SDN traceroute Tracing SDN Forwarding without Changing Network

SDN traceroute: Tracing SDN Forwarding without Changing Network Behavior Presenter：Hung-Yen Wang Authors：Kanak Agarwal, Eric Rozner, Colin Dixon, John Carter Published in：Hot. SDN’ 14 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R. O. C.

Outline l l l Introduction Background Proposed Schemes Evaluation Discussion Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

Introduction l Software Defined Networking (SDN) makes it easier to modify the control plane of networks. But it also potentially makes the network a more complex system. l SDN controller often translates high-level configuration into low-level rules, which can be difficult for network operators to predict the exact low-level rules, and thus expect network behavior. l When troubleshooting a problem, SDN programmer must grapple with many possibilities including bugs in controller logic, switch, individual SDN applications, and their compositions. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

Introduction l Traceroute can only provide the layer-3(IP) path information, which is limited. l This paper proposed SDN traceroute, which report the path as a list of ports on switches. l SDN traceroute does not modify the existing rules, and only uses a small number of high priority rules to trap probes. National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

Outline l l l Introduction Background Proposed Schemes Evaluation Discussion Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

Model-driven l Model-driven approaches first gather enough network state to build a model, and then use that model to answer questions. l Scraping rules from switches directly or controller maintain the correct view of the rules in the network at all time. National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

Active probes and Monitoring l Sending active probes or monitoring production traffic to measure the ground truth behavior of data plane. l Require the network infrastructure to allow for traffic to be trapped or logged as it traverse the network. National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

Outline l l l Introduction Background Proposed Schemes Evaluation Discussion Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

SDN traceroute –First phase l Using a graph coloring algorithm to color every switch in the networks. l Installing a small numbers of high-priority rules in every switch, which allow them to trap probe packets. National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

SDN traceroute –First phase CONT refers to the send to controller action. National Cheng Kung University CSIE Computer & Internet Architecture Lab 10

SDN traceroute –Second phase l SDN traceroute injects a probe packet into the network to start tracing the route. National Cheng Kung University CSIE Computer & Internet Architecture Lab 11

SDN traceroute l SDN traceroute uses VLAN priority field(three bits) to carry colors. Default tag 000 is reserved for production traffic. l SDN traceroute requires every traffic to carry a color. l TABLE action indicates that the switch should treat the packet as though it had been received on the input port. l Output sequence <switch ID, port> National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

Outline l l l Introduction Background Proposed Schemes Evaluation Discussion Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

Evaluation l Five IBM Rack-Switch G 8264 Open. Flow-enabled switches connecting several commodity servers running Openvswitch. l Use Floodlight as controller. l Repeatedly installed random routes and verified that SDN traceroute correctly discovered them. l Shows the latency of conducting traces on various network paths. National Cheng Kung University CSIE Computer & Internet Architecture Lab 14

SDN traceroute solution l Undefined switch behavior. l Bugs in the Controller. l SDN traceroute latency. National Cheng Kung University CSIE Computer & Internet Architecture Lab 15

Outline l l l Introduction Background Proposed Schemes Evaluation Discussion Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab 16

Advantages l Non-invasive l Accurate l Low resource consumption l Arbitrary traffic National Cheng Kung University CSIE Computer & Internet Architecture Lab 17

Limitations l National Cheng Kung University CSIE Computer & Internet Architecture Lab 18

SDN traceroute VS Scraping rules l Switches today have limited TCAM space which prevents upfront static installation of all rules on the switch l Constantly scraping a large number of rules from a large number of switches can be burdensome. National Cheng Kung University CSIE Computer & Internet Architecture Lab 19

Table action support National Cheng Kung University CSIE Computer & Internet Architecture Lab 20

Outline l l l Introduction Background Proposed Schemes Evaluation Discussion Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab 21

Conclusion l By using the actual rules within the switches to debug arbitrary flows and packets. And need not to change existing rules to trap probes. l Only requires upfront installation of only a small number of rules per switch resulting in a very resource overhead. National Cheng Kung University CSIE Computer & Internet Architecture Lab 22