Download presentation
Presentation is loading. Please wait.
Published byLoren Chavez Modified over 9 years ago
1
Models and techniques for verification of Software Defined Networks
Victor Altukhov Eugene Chemeritsky Vladislav Podymov Vladimir Zakharov Applied Research Center for Computer Networks
2
Outline Introduction Software Defined Networks
SDN Packet Forwarding Policies PFP Model Policy language FO[TC] Verifying monitor Vermont Experiments & Comparison
3
What is Software Defined Network?
What is SDN? Conventional network Application Forwarding state Host Port Link Switch B A
4
What is SDN? … Conventional network B A Task How to forward a packet
Application Topology … Forwarding state Packet Packet Packet B A
5
What is SDN? Conventional network decentralized control non-uniformity
Application Forwarding state decentralized control non-uniformity App App FS FS B App App FS A FS
6
What is SDN? Conventional network SDN Controller centralized control
decentralized control uniformity non-uniformity App App FS FS B App App FS A FS
7
What is SDN? SDN Controller centralized control uniformity
Application centralized control uniformity Control plane OpenFlow Data plane FS FS B FS A FS
8
What is SDN? SDN Controller centralized control uniformity
Application Upd Upd centralized control uniformity Control plane OpenFlow Ok, I can do it Don’t know what to do Data plane FS FS B FS A FS
9
What is Packet Forwarding Policy?
What is PFP? What is Packet Forwarding Policy? Example: Requirements imposed on a network to guarantee that its behavior is safe correct secure …
10
What is PFP? Example: Reachability B A
Packets from the host A will eventually reach the host B B A
11
What is PFP? Example: No topological loops B A
Packets do not traverse the same switch twice B A
12
What is PFP? Example: Short routes only B A
1 2 3 4 All hosts are reached in at most 3 hops B A
13
What is PFP? Static Timeline Why ? Hardware errors
Software (application) errors We want to check if PFPs hold in a real SDN Static and consider PFPs Timeline w.r.t. to
14
How to check PFPs? Fast! Fast! ⊧ Policies Network M P Network model
Formal specification Fast! ⊧ M P ~ 10μs Model checking
15
Packet state Switch #2 Port #1 Header #h2 Switch #1 Port #1 Switch #4
B h1 h4 A Switch #4 Port #3 Header #h4
16
Packet state Switch #2 Port #1 Header #h2 Switch #w Port #p Header #h
B A Switch #4 Port #3 Header #h4
17
Packet state S sizew sizep sizeh is the set of all packet states … 1
Switch #w Port #p Header #h Switch #w Port #p Header #h … 1 sizew sizep sizeh S is the set of all packet states
18
Raw model (p1, h1) (p2, h2) (p, h) … (pk, hk) rule
is an explicit description of key SDN components such as: (p1, h1) (p2, h2) rule (p, h) … (pk, hk)
19
Raw model table (p1, h1) (p2, h2) (p, h) … (pk, hk) rule rule rule
is an explicit description of key SDN components such as: table (p1, h1) rule (p2, h2) rule (p, h) rule … rule (pk, hk) default
20
Raw model table table … (p1, h1) (p2, h2) … (p, h) … … (pk, hk) Switch
is an explicit description of key SDN components such as: Switch … (p1, h1) table table (p2, h2) … (p, h) … … (pk, hk)
21
Relational model Step ⊆ S x S In ⊆ S Out ⊆ S
22
Relational model Step In Out ⊆ S x S ⊆ S ⊆ S (x, y) BDD (x) BDD (x)
23
PFP Specification Language: syntax
Step In Out (x, y) (x) (x) Atoms: First order logic constructors: ⋁ & ⌝ ∀ ∃ x = y x = const State equalities: x.w = y.w x.w = const x.p = y.p x.p = const x.h = y.h x.h = const Closure constructors: + F (x, y) – transitive closure [i1, i2] F (x, y) – bounded transitive closure
24
PFP SL: semantics (Step, In, Out, …) F RF ⊆ S × … × S n times
Given a relational model F (x1, …, xn) a PFP SL formula defines a relation RF ⊆ S × … × S n times How?
25
PFP SL: semantics (Step, In, Out, …) F RF Step In Out ⊆ S × … × S
Given a relational model F (x1, …, xn) a PFP SL formula defines a relation RF ⊆ S × … × S n times How? Step In (x, y) (x) Obvious Out (x) … = …
26
PFP SL: semantics (Step, In, Out, …) F RF F1 F2 F1 F2 F ⊆ S × … × S
Given a relational model F (x1, …, xn) a PFP SL formula defines a relation RF ⊆ S × … × S n times F1 F2 (…) (…) How? ⋁ Union F1 F2 (…) (…) & Intersection F ⌝ (…) Complement
27
PFP SL: semantics (Step, In, Out, …) F RF F F ⊆ S × … × S n times
Given a relational model F (x1, …, xn) a PFP SL formula defines a relation RF ⊆ S × … × S n times How? F ∀ x (…) Universal projection F ∃ x (…) Existential projection
28
PFP SL: semantics (Step, In, Out, …) F RF F F ⊆ S × … × S n times
Given a relational model F (x1, …, xn) a PFP SL formula defines a relation RF ⊆ S × … × S n times + How? F (x, y) Transitive closure [i1, i2] F (x, y) Bounded transitive closure
29
PFP SL: examples A B Step In Step Step In Out Step Step Reachability y
∀ x (x) ∃ (y) Step * & (x, y) No topological loops In Step * ⌝ ∃ x,y,z (x) & (x, y) & + Step (y, z) & y.w = z.w Short routes only In Out ⌝ ∃ x,y (x) & (y) & + Step Step [1, 3] (x, y) ⌝ & (x, y)
30
What else? adequate Model update Model Model Network
continuously changes adequate Model should be at every instant We should be able to update Model on-line Model The update rate for Network should surpass the update rate for We can do it not discussed (to some extent)
31
How does it work? Checker Controller Loader Proxy Network
Main usage now: Checker Proxy Network
32
We tested it for Stanford University Network 16 switches
Fat Tree topology 48 tables forw. rules 1500 ACL rules >100 VLAN
33
(strict superset of others)
Tool comparison Tool Build (ms.) Update Policies OpenFlow concepts VERMONT (2014) 4600 FO[TC] (strict superset of others) Full NetPlumber (2013) 37000 CTL Partial VeriFlow (2013) > 4000 68-100 Small fixed set Minimal AP Verifier (2013) 1000 0.1 FlowChecker (2010) Anteater (2011) 400000 ??? No
34
The End Me:
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.