Models and techniques for verification of Software Defined

  • Slides: 34
Download presentation
Models and techniques for verification of Software Defined Networks Victor Altukhov Eugene Chemeritsky Vladislav

Models and techniques for verification of Software Defined Networks Victor Altukhov Eugene Chemeritsky Vladislav Podymov Vladimir Zakharov Applied Research Center for Computer Networks

Outline Introduction Software Defined Networks Packet Forwarding Policies Model Policy language Verifying monitor Experiments

Outline Introduction Software Defined Networks Packet Forwarding Policies Model Policy language Verifying monitor Experiments & Comparison

What is Software What is. Defined SDN? Network? Conventional network Application Host Forwarding state

What is Software What is. Defined SDN? Network? Conventional network Application Host Forwarding state Port Link Switch B A

What is SDN? Conventional network Task Application Topology … How to forward a packet

What is SDN? Conventional network Task Application Topology … How to forward a packet Forwarding Packetstate Packet B A

What is SDN? Conventional network Application decentralized control non-uniformity Forwarding state App FS A

What is SDN? Conventional network Application decentralized control non-uniformity Forwarding state App FS A App FS B

What is SDN? Conventional SDN network Controller decentralized control non-uniformity App FS A App

What is SDN? Conventional SDN network Controller decentralized control non-uniformity App FS A App FS B

What is SDN? SDN Controller Application centralized control uniformity Control plane Open. Flow Data

What is SDN? SDN Controller Application centralized control uniformity Control plane Open. Flow Data plane FS FS B A FS FS

What is SDN? SDN Controller Application Upd centralized control uniformity Control plane Open. Flow

What is SDN? SDN Controller Application Upd centralized control uniformity Control plane Open. Flow Data plane Don’t Ok, I know can what doto it do FS FS B A FS FS

What. Forwarding is PFP? What is Packet Policy? Example: imposed on a to guarantee

What. Forwarding is PFP? What is Packet Policy? Example: imposed on a to guarantee that its behavior is

What is PFP? Example: Reachability Packets from the host A will eventually reach the

What is PFP? Example: Reachability Packets from the host A will eventually reach the host B B A

What is PFP? Example: No topological loops Packets do not traverse the same switch

What is PFP? Example: No topological loops Packets do not traverse the same switch twice B A

What is PFP? Example: Short routes only 1 2 3 4 All hosts are

What is PFP? Example: Short routes only 1 2 3 4 All hosts are reached in at most 3 hops B A

What is PFP? Why ? Hardware errors Software (application) errors We want to check

What is PFP? Why ? Hardware errors Software (application) errors We want to check if PFPs hold in a real SDN and consider STATIC PFPs w. r. t. to TIMELINE

How to check PFPs? M P Network model Fast! ~ 10μs Formal specification M

How to check PFPs? M P Network model Fast! ~ 10μs Formal specification M ⊧P Model checking Fast! ~ 10μs

Packet state Switch #2 Port #1 Header #h 2 Switch #1 Port #1 Header

Packet state Switch #2 Port #1 Header #h 2 Switch #1 Port #1 Header #h 1 h 2 h 1 A Switch #4 Port #1 Header #h 3 h 4 B Switch #4 Port #3 Header #h 4

Packet state Switch #1 Port #1 Header #h 1 A Switch #w #2 Port

Packet state Switch #1 Port #1 Header #h 1 A Switch #w #2 Port #p #1 Header #h #h 2 Switch #4 Port #1 Header #h 3 B Switch #4 Port #3 Header #h 4

Packet state Switch #w #W Port #p #P Header #h #H 0 … 1

Packet state Switch #w #W Port #p #P Header #h #H 0 … 1 sizew S 1 … sizep 1 0 … 0 sizeh is the set of all packet states

Raw model is an explicit description of key SDN components such as: rule

Raw model is an explicit description of key SDN components such as: rule

Raw model is an explicit description of key SDN components such as: table rule

Raw model is an explicit description of key SDN components such as: table rule default

Raw model is an explicit description of key SDN components such as: Switch table

Raw model is an explicit description of key SDN components such as: Switch table

Relational model Step ⊆ S x S In ⊆S Out ⊆S

Relational model Step ⊆ S x S In ⊆S Out ⊆S

Relational model y) S x S Step (x, ⊆ BDD In BDD (x) Out

Relational model y) S x S Step (x, ⊆ BDD In BDD (x) Out ⊆S (x)⊆ S BDD

PFP Specification Language: syntax Atoms: In (x) Step (x, y) First order logic constructors:

PFP Specification Language: syntax Atoms: In (x) Step (x, y) First order logic constructors: ⋁ x=y x. w = y. w x. p = y. p x. h = y. h State equalities: Closure constructors: + F (x, y) [i 1, i 2] F (x, y) & Out (x) � ∀ ∃ x = const x. w = const x. p = const x. h = const – transitive closure – bounded transitive closure

PFP SL: semantics Given a relational model a PFP SL formula ( Step, ,

PFP SL: semantics Given a relational model a PFP SL formula ( Step, , In, , Out, , …)) F(x 1, …, xn) defines a relation RF ⊆ S × … × S How? n times

PFP SL: semantics Given a relational model a PFP SL formula ( Step, ,

PFP SL: semantics Given a relational model a PFP SL formula ( Step, , In, , Out, , …)) F(x 1, …, xn) defines a relation RF ⊆ S × … × S How? Step (x, y) Out (x) n times In (x) …=… Obvious

PFP SL: semantics Given a relational model a PFP SL formula ( Step, ,

PFP SL: semantics Given a relational model a PFP SL formula ( Step, , In, , Out, , …)) F(x 1, …, xn) defines a relation RF ⊆ S × … × S How? n times F 1 (…) ⋁ F 2 (…) F 1 (…) & F 2 (…) � F (…) Union Intersection Complement

PFP SL: semantics Given a relational model a PFP SL formula ( Step, ,

PFP SL: semantics Given a relational model a PFP SL formula ( Step, , In, , Out, , …)) F(x 1, …, xn) defines a relation RF ⊆ S × … × S How? n times ∀x F (…) Universal projection ∃x F (…) Existential projection

PFP SL: semantics Given a relational model ( Step, , In, , Out, ,

PFP SL: semantics Given a relational model ( Step, , In, , Out, , …)) F(x 1, …, xn) a PFP SL formula defines a relation RF ⊆ S × … × S How? + F (x, y) [i 1, i 2] F (x, y) n times Transitive closure Bounded transitive closure

PFP SL: examples Reachability ∀x A(x) ∃y No topological loops �∃x, y, z In

PFP SL: examples Reachability ∀x A(x) ∃y No topological loops �∃x, y, z In (x) & Short routes only �∃x, y In (x) & B (y) & Step*(x, y) & + Step (y, z) & y. w = z. w Out (y) & [1, 3] + Step (x, y) & �Step (x, y)

What else? continuously changes Model should be We should be able to at every

What else? continuously changes Model should be We should be able to at every instant Model on-line The update rate for Model should surpass the update rate for We can do it (to some extent) not discussed

How does it work? Main usage now: Controller Loader Proxy Checker Network

How does it work? Main usage now: Controller Loader Proxy Checker Network

We tested it for Stanford University Network • • • 16 switches Fat Tree

We tested it for Stanford University Network • • • 16 switches Fat Tree topology 48 tables 757000 forw. rules 1500 ACL rules >100 VLAN

Tool comparison Tool Build (ms. ) Update (ms. ) Policies Open. Flow concepts VERMONT

Tool comparison Tool Build (ms. ) Update (ms. ) Policies Open. Flow concepts VERMONT (2014) 4600 100 - 600 FO[TC] (strict superset of others) Full Net. Plumber (2013) 37000 2 - 1000 CTL Partial Veri. Flow (2013) > 4000 68 -100 Small fixed set Minimal AP Verifier (2013) 1000 0. 1 Small fixed set Minimal Flow. Checker (2010) 1200000 350 - 67000 CTL Full Anteater (2011) 400000 ? ? ? Small fixed set No

The End Me: valdus@yandex. ru

The End Me: valdus@yandex. ru