3/3)
• Switch-level traffic matrix:
groupby(ingress(),
[switch])
^
(true)*
^
groupby(egress(),
[switch])
Flow
#pkts
sw=I1, sw=E1
250
sw=I1, sw=E2
100
...
...
Group counts by
packet’s ingress and
egress switch!
 Traffic matrix!
15
Let’s write some queries!
• More example queries in the paper
16
The Runtime System
17
How to analyze packet paths
in the data plane?
18
Packet paths on data plane
• Main idea: Record path information in packets
[{sw: S1
port: 1
srcmac: ...
srcip: ...
...}]
[{sw: S1, ...},
{sw: S2
port: 3
srcmac: ...
...}]
[{sw: S1, ...},
{sw: S2, ...},
{sw: S3
port: 2
...}]
• As such, too much state!
19
Reducing path state on packets
• Observation 1: Queries already tell us what’s needed!
• Only record path state needed by queries
• Observation 2: Queries are regular expressions
• Regular expressions  Finite automaton (DFA)
• Distinguish only paths corresponding to DFA states
20
Reducing path state on packets
• Observation 1: Queries already tell us what’s needed!
• Only record path state needed by queries
•Record
Observation
Queries
are on
regular
expressions
only2: DFA
state
packets
(1-2 bytes)
• Regular expressions  Finite automaton (DFA)
• Distinguish
only paths
DFA states
Use existing
“tag”corresponding
fields (e.g.,toVLAN)
21
Example: Query Compilation (1/3)
Query:
(switch=S1, srcip=10.0.0.1)
^ (switch=S2, dstip=10.0.0.3)
switch=S1,
srcip=10.0.0.1
Q
0
S1
S2
switch=S2,
dstip=10.0.0.3
Q
1
Q
2
22
Example: Query Compilation (2/3)
switch=S1,
srcip=10.0.0.1
Q
0
switch=S2,
dstip=10.0.0.3
Q
1
Q
2
Switch
Match
Action
S1
state=Q0, srcip=10.0.0.1
state=Q1
S2
state=Q1, dstip=10.0.0.3
state=Q2
S2
state=Q1, dstip=10.0.0.3
count
DFA transition
DFA accept
23
Example: Query Compilation (3/3)
DFATransitioning
Forwarding
DFAAccepting
All acting on
the same data
plane packets!
Frenetic composition operators (details in paper)
24
Implementation
• Prototype on the Pyretic (NSDI’13) SDN controller
• Implementation publicly available online
• http://frenetic-lang.org/pyretic/
• Evaluation:
• Payload collection bandwidth
• Rule space
• See paper.
25
Summary
DFA state can be used to track
packet paths directly on the data plane.
Measurement and forwarding can be
specified independently.
26
Happy to answer queries ;)
narayana@cs.princeton.edu
27
28
Related documents
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
Access Chapter 2 Assignment Sheet
Access Chapter 2 Assignment Sheet
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
Home Exercise 1 (Relational Algebra)
Home Exercise 1 (Relational Algebra)
Sportfolio Criteria - JCB Physical Education
Sportfolio Criteria - JCB Physical Education
Assignment - Introduction to Databases using Microsoft Access
Assignment - Introduction to Databases using Microsoft Access
Summer Review Packet for Students Entering Algebra 1
Summer Review Packet for Students Entering Algebra 1
doc
doc
1-07 ICS2O3C - Warriors of the Net
1-07 ICS2O3C - Warriors of the Net
LPN 10 Exercises
LPN 10 Exercises
Compiling Path Queries Princeton University Mina Tahmasbi Jen Rexford
Compiling Path Queries Princeton University Mina Tahmasbi Jen Rexford
Declarative Network Path Queries Srinivas Narayana May 13, 2016 Advisor: Prof. Jennifer Rexford
Declarative Network Path Queries Srinivas Narayana May 13, 2016 Advisor: Prof. Jennifer Rexford
Download
advertisement