Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS434/534: Topics in Networked (Networking) Systems High-Level Programming for Programmable Networks Yang (Richard) Yang Computer Science Department.

Published byFanny Muljana Modified over 6 years ago

Similar presentations

Presentation on theme: "CS434/534: Topics in Networked (Networking) Systems High-Level Programming for Programmable Networks Yang (Richard) Yang Computer Science Department."— Presentation transcript:

1 CS434/534: Topics in Networked (Networking) Systems High-Level Programming for Programmable Networks Yang (Richard) Yang Computer Science Department Yale University 208A Watson

2 Outline Admin and recap High-level datapath programming
blackbox (trace-tree) whitebox compact per-instruction table (PIT) pipeline

3 Recap: Datapath Model Low-level TCAM based computing model with limited resources

4 Recap: Higher-Level Driven, Manual Model
badPort = // policy hostTbl = {A:1,B:2, C:3,D:4} // net view def onPacketIn(p): if badPort == p.tcp_dst: // drop compute rules else: // forward([hostTbl(p.eth_dst)]) 1 4 2 3 A B D C

5 Recap: General Higher-Level Programming Model
Conceptually programmer’s network control function f is invoked on every packet entering the network. f expressed in an existing, general purpose language (e.g., Java, Python), describing how a packet should be routed, not how data path flow tables are configured f: packet route

6 Program -> Decision Tree (Trace Tree)
Policy Trace Tree Route f(Packet p) { if (p.tcpDstIs(22)) return null(); else { Location sloc = hostTable(p.ethSrc()); Location dloc = hostTable(p.ethDst()); Route path = myRoutingAlg( topology(),sloc,dloc); return path; } 1 2 ? true false Read: EthSrc Read: EthDst path1 Assert: TcpDst==22 Maple then uses this trace to begin generating the Trace Tree. In this case, Maple still doesn’t know what will happen if the assertion is true, and it therefore adds a placeholder under the true branch. Now, if we execute f on a packet to tcp destination 22, the assertion is true, and the packet is dropped. Maple logs this new trace and uses it to refine its Trace Tree, filling in the true branch of the assertion. Programs use a simple library to access pkt attributes, allowing recording dependency!

7 Program -> Decision Tree (Trace Tree)
Policy Trace Tree Route f(Packet p) { if (p.tcpDstIs(22)) return null(); else { Location sloc = hostTable(p.ethSrc()); Location dloc = hostTable(p.ethDst()); Route path = myRoutingAlg( topology(),sloc,dloc); return path; } 1 2 ? true false Read: EthSrc Read: EthDst path1 Assert: TcpDst==22 Maple then uses this trace to begin generating the Trace Tree. In this case, Maple still doesn’t know what will happen if the assertion is true, and it therefore adds a placeholder under the true branch. Now, if we execute f on a packet to tcp destination 22, the assertion is true, and the packet is dropped. Maple logs this new trace and uses it to refine its Trace Tree, filling in the true branch of the assertion. Blackbox: Because the system does not see much of the program internal.

8 Trace Tree => Datapath
Simple, classical in-order tree traversal generates datapath! Trace Tree => Datapath tcpDst ==22 3 1 True False 2 ethDst drop match:{tcpDst==22} 4 2 ethSrc drop match:{tcpDst!=22, ethDst:2} 6 port 30 barrier rule: match:{tcpDst!=22, ethDst:4,ethSrc:6} match:{tcpDst==22} action:ToController Priority

9 Trace Tree in Action Assume n hosts in hostTable
Map<MAC, Switch> hostTable; 0. Route onPacketIn(Packet p) { 1. Switch srcSw = hostTable.get( p.ethSrc() ); 2. Switch dstSw = hostTable.get( p.ethDst() ); Route aRoutes = AllPairRoutes(); return aRoutes.get(srcSw, dstSw); Assume n hosts in hostTable TT after pingall among the n hosts

10 Trace Tree in Action a1 an p1 pn p pn2 Is there a better design?
Map<MAC, Switch> hostTable; 0. Route onPacketIn(Packet p) { 1. Switch srcSw = hostTable.get( p.ethSrc() ); 2. Switch dstSw = hostTable.get( p.ethDst() ); Route aRoutes = AllPairRoutes(); return aRoutes.get(srcSw, dstSw); Assume n hosts in hostTable TT after pingall among the n hosts Flow table from trace tree ethSrc ethDst a1 p1 pn an p pn2 ethSrc ethDst Action a1 p1 a2 p2 .. an pn2 Is there a better design?

11 Alternative (2-Tables) Design
Assume k switches. ethSrc Action a1 regsrcSw=y1 jump 2 a2 regsrcSw=y2 jump 2 .. an regsrcSw=yn jump 2 otherwise drop Table 2 regssrcSw ethDst Action sw1 a1 p1,1 a2 p1,2 .. swk an pk,n otherwise drop

12 Alternative (3-Tables) Design
Assume k switches. Table 1 ethSrc Action a1 regsrcSw=y1 jump 2 a2 regsrcSw=y2 jump 2 .. an regsrcSw=yn jump 2 otherwise drop Table 3 regsrcSw regsdstSw Action sw1 p1,1 sw2 p1,2 .. swk pk,k otherwise drop Table 2 ethDst Action a1 regdstSw=y1 jump 3 a2 regdstSw=y2 jump 3 .. an regdstSw=yn jump 3 otherwise drop

13 n2 entries; more if under attacks
Comparison of 3 Designs Assume n = 4000, k = 100 Design #flow rules 1 table 2 tables 3 tables n2 entries; more if under attacks 16,000,000 = 16M n + kn entries ,000 = 404K 2n + k2 entries ,000 = 18K

14 Summary: Blackbox Trace Tree
Pros Simple, language independent Cons Generate only a single table Reactive, with potentially long latency

15 Outline Admin and recap High-level datapath programming
blackbox (trace-tree) whitebox

16 Objective Proactive, fully generated datapath
Traditionally considered too hard to compile a high-level program to a datapath as they have quite different programming models algorithm vs lookup tables Objective of today’s class: See if we can make progress in compiling a general program to datapath

17 Objective: Generate Best Datapath
Map<MAC, Switch> hostTable; 0. Route onPacketIn(Packet p) { 1. Switch srcSw = hostTable.get( p.ethSrc() ); 2. Switch dstSw = hostTable.get( p.ethDst() ); Route aRoutes = AllPairRoutes(); return aRoutes.get(srcSw, dstSw); Table 1 Table 2 Table 3 ethSrc Action a1 regsrcSw=y1 jump 2 a2 regsrcSw=y2 jump 2 .. an regsrcSw=yn jump 2 otherwise drop ethDst Action a1 regdstSw=y1 jump 3 a2 regdstSw=y2 jump 3 .. an regdstSw=yn jump 3 otherwise drop regsrcSw regsdstSw Action sw1 p1,1 sw2 p1,2 .. swk pk,k otherwise drop Any pattern of the best pipeline?

18 Outline Admin and recap High-level datapath programming
blackbox (trace-tree) whitebox compact per-instruction table (PIT) pipeline

19 OutVar(I) =I(1,1,1); Jump to J
General Feasibility Function f consists of a sequence of instructions I1, I2, …, In - Each assignment instruction I followed by J is a mapping from input variable values to output variable states: I: outVar = I(I1, I2, …, In) - Each conditional instruction I can also be mapped: I: if ( boolVar ) { I1, …} else {I2, …} InVar(I)1 InVar(I)2 InVar(I)3 Action 1 OutVar(I) =I(1,1,1); Jump to J boolVar(I) Action true jump I1 false jump I2 InVar(I)1 I OutVar(I) InVar(I)2 InVar(I)3

20 Revisit I1 I2 I4 Map<MAC, Switch> hostTable;
0. Route onPacketIn(Packet p) { 1. Switch srcSw = hostTable.get( p.ethSrc() ); 2. Switch dstSw = hostTable.get( p.ethDst() ); Route aRoutes = AllPairRoutes(); return aRoutes.get(srcSw, dstSw); I1 I2 I4 ethSrc Action 1 regsrcSw=y1 jump 2 2 regsrcSw=y2 jump 2 .. an regsrcSw=yn jump 2 otherwise drop ethDst Action a1 regdstSw=y1 jump 3 a2 regdstSw=y2 jump 3 .. an regdstSw=yn jump 3 otherwise drop regsrcSw regsdstSw Action sw1 p1,1 sw2 p1,2 .. swk pk,k otherwise drop

21 Running Example Route onPacketIn(Packet p) {
Map<MAC, Switch> hostTable; // {11->sw1, 22->sw1, 33->sw2,others swu} Map<MAC, Cond> condTable; // {11->S, 22->C, 33->C, others UK} Set openPorts; // {22, 53, 80, 8000, 8080, 9090} Route onPacketIn(Packet p) { L1 if (p.dstPort < 1025) { // privileged port, SW_FW L2: dstSw = SW_FW; L3: dstCond = V; L4: } else if (openPorts.contains(p.dstPort)) { // spec user L5: dstSw = hostTable[p.dstMac]; L6: dstCond = condTable[p.dstMac]; L7: } else { L8: return Drop; } // All pairs paths for all dstConds L9: allPaths = AllPairsCond.execute( ... ); L10: srcSw = hostTable[p.srcMac]; L11: return allPaths[dstCond].get(srcSw,dstSw); }

22 Exercise: Map Each Instruction to a Flow Table
Map<MAC, Switch> hostTable; // {11->sw1, 22->sw1, 33->sw2,others swu} Map<MAC, Cond> condTable; // {11->S, 22->C, 33->C, others UK} Set openPorts; // {22, 53, 80, 8000, 8080, 9090} Route onPacketIn(Packet p) { L1 if (p.dstPort < 1025) { // privileged port, SW_FW L2: dstSw = SW_FW; L3: dstCond = V; L4: } else if (openPorts.contains(p.dstPort)) { // spec user L5: dstSw = hostTable[p.dstMac]; L6: dstCond = condTable[p.dstMac]; L7: } else { L8: return Drop; } // All pairs paths for all dstConds L9: allPaths = AllPairsCond.execute( ... ); L10: srcSw = hostTable[p.srcMac]; L11: return allPaths[dstCond].get(srcSw,dstSw); }

23 Table Design We say L1 is a compact-mapable (CM) instruction: Despite large input domain, small # of rules to express. Naïve enumeration Compact encoding L1 Pri p.dstPort Action 2 xx xxxx xxxx regg1=true jump L2 1 xxxx xxxx regg1=false jump L2 p.dstPort Action 1 Regg1 = true jump L2 2 ... 216 Regg1=false jump L2 L1. g1 = p.dstPort < 1025;

24 More Example of CM Statements
y = p.ethSrc == p.ethDst p.ethSrc p.ethDst Action ***0 ***1 false **0* **1* * true p.ethSrc p.ethDst Action 1 y=true 2 y=false ... 248 Exercise: y = p.ethSrc != p.ethDst

25 Table Design L5 is another type of CM instruction: Despite large input domain, system state already provides (small) potential values. Compact encoding using system state Naïve enumeration L5 p.dstPort Action 1 Regg2 = false; jump L6 ... 22 Regg2 = true; jump L6 216 Regg1=false; jump L6 Pri p.dstPort Action 2 22 Regg2 = true; jump L6 53 80 8000 8080 Regg2=true; jump L6 9090 1 * Regg2=false; jump L6 L5. g2 = openPorts.contains(p.dstPort); // openPorts = {22, 53, 80, 8000, 8080, 9090};

26 List of CM Instructions
Q: What are some instructions that are fundamentally hard to express by lookups?

27 Non-Compact Instruction
srcMac % n, where n is not a power of 2 has no compact representation.

28 State of After CM Analysis
Map<MAC, Switch> hostTable; // {11->sw1, 22->sw1, 33->sw2,others swu} Map<MAC, Cond> condTable; // {11->S, 22->C, 33->C, others UK} Set openPorts; // {22, 53, 80, 8000, 8080, 9090} Route onPacketIn(Packet p) { L1 if (p.dstPort < 1025) { // privileged port, SW_FW L2: dstSw = SW_FW; L3: dstCond = S; L4: } else if (openPorts.contains(p.dstPort)) { // spec user L5: dstSw = hostTable[p.dstMac]; L6: dstCond = condTable[p.dstMac]; L7: } else { L8: return Drop; } // All pairs paths for all dstConds L9: allPaths = AllPairsCond.execute( ... ); L10: srcSw = hostTable[p.srcMac]; L11: return allPaths[dstCond].get(srcSw,dstSw); }

29 Summary: Progress & Remaining Problems
Symbolic analysis/direct state-plugin cannot generate tables for some instructions Tables computed in isolation can have unnecessary rules.

30 Discussion: How to Handle the Problems?
Map<MAC, Switch> hostTable; // {11->sw1, 22->sw1, 33->sw2,others swu} Map<MAC, Cond> condTable; // {11->S, 22->C, 33->C, others UK} Set openPorts; // {22, 53, 80, 8000, 8080, 9090} Route onPacketIn(Packet p) { L1 if (p.dstPort < 1025) { // privileged port, SW_FW L2: dstSw = SW_FW; L3: dstCond = S; L4: } else if (openPorts.contains(p.dstPort)) { // spec user L5: dstSw = hostTable[p.dstMac]; L6: dstCond = condTable[p.dstMac]; L7: } else { L8: return Drop; } // All pairs paths for all dstConds L9: allPaths = AllPairsCond.execute( ... ); L10: srcSw = hostTable[p.srcMac]; L11: return allPaths[dstCond].get(srcSw,dstSw); }

31 Discussion: How to Handle the Problems?
Map<MAC, Switch> hostTable; // {11->sw1, 22->sw1, 33->sw2,others swu} Map<MAC, Cond> condTable; // {11->S, 22->C, 33->C, others UK} Set openPorts; // {22, 53, 80, 8000, 8080, 9090} Route onPacketIn(Packet p) { L1 g1 = p.dstPort < 1025; L2 if ( g1 ) { L3: dstSw = SW_FW; L4: dstCond = S; } else { L5: g2 = openPorts.contains(p.dstPort); // not compact L6: if ( g2 ) { L7: dstSw = hostTable[p.dstMac]; L8: dstCond = condTable[p.dstMac]; L9: return Drop; } } } // All pairs paths for all dstConds L10: allPaths = AllPairsCond.execute( ... ); L11: srcSw = hostTable[p.srcMac]; L12: return allPaths[dstCond].get(srcSw,dstSw); // inputs? }

32 Observation of One Approach
Both problems require computing valid inputs to instructions: g2 = openPorts.contains(p.dstPort); If we know valid inputs to dstPort (<1025), we can prune the extra rules (22, 53, 80) allPaths[dstCond].get(srcSw,dstSw); If we know the valid values of (dstCond, srcSw, dstSw) reaching this instruction, we can compute a compact flow table for it (not all potential values).

33 Discuss: How to Compute Valid Inputs (Reachable States) to Each Instruction
Map<MAC, Switch> hostTable; // {11->sw1, 22->sw1, 33->sw2, others swu} Map<MAC, Cond> condTable; // {11->S, 22->C, 33->C, others UK} 0. Route onPacketIn(Packet p) { L1. Switch dstSw = hostTable.get( p.dstMac() ); L2. Cond dstCond = condTable.get( p.dstMac() ); L3. Route aRoutes = AllPairCondRoutes(); L4. return aRoutes.get(dstSw, dstCond); Design 1: takes avantage of CM Inputs to L4: |dstSw| from L1 x |dstCond| from L2 Q: Is this the best?

Download ppt "CS434/534: Topics in Networked (Networking) Systems High-Level Programming for Programmable Networks Yang (Richard) Yang Computer Science Department."

Similar presentations

June 2007NSF Find Forensics and Attribution in Ethane Martin Casado Stanford University With: Michael Freedman, Justin Pettit, Jianying Luo, Natasha Gude,

June 2007NSF Find Forensics and Attribution in Ethane Martin Casado Stanford University With: Michael Freedman, Justin Pettit, Jianying Luo, Natasha Gude,
CS412/413 Introduction to Compilers Radu Rugina Lecture 16: Efficient Translation to Low IR 25 Feb 02.

CS412/413 Introduction to Compilers Radu Rugina Lecture 16: Efficient Translation to Low IR 25 Feb 02.
CSE 3341.03 Winter 2008 Introduction to Program Verification symbolic execution continued.

CSE Winter 2008 Introduction to Program Verification symbolic execution continued.
Chapter 9 Describing Process Specifications and Structured Decisions

Chapter 9 Describing Process Specifications and Structured Decisions
Chapter 9 Describing Process Specifications and Structured Decisions Systems Analysis and Design Kendall & Kendall Sixth Edition © 2005 Pearson Prentice.

Chapter 9 Describing Process Specifications and Structured Decisions Systems Analysis and Design Kendall & Kendall Sixth Edition © 2005 Pearson Prentice.
Chapter 9 Describing Process Specifications and Structured Decisions

Chapter 9 Describing Process Specifications and Structured Decisions
Ch6: Software Verification. 1 Statement coverage criterion  Informally:  Formally:  Difficult to minimize the number of test cases and still ensure.

Ch6: Software Verification. 1 Statement coverage criterion  Informally:  Formally:  Difficult to minimize the number of test cases and still ensure.
Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.

Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
1/20 Symbolic Execution and Program Testing Charngki PSWLAB Symbolic Execution and Program Testing James C.King IBM Thomas J.Watson Research Center.

1/20 Symbolic Execution and Program Testing Charngki PSWLAB Symbolic Execution and Program Testing James C.King IBM Thomas J.Watson Research Center.
Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.

Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.
Lecture #12 Distributed Algorithms (I) CS492 Special Topics in Computer Science: Distributed Algorithms and Systems.

Lecture #12 Distributed Algorithms (I) CS492 Special Topics in Computer Science: Distributed Algorithms and Systems.
Describing Process Specifications and Structured Decisions Systems Analysis and Design, 7e Kendall & Kendall 9 © 2008 Pearson Prentice Hall.

Describing Process Specifications and Structured Decisions Systems Analysis and Design, 7e Kendall & Kendall 9 © 2008 Pearson Prentice Hall.
Project Creation Review: Maple in OpenDaylight Andreas Voellmy, Y. Richard Yang, Xiao Shi, Xin Li, Reinaldo Penno December 18, 2014.

Project Creation Review: Maple in OpenDaylight Andreas Voellmy, Y. Richard Yang, Xiao Shi, Xin Li, Reinaldo Penno December 18, 2014.
What does a computer program look like: a general overview.

What does a computer program look like: a general overview.
ISBN 0-321-19362-8 Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
Computer Science: A Structured Programming Approach Using C1 5-2 Two-Way Selection The decision is described to the computer as a conditional statement.

Computer Science: A Structured Programming Approach Using C1 5-2 Two-Way Selection The decision is described to the computer as a conditional statement.
Computer Science: A Structured Programming Approach Using C1 5-2 Two-Way Selection The decision is described to the computer as a conditional statement.

Computer Science: A Structured Programming Approach Using C1 5-2 Two-Way Selection The decision is described to the computer as a conditional statement.
Chapter 3 Part II Describing Syntax and Semantics.

Chapter 3 Part II Describing Syntax and Semantics.
Slide 1 Simple, Flexible Programming of Data Movement Paths using Algorithmic Policies PIs: Y. Richard Yang, Robert Bjornson, Andrew Sherman Architect:

Slide 1 Simple, Flexible Programming of Data Movement Paths using Algorithmic Policies PIs: Y. Richard Yang, Robert Bjornson, Andrew Sherman Architect:
Pyretic Programming.

Pyretic Programming.

Similar presentations

Ads by Google