SDN Abstractions Lecture 20 Aditya Akella. Going beyond defining a virtual network, configuring specific network functions Application interface – PANE:

Slides:



Advertisements
Similar presentations
Service Bus Service Bus Access Control.
Advertisements

On the Management of Virtual Networks Group 3 Yang Wenzhi Wang Qian Issam Alkindi Zhu Guangjin Zhang Haifeng Sanjeev.
SDN Abstractions. In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Openflow App Security Chao SHI Stephen Duraski. Background Software-defined networking o Control plane abstraction o Abstract topology view o Abstraction.
Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,
Making Cellular Networks Scalable and Flexible Li Erran Li Bell Labs, Alcatel-Lucent Joint work with collaborators at university of Michigan, Princeton,
Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Web Services Andrea Miller Ryan Armstrong Alex. Web services are an emerging technology that offer a solution for providing a common collaborative architecture.
Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6.
Data Security in Local Networks using Distributed Firewalls
Client-server database systems and ODBC l Client-server architecture and components l More on reliability and security l ODBC standard.
Implementation support CSCI324, IACT403, IACT 931, MCS9324 Human Computer Interfaces.
1 CCNA 3 v3.1 Module 9. 2 CCNA 3 Module 9 VLAN Trunking Protocol.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Understanding Active Directory
© 2010 VMware Inc. All rights reserved Access Control Module 8.
Access Control Module 8. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.
Database Design - Lecture 1
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Week 9 Objectives Securing Files and Folders Protecting Shared Files and Folders by Using Shadow Copies Configuring Network Printing.
Implementing File and Print Services
Kostas Giotis, Yiannos Kryftis, Vasilis Maglaris
What is Architecture  Architecture is a subjective thing, a shared understanding of a system’s design by the expert developers on a project  In the.
Software Defined-Networking. Network Policies Access control: reachability – Alice can not send packets to Bob Application classification – Place video.
Control-Plane Slicing Methods in Multi-Tenant Software Defined Networks IFIP/IEEE International Symposium on Integrated Network Management May 11, 2015.
Windows NT Chapter 13 Key Terms By Bill Ward NT Versions NT Workstation n A desktop PC that both accesses a network and works as a stand alone PC NT.
Gary MarsdenSlide 1University of Cape Town Human-Computer Interaction - 3 Programmer Support Gary Marsden ( ) July 2002.
Software-Defined Networking - Attributes, candidate approaches, and use cases - MK. Shin, ETRI M. Hoffmann, NSN.
Implementation support z programming tools y levels of services for programmers z windowing systems y core support for separate and simultaneous user-system.
Security Requirements for Software Defined Networks Internet Area WG IETF 85: Atlanta November 4, 2012 Margaret Wasserman
1 Participatory Networking: An API for Application Control of SDNs Andrew Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.
G53SEC 1 Access Control principals, objects and their operations.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.
SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.
SOFTWARE DESIGN AND ARCHITECTURE LECTURE 31. Review Creational Design Patterns – Singleton Pattern – Builder Pattern.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 VLAN Trunking Protocol Cisco Networking Academy.
Sponsored by the National Science Foundation Establishing Policy-based Resource Quotas at Software-defined Exchanges Marshall Brinn, GPO June 16, 2015.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Secure Composition of Untrusted Code: Wrappers and Causality Types Kyle Taylor.
Network Access Control
CSci8211: SDN Controller Design 1 Overview of SDN Controller Design  SDN Re-cap  SDN Controller Design: Case Studies  NOX Next Week:  ONIX  ONOS 
Tessellation: Space-Time Partitioning in a Manycore Client OS 林鼎原 Department of Electrical Engineering National Cheng Kung University Tainan, Taiwan, R.O.C.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Client-server communication Prof. Wenwen Li School of Geographical Sciences and Urban Planning 5644 Coor Hall
CSCI/CMPE 4334 Operating Systems Review: Exam 1 1.
Yan Chen Lab of Internet and Security Technology (LIST)
SDN challenges Deployment challenges
Multi-layer software defined networking in GÉANT
CCNA 3 Chapter 10 Virtual Trunking Protocol
Pertemuan 12 Virtual Trunking Protocol
Overview of SDN Controller Design
CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.
CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.
Data Security in Local Networks using Distributed Firewalls
Operating Systems: A Modern Perspective, Chapter 3
Implementation support
Cohesion and Coupling.
Access Control What’s New?
Implementation support
Presentation transcript:

SDN Abstractions Lecture 20 Aditya Akella

Going beyond defining a virtual network, configuring specific network functions Application interface – PANE: Participatory networking Management – HFT: Delegation and conflict resolution – Splendid isolation: Slicing/isolation

Participatory networking and HFT PANE: user interface for the network control plane – End-users, devices or applications Key components: – Privilege delegation to reconcile requests and network constraints – A protocol and API to interaction – A suitable control logic

Privilege delegation Hierarchy of shares All shares can sub-delegate – Subsets defined on subset of parent’s flow group – May not have more permissive privileges Which speakers can issue which messages on which flowgroups

“API” Requests  allow/deny, reserve, limit – Could be associated with time – “Come back later” Hints  for traffic prioritization, future traffic patterns Queries  read network state Accept a message if – it passes privilege check, – referenced flowgroup is subset of share’s group, – if the request can co-exist with previously accepted requests

HFT Hierarchy of privileges  hierarchy of policies

HFT Conflict resolution operators: node-internal, inter-sibling and parent-child

HFT Conflict resolution operators: node-internal, inter-sibling and parent-child

HFT

HFT Operators D and S identical. Deny overrides Allow. GMB combines as max Child overrides Parent for Access Control GMB combines as max Only Requirements: Associative, 0-identity

HFT and PANE

Critique of PANE + HFT?

Isolation

Traffic isolation Physical isolation Control isolation

Some possibilities VLANs  obviously bad (why?) Flowvisor “Splendid”

Flowvisor Intercepts/analyzes/ multiplexes events

Slices in Splendid Make isolation part of the language. – For security and modularity. Give each client a slice of the network which they can assume complete control over, as if they were alone on the network. Given a set of slices and a policy for each slice, compile them into one whole network program that enforces isolation.

Slices

Outgoing pkts

Implementation Input: a set of slices and policies. (Must be VLAN-­‐independent.) Output: a single, global policy that enforces isolation.

Issues with Splendid Read-only slices. Consider an admin/billing slice that monitors use. Isolation is too strong Isolation as the way to “enforce” program modularity?

Flowvisor vs. Splendid Why is FV better? Why is Splendid better?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.