Presentation is loading. Please wait.

Presentation is loading. Please wait.

SDN Abstractions Lecture 20 Aditya Akella. Going beyond defining a virtual network, configuring specific network functions Application interface – PANE:

Published byJustin McCormick Modified over 9 years ago

Similar presentations

Presentation on theme: "SDN Abstractions Lecture 20 Aditya Akella. Going beyond defining a virtual network, configuring specific network functions Application interface – PANE:"— Presentation transcript:

1 SDN Abstractions Lecture 20 Aditya Akella

2 Going beyond defining a virtual network, configuring specific network functions Application interface – PANE: Participatory networking Management – HFT: Delegation and conflict resolution – Splendid isolation: Slicing/isolation

3 Participatory networking and HFT PANE: user interface for the network control plane – End-users, devices or applications Key components: – Privilege delegation to reconcile requests and network constraints – A protocol and API to interaction – A suitable control logic

4 Privilege delegation Hierarchy of shares All shares can sub-delegate – Subsets defined on subset of parent’s flow group – May not have more permissive privileges Which speakers can issue which messages on which flowgroups

5 “API” Requests  allow/deny, reserve, limit – Could be associated with time – “Come back later” Hints  for traffic prioritization, future traffic patterns Queries  read network state Accept a message if – it passes privilege check, – referenced flowgroup is subset of share’s group, – if the request can co-exist with previously accepted requests

6 HFT Hierarchy of privileges  hierarchy of policies

7 HFT Conflict resolution operators: node-internal, inter-sibling and parent-child

8 HFT Conflict resolution operators: node-internal, inter-sibling and parent-child

9 HFT

10 HFT Operators D and S identical. Deny overrides Allow. GMB combines as max Child overrides Parent for Access Control GMB combines as max Only Requirements: Associative, 0-identity

11 HFT and PANE

12 Critique of PANE + HFT?

13 Isolation

14 Traffic isolation Physical isolation Control isolation

15 Some possibilities VLANs  obviously bad (why?) Flowvisor “Splendid”

16 Flowvisor Intercepts/analyzes/ multiplexes events

17 Slices in Splendid Make isolation part of the language. – For security and modularity. Give each client a slice of the network which they can assume complete control over, as if they were alone on the network. Given a set of slices and a policy for each slice, compile them into one whole network program that enforces isolation.

18 Slices

19 Outgoing pkts

20 Implementation Input: a set of slices and policies. (Must be VLAN-­‐independent.) Output: a single, global policy that enforces isolation.

21 Issues with Splendid Read-only slices. Consider an admin/billing slice that monitors use. Isolation is too strong Isolation as the way to “enforce” program modularity?

22 Flowvisor vs. Splendid Why is FV better? Why is Splendid better?

Download ppt "SDN Abstractions Lecture 20 Aditya Akella. Going beyond defining a virtual network, configuring specific network functions Application interface – PANE:"

Similar presentations

Service Bus Service Bus Access Control.

Service Bus Service Bus Access Control.
On the Management of Virtual Networks Group 3 Yang Wenzhi 3474953 Wang Qian 3430773 Issam Alkindi 3444783 Zhu Guangjin 3440223 Zhang Haifeng 3392273 Sanjeev.

On the Management of Virtual Networks Group 3 Yang Wenzhi Wang Qian Issam Alkindi Zhu Guangjin Zhang Haifeng Sanjeev.
SDN Abstractions. In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies.

SDN Abstractions. In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Openflow App Security Chao SHI Stephen Duraski. Background Software-defined networking o Control plane abstraction o Abstract topology view o Abstraction.

Openflow App Security Chao SHI Stephen Duraski. Background Software-defined networking o Control plane abstraction o Abstract topology view o Abstraction.
Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,

Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,
Making Cellular Networks Scalable and Flexible Li Erran Li Bell Labs, Alcatel-Lucent Joint work with collaborators at university of Michigan, Princeton,

Making Cellular Networks Scalable and Flexible Li Erran Li Bell Labs, Alcatel-Lucent Joint work with collaborators at university of Michigan, Princeton,
Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Web Services Andrea Miller Ryan Armstrong Alex. Web services are an emerging technology that offer a solution for providing a common collaborative architecture.

Web Services Andrea Miller Ryan Armstrong Alex. Web services are an emerging technology that offer a solution for providing a common collaborative architecture.
Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,

Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6.
Data Security in Local Networks using Distributed Firewalls

Data Security in Local Networks using Distributed Firewalls
Client-server database systems and ODBC l Client-server architecture and components l More on reliability and security l ODBC standard.

Client-server database systems and ODBC l Client-server architecture and components l More on reliability and security l ODBC standard.
Implementation support CSCI324, IACT403, IACT 931, MCS9324 Human Computer Interfaces.

Implementation support CSCI324, IACT403, IACT 931, MCS9324 Human Computer Interfaces.
1 CCNA 3 v3.1 Module 9. 2 CCNA 3 Module 9 VLAN Trunking Protocol.

1 CCNA 3 v3.1 Module 9. 2 CCNA 3 Module 9 VLAN Trunking Protocol.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Similar presentations

Ads by Google