Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Network Repair with Meta Provenance

Published bySybil Karen Franklin Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Network Repair with Meta Provenance"— Presentation transcript:

1 Automated Network Repair with Meta Provenance
Fix it! Yang Wu* Ang Chen* Andreas Haeberlen* Wenchao Zhou Boon Thau Loo* * University of Pennsylvania Georgetown University Y. Wu HotNets-2015 (Nov 17, 2015)

2 server not getting requests?
Motivation: Automated repair Networks can have bugs How can we find and fix bugs quickly? else if (switch == S1 && protocol == HTTP) then action = output:3. Copy-and-paste bug!!! else if (switch == S1 && protocol == HTTP) then action = output:5. SDN Controller Why is the backup web server not getting requests? S0 5 S2 3 4 S1 Backup Web Server Main DNS Server Off-loading HTTP HTTP traffic Y. Wu HotNets-2015 (Nov 17, 2015)

3 Goal: Automated repair
Existing debuggers can identify problems But finding effective fixes is still hard Can we automate this? Goal: “Fix it!” button for networks NetSight (NSDI 2014): requests dropped at S2 Treated as given! S0 SDN Controller 5 S2 3 4 S1 Backup Web Server Main DNS Server Why is the backup web server not getting requests? How to make the backup web server get requests? Off-loading HTTP Y. Wu HotNets-2015 (Nov 17, 2015)

4 HTTP Packet received at Main Web Server
Approach: Meta provenance Problem: Finding fixes is hard Idea: Provenance can pinpoint the root cause But previous provenance focus exclusively on data Key idea: Treating program as data meta provenance HTTP Packet received at Main Web Server Matching Flow Entry installed at S1 PacketIn received at Controller Executed If Clause in Controller Program Y. Wu HotNets-2015 (Nov 17, 2015)

5 Output: Possible repairs
How could meta provenance be used? Press “Fix it!” No HTTP Packet received at H2 No Matching Flow Entry installed at S2 No Executed If Clause in Controller Program No Specific Constant Meta provenance is generated Output: Possible repairs How to make the backup web server get requests? Fixed! Fix it! Change “switch == S1” to “switch == S2” Y. Wu HotNets-2015 (Nov 17, 2015)

6 Overview Solution Goal: “Fix-it!” button for SDNs
Challenge: Cannot reason about program changes Goal: “Fix-it!” button for SDNs Approach: Meta provenance Overview Mete provenance model Generating repairs Solution Practical challenges Case study

7 Meta provenance model Constant(“S1”) Provenance Meta Provenance
Explains which inputs contribute to the outputs Explains which parts of the program contribute to the outputs Tuples: inputs, outputs Meta tuples: inputs, outputs, syntactic elements of the program Program: how input derives output Meta program: how the programming language operates Matching Flow Entry installed at S1 PacketIn received at Controller Matching Flow Entry installed at S1 Executed If Clause in Controller Program PacketIn received at Controller Constant Constant(“S1”) FlowEntry(“S2”, “HTTP”, “Output-1”) if (switch == S1 && protocol == HTTP) then action = output:5 if (operator == “==” && variable == constant) then expression = true

8 HTTP Packet received at Main Web Server
Meta provenance: Example Finds relevant syntactic elements else if (switch == S1 && protocol == HTTP) then action = output:3. else if (switch == S1 && protocol == HTTP) then action = output:5. HTTP Packet received at Main Web Server S0 1 SDN Controller 5 S2 3 4 S1 Backup Web Server Main DNS Server Matching Flow Entry installed at S1 Executed If Clause in Program HTTP traffic Satisfied Condition in Program Operator == in Program Variable in Program Constant in Program Y. Wu

9 Overview Solution Goal: “Fix-it!” button for SDNs
Challenge: Cannot reason about program changes Goal: “Fix-it!” button for SDNs Approach: Meta provenance Overview Mete provenance model Generating repairs Solution Practical challenges Case study

10 received at Controller No Satisfied Condition
Generating repairs counter-factual reasoning generates targeted repairs else if (switch == S1 && protocol == HTTP) then action = output:5. else if (switch == S1 && protocol == HTTP) then action = output:3. No HTTP Packet received at H2 Negative provenance (SIGCOMM 2014) S0 SDN Controller 5 S2 3 4 S1 Backup Web Server Main DNS Server No Matching Flow Entry installed at S2 Off-loading HTTP No Executed If Clause in Controller Program PacketIn received at Controller No Satisfied Condition in Controller Program Change “switch == S1” to “switch == S2” Operator == in Program Variable in Program Wrong Constant in Program Y. Wu

11 Practical challenges: Infinite repairs
Problem: Meta-provenance tree is infinite Idea: Programmers make certain errors more often We can explore repairs in cost order, up to some cut-off Other challenges are discussed in the paper Y. Wu HotNets-2015 (Nov 17, 2015)

12 How to make the backup web server get requests?
Case study We built an initial prototype of a debugger We defined a meta provenance model for NDLOG Our prototype fixed the copy-and-paste bug automatically else if (switch == S1 && protocol == HTTP) then action = output:5. S2 else if (switch == S1 && protocol == HTTP) then action = output:3. S0 SDN Controller 5 S2 3 4 S1 Backup Web Server Main DNS Server How to make the backup web server get requests? Off-loading HTTP Fix it! Y. Wu

13 Summary Goal: Automated repairs for networks Approach: Meta Provenance
Ideally, can we have an automatic “Fix it!” button? Approach: Meta Provenance An extension of network provenance that treats program as data. Uses counterfactual reasoning to generate targeted repairs. Several interesting challenges Example: Provenance trees are infinite. We are currently building a complete debugger based on meta provenance Questions? Y. Wu HotNets-2015 (Nov 17, 2015)

Download ppt "Automated Network Repair with Meta Provenance"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Software-defined networking: Change is hard Ratul Mahajan with Chi-Yao Hong, Rohan Gandhi, Xin Jin, Harry Liu, Vijay Gill, Srikanth Kandula, Mohan Nanduri,

Software-defined networking: Change is hard Ratul Mahajan with Chi-Yao Hong, Rohan Gandhi, Xin Jin, Harry Liu, Vijay Gill, Srikanth Kandula, Mohan Nanduri,
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.

Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
OpenFlow-Based Server Load Balancing GoneWild

OpenFlow-Based Server Load Balancing GoneWild
USING PACKET HISTORIES TO TROUBLESHOOT NETWORKS Presented by: Yi Gao Emnets Seminar 2014-4-6.

USING PACKET HISTORIES TO TROUBLESHOOT NETWORKS Presented by: Yi Gao Emnets Seminar
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.

A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.

Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.
SDN and Openflow.

SDN and Openflow.
Network Innovation using OpenFlow: A Survey

Network Innovation using OpenFlow: A Survey
SWAN: Software-driven wide area network

SWAN: Software-driven wide area network
Formal Structured Specification for Web Application Test School of Computer Science, Telecommunication and Information System DePaul University Xiaoping.

Formal Structured Specification for Web Application Test School of Computer Science, Telecommunication and Information System DePaul University Xiaoping.
Microsoft Research Faculty Summit 2008. Yuanyuan(YY) Zhou Associate Professor University of Illinois, Urbana-Champaign.

Microsoft Research Faculty Summit Yuanyuan(YY) Zhou Associate Professor University of Illinois, Urbana-Champaign.
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.

Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
Counterexample Guided Invariant Discovery for Parameterized Cache Coherence Verification Sudhindra Pandav Konrad Slind Ganesh Gopalakrishnan.

Counterexample Guided Invariant Discovery for Parameterized Cache Coherence Verification Sudhindra Pandav Konrad Slind Ganesh Gopalakrishnan.
1 Loop-Extended Symbolic Execution on Binary Programs Pongsin Poosankam ‡* Prateek Saxena * Stephen McCamant * Dawn Song * ‡ Carnegie Mellon University.

1 Loop-Extended Symbolic Execution on Binary Programs Pongsin Poosankam ‡* Prateek Saxena * Stephen McCamant * Dawn Song * ‡ Carnegie Mellon University.

Similar presentations

Ads by Google