1 / 37

Data Plane Verification

Data Plane Verification. Background: What are network policies. Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must go to the destination No blackholes No one should be able to send traffic to Eve. When Networks go Bad …. Bad configs

zurina
Download Presentation

Data Plane Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Plane Verification

  2. Background: What are network policies • Alice can talk to Bob • Skype traffic must go through a VoIP transcoder • All traffic must go to the destination • No blackholes • No one should be able to send traffic to Eve

  3. When Networks go Bad … • Bad configs • Bugs in Router code • Bugs in router hardware

  4. Detecting Addressing Problems Verify config. Don’t catch bugs in code Verify config by examining the hardware, The bug has already happened!!

  5. SDN Changes things … Configuration of switches happen from A central location Network O.S. Simple interface for representing rules For switches

  6. SDN Changes things … Network O.S. Can verify rules before inserted Into switches

  7. SDN Changes things … Network O.S. Can verify rules before inserted Into switches Still no way to verify hardware bugs!!!

  8. Problem Statement: • Need Verification to be quick! • Need verification to support a large range of network invariants!

  9. Key Insight • Most config changes only impact a subset of network • You only need to re-evaluate invariant for this subset • A policies are applies to groups not individual addresses • So there are large swaths of addresses with same actions being applied.

  10. Veriflow’s Key Challenge • Efficient Data structure for capturing: • Equivalence classes (EC) • Detecting overlapping rules. • Detected affected EC after a change. • Forwarding graphs • How to capture a graph

  11. Veriflow Network O.S. veriflow

  12. Veriflow (in a distributed setting) Network O.S. Network O.S. veriflow

  13. Trie-Algorithm • Recall forwarding rules look like this: Match these parts of the packet Perform action packets Src-IP: 10.10.0.0 Dst-IP: 10.20.0.0 Forward packet Src-IP: * Dst-IP: 10.20.0.0 Drop packet

  14. Trie-Algorithm Src-IP: 10.10.0.0 Dst-IP: 10.20.0.0 Forward packet 10.10.0.0 00001010.00001010.00000000.00000000 Src-IP: * Dst-IP: 10.20.0.0 Drop packet * *********************************

  15. Trie-Algorithm Src-IP: 10.10.0.0 Dst-IP: 10.20.0.0 00001010.00001010.00000000.00000000 d Forward packet Src-IP: 10.13.0.0 Dst-IP: 10.20.0.0 00001010.00001101.00000000.00000000 Forward packet Forward packet Src-IP: 10.14.0.0 Dst-IP: 10.20.0.0 00001010.00001110.00000000.00000000 Src-IP: 10.15.0.0 Dst-IP: 10.20.0.0 00001010.00001111.00000000.00000000 Forward packet 1 1 1 0 0 1 0 10.10.0.0 10.15.0.0 10.14.0.0 10.13.0.0

  16. Trie Algorithms Src-IP: 10.10.0.0 Dst-IP: 10.20.0.0 Forward packet 10.10.0.0 Dimension 1 00001010.00001010.00000000.00000000 10.20.0.0 Dimension 2 00001010.00010100.00000000.00000000

  17. Trie Algorithms

  18. Trie-Optimizations • OpenFlow 1.0 • 14 different string of bits to match on • 4 of them allow wild cards…. • 10 of them don’t (so you can do exact matches) • Either you match or you don’t match • Build a 4-dimensional trie • For the 10 do linear look-ups

  19. Verification • Input: graph for a change equivalence Class. • Output: Add rules, don’t add rules

  20. Verification • Input: graph for a change equivalence Class. • Output: Add rules, don’t add rules • Can do: • Loop detection • Verify that two nodes have same actions • Detect black holes

  21. Veriflow Network O.S. veriflow

  22. Limitations/DrawBacks • If the entire network changes • VeriFlow has to check the whole network and will be slow • Limited to reachability style policies • Can’t verify QoS • Can’t verify encapsulation • Can’t verify middlebox policies

  23. Why…… • Is QoS (Buffering hard)

  24. Why…… • Are MB, Encapsulation hard

  25. Why…… • Are MB, Encapsulation hard • Both are hard because they transform the header space of a packet. E.g. • NAT: changes the IP address and port • So the equivalence class changes • No way to capture these transformations.

  26. Why…… • Are MB, Encapsulation hard Src-IP: 10.10.0.0 Change to 10.20.0.0 Forward packet Src-IP: 10.10.0.0 Forward packet Src-IP: * Drop packet Src-IP: 10.20.0.0 Drop packet Equivalence Class: 10.10.0.0

  27. Why…… • Are MB, Encapsulation hard Src-IP: 10.10.0.0 Change to 10.20.0.0 Forward packet Src-IP: 10.10.0.0 Forward packet Src-IP: * Drop packet Src-IP: 10.20.0.0 Drop packet

  28. Header Space Framework Key observation: A packet is a point in a space of possible headers and a box is a transformer on that space

  29. Header Space Framework • Step 1: Model a Packet Header • A Packet Header is a point in space ,called the Header Space Header Data 0100111…1 L

  30. Header Space Framework Transfer Function: • Step 2: Model a switch • A switch is a transformer in the header space Port 2 Port 1 Packet Forwarding Port 3 Action Match Send to port 2 and Rewrite with 1x01xx..x1 1xx1…0x Send to port 3 and Rewrite with 1xx011..x1 0xx1…x1

  31. Header Space Framework • Example: Transfer Function of an IPv4 Router 2 1 • 172.24.74.0, 255.255.255.0 Port 1 • 172.24.128.0, 255.255.255.0 Port 2 3 • 171.67.0.0, 255.255.0.0 Port 3 (h,1) if dest_ip(h) = 172.24.74.X T(h,p) = (h,2) if dest_ip(h) = 172.24.128.X (h,3) if dest_ip(h) = 172.67.X.X

  32. Header Space Framework • Example: Transfer Function of an IPv4 Router 2 1 • 172.24.74.0, 255.255.255.0 Port 1 • 172.24.128.0, 255.255.255.0 Port 2 3 • 171.67.0.0, 255.255.0.0 Port 3 (1) if dest_ip(h) = 172.24.74.X T(h,p) = (2) if dest_ip(h) = 172.24.128.X (3) if dest_ip(h) = 172.67.X.X

  33. Header Space Framework • Transfer Function Properties: • Composable: S1 S2 S3

  34. Header Space Framework • Transfer Function Properties: • Invertible: Range (output) Doman (input)

  35. Header Space Framework • Step 3: Develop an Algebra to work on these spaces • A subspace correspond to a Wildcard • We use this to define set operations on Wildcards: • Intersection • Complementation • Difference

  36. Use Cases • “Can host A talk to host B?” A Switch 2 Switch 1 Switch 3 Switch 4 B

  37. Discussion

More Related