1 / 34

Toward Synthesis of Network Updates

Toward Synthesis of Network Updates. Andrew Noyes – Cornell University Todd Warszawski – Cornell University Pavol Cerny – University of Colorado Boulder Nate Foster - Cornell University Presented by: Ronen Jacobi. Introduction. Most networks are updated frequently.

wallis
Download Presentation

Toward Synthesis of Network Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward Synthesis of Network Updates Andrew Noyes – Cornell University Todd Warszawski – Cornell University PavolCerny – University of Colorado Boulder Nate Foster - Cornell University Presented by: Ronen Jacobi.

  2. Introduction • Most networks are updated frequently. • Implementing network updates while traffic continues to flow is very difficult. • Bad implementing can cause severe damages. • Mechanisms that were invented are too general and hard to implement or very limited

  3. Example: firewall World S F1 F3 F2 Internal

  4. MODULE main • VAR • port : {S_0, F1_0, F2_0, F3_0, START, WORLD, DROP}; • src : {Auth, Guest}; • purpose : {Web, Other}; • ASSIGN • next(port) := case • port = START : S_0; • port = S_0 & src = Auth : {F1_0, F2_0}; • port = S_0 & src = Guest : F3_0; • port = F1_0 : WORLD; • port = F2_0 : WORLD; • port = F3_0 & purpose = Web : WORLD; • port = F3_0 & purpose = Other : DROP; • port = WORLD : WORLD; • port = DROP : DROP; • esac; • INIT port = START; • LTLSPEC (purpose = Other & src = Guest -> port = DROP) & • ((src = Auth | src = Guest & purpose = Web) -> F port = WORLD);

  5. Example: firewall World g,other S F1 F3 F2 Internal

  6. Example: firewall World S F1 F3 F2 g,other Internal

  7. Example: Cycle N1 A P C B N2 N3

  8. Example: Cycle N1 A C B P N2 N3

  9. A New Idea • We’ll use synthesis to generate update mechanisms automatically. • Input: - Current configuration • target configuration • invariants. • Output: Sequence of modifications to the forwarding rules of individual switches

  10. Network Model • Network topology = (Sw,P,inport,outport,ingress) • Sw = Switches • P = Ports • forthere is a unique with inport(p,s). • for there is a unique with outport(s,p). • Ingress = ports that get packets from WORLD.

  11. Policies • A switch policy (switch’s forwarding rules) is a policy of switch s if:p,pt) = (p’,pt’) s.t.- pt is a packet- (p,s)inport- (s,p’) • A netwprk policy (network’s forwarding rules) is a functionNetPol:S →SwitchPols.tNetPol(s) = SwitchPolSwitchPol is the switch policy of s.

  12. Updates • An update is a pair (s,SwitchPol) s.t.SwitchPol is a policy of s. • and for all , NetPol’(s’)=NetPol(s’). S1 S1 S3 S2,SwitchPol S3 S2 S2

  13. Commands • A command is either an update or a wait command. • A wait command: • Disables the ability to update network policy • Limits the network to one update while there’e a packet in it.

  14. Why Wait is Important? N0 S0 Auth S1 N1 N3 Guest/Auth S2 S3 checks whether it’s Auth or guest before sending to N3 S3 N2

  15. Why Wait is Important? N0 Guest S0 Auth S1 N1 N3 Guest/Auth S2 S3 checks whether it’s Auth or guest before sending to N3 S3 N2

  16. Why Wait is Important? N0 S0 Guest/Auth Auth S1 N1 N3 Guest S2 S3 checks whether it’s Auth or guest before sending to N3 S3

  17. Why Wait is Important? N0 S0 Guest/Auth Auth S1 N1 N3 S2 S3 does not check Packet’s src before sending to N3 S3 Guest

  18. Network States & Transition • A network state ns = ((p,pt),NetPol,wait-flag,comSeq) • A network transition is a relation . • There are 4 types of transitions: • A packet move:ns = ((p,pt),NetPol,wait-flag,comSeq)ns’ = ((p’,pt’),NetPol,wait-flag,comSeq) • An update transition:ns = ((p,pt),NetPol, false, (s, SwitchPol).comSeq)ns’ = ((p,pt),,NetPol[],false,comSeq) • A wait transition:ns = ((p,pt),NetPol,wait-flag,wait.comSeq)ns’ = ((p,pt),NetPol,true,comSeq)

  19. Network Transition • A new packet transition:ns = ((p,pt),NetPol,wait-flag,comSeq)ns’= ((p’,pt’),NetPol,false,comSeq)where .

  20. Network Trace • A network trace nt is an infinite sequence s.t. for all is a network transition. • A network state ns is wait-correct if there are no loops in its network policy.

  21. Update Synthesis Problem • Given:- an initial network policy ,- a final network policy - specification ,construct a sequence of commands comSeq such that: • comSeq is correct with respect to and .

  22. Running Example N0 Guest S0 Auth S1 N1 N3 Guest/Auth S2 S3 checks whether it’s Auth or guest before sending to N3 S3 N2

  23. Running Example N0 S0 Guest/Auth Auth S1 N1 N3 Guest S2 S3 checks whether it’s Auth or guest before sending to N3 S3

  24. Running Example N0 S0 Guest/Auth Auth S1 N1 N3 S2 S3 checks whether it’s Auth or guest before sending to N3 DROP! Guest S3

  25. Running Example N0 S0 Guest/Auth Auth S1 N1 N3 S2 S3 does not check Packet’s src before sending to N3 S3

  26. Example: Cycle N1 A C B N2 N3

  27. Experiments

  28. Time of updating with varying number of switches in network

  29. Time of updating with varying number of switches to update

  30. Impossible updates

  31. Summary • The running times are too large for online use. • The purpose was to build a prototype tool to confirm the feasibility of the new approach. • The counterexample analysis has great influence on the running times, though. • If there is no way of safe update it takes much longer to finish running, because there is a large number of update sequences possible

  32. The End

More Related