Lithium: Event-Driven Network Control Nick Feamster, Hyojoon Kim, Russ Clark Georgia Tech Andreas Voellmy Yale University OpenFlow/Software Defined Networking.

Slides:



Advertisements
Similar presentations
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Advertisements

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,
Campus Testbed for Network Management and Operations Nick Feamster Georgia Tech Joint with Ankur Nayak, Russ Clark, Ron Hutchins, Campus OIT Also input.
Network Troubleshooting: rcc and Beyond Nick Feamster Georgia Tech (joint with Russ Clark, Yiyi Huang, Anukool Lakhina)
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
OpenFlow and Software Defined Networks. Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defined Networks.
Towards Software Defined Cellular Networks
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
An Overview of Software-Defined Network Presenter: Xitao Wen.
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Mobile Communication and Internet Technologies
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Professor Yashar Ganjali Department of Computer Science University of Toronto
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
An Overview of Software-Defined Network
An Overview of Software-Defined Network Presenter: Xitao Wen.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Application-Aware Aggregation & Traffic Engineering in a Converged Packet-Circuit Network Saurav Das, Yiannis Yiakoumis, Guru Parulkar Nick McKeown Stanford.
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.
Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
Software-Defined Networks Jennifer Rexford Princeton University.
Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar Stanford University In collaboration with Martin Casado and Scott.
Brent Salisbury CCIE#11972 Network Architect University of Kentucky 9/22/ OpenStack & OpenFlow Demo.
Aaron Gember Aditya Akella University of Wisconsin-Madison
Software Defined-Networking. Network Policies Access control: reachability – Alice can not send packets to Bob Application classification – Place video.
VeriFlow: Verifying Network-Wide Invariants in Real Time
OpenFlow: Enabling Innovation in Campus Networks
Aditya Akella (Based on slides from Aaron Gember and Nick McKeown)
CS : Software Defined Networks 3rd Lecture 28/3/2013
Sponsored by the National Science Foundation Tutorial: An Introduction to OpenFlow using POX GENI Engineering Conference 20 June 2014.
Professor OKAMURA Laboratory. Othman Othman M.M. 1.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
A Simple Unified Control Plane for Packet and Circuit Networks Saurav Das, Guru Parulkar, Nick McKeown Stanford University.
Author: Bill Buchanan. 1. Broadcast: What is the MAC address of this network address? 2. Requested host: All the hosts read the broadcast and checks.
OpenFlow:Enabling Innovation in Campus Network
SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.
Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Sponsored by the National Science Foundation 1 GEC16, March 21, 2013 Are you ready for the tutorial? 1.Did you do the pre-work? A.Are you able to login.
Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.
Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.
OpenFlow & NOX (& how the SDN era started) CCR 2008 Whitepapers Nick McKeown & Natasha Gude et al. Presented by: M. Asim Jamshed Some slides have been.
3.6 Software-Defined Networks and OpenFlow
OpenFlow: Enabling Innovation in Campus Networks Yongli Chen.
Header Space Analysis: Static Checking for Networks Broadband Network Technology Integrated M.S. and Ph.D. Eun-Do Kim Network Standards Research Section.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
SDN basics and OpenFlow. Review some related concepts SDN overview OpenFlow.
Road to SDN Review the main features of SDN
Intrusion Detection Systems
ETHANE: TAKING CONTROL OF THE ENTERPRISE
NOX: Towards an Operating System for Networks
Week 6 Software Defined Networking (SDN): Concepts
SDN Overview for UCAR IT meeting 19-March-2014
Stanford University Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar In collaboration with Martin Casado and Scott.
Chapter 5 Network Layer: The Control Plane
The Stanford Clean Slate Program
Software Defined Networking (SDN)
Software Defined Networking
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Implementing an OpenFlow Switch on the NetFPGA platform
An Introduction to Software Defined Networking and OpenFlow
Chapter 5 Network Layer: The Control Plane
An Introduction to Software Defined Networking and OpenFlow
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Lithium: Event-Driven Network Control Nick Feamster, Hyojoon Kim, Russ Clark Georgia Tech Andreas Voellmy Yale University OpenFlow/Software Defined Networking Nick Feamster Georgia Tech (some slides courtesy Nick McKeown)

Pre-GENI Thinking: Network as Artifact 2 “There is a tendency in our field to believe that everything we currently use is a paragon of engineering, rather than a snapshot of our understanding at the time. We build great myths of spin about how what we have done is the only way to do it to the point that our universities now teach the flaws to students (and professors and textbook authors) who don't know better.” -- John Day

What if we could change the network as easily as applications? 3 TCP/IP Header in Lego Format.

Now, We Can: Software-Defined Networking Before: Network devices closed, proprietary Now: A single software program can control the behavior of entire networks. 4

Software-Defined Networking Distributed configuration is a bad idea Instead: Control the network from a logically centralized system 5 Feamster et al. The Case for Separating Routing from Routers. Proc. SIGCOMM FDNA, 2004 Caesar et al. Design and implementation of a Routing Control Platform. Proc NSDI, 2005 Network RCP Decision Dissemination Discovery Data 2008

Software Defined Networking 6

Controller OpenFlow Switch Flow Table Flow Table Secure Channel Secure Channel PC OpenFlow Protocol SSL hw sw OpenFlow Switch specification Background: OpenFlow Switching

Key Idea: Control/Data Separation 8

OpenFlow Forwarding Abstraction 9

OpenFlow 1.0 Flow Table Entry Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport RuleActionStats 1.Forward packet to port(s) 2.Encapsulate and forward to controller 3.Drop packet 4.Send to normal processing pipeline + mask Packet + byte counters

OpenFlow Forwarding Abstraction Match –Match on any header or new header –Allows any flow granularity Action –Forward to port(s), drop, send to controller –Overwrite the header –Forward at a specific bitrate 11

OpenFlow Forwarding Abstraction Protocol independent –Construct Ethernet, IPv4, VLAN, MPLS –Construct new forwarding methods Backwards compatible –Run in existing networks Technology independent –Switches, routers, WiFi APs –Cellular basestations –WDM/TDM circuits 12

Software Defined Network Management Software defined networking (SDN) makes it easier for network operators to evolve network capabilities Can SDN also help network operators manage their networks, once they are deployed? –Campus/Enterprise networks –Home networks 13

Big Problem: Configuration Changes Frequently Changes to the network configuration occur daily –Errors are also frequent Operators must determine –What will happen in response to a configuration change –Whether the configuration is correct 14

But, Network Configuration is Really Just Event Processing! Rate limit all Bittorrent traffic between the hours of 9 a.m. and 5 p.m. Do not use more than 100 GB of my monthly allocation for Netflix traffic If a host becomes infected, re-direct it to a captive portal with software patches … 15

Lithium: Event-Based Network Control 16 Main Idea: Express network policies as event-based programs. Resonance: Inference-Based Access Control for Enterprise Networks. Nayak, Reimers, Feamster, Clark. ACM SIGCOMM Workshop on Enterprise Networks. August 2009.

Extending the Control Model OpenFlow only operates on flow properties Lithium extends the control model so that actions can be taken on time, history, and user 17

Event-Driven Control Domains 18 Domain: A condition on which traffic forwarding rules can be expressed.

Dynamic Event Handler Reacts to domain events Determines event source Updates state based on event type Can process both internal and external events 19

Representing Network State: Finite State Machine State: A set of domain values represents a state. Representation of network state. Events: Event-driven control domains invoke events, which trigger state transitions in the controller’s finite state machine. –Intrusions –Traffic fluctuations –Arrival/departure of hosts 20

Current Implementation NOX Version Lithium plumbing: About 1,300 lines of C++ Policies –Enterprise network access control: 145 lines of C++ –Home network usage cap management: 130 lines Ongoing: Policies without general-purpose programming 21

Two Real-World Deployments Access control in enterprise networks –Re-implementation of access control on the Georgia Tech campus network –Today: Complicated, low-level –With SDN: Simpler, more flexible Usage control in home networks –Implementation of user controls (e.g., usage cap management, parental controls) in home networks –Today: Not possible –With SDN: Intuitive, simple 22

23 Example from Campus Network: Enterprise Access Control 3. VLAN with Private IP 6. VLAN with Public IP ta 1. New MAC Addr2. VQP 7. REBOOT Web Portal 4. Web Authentication 5. Authentication Result VMPS Switch New Host

Problems with Current Approach Access control is too coarse-grained –Static, inflexible and prone to misconfigurations –Need to rely on VLANs to isolate infected machines Cannot dynamically remap hosts to different portions of the network –Needs a DHCP request which for a windows user would mean a reboot Cannot automatically process changes to network conditions. 24

25 Lithium: State Machine-Based Control for Campus Networks Registration Authenticated Operation Quarantined Successful Authentication Vulnerability detected Clean after update Failed Authentication Infection removed or manually fixed Still Infected after an update

Requirements: Policy Language Network policies –Are dynamic –Depend on temporal conditions defined in terms of external events Need a way to configure these policies without resorting to general-purpose programming of a network controller Intuitive user interfaces can ultimately be built on top of this language 26

Language Design Goals 27 Declarative Reactivity: Describing when events happen, what changes they trigger, and how permissions change over time. Expressive and Compositional Operators: Building reactive permissions out of smaller re- active components. Well-defined Semantics: Simple semantics, simplifying policy specification. Error Checking & Conflict Resolution: Leveraging well-defined, mathematical semantics.

The Need for Reactive Control Simple policies are doable in FML: “Ban the device if usage exceeds 10 GB in the last 5 days” 28 But, adding temporal predicates is difficult! –“Remove the ban if usage drops below 10 GB.” –“Remove the ban when an administrator resets.” Each condition requires a new predicate.

Procera: Programming Reactive, Event-Based Network Control 29 Controller: signal functions and a flow constraint function Receives input signals from environment Periodically updates a flow constraint function that controls the forwarding elements Define a signal function for a device going over (or under) the usage cap: Define the set of devices over the cap:

Deployment: Campus Network Software-defined network in use across three buildings across the university Redesign of network access control Also deployed at other universities 30

Example From Home Networks: Usage Control Network management in homes is challenging One aspect of management: usage control –Usage cap management –Parental control –Bandwidth management Idea: Outsource network management/control –Home router runs OpenFlow switch –Usage reported to off-site controller –Controller adjusts behavior of traffic flows 31

32 Example From Home Networks: Usage Control

Deployment: Home Networks (Outsourced Home Network Management) 33 User monitors behavior and sets policies with UI (next slide) Lithium controller manages policies and router behavior

uCap: Intuitive Management Interface 34 Joint work with Boris de Souza, Bethany Sumner, Marshini Chetty.

Frontier #1: Home OpenFlow deployments in home networks: Slicing all the way to the end user in the home! BISmark ( 35

Frontier #2: Programmable Substrate Augment OpenFlow switches with custom packet processors Device abstraction layer to allow programmability of this substrate –Single device –Network wide Applications –Big data applications –On-the fly encryption, transcoding, classification –Selective deep packet inspection 36

Frontier #3: Policy Languages Today’s configuration languages are error- prone, distributed, low-level Functional reactive programming –Support for “boxes and arrows” (or signals and systems) style programming –Can support much more complicated conditions Procera/Lithium is one example 37

Summary Network management is difficult and error-prone Lithium: Event-based network control Deployment in two real-world settings (campus and home network) Developing a high-level control language that enables reactive control 38

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.