from electronic design automation to nda: treating ...€¦ · from electronic design automation to...
TRANSCRIPT
George Varghese With Collaborators at Berkeley, Cisco, MSR, Stanford
From Electronic Design Automation to NDA:
Treating Networks like Chips or Programs
Networks today
2
1001
P1
P2
10* P11* P2
,P2SQL
Drop SQL
Load balancing Access Control Lists (ACLs)
• Multiple Protocols: 6000 RFCs (MPLS, GRE . . .)
• Multiple Vendors: Broadcom, Arista, Cisco, . . .
• Manual Configurations: Additional arcane programs kept working by “masters of complexity” (Shenker)
• Crude tools: SNMP, NetFlow, TraceRoute, . . .
Simple questions hard to answer today
o Which packets from A can reach B?
o Is Group X provably isolated from Group Y?
o Is the network causing poor performance or the server?
o Why is my backbone utilization poor?
o Is my load balancer distributing evenly?
o Where are there mysterious packet losses?
3
BOTTOM UP ANALYSIS OF EXISTING SYSTEMS
Motivation to do better
• Internal:o Errors often caused by configuration changes
• External: (2012 NANOG Network Operator Survey):
o 35% > 25 tickets per month, > 1 hour to resolve
o Welsh: vast majority of Google “production failures” due to “bugs in configuration settings”
As we migrate to services ($100B public cloud market), network failure will be a debilitating cost.
4
Networks Tomorrow
• Online services latency, cost sensitive
• Merchant Silicon Build your own router
• Rise of Data centers Custom networks
• Software defined Networks (SDNs) custom design “routing program”
• P4 (next generation SDN) redefine hardware forwarding at runtime
5
TOP DOWN DESIGN OF FUTURE NETWORKS TO OPTIMIZE GOAL
Specification
Functional Description (RTL)
Testbench & Vectors
Functional Verification
Logical Synthesis
Static Timing
Place & Route
Design Rule Checking (DRC)
Layout vs Schematic (LVS)
Parasitic Extraction
Post Siiliconvalidation
Specification
Policy Language, Semantics
Test PacketGeneration
Verification (Reachabilty)Synthesis (e.g.,
Forwarding Rules)
Performance verification?
Network Topology Design
Static checking (local checks)
Wiring Checkers
Interference estimation?
Dynamic checkers/ debuggers
Electronic Design Automation(McKeown SIGCOMM 2012)
Network Design Automation(NDA)?
Digital Hardware Design as Inspiration?
Outline
• Part 1: Tools for operators today
o Static Analysis, Test Packet Generation
o Analysis via Symbolic Execution
• Part 2: Tools, processes for designers & operators tomorrow.
o Network Design Automation
o Synthesis via Optimization
7
Many forwarding flavors/ 1 essence
8
IP Router10010
ESSENTIAL INSIGHT FOR OPENFLOW. USE SAME INSIGHTFOR UNDERSTANDING EXISTING PROTOCOLS
10* P11* P2
MAC Bridge01A1A2
01A1A2 P1. . .
PREFIX MATCH
EXACT MATCH
MPLS Switch5, 6
5 P1,Pop 5. . .
INDEXED LOOKUP
Idea: Treat Network as a Program
• Model header as point in high dimensional space and all
networking boxes as transformers of header space
9
PacketForwarding
1
2
3
0xx1..x1Match
+Send to port 3
Rewrite header
Action+
NETWORK BOX ABSTRACTED AS SET OF GUARDED COMMANDS . . NETWORK BECOMES A PROGRAM CAN USE PL METHODS
Header Space Framework
• Model all networking boxes as
transformers of header space
Transfer Function:
10
All Packets that A can use to communicate with B All Packets that A can possibly
send to box 2 through box 1
All Packets that A can possibly send
Computing Reachability (Kazemian et al, NSDI 12)
Box 1
Box 2
Box 3Box 4
A
B
T1(X,A)
T2(T1(X,A))
T4(T1(X,A))
T3(T2(T1(X,A)) U T3(T4(T1(X,A))
T-13
T-13
T-14
T-12T-1
1
T-11
11
All Packets that A canpossibly send to box 4
through box 1
Tool 3: Automatic Test Packet Generation (Zheng et al CoNext 12: )
• As in hardware, automatically generate test packets to detect faults
• Different optimization from hardware testing:o Maximize link/queue coverageo Performance (e.g., latency) not stuck-at faultso Respect constraints on terminal ports
• Up to160X reduction over all-pairs - aspects in Microsoft Autopilot
• Bounded network graph allows simple set cover compared to program testing (KLEE)
12
Semantics (Plotkin et al)
New semantics that has:• Symmetry Theorem: Can reduce fat tree to “thin
tree” using a “simulation” and verify reachability cheaply in latter
• Modularity Theorem: reuse of parts of switching network 13
Modularity
Symmetry
Tool 4: Batfish (Fogel et al, NSDI ‘05)
• So far all tools are for network data plane
• Need control plane tools for proactive analysis
• Check configuration sanity before applying to the network
• Check safety in the presence of certain routing changes
• Check back-ups are properly implemented
14
Config files Control plane logic
Data plane state
ParserLogic solver
Query
Query solver
Provenance
Environment
Other Work
• Geometric Packet Classification. (SIGCOMM 1998)
• Static Reachability of IP Networks (INFOCOM 2005)
• Anteater. (SIGCOMM 2011)
• Veriflow. (HotSDN 2012)
• SAT Based Data Plane Verification (HotSDN 2012)
• Flowlog (HotSDN 2012)
• NetKat/Netcore
15
PART 2: NETWORK SYNTHESIS VIA OPTIMIZATION
16
17
Specification
Policy Language, Semantics
Test PacketGeneration
Verification
Synthesis (e.g., Forwarding Rules)
Performance verification?
Network Design
Static checking (Local)
Wiring Checkers
Network Design Automation?
Early work
HOW MIGHT WE GO BEYOND EARLY WORK? WHAT NEW AREAS CAN WE TOUCH?
Dynamic checkers/ debuggers
Static Checkers: Booleans Quantities
• Given end-to-end flow rates, calculate link loads in face of failures (Juniwal et al, in progress)
• Given flow rate histograms, pack as many flows as possible & keep overflow probability within threshold
18
AB
CD
21 Flow Bandwidth
1.0
0.9Probability
3 G
Probabilistic Knapsack – (w. Bjorner, Gopalan, Karp, Kannan) Packing distributions
• Correctness: Failure probability < T, e.g., T = 0.05
• Performance: Find subset that minimizes expected waste
19
Item A
21
1.0
0.9Probability
Knapsack of size 3Which items?
Likely hard: even checking if one subset fails is exponential
21
0.5
21
0.9
1.0 1.0
Item B Item C
Other Synthesis Problems
• Synthesizing Rules: Synthesize ACLs based on policy (Kang et al, Princeton)
• Synthesizing Virtual Networks: Rao et al (Purdue) & Xie at al (Princeton)
• Synthesizing Tables within a router: Table Synthesis P4 Routers (Jose et al, Stanford)
• Synthesizing Transports: Deadline driven alternatives to TCP (MSR Cambridge)
20
Interactive Debugging (AEV 15)
• Existing network debuggers (MSR Sherlock, Stanford NDB, Berkeley Xtrace are Batch Debuggers
• What might equivalent be of setting a Watch point and then “stepping into” network?
• Example: Stepping Into by New Trace route message. Old TraceRoute not real-time. New hardware
21
Timestamp, Router queue information collected later
A C
New Trace Bit+ ID in data packets
Old Traceroute
Exploiting Domain Structure
22
Technique Structure exploited
Header Space Analysis (Symbolic Execution)
Limited negation, no loops, small equivalence classes
Net Plumber (Incremental Verification)
Network Graph, rule dependencies structure
ATPG (Test Generation) Network graph limits size ofstate space compared to KLEE
Exploiting Symmetry Known symmetries because of design (vs on logical structures)
Conclusion
• Inflection Point: Rise of services, data centers, Software Defined Networks
• Ideas: Symbolic execution (analysis) & optimization (synthesis)
• Intellectual Opportunity: Rethink existing techniques exploiting domain structure
• Systems Opportunity Working chips with billions of gates Why not large operational networks next?
23
Collaborators
MSR: Nikolaj Bjorner, Patrice Godefroid,
Karthick Jayaram Nuno Lopes, Ratul
Mahajan. Ming Zhang
Stanford: Peyman Kazemian, Nick
McKeown,
James Zheng
Berkeley: Garvit Juniwal, Sanjit Seshia
Cisco: Mohammed Alizadeh, Tom Edsall