Programming Languages for Programmable Networks Jennifer Rexford Princeton
Programming Languages for Programmable Networks Jennifer Rexford Princeton University http: //www. cs. princeton. edu/~jrex http: //www. frenetic-lang. org/
The Internet: A Remarkable Story • Tremendous success – From research experiment to global infrastructure • Brilliance of under-specifying – Network: best-effort packet delivery – Hosts: arbitrary applications • Enables innovation in applications – Web, P 2 P, Vo. IP, social networks, virtual worlds • But, change is easy only at the edge… 2
Inside the ‘Net: A Different Story… • Closed equipment – Software bundled with hardware – Vendor-specific interfaces • Over specified – Slow protocol standardization • Few people can innovate – Equipment vendors write the code – Long delays to introduce new features Impacts performance, security, reliability, cost… 3
Do We Need Innovation Inside? Many boxes (routers, switches, firewalls, …), with different interfaces. 4
How Hard are Networks to Manage? • Operating a network is expensive – More than half the cost of a network – Yet, operator error causes most outages • Buggy software in the equipment – Routers with 20+ million lines of code – Cascading failures, vulnerabilities, etc. • The network is “in the way” – Especially a problem in data centers – … and home networks 5
Creating Foundation for Networking • A domain, not a discipline – Alphabet soup of protocols – Header formats, bit twiddling – Preoccupation with artifacts • From practice, to principles – Intellectual foundation for networking – Identify the key abstractions – … and support them efficiently • To build networks worthy of society’s trust 6
Rethinking the “Division of Labor” 7
Traditional Computer Networks Data plane: Packet streaming Forward, filter, buffer, mark, rate-limit, and measure packets 8
Traditional Computer Networks Control plane: Distributed algorithms Track topology changes, compute routes, install forwarding rules 9
Traditional Computer Networks Management plane: Human time scale Collect measurements and configure the equipment 10
Shortest-Path Routing • Management: set the link weights • Control: compute shortest paths • Data: forward packets to next hop 1 1 3 11
Shortest-Path Routing • Management: set the link weights • Control: compute shortest paths • Data: forward packets to next hop 1 1 3 12
Inverting the Control Plane • Traffic engineering – Change link weights – … to induce the paths – … that alleviate congestion 5 1 1 1 3 13
Avoiding Transient Anomalies • Distributed protocol – Temporary disagreement among the nodes – … leaves packets stuck in loops – Even though the change was planned! 1 5 1 1 1 3 14
Death to the Control Plane!� • Simpler management – No need to “invert” control-plane operations • Faster pace of innovation – Less dependence on vendors and standards • Easier interoperability – Compatibility only in “wire” protocols� • Simpler, cheaper equipment – Minimal software 15
Software Defined Networking (SDN) Logically-centralized control Smart, slow API to the data plane (e. g. , Open. Flow) Dumb, fast Switches 16
Open. Flow Networks 17
Data-Plane: Simple Packet Handling • Simple packet-handling rules – Pattern: match packet header bits – Actions: drop, forward, modify, send to controller – Priority: disambiguate overlapping patterns – Counters: #bytes and #packets 1. src=1. 2. *. *, dest=3. 4. 5. * drop 2. src = *. *, dest=3. 4. * forward(2) 3. src=10. 1. 2. 3, dest=*. * send to controller 18
Controller: Programmability App #1 App #2 App #3 Network OS Events from switches Topology changes, Traffic statistics, Arriving packets Commands to switches (Un)install rules, Query statistics, Send packets 19
Open. Flow in the Wild • Open Networking Foundation – Creating Software Defined Networking standards – Google, Facebook, Microsoft, Yahoo, Verizon, Deutsche Telekom, and many other companies • Commercial Open. Flow switches – HP, NEC, Quanta, Dell, IBM, Juniper, … • Network operating systems – NOX, Beacon, Floodlight, Nettle, ONIX, POX, Frenetic • Network deployments – Eight campuses, and two research backbone networks – Commercial deployments 20
Dynamic Access Control • Inspect first packet of each connection • Consult the access control policy • Install rules to block or route traffic 21
Seamless Mobility/Migration • See host sending traffic at new location • Modify rules to reroute the traffic 22
Example Applications • Dynamic access control • Seamless mobility/migration • Server load balancing • Using multiple wireless access points • Energy-efficient networking • Adaptive traffic monitoring • Denial-of-Service attack detection • Network virtualization See http: //www. openflow. org/videos/ 23
Challenges of Programming Software Defined Networks 24
Programming Open. Flow Networks • Open. Flow makes programming possible – Network-wide view at controller – Direct control over data plane Controller • The APIs do not make it easy – Low level of abstraction • Challenges – Composition – Concurrency –… Switches 25
Modularity: Simple Repeater def repeater(switch): # Repeat Port 1 to Port 2 pat 1 = {in_port: 1} act 1 = [forward(2)] install(switch, pat 1, DEFAULT, act 1) # Repeat Port 2 to Port 1 pat 2 = {in_port: 2} act 2 = [forward(1)] install(switch, pat 2, DEFAULT, act 2) Controller 1 2 When a switch joins the network, install two forwarding rules.
Composition: Web Traffic Monitor Web (“port 80”) traffic def web_monitor(switch)): # Web traffic from Internet pat = {inport: 2, tp_src: 80} install(switch, pat, DEFAULT, []) query_stats(switch, pat) 1 def stats_in(switch, pat, bytes, …) print bytes sleep(30) query_stats(switch, pat) 2 Web traffic When a switch joins the network, install one monitoring rule. 27
Composition: Repeater + Monitor def switch_join(switch): pat 1 = {inport: 1} pat 2 = {inport: 2} pat 2 web = {in_port: 2, tp_src: 80} install(switch, pat 1, DEFAULT, None, [forward(2)]) install(switch, pat 2 web, HIGH, None, [forward(1)]) install(switch, pat 2, DEFAULT, None, [forward(1)]) query_stats(switch, pat 2 web) def stats_in(switch, xid, pattern, packets, bytes): print bytes sleep(30) query_stats(switch, pattern) Must think about both tasks at the same time.
Concurrency: Switch-Controller Delays • Common programming idiom – First packet goes to the controller – Controller installs rules packets 29
Concurrency: Switch-Controller Delays • More packets arrive before rules installed? – Multiple packets reach the controller packets 30
Concurrency: Switch-Controller Delays • Rules along a path installed out of order? – Packets reach a switch before the rules do packets Must think about all possible packet and event orderings. 31
Frenetic Language and Run -Time System http: //www. frenetic-lang. org/ Joint work with Nate Foster, Dave Walker, Chris Monsanto, Mark Reittblatt, Rob Harrison, Mike Freedman, Alec Story, Josh Reich 32
Functional Reactive Programming • Streams of events • Operations on streams – Packets – Switch join/leave – Port status change – Traffic statistics – Commands to switches� – Seconds� – Filter – Merge – Transform – Split – Accumulate – Lift Single Value or Event. . . . Event Stream Declarative programming of Open. Flow networks [Nettle, Frenetic] 33
Database Query Language [ICFP’ 11] • Controller applications read network state – Traffic counters in the switches – Packets sent to the controller • Minimize controller overhead – Filter using high-level patterns – Limit the # of values returned – Aggregate by #/size of packets • Return an event stream – Time-indexed stream of values • Run-time system Learning Host Location Select(packets) * Group. By([srcmac]) * Split. When([inport]) * Limit(1) Traffic Monitoring Select(bytes) * Where(inport: 2) * Group. By([dstmac]) * Every(60) – Installs rules, reads counters, handles packets, … 34
Composition of Modules [ICFP’ 11] # Static repeating between ports 1 and 2 def repeater(): rules=[Rule(inport: 1, [forward(2)]), Rule(inport: 2, [forward(1)])] register(rules) Repeater # Monitoring Web traffic def web_monitor(): q = (Select(bytes) * Where(inport: 2 & tp_src: 80) * Every(30)) q >> Print() Repeater + Monitor # Composition of two separate modules def main(): repeater() web_monitor() 35
Compiler/Run-Time System [POPL’ 12] • Two-tiered programming model – Smart controller and dumb switches – Automatically partition a program Controller • Network policies change over time – Controller (un)installs rules in switches – Reactive specialization of a policy • Rules with wildcard patterns – Wildcards lead to overlapping patterns – Automatic synthesis the low-level rules – Customized to the switch’s capabilities See the next talk here at POPL! Switches 36
Consistent Writes [Hot. Nets’ 11] • Transition from policy P 1 to P 2 – Security: new access control lists – Routing: new shortest paths without a link – Load balancer: new split over server replicas • Transient policy violations – Packets in flight experience a mix of policies – Modifying switch rules is not instantaneous • Consistent update semantics – Packets experience either P 1 or P 2 – … but never a mixture of the two – Enables verification of just P 1 and P 2 CHANGE We Can Believe In 37
Many Hard Questions Remain • Higher-level abstractions – Network-wide policy – Domain-specific languages • Heterogeneous components – Mix of end hosts and switches – FPGAs and network processors • Distributed controllers – Replication, distribution, and aggregation – Consistency and durability of state • Multiple administrative domains – Trust, scalability 38
Related Work • Programming languages – FRP: Yampa, Fr. Time, Flask, Nettle – Streaming: Stream. It, CQL, Esterel, Brooklet, Giga. Scope – Network protocols: NDLog • Open. Flow – Language: FML, SNAC, Resonance – Controllers: ONIX, Nettle, Flow. Visor, Route. Flow, … – Testing: NICE, Flow. Checker, OF-Rewind, OFLOPS • Open. Flow standardization – http: //www. openflow. org/ – https: //www. opennetworking. org/ 39
Conclusion • SDN is exciting – Enables innovation – Simplifies management – Rethinks networking • SDN is happening – Practice: useful APIs and good industry traction – Principles: start of higher-level abstractions • Great opportunity for PL community – Practical impact on future networks – Placing networking on a strong foundation 40
Thanks to My Frenetic Collaborators Nate Foster Rob Harrison Dave Walker Mike Freedman Chris Monsanto Alec Story Mark Reittblatt Josh Reich 41
- Slides: 41