Presentation is loading. Please wait.

Presentation is loading. Please wait.

Y. WuHotNets-XII (Nov 22, 2013)1 Answering Why-Not Queries in Software-Defined Networks with Negative Provenance Yang Wu* Andreas Haeberlen* Wenchao Zhou.

Published byNathan Shannon Holmes Modified over 9 years ago

Similar presentations

Presentation on theme: "Y. WuHotNets-XII (Nov 22, 2013)1 Answering Why-Not Queries in Software-Defined Networks with Negative Provenance Yang Wu* Andreas Haeberlen* Wenchao Zhou."— Presentation transcript:

1 Y. WuHotNets-XII (Nov 22, 2013)1 Answering Why-Not Queries in Software-Defined Networks with Negative Provenance Yang Wu* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University of Pennsylvania + Georgetown University

2 -SDN gives power, but they can have bugs -need good debuggers for SDNs Y. WuHotNets-XII (Nov 22, 2013)2 Motivation: SDN debugging Internet HTTP Server Data Center Network Controller

3 Why is the HTTP server getting DNS queries? -existing tools produce backtraces Y. WuHotNets-XII (Nov 22, 2013)3 Motivation: SDN debugging Internet HTTP Server Data Center Network Controller DNS Packet DNS Packet arrived at HTTP Server DNS Packet received at Switch Broken FlowEntry existed at Switch … … … Program DNS Packet Broken FlowEntry

4 Why is the HTTP server getting DNS queries? Y. WuHotNets-XII (Nov 22, 2013)4 Motivation: SDN debugging Internet HTTP Server Data Center Network Controller DNS Packet arrived at HTTP Server DNS Packet received at Switch FlowEntry existed at Switch … … DNS Packet Broken FlowEntry -backtraces require an observed event as starting point

5 -no starting point when debugging missing events -problem: diagnose missing events in networks Y. WuHotNets-XII (Nov 22, 2013)5 Challenge: no starting point Internet HTTP Server Data Center Network Controller Why is the HTTP server NOT getting requests?

6 Y. WuHotNets-XII (Nov 22, 2013)6 Approach: counter-factual reasoning -basis: counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not come to pass.

7 Y. WuHotNets-XII (Nov 22, 2013)7 Approach: counter-factual reasoning -basis: counter-factual reasoning NYC DC Why did Bob NOT arrive at DC?

8 Y. WuHotNets-XII (Nov 22, 2013)8 Approach: counter-factual reasoning -a SDN debugger that answers “Why-Not” questions Internet HTTP Server Data Center Network Controller No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch HTTP Packet received at Switch Dropping-FlowEntry existed at Switch … … Program … ??? HTTP Packet Dropping- FlowEntry Why is the HTTP server NOT getting requests?

9 Y. WuHotNets-XII (Nov 22, 2013)9 Approach: counter-factual reasoning No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch HTTP Packet received at Switch Dropping-FlowEntry existed at Switch … … Negative Provenance Graph

10 10 Overview Solution Status Implementation Fast queries using R-trees Supporting legacy programs Challenge: No starting point Goal: Diagnose missing events WHY NOT ? Approach: Counter-factual reasoning Generating negative provenance Improving readability Background: Provenance

11 Y. WuHotNets-XII (Nov 22, 2013)11 Background: network datalog -network datalog (NDLOG) PacketSent :- FlowEntry, PacketReceived. Head Predicate

12 Why is the HTTP server getting DNS queries? -provenance Y. WuHotNets-XII (Nov 22, 2013)12 Background: provenance DNS Packet arrived at HTTP Server DNS Packet received at Switch FlowEntry existed at Switch … … APPEAR(DNS Packet, @HTTP Server, t=3pm) EXIST(FlowEntry, @Switch, t=[1pm,now]) APPEAR(DNS Packet, @Switch, t=3pm) EXIST INSERT, DELETE DERIVE, UNDERIVE APPEAR, DISAPPEAR SEND, RECEIVE DELAY

13 Y. WuHotNets-XII (Nov 22, 2013)13 Negative provenance model -we extend the model to support negative provenance EXIST INSERT, DELETE DERIVE, UNDERIVE APPEAR, DISAPPEAR SEND, RECEIVE DELAY NEXIST NINSERT, NDELETE NDEDRIVE, NUNDERIVE NAPPEAR, NDISAPPEAR NSEND, NRECEIVE NARRIVE +

14 Y. WuHotNets-XII (Nov 22, 2013)14 Negative provenance model No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch HTTP Packet received at Switch Dropping-FlowEntry existed at Switch … … -we extend the model to support negative provenance Why is the HTTP server NOT getting requests? NAPPEAR(HTTP Packet, @HTTP Server, t=[-∞, 3pm]) NEXIST(Forwarding-FlowEntry, @Switch, t=[-∞, 3pm]) EXIST(Dropping-FlowEntry, @Switch, t=[10am,now]) APPEAR(HTTP Packet, @Switch, t=2pm)

15 Y. WuHotNets-XII (Nov 22, 2013)15 Generating negative provenance graphs -pseudo-code for building negative provenance graph

16 Y. WuHotNets-XII (Nov 22, 2013)16 Generating negative provenance graphs -explain non-existence of head with missing predicates FlowEntry PacketSent :- FlowEntry, PacketReceived. PacketReceived NEXT(PacketSent, t=[t1,now]) ??? time t1 t2 t3 t4 t5 now Head Predicate

17 Y. WuHotNets-XII (Nov 22, 2013)17 Generating negative provenance graphs -explain non-existence with missing pre-conditions PacketSent FlowEntry PacketReceived NEXT(PacketSent, t=[t1,now]) time t1 t2 t3 t4 t5 now NEXT(PacketReceived, t=[t1,t2]) NEXT(FlowEntry, t=[t2,t3]) NEXT(PacketReceived, t=[t3,t4]) NEXT(FlowEntry, t=[t2,t3]) NEXT(PacketReceived, t=[t5,now])

18 Y. WuHotNets-XII (Nov 22, 2013)18 Generating negative provenance graphs -select simple explanations time FlowEntry PacketReceived NEXT(PacketSent, t=[t1,now]) NEXT(FlowEntry, t=[t1,now])

19 Y. WuHotNets-XII (Nov 22, 2013)19 Generating negative provenance graphs -select simple explanations -finding the simplest explanation is as least as hard as Set Cover (NP-Hard) -close approximation is good enough time FlowEntry PacketReceived PacketSent :- FlowEntry, PacketReceived. Head Predicate

20 Y. WuHotNets-XII (Nov 22, 2013)20 Generating negative provenance graphs -pseudo-code for building negative provenance graph

21

22 Y. WuHotNets-XII (Nov 22, 2013)22 Improving readability -prune branches that correspond to failed assertions … NEXIST(FlowEntry(Pri > 255))... assert(FlowEntry(Pri < 63)) … … … Negative Provenance Graph Controller Program

23 Y. WuHotNets-XII (Nov 22, 2013)23 Improving readability Prune logical inconsistencies. Prune failed assertions. Branch coalescing. Application-specific invariants. Hide transient event chains. Summarize super-vertex.

24

25 Y. WuHotNets-XII (Nov 22, 2013)25 Improving readability -typical absolute size < 20 -~90% reduction in graph size

26 26 Overview Solution Challenge: No starting point Goal: Diagnose missing events WHY NOT ? Approach: Counter-factual reasoning Generating negative provenance Improving readability Background: Provenance Status Implementation Fast queries using R-trees Supporting legacy programs

27 Y. WuHotNets-XII (Nov 22, 2013)27 Status: implementation -graph builder -event storage -Mininet Internet HTTP Server Data Center Network (Mininet) SDN Controller Event Storage Graph Builder

28 Y. WuHotNets-XII (Nov 22, 2013)28 Status: fast queries -optimization: R-Tree Internet HTTP Server Data Center Network (Mininet) SDN Controller Event Storage Graph Builder

29 Y. WuHotNets-XII (Nov 22, 2013)29 Status: supporting legacy -Frenetic frontend Internet HTTP Server Data Center Network (Mininet) SDN Controller Event Storage Graph Builder

30 Y. WuHotNets-XII (Nov 22, 2013)30 -Goal: a debugger for missing events in SDNs Example: Why HTTP server is not getting requests? -Approach: Negative Provenance Use counterfactual reasoning to explain how the missing events could have occurred. -Raw provenance graphs are complex, but can be simplified considerably using heuristics Encouraging results from case studies. -We are working on a prototype implementation Efficient queries due to a special index. Supports an existing SDN language (Frenetic). Questions?

Download ppt "Y. WuHotNets-XII (Nov 22, 2013)1 Answering Why-Not Queries in Software-Defined Networks with Negative Provenance Yang Wu* Andreas Haeberlen* Wenchao Zhou."

Similar presentations

© 2014 A. Haeberlen, Z. Ives CIS 455/555: Internet and Web Systems 1 University of Pennsylvania Indexing February 5, 2014.

© 2014 A. Haeberlen, Z. Ives CIS 455/555: Internet and Web Systems 1 University of Pennsylvania Indexing February 5, 2014.
Semantic Data Caching and Replacement. Outline Motivation Client Caching Architecture Model of Semantic Caching Simulations and Results Conclusion and.

Semantic Data Caching and Replacement. Outline Motivation Client Caching Architecture Model of Semantic Caching Simulations and Results Conclusion and.
Delta Debugging and Model Checkers for fault localization

Delta Debugging and Model Checkers for fault localization
SIMPLE-fying Middlebox Policy Enforcement Using SDN

SIMPLE-fying Middlebox Policy Enforcement Using SDN
Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.

Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
A SOFT Way for OpenFlow Interoperability Testing Maciej Kuźniar, Peter Perešini, Marco Canini†, Daniele Venzano, Dejan Kostić‡ EPFL †TU Berlin/T-Labs ‡IMDEA.

A SOFT Way for OpenFlow Interoperability Testing Maciej Kuźniar, Peter Perešini, Marco Canini†, Daniele Venzano, Dejan Kostić‡ EPFL †TU Berlin/T-Labs ‡IMDEA.
A Simple Network Analogy. Components of our Imaginary Mail Network  Assistant  Warehouses of documents stored in folders  Warehouse address operators.

A Simple Network Analogy. Components of our Imaginary Mail Network  Assistant  Warehouses of documents stored in folders  Warehouse address operators.
NP-Complete William Strickland COT4810 Spring 2008 February 7, 2008.

NP-Complete William Strickland COT4810 Spring 2008 February 7, 2008.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Troubleshooting Inter-PLC Communication Latency Problem and Understanding Allen-Bradley Producer- Consumer Model Preliminary Report Johnny Tang 2/7/2005.

Troubleshooting Inter-PLC Communication Latency Problem and Understanding Allen-Bradley Producer- Consumer Model Preliminary Report Johnny Tang 2/7/2005.
Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.

Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.
Finding the Weakest Characterization of Erroneous Inputs Dzintars Avots and Benjamin Livshits.

Finding the Weakest Characterization of Erroneous Inputs Dzintars Avots and Benjamin Livshits.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
CSC458/2209 PA1 Simple Router Based on slides by: Antonin Seyed Amir Hejazi 19/09/2014 CSC458/2209 - Computer Networks, University of Toronto.

CSC458/2209 PA1 Simple Router Based on slides by: Antonin Seyed Amir Hejazi 19/09/2014 CSC458/ Computer Networks, University of Toronto.
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.

Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,

Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.

Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.

Similar presentations

Ads by Google