650 likes | 745 Views
Software Defined Networking COMS 6998-8, Fall 2013. Instructor: Li Erran Li ( lierranli@cs.columbia.edu ) http://www.cs.columbia.edu/~lierranli/coms6998 -8SDNFall2013/ 11/26/2013: SDN Debugging and Security. Outline. Review on SDN Wireless Networks Data Plane Abstraction Controller Design
E N D
Software Defined NetworkingCOMS 6998-8, Fall 2013 Instructor: Li Erran Li (lierranli@cs.columbia.edu) http://www.cs.columbia.edu/~lierranli/coms6998-8SDNFall2013/ 11/26/2013: SDN Debugging and Security
Outline • Review on SDN Wireless Networks • Data Plane Abstraction • Controller Design • SDN Debugging • Data Plane Approach (Breakpoints + Packet Trace): NDB • Control Plane Approach (Model Checking + Symbolic Execution): NICE • SDN Security • Defense again Control Plane Attacks • Security as a Service (Next Lecture) Software Defined Networking (COMS 6998-8)
Review of Previous Lecture: Data Plane Abstraction • Forwarding • Dataplane • Control • CPU • Baseband & • Layer 2 DSP • Exposes a match/action interface to program how a flow is forwarded, scheduled & encoded • RF • RF • RF Programmable wireless dataplane using off-the-shelf components • Single platform capable of LTE, 3G, WiMax, WiFi • OpenFlow for Layer 3 • Inexpensive ($300-500) Software Defined Networking (COMS 6998-8) Source: Katti, Stanford
Review of Previous Lecture: Data Plane Abstraction-Modular Declarable Interface Composing ACTIONS A A A A A B C C OFDM Demod A B E D D Demap(BPSK) C F G G F B Demap(64QAM) H H H C H B D E D I I I D Deinterleave (UEP) Deinterleave (WiFi) Blocks J J J J F G F Decode (3/4) Decode (1/2) • Data • flow F G H H J I I Descramble Hdr Parse CRC Check • Control • flow J H • 6M, 54M • UEP • 6M • 54M Rules: Branching logic • 6M Actions: DAGs of blocks I Inserting RULES Software Defined Networking (COMS 6998-8) Source: Katti, Stanford J
Review of Previous Lecture: Data Plane Abstraction: State machines & deadlines • Start • decoding • Finish • decoding F B A D G C H I • deadline • Rules and actions encode the protocol state machine • Rules define state transitions • Each state has an associated action • Deadlines are expressed on state sequences Software Defined Networking (COMS 6998-8) Source: Katti, Stanford J 5
Review of Previous Lecture: Controller Abstraction and Architecture CONTROLLER RAN Information Base Periodic Updates Controller API • Bytes • Rate • Queue • Size Network Operator Inputs RADIO ELEMENTS QoS Constraints Interference Map Flow Records 3D Resource Grid Radio Resource Management Algorithm Radio Element API Time Radio Element POWER FLOW Frequency Software Defined Networking (COMS 6998-8)
Outline • Review on SDN Wireless Networks • Data Plane Abstraction • Controller Design • SDN Debugging • Data Plane Approach (Breakpoints + Packet Backtrace): ndb • Control Plane Approach (Model Checking + Symbolic Execution): NICE • SDN Security • Defense again Control Plane Attacks • Security as a Service Software Defined Networking (COMS 6998-8)
Bug story: incomplete handover A Switch X WiFi AP Y WiFi AP Z B Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Debugging SDNs • Bugs can be anywhere in the SDN stack • Hardware, control plane logic, race conditions • Switch state might change rapidly • Bugs might show up rarely Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
How can we exploit the SDN architecture to systematically track down the root cause of bugs? Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
ndb: Network Debugger Goal • Capture and reconstruct the sequence of events leading to the errant behavior Allow users to define a Network Breakpoint • A (header, switch) filter to identify the errant behavior Produce a Packet Backtrace • Path taken by the packet • State of the flow table at each switch Software Defined Networking (COMS 6998-8)
Debugging software programs Function A(): i = …; j = …; u = B(i, j) • Breakpoint • “line 25, w = abort()” • Backtrace • File “A”, line 10, Function A() • File “B”, line 43, Function B() • File “C”, line 21, Function C() Function B(x, y): k = …; v= C(x, k) Function C(x, y): … w= abort() Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Debugging networks A • Breakpoint • “ICMP packets A->B, arriving at X, • but not Z” • Backtrace • Switch X: { • inport: p0, • outports: [p1] • mods: [...] • matched flow: 23 [...] • matched table version: 3 • } • Switch Y: { • inport p1, • outports: [p3] • mods: ... • ... • } Switch X X WiFi AP Z WiFi AP Y B Y Software Defined Networking (COMS 6998-8)
Using ndb to debug common issues Reachability • Symptom: A is not able to talk to B • Breakpoint: “Packet A->B, not reaching B” Isolation • Symptom: A is talking to B, but it shouldn’t • Breakpoint: “Packet A->B, reaching B” Race conditions • Symptom: Flow entries not reaching on time • Breakpoint: “Packet-in at switch S, port P” Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
So, how does ndb work? Software Defined Networking (COMS 6998-8)
Match Match ACT ACT Control Plane Flow Table State Recorder B S A Breakpoint Switch = S IP src = A, IP dst = B TCP Port = 22 Postcard Collector Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Control Plane • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • … • … Flow Table State Recorder • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • … • … B • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • … • … • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • <Match, Action> • … • … A Postcard Collector Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Control Plane Flow Table State Recorder <Datapath ID, Packet ID, Version> Postcard Collector <Flow Table State, Version> Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Who benefits Network developers • Programmers debugging control programs Network operators • Find policy errors • Send error report to switch vendor • Send error report to control program vendor Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Performance and scalability Control channel • Negligible overhead • No postcards • Extra flow-mods Postcards in the datapath • Single collector server for the entire Stanford backbone • Selective postcard generation to reduce overhead • Parallelize postcard collection Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Summary • ndb: Network Breakpoint + Packet Backtrace • Systematically track down root cause of bugs • Practical and deployable today Software Defined Networking (COMS 6998-8) Source: Handigol, et al., Stanford
Outline • Review on SDN Wireless Networks • Data Plane Abstraction • Controller Design • SDN Debugging • Data Plane Approach (Breakpoints + Packet Backtrace): ndb • Control Plane Approach (Model Checking + Symbolic Execution): NICE • SDN Security • Security as a service Software Defined Networking (COMS 6998-8)
Software Faults We need effective ways to test SDN networksNICE: automatically testing OpenFlow Apps Will make communication unreliable Major hurdle for success of SDN Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Quick OpenFlow 101 Controller Execute packet_in event handler OpenFlowprogram Install rule;forward packet Default: forwardto controller Host A Host B Packet Switch 1 Switch 2 Flow Table Rule 1 System is distributed and asynchronous can misbehave under corner cases Match Actions Counters Rule 2 Dst: Host B Fwd: Switch 2 pkts / bytes Rule N Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Bugs in OpenFlow Apps Drop packet Controller ? OpenFlowprogram Install rule Installrule Delayed! Inconsistent distributed state! Host A Host B Packet Goal: systematically test possible behaviors to detect bugs Switch 1 Switch 2 Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Systematically Testing OpenFlow Apps • Carefully-crafted streams of packets • Many orderings of packet arrivalsand events State-space explorationvia Model Checking (MC) UnmodifiedOpenFlowprogram Target system Environment model Switch1 Switch2 Complexenvironment Host A Host B Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Scalability Challenges Data-plane driven Complex network behavior • Huge space ofpossiblepackets • Huge space ofpossibleevent orderings Equivalenceclasses ofpackets Domain-specific search strategies Enumerating all inputs and event orderings is intractable Software Defined Networking (COMS 6998-8) Source: Canini, et al.
NICE Input Output No bugsInControllerExecution UnmodifiedOpenFlowprogram Traces of property violations State-spacesearch Networktopology Correctnessproperties (e.g., no loops) NICE found 11 bugs in 3 real OpenFlow Apps Software Defined Networking (COMS 6998-8)
NICE Input Output No bugsInControllerExecution UnmodifiedOpenFlowprogram Traces of property violations State-spacesearch Networktopology Correctnessproperties (e.g., no loops) Software Defined Networking (COMS 6998-8)
State-Space Model Model Checking State0 State1 State3 State2 State6 State4 State9 State5 State8 State7
System State Controller (global variables) Environment: Switches (flow table, OpenFlow agent) Simplified switch model State End-hosts (network stack) Simple clients/servers Communication channels (in-flight pkts) Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Transition System State0 Data-dependenttransitions! Run actual packet_in handler hostsend switchprocess_pkt State1 State3 State2 ctrlpacket_in(pkt A) switchprocess_of ctrlpacket_in(pkt B) State6 State4 State9 State8 State5 State7
Combating Huge Space of Packets pkt is dstbroadcast? Equivalence classes of packets: Broadcast destination Unknown unicast destination Known unicast destination yes no dstinmactable? Packet arrival handler no yes Flood packet Install rule and forward packet Code itself reveals equivalence classes of packets Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Code Analysis: Symbolic Execution (SE) Symbolic packetλ 1 path = 1 equivalence class of packets = 1 packet to inject is λ.dstbroadcast? λ .dst ∈ {Broadcast} λ .dst∉ {Broadcast} yes no λ.dst inmactable? Packet arrival handler no λ.dst∉ {Broadcast}∧λ .dst∉mactable yes λ .dst∉ {Broadcast} ∧λ .dst ∈ mactable Flood packet Install rule and forward packet Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Combining SE with Model Checking hostsend(pkt A) hostdiscover_packets hostsend(pkt B) State0 State1 State2 State3 hostsend(pkt C) Controller state changes State4 discover_packets transition: Controller state 1 Symbolicexecutionof packet_inhandler New packets Enable new transitions:host / send(pkt B)host / send(pkt C) Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Combating Huge Space of Orderings OpenFlow-specific search strategies forup to 20x state-space reduction: FLOW-IR PKT-SEQ NO-DELAY MC+SE UNUSUAL Software Defined Networking (COMS 6998-8) Source: Canini, et al.
NICE Input Output No bugsInControllerExecution UnmodifiedOpenFlowprogram Traces of property violations State-spacesearch Networktopology Correctnessproperties (e.g., no loops)
Specifying App Correctness • Library of common properties • No forwarding loops • No black holes • Direct paths (no unnecessary flooding) • Etc… • Correctness is app-specific in nature Software Defined Networking (COMS 6998-8) Source: Canini, et al.
API to Define App-Specific Properties ctrlpacket_in(pkt A) State0 State1 Execute aftertransitions Register callbackstoobserve transitions definit():init local vars register(“packet_in”)defon_packet_in(): check system-wide state Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Prototype Implementation NICE UnmodifiedOpenFlowprogram Stub NOX API Controller state &transitions Built a NICE prototype in Python Target the Python API of NOX Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Experiences • Tested 3 unmodified NOX OpenFlow Apps • MAC-learning switch • LB: Web server load balancer [Wang et al., HotICE’11] • TE: Energy-aware traffic engineering [CoNEXT’11] • Setup • Iterated with 1, 2 or 3-switch topologies; 1,2,… pkts • App-specific properties • LB: All packets of same request go to same server replica • TE: Use appropriate path based on network load Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Results • NICE found 11 property violations bugs • Few secs to find 1st violation of each bug (max 30m) • Few simple mistakes (not freeing buffered packets) • 3insidious bugs due to network race conditions • NICE makes corner cases as likely as normal cases Software Defined Networking (COMS 6998-8) Source: Canini, et al.
MAC-learning switch (3 bugs) OpenFlowprogram 1 2 2 1 Host A Host B 3 A->B | port 1 A->B | port 2 BUG-I: Host unreachable after moving Software Defined Networking (COMS 6998-8) Source: Canini, et al.
MAC-learning switch (3 bugs) OpenFlowprogram 1 2 2 1 Host A Host B 3 B->A | port 2 B->A | port 1 A->B | port 2 A->B | port 1 BUG-I: Host unreachable after moving BUG-II: Delayed direct path Software Defined Networking (COMS 6998-8) Source: Canini, et al.
MAC-learning switch (3 bugs) OpenFlowprogram 1 2 2 1 Host A 3 3 2 1 BUG-I: Host unreachable after moving BUG-II: Delayed direct path BUG-III: Excess flooding Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Web Server Load Balancer (4 bugs) OpenFlowprogram 1 3 Host A Server 1 Host B Server 2 2 4 Custom property: all packets of same request go to same server replica BUG-IV: Next TCP packet always dropped after reconfiguration BUG-V: Some TCP packets dropped after reconfiguration BUG-VI: ARP packets forgotten during address resolution BUG-VII: Duplicate SYN packets during transitions Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Conclusions NICE automates the testing of OpenFlow Apps http://code.google.com/p/nice-of/ • Explores state-space efficiently • Tests unmodified NOX applications • Helps to specify correctness • Finds bugs in real applications SDN: a new role for software tool chainsto make networks more dependable. NICE is a step in this direction! Software Defined Networking (COMS 6998-8) Source: Canini, et al.
Outline • Review on SDN Wireless Networks • Data Plane Abstraction • Controller Design • SDN Debugging • Data Plane Approach (Breakpoints + Packet Trace): NDB • Control Plane Approach (Model Checking + Symbolic Execution): NICE • SDN Security • Defense against Control Plane Attacks • Security as a Service Software Defined Networking (COMS 6998-8) Source: S. Shin, et al.
Avant-Guard • Security extension to the OpenFlow data plane • Connection migration • To address scalability issue • Actuating trigger • To address responsiveness issue Control Plane Control Plane Interface Connection Migration Actuating Trigger Flow Table Lookup Packet Processing Avant-Guard Flow Table (TCAM and SRAM) Data Plane Software Defined Networking (COMS 6998-8) Source: S. Shin, et al.
Connection Migration - Idea • Inspired by TCP SYN Cookie • Concept • TCP connection will stat from aSYN packet, and an initiator will wait for TCP SYN/ACK packet • TCP-handshake does not issue any kind of data delivery • Then, how about treating this TCP-handshake at network devices instead of target hosts SYN SYN SYN/ACK SYN/ACK ACK ACK Source: S. Shin, et al. Software Defined Networking (COMS 6998-8)