languages for software-defined networks nate foster, michael j. freedman, arjun guha, rob harrison,...
TRANSCRIPT
![Page 1: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/1.jpg)
Languages for Software-Defined Networks
Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich, Mark Reitblatt, Jennifer Rexford, Cole
Schlesinger, Alec Stor and David Walker
![Page 2: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/2.jpg)
Programming the Network
• SDN gives programmers control
• Control does not imply easy to use
• Bottom line: using OpenFlow is hard
![Page 3: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/3.jpg)
Example: repeater/monitor
• We want to create a repeater that also provides counter data on network traffic
• Using OpenFlow we need to take into account the way these rules will be installed
• And how they impact each other
![Page 4: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/4.jpg)
Repeater and monitor
• Task 1: forward port 1 to port 2 and port 2 to port 1
• Task 2: count http packets from port 2
In port 1: forward to port 2
In port 2 and port 80: take statistics, forward to port 1
In port 2: forward to port 1
![Page 5: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/5.jpg)
Repeater/monitor in OpenFlow
def switch_join(s):pat1 = finport:1gpat2web = finport:2, srcport:80gpat2 = finport:2ginstall(s, pat1, DEFAULT, [fwd(2)])install(s, pat2web, HIGH, [fwd(1)])install(s, pat2, DEFAULT, [fwd(1)])query_stats(s, pat2web)
Take them all into account
!
Making changes must be fun…
![Page 6: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/6.jpg)
What we need is…
• An abstraction!• The Frenetic family:– Pyretic (python)– Frenetic-OCaml
• Write modular programs• Get statistics without polling for them
explicitly
![Page 7: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/7.jpg)
Operations needed
1. Querying network state2. Expressing Policies3. Reconfiguring the network
(All these will need to be supported by the runtime)
![Page 8: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/8.jpg)
Operations: Querying
• A desired query might require a series of switch rules:– Statistics by source IP or by flow (install on the go)– Compound rules
• No polling for the data:– Turning queries into event-driven programming– “Every” keyword
• Packets might collect at the controller while the rules are being installed– Any identical packet arriving while processing should wait
![Page 9: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/9.jpg)
Select(bytes) *Where(inport=2 & srcport=80) *GroupBy([srcip]) *Every(60)Limit(1)
Aggregate type: what type of counter to install
Header: one counter each by this field
Event instead of polling: when to raise the eventLimit packets to the controller: only show this many packets
![Page 10: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/10.jpg)
A Query Language: Design
• High-level predicates• Dynamic unfolding• Limiting traffic• Polling and combining statistics
![Page 11: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/11.jpg)
High level predicates
• Something as simple as negation requires an elaborate hierarchy of rules:
• Some complex rules can be optimized in the switch table, the programmer doesn’t have to worry about that
• GroupBy predicates: one rule per item
srcip=192.168.1.253
srcport=80
Higher priority
Catches leftovers
![Page 12: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/12.jpg)
Dynamic unfolding
• Limited space for rules on the switch• Some counters require many rules to be
installed on the fly– Counters by source IP require 232 counters…
• GroupBy in Frenetic: rules will be installed on the fly without the programmer spelling it out
![Page 13: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/13.jpg)
Limiting traffic
• The controller and the switch do not communicate instantly
• Packets can queue up to the controller before the first one is handled
• Instead of having to code the controller ignoring the second packet:– Limit(1)
![Page 14: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/14.jpg)
Polling and combining
• Statistics are often checked periodically• Stats are also spread on many switches• Better event-driven than polled• Every (60):– Every 60 seconds– Collect info from all the switches– And raise a program event
![Page 15: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/15.jpg)
Operations: Network Policies
• Different network policies might have rules that interfere with queries– Or with each other
• We already saw our repeater/monitor would need three rules:– Inport1– Inport2web– Inport2
• Priorities matter!• It gets worse the more complex the functionality
![Page 16: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/16.jpg)
Modularity: back to our example
• Write different rules and queries side by side• Don’t have to take them into account• Put them together:
def repeater():…
def monitor():…
def main():repeater()monitor()
Can completely re-do this code
without touching anything else!
![Page 17: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/17.jpg)
Putting it together
• Composing different rules is delegated to the runtime system
• We trust it to compose them “correctly”• Composition types:– Parallel composition: both sets of rules on the
same stream of packets– Sequential composition: one module acts on the
output of the other
![Page 18: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/18.jpg)
Parallel Composition
• Two modules that work on the same packets• For instance: the repeater and the monitor, or
replication• If both modules produce forwarding rules, the
resulting rule is the uniondef main():
return p1() | p2()
![Page 19: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/19.jpg)
Example: replicate all ftp traffic
inport: 1 fwd to 2 inport: 1 and destport: 21 fwd to 3
1 2
3
inport: 2 fwd to 1
![Page 20: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/20.jpg)
Example: replicate all ftp traffic
inport: 1 fwd to 2 inport: 1 and destport: 21 fwd to 3
1 2
3
inport: 2 fwd to 1
srcip:1.2.3.4srcport:23
dstip:1.2.3.6dstport:6006
![Page 21: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/21.jpg)
Example: replicate all ftp traffic
inport: 1 fwd to 2 inport: 1 and destport: 21 fwd to 3
1 2
3
inport: 2 fwd to 1
srcip:1.2.3.5srcport:6005dstip:1.2.3.4dstport: 21
srcip:1.2.3.5srcport:6005dstip:1.2.3.4dstport: 21
![Page 22: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/22.jpg)
Sequential Composition
• Rules run one after the other: packets left after running the first go on to the next, etc.
• Example: when creating a firewall
def main():return p1() >> p2()
![Page 23: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/23.jpg)
Example: firewall
inport: 1 fwd to 2
1 2
inport: 2 fwd to 1
srcip: 1.2.3.8 dropdstport: 8080 drop
![Page 24: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/24.jpg)
Example: firewall
inport: 1 fwd to 2
1 2
inport: 2 fwd to 1
srcip: 1.2.3.8 dropdstport: 8080 drop
srcip:1.2.3.4srcport:23
dstip:1.2.3.6dstport:6006
![Page 25: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/25.jpg)
Example: firewall
inport: 1 fwd to 2
1 2
inport: 2 fwd to 1
srcip: 1.2.3.8 dropdstport: 8080 drop
srcip:1.2.3.8srcport:6008dstip:1.2.3.4dstport:23
![Page 26: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/26.jpg)
What the runtime system does
• The runtime system is the code that runs behind the programmer’s code
• Something that implements the complex functionalities that the user code uses
• In the case of Frenetic: a python/Ocaml library whose code runs behind the abstract ops
• Like JVM: provides the implementation for “system” functionality
![Page 27: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/27.jpg)
The Runtime System: Suggested Impl(microflow)
• When a packet comes in:– Test all queries and registered forwarding policies– Collect actions for the switch
• If no queries need packets like this:– Install forwarding rules
• If other queries might need packets like this– Manually forward the packet, but install no rule– Future packets will be forwarded to the controller
again
![Page 28: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/28.jpg)
Runtime System: An Efficient Impl
• Instead of dynamically unfolding all the rules• Generate rules (with wildcards) before packets
are ever seen• Proactive, not reactive• Frenetic uses NetCore: another abstraction
over OpenFlow• When can’t be generated ahead of time:
reactive specialization (a form of unfolding)
![Page 29: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/29.jpg)
Operations: Consistency of updates
• Per packet consistency: every packet will be processed with exactly one set of rules throughout the network– Two phase update of the network– Packets are stamped with a version number for
the rule set in the header
![Page 30: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/30.jpg)
Consistency of updates
• Per flow consistency: – Sometimes whole streams need to be handled
consistently (e.g. load balancing)– Rules expire only when all flows matching an old
configuration are finished
![Page 31: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/31.jpg)
Back to repeater/monitordef repeater():
rules=[Rule(inport:1, [fwd(2)]),Rule(inport:2, [fwd(1)])]
register(rules)def web monitor():
q = (Select(bytes) *Where(inport=2 & srcport=80) *Every(30))
q >> Print()def main():
repeater()monitor()
![Page 32: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/32.jpg)
1 2
inport: 1 fwd to 2
![Page 33: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/33.jpg)
1 2
src:1.2.3.4srcport: 80dst: 1.2.3.5
dstport: 6009
inport: 1 fwd to 2
![Page 34: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/34.jpg)
1 2
src:1.2.3.5srcport: 80dst: 1.2.3.4
dstport: 6009
inport: 1 fwd to 2inport: 2 and ip=1.2.3.5
count bytesinport: 2 and ip=1.2.3.5
fwd to 1
![Page 35: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/35.jpg)
1 2
src:1.2.3.5srcport: 80dst: 1.2.3.4
dstport: 6009
inport: 1 fwd to 2inport: 2 and ip=1.2.3.5
count bytesinport: 2 and ip=1.2.3.5
fwd to 1
![Page 36: Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich,](https://reader036.vdocuments.net/reader036/viewer/2022062322/56649e865503460f94b8a030/html5/thumbnails/36.jpg)
Additional Refernces
• Frenetic: A Network Programming Language (Foster et. al, 2011)
• Composing Software-Defined Network (Monsanto et. al, 2013)
• A Compiler and Run-time System for• Network Programming Languages (Monsanto
et. al, 2012)• http://frenetic-lang.org