Presentation is loading. Please wait.

Presentation is loading. Please wait.

Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014

Published byGeoffrey Gaines Modified over 6 years ago

Similar presentations

Presentation on theme: "Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014"— Presentation transcript:

1 Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014
Abstractions for SDN Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014

2 Introduction SDN was invented to addressing some long-standing challenges in networking SDN starts from two ideas generalize network hardware to provide a standard collection of packet-processing functions instead of a fixed set of narrow features decouple software that controls network from devices that implement it The design of SDN makes it possible to evolve network without having to change underlying hardware enables expressing network algorithms in terms of appropriate abstractions for particular applications

3 Introduction One or more controller machines execute general-purpose programs that respond to events (changes in network topology, connections initiated by end hosts, shifts in traffic load, or messages from other controllers) by computing a collection of packet-forwarding rules Controllers then push these rules to switches, which implement required functionality efficiently using specialized hardware

4 New Applications Shortest-path routing Policy-based access control
Adaptive traffic monitoring Traffic engineering Network virtualization without new (distributed) protocols on proprietary hardware Need new abstractions to facilitate new applications (like OS providing rich abstractions for managing resources, need new abstractions for network applications)

5 Network-Wide Structures
SDN controllers can compute network-wide structures that give global visibility into network state → simplify networking applications Network Information Base (NIB) in controller evaluating Dijkstra's shortest-path algorithm over the structure representing the topology spanning tree: difficult with distributed algorithms vs. Prim’s algorithm

6 Distributed Updates Configuration updates to be eventually consistent
if network configuration is recalculated due to link failure, a packet may traverse a switch once in original state and a second time in updated state → forwarding loops or dropping packets eventually consistent updates do not always suffice in SDN an SDN controller might manage both filtering rules and forwarding rules, and these rules may be critical for ensuring invariants such as access control or isolation between traffic of tenants sharing network → invariants can be violated during periods of transition

7 Modular Composition In OS, processes allow multiple users to share hardware resources; processes interact via well-specified interfaces SDN controller as network OS, but lacks abstraction analogous to process Network programming needs modularization SDN building blocks = {forwarding, broadcast, monitoring, access control, …}

8 Virtualization (1) Decouples software that controls network from the underlying forwarding hardware Does not decouple forwarding logic from underlying physical network topology SDN controllers now provide primitives for writing applications in terms of virtual network elements Decoupling programs from topology also creates opportunities for making SDN applications more scalable and fault tolerant

9 Virtualization (2) Access control Multi-tenant datacenter
encoding MAC or IP addresses into configuration topology changes (due to mobility) undermines security when access control lists are configured in terms of a virtual switch connected to each host, then policy remains stable even if topology changes Multi-tenant datacenter allow multiple tenants to impose different policies on devices in a shared physical network overlapping addresses and services lead to complicated forwarding tables → hard to guarantee that traffic generated by one tenant will be isolated from other tenants using virtual switches, each tenant can be provided with a virtual network they can configure however they like without interfering with other tenants

10 Virtualization (3) Scale-out router
in large networks, it can be necessary to make a collection of physical switches behave like a single logical switch for example, a large set of low-cost commodity switches could be assembled into a single carrier-grade router. besides simplifying forwarding logic for individual applications, this approach can also be used to obtain scalability—because such a router only exists at the logical level, it can be dynamically augmented with additional physical switches as needed Virtualization makes applications more portable and scalable by decoupling forwarding logic from specific physical topologies

11 Virtualization (4) Virtualization abstraction Virtualization mechanism
e.g., VMware’s NSX, Frenetic languages, Virtualization mechanism hypervisor

12 Formal Verification (1)
Manual low-level network configuration → unreliable and/or insecure networks SDN standardizes interface to network hardware → tools to build and operate reliable networks Network invariants: properties can be checked automatically using tools that formally model the state of network and controller What properties? Many properties are topology-specific they can be stated and verified given a model of the structure of network

13 Formal Verification (2)
Topology-specific properties Connectivity: eventually packets are delivered except due to congestion or failures Loop freedom: no loop in network Waypointing: packets emitted by untrustworthy hosts traverse middlebox that scans for malicious traffic before being forwarded to intended destinations Bandwidth: provide minimum bandwidth specified in SLA Topology-agnostic properties or properties for large classes of topologies [correctness criteria] Access control Host learning Spanning tree

14 Formal Verification (3)
Both types of properties are difficult to establish in traditional networks, as they require reasoning about complex state distributed across many heterogeneous devices Uniform interfaces provided by SDN simply verification To verify configurations model both topology and switch configurations e.g., Header Space Analysis, FlowChecker, Antester, VeriFlow, NetKAT To verify controllers (control programs) e.g., NICE, NetCore, VeriCon, Flowlog

15 Formal Verification (4)
Need for tools that can provide rigorous guarantees about behavior, performance, reliability, and security of networked systems By standardizing interfaces for controlling networks, SDN makes it feasible to build tools for verifying configurations and controllers against precise formal models Future directions developing custom logics and decision procedures for expressing and checking properties enriching models with additional features such as latency and bandwidth better integrating property checking and debugging tools into SDN controller platforms

Download ppt "Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014"

Similar presentations

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.

Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
Routing and Routing Protocols

Routing and Routing Protocols
A Scalable, Commodity Data Center Network Architecture Mohammad Al-Fares, Alexander Loukissas, Amin Vahdat Presented by Gregory Peaker and Tyler Maclean.

A Scalable, Commodity Data Center Network Architecture Mohammad Al-Fares, Alexander Loukissas, Amin Vahdat Presented by Gregory Peaker and Tyler Maclean.
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,

Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
WAN Technologies.

WAN Technologies.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.

Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.
Chapter 4: Managing LAN Traffic

Chapter 4: Managing LAN Traffic
Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.
Introduction to Routing and Routing Protocols By Ashar Anwar.

Introduction to Routing and Routing Protocols By Ashar Anwar.
Software-Defined Networks Jennifer Rexford Princeton University.

Software-Defined Networks Jennifer Rexford Princeton University.

Similar presentations

Ads by Google