SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities:...
Transcript of SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities:...
![Page 1: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/1.jpg)
SDN+NFV:
Algorithmic and Security Challenges
Stefan Schmid
Aalborg University, Denmark & TU Berlin, Germany
![Page 2: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/2.jpg)
SDN+NFV: It’s a great time to be a researcher!
Topic today!Rhone and Arve Rivers,
Switzerland
Credits: George Varghese.
![Page 3: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/3.jpg)
SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy).
Some (often read) claims:
❏Simpler
❏More flexible
❏Automatically verifiable
❏And hence also more secure?
![Page 4: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/4.jpg)
SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy).
Some (often read) claims:
❏Simpler
❏More flexible
❏Automatically verifiable
❏And hence also more secure?
30 October 2017
![Page 5: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/5.jpg)
❏Simpler
❏More flexible
❏Automatically verifiable
❏And hence also more secure?New threats?
Complexity of this?
SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy).
Some (often read) claims:
Really?
Algorithms? Avoid instabilities!
![Page 6: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/6.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
![Page 7: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/7.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Possibly virtualized (on commodity hw)…
![Page 8: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/8.jpg)
Algorithms
![Page 9: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/9.jpg)
Ctrl
Control
Programs
Control
Programs
A First (Algorithmic) Challenge: Decoupling
Challenge: centralization and decoupling!
Despite centralization: SDN stays a distributed system!
![Page 10: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/10.jpg)
Recall: Networking 101
Credits: Jennifer Rexford
❏ Networking «Hello World»: MAC learning
❏ Principle: for packet (src,dst) arriving at port p❏ If dst unknown: broadcast packets to all ports
❏ Otherwise forward directly to known port
❏ Also: if src unknown, switch learns: src is behind p
![Page 11: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/11.jpg)
h1
h2h3
1
23
❏ Example❏ h1 sends to h2:
❏ Networking «Hello World»: MAC learning
❏ Principle: for packet (src,dst) arriving at port p❏ If dst unknown: broadcast packets to all ports
❏ Otherwise forward directly to known port
❏ Also: if src unknown, switch learns: src is behind p
Recall: Networking 101
![Page 12: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/12.jpg)
h1
h2h3
1
23
❏ Example❏ h1 sends to h2: flood
❏ Networking «Hello World»: MAC learning
❏ Principle: for packet (src,dst) arriving at port p❏ If dst unknown: broadcast packets to all ports
❏ Otherwise forward directly to known port
❏ Also: if src unknown, switch learns: src is behind p
Recall: Networking 101
![Page 13: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/13.jpg)
❏ Example❏ h1 sends to h2: flood, learn (h1,p1)
h1
h2h3
1
23
dstmac=h1,fwd(1)
❏ Networking «Hello World»: MAC learning
❏ Principle: for packet (src,dst) arriving at port p❏ If dst unknown: broadcast packets to all ports
❏ Otherwise forward directly to known port
❏ Also: if src unknown, switch learns: src is behind p
Recall: Networking 101
![Page 14: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/14.jpg)
❏ Example❏ h1 sends to h2: flood, learn (h1,p1)
❏ h3 sends to h1: forward to p1 h1
h2h3
1
23
dstmac=h1,fwd(1)
❏ Networking «Hello World»: MAC learning
❏ Principle: for packet (src,dst) arriving at port p❏ If dst unknown: broadcast packets to all ports
❏ Otherwise forward directly to known port
❏ Also: if src unknown, switch learns: src is behind p
Recall: Networking 101
![Page 15: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/15.jpg)
h13
❏ Example❏ h1 sends to h2: flood, learn (h1,p1)
❏ h3 sends to h1: forward to p1, learn (h3,p3)
h2h3
1
2
dstmac=h1,fwd(1)
dstmac=h3,fwd(3)
❏ Networking «Hello World»: MAC learning
❏ Principle: for packet (src,dst) arriving at port p❏ If dst unknown: broadcast packets to all ports
❏ Otherwise forward directly to known port
❏ Also: if src unknown, switch learns: src is behind p
Recall: Networking 101
![Page 16: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/16.jpg)
❏ Example❏ h1 sends to h2: flood, learn (h1,p1)
❏ h3 sends to h1: forward to p1, learn (h3,p3)
❏ h1 sends to h3: forward to p3
h13
h2h3
1
2
dstmac=h1,fwd(1)
dstmac=h3,fwd(3)
❏ Networking «Hello World»: MAC learning
❏ Principle: for packet (src,dst) arriving at port p❏ If dst unknown: broadcast packets to all ports
❏ Otherwise forward directly to known port
❏ Also: if src unknown, switch learns: src is behind p
Recall: Networking 101
![Page 17: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/17.jpg)
How to implement this behavior in SDN?
h13
From Traditional Networks to SDN
h2h3
1
2
Controller
![Page 18: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/18.jpg)
Example: SDN MAC Learning Done Wrong
❏ Initial table: Send everything to controller
h1
h2h3
1
23
Controller
OpenFlow
switch
Pattern Action
* send to controller
![Page 19: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/19.jpg)
Example: SDN MAC Learning Done Wrong
❏ When h1 sends to h2:
h1
h2h3
1
23
Controller
OpenFlow
switch
Pattern Action
* send to controller
❏ Initial table: Send everything to controller
![Page 20: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/20.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
❏ When h1 sends to h2:
❏ Controller learns that h1@p1, updates table, and floods
h1 sends to h2
Pattern Action
* send to controller
Pattern Action
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 21: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/21.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
❏ Now assume h2 sends to h1:
Pattern Action
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 22: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/22.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
❏ Now assume h2 sends to h1:
❏ Switch knows destination: message forwarded to h1
❏ BUT: No controller interaction, does not learn about h2: no new rule for h2
Pattern Action
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 23: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/23.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
❏ Now, when h3 sends to h2:
h3 sends to h2
Pattern Action
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 24: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/24.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
❏ Now, when h3 sends to h2:
❏ Dest unknown: goes to controller which learns about h3
❏ And then floods
h3 sends to h2
Pattern Action
dstmac=h3 Forward(3)
dstmac=h1 Forward(1)
* send to controller
Pattern Action
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 25: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/25.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
❏ Now, if h2 sends to h3 or h1:
Pattern Action
dstmac=h3 Forward(3)
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 26: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/26.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
❏ Now, if h2 sends to h3 or h1:
❏ Destinations known: controller does not learn about h2
Pattern Action
dstmac=h3 Forward(3)
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 27: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/27.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
Ouch! Controller cannot learn about h2 anymore: whenever h2 is source, destination is known. All future
requests to h2 will all be flooded: inefficient!
Pattern Action
dstmac=h3 Forward(3)
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
![Page 28: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/28.jpg)
Example: SDN MAC Learning Done Wrong
h1
h2h3
1
23
OpenFlow
switch
Controller
Pattern Action
dstmac=h3 Forward(3)
dstmac=h1 Forward(1)
* send to controller
❏ Principle: only send to ctrlif destination unknown
Ouch! Controller cannot learn about h2 anymore: whenever h2 is source, destination is known. All future
requests to h2 will all be flooded: inefficient!
How to efficiently detect such problems? And which rules to use
to overcome them? An algorithmic problem!
![Page 29: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/29.jpg)
❏ Rules inserted using switch CLI
❏ Operator misconfigurations
❏ Software/hardware bugs
❏ Updates that have beenacknowledged wrongfully
❏ Malicious behavior, etc.
There Are Many More Reasons Why A Controller May Have Inconsistent View
Ctrl ?!
mind the gap!
A problem because like in security: at mostas consistent as least consistent part!
![Page 30: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/30.jpg)
Further Reading
Towards Meticulous Data Plane Monitoring (Poster Paper)Apoorv Shukla, Said Jawad Saidi, Stefan Schmid, Marco Canini, and Anja Feldmann.EuroSys PhD Forum, Belgrade, Serbia, April 2017.
![Page 31: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/31.jpg)
Ctrl
Control
Programs
Control
Programs
Another Challenge Arising From Decoupling
Challenge: DecouplingAsynchronous!
Despite centralization: SDN stays a distributed system!
![Page 32: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/32.jpg)
Ctrl
Control
Programs
Control
Programs
Challenge: DecouplingAsynchronous!
Another Challenge Arising From Decoupling
Async
Async
Async
Async
AsyncDespite centralization: SDN stays a distributed system!
![Page 33: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/33.jpg)
untrusted
hoststrusted
hosts
Controller Platform
Example “Route Updates”:What can possibly go wrong?
Invariant: Traffic from untrusted hosts to trusted hosts via firewall!
![Page 34: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/34.jpg)
Problem 1: Bypassed Waypoint
Controller Platform
Invariant: Traffic from untrusted hosts to trusted hosts via firewall!
untrusted
hoststrusted
hosts
![Page 35: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/35.jpg)
Problem 2: Transient Loop
Controller Platform
Invariant: Traffic from untrusted hosts to trusted hosts via firewall!
untrusted
hoststrusted
hosts
![Page 36: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/36.jpg)
Tagging: A Universal Solution?
redred
new route
❏ Old route: red
❏ New route: blue
old route
tag red
Reitblatt et al. Abstractions for Network Update, ACM SIGCOMM 2012.
![Page 37: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/37.jpg)
Tagging: A Universal Solution?
redred
blue
blue
new route
❏ Old route: red
❏ New route: blue
❏ 2-Phase Update:
❏ Install blue flowrules internally old route
tag red
Reitblatt et al. Abstractions for Network Update, ACM SIGCOMM 2012.
![Page 38: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/38.jpg)
Tagging: A Universal Solution?
tag blue
redred
blue
blue
new route
❏ Old route: red
❏ New route: blue
❏ 2-Phase Update:
❏ Install blue flowrules internally
❏ Flip tag at ingressports
old route
tag red
Reitblatt et al. Abstractions for Network Update, ACM SIGCOMM 2012.
![Page 39: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/39.jpg)
Tagging: A Universal Solution?
tag blue
redred
blue
blue
new route
❏ Old route: red
❏ New route: blue
❏ 2-Phase Update:
❏ Install blue flowrules internally
❏ Flip tag at ingressports
old route
tag red
Where to tag? Header space? Overhead!
Time till new link becomes available!
Reitblatt et al. Abstractions for Network Update, ACM SIGCOMM 2012.
Cost of extra rules!
![Page 40: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/40.jpg)
Tagging: A Universal Solution?
tag blue
redred
blue
blue
new route
❏ Old route: red
❏ New route: blue
❏ 2-Phase Update:
❏ Install blue flowrules internally
❏ Flip tag at ingressports
old route
tag red
Cost of extra rules!
Where to tag? Header space? Overhead!
Time till new link becomes available!
Reitblatt et al. Abstractions for Network Update, ACM SIGCOMM 2012.
Possible solution without
tagging, and at least
preserve weaker
consistency properties?
![Page 41: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/41.jpg)
Idea: Schedule “Safe” Subsets of Nodes Only, Then Wait for ACK!
Packet may take a mix of old and new path, as long as, e.g., Loop-Freedom (LF) and Waypoint Enforcement(WPE) are fulfilled
Controller Platform
Controller Platform
Round 1
Round 2
…
Idea: Schedule safe update subsets in multiple rounds!
![Page 42: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/42.jpg)
Loop-Free Update Schedule
insecure
Internet
secure
zone
![Page 43: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/43.jpg)
Loop-Free Update Schedule
insecure
Internet
secure
zone
insecure
Internet
secure
zone
insecure
Internet
secure
zone
R1:
R2:
![Page 44: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/44.jpg)
Loop-Free Update Schedule
insecure
Internet
secure
zone
insecure
Internet
secure
zone
insecure
Internet
secure
zone
R1:
R2:
Forward edges(wrt old policy)! Always safe.
Backwardedge: risky!
![Page 45: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/45.jpg)
Loop-Free Update Schedule
insecure
Internet
secure
zone
insecure
Internet
secure
zone
insecure
Internet
secure
zone
R1:
R2:LF ok! But: WPE violated in Round 1!
Forward edges(wrt old policy)! Always safe.
Backwardedge: risky!
![Page 46: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/46.jpg)
Waypoint Respecting Schedule
insecure
Internet
secure
zone
![Page 47: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/47.jpg)
Waypoint Respecting Schedule
insecure
Internet
secure
zone
insecure
Internet
secure
zone
insecure
Internet
secure
zone
R1:
R2:
Don’t cross thewaypoint: safe!
![Page 48: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/48.jpg)
Waypoint Respecting Schedule
insecure
Internet
secure
zone
insecure
Internet
secure
zone
insecure
Internet
secure
zone
R1:
R2:… ok but may violate LF in Round 1!
Don’t cross thewaypoint: safe!
![Page 49: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/49.jpg)
Can we have both LF and WPE?
insecure
Internet
secure
zone
![Page 50: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/50.jpg)
Yes: but it takes 3 rounds!
insecure
Internet
secure
zone
insecure
Internet
secure
zone
R1:
R2:
insecure
Internet
secure
zoneR3:
![Page 51: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/51.jpg)
Yes: but it takes 3 rounds!
insecure
Internet
secure
zone
insecure
Internet
secure
zone
R1:
R2:
insecure
Internet
secure
zoneR3:Is there always a WPE+LF schedule?
![Page 52: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/52.jpg)
What about this one?
![Page 53: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/53.jpg)
LF and WPE may conflict!
❏ Cannot update any forward edge in R1: WP
❏ Cannot update any backward edge in R1: LF
No schedule exists!
Resort to tagging…
![Page 54: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/54.jpg)
What about this one?
![Page 55: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/55.jpg)
What about this one?
1
❏ Forward edge after the waypoint: safe!
❏ No loop, no WPE violation
![Page 56: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/56.jpg)
What about this one?
2
❏ Now this backward is safe too!
❏ No loop because exit through 1
1
![Page 57: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/57.jpg)
What about this one?
1
2
3
❏ Now this is safe: ready back to WP!
❏ No waypoint violation
2
![Page 58: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/58.jpg)
What about this one?
1
2
3
4
4
❏ Ok: loop-free and also not on the path (exit via )1
![Page 59: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/59.jpg)
What about this one?
1
2
3
❏ Ok: loop-free and also not on the path (exit via )
4
4
1
![Page 60: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/60.jpg)
What about this one?
1
2
3
4
4
5
![Page 61: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/61.jpg)
Back to the start: What if….
1
![Page 62: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/62.jpg)
Back to the start: What if…. also this one?!
1
1
![Page 63: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/63.jpg)
Back to the start: What if…. also this one?!
1
1
❏ Update any of the 2 backward edges? LF
![Page 64: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/64.jpg)
Back to the start: What if…. also this one?!
1
1
❏ Update any of the 2 backward edges? LF
![Page 65: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/65.jpg)
Back to the start: What if…. also this one?!
1
1
❏ Update any of the 2 backward edges? LF
![Page 66: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/66.jpg)
Back to the start: What if…. also this one?!
1
1
❏ Update any of the 2 backward edges? LF
❏ Update any of the 2 other forward edges? WPE
❏ What about a combination? No…
![Page 67: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/67.jpg)
In General: NP-Hard!
1
1
Bad news: Even decidability hard: cannot quickly test feasibility and ifinfeasible resort to say, tagging solution!
To update or not to update in the first round?
NP-hard! And greedy can be bad.
Open question: What is complexity in „typical networks“, like datacenter or enterprise networks?
![Page 68: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/68.jpg)
What about loop-freedom only?
![Page 69: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/69.jpg)
1
From the destination! Invariant: path suffix updated!
What about loop-freedom only?Always possible in n rounds!
![Page 70: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/70.jpg)
12
From the destination! Invariant: path suffix updated!
What about loop-freedom only?Always possible in n rounds!
![Page 71: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/71.jpg)
12
3
From the destination! Invariant: path suffix updated!
What about loop-freedom only?Always possible in n rounds!
![Page 72: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/72.jpg)
1
From the destination! Invariant: path suffix updated!
2
34
5
6
What about loop-freedom only?Always possible in n rounds!
![Page 73: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/73.jpg)
But how to minimize # rounds?
![Page 74: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/74.jpg)
But how to minimize # rounds?
2 rounds easy, 3 rounds NP-hard. Everything else:
We don’t know today!
![Page 75: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/75.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
w
s t
u v
![Page 76: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/76.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Flow 1
w
s t
u v
![Page 77: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/77.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Flow 1
Flow 2Can you find an update schedule?
w
s t
u v
![Page 78: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/78.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Flow 1
Flow 2Can you find an update schedule?
w
s t
u v
e.g., cannot update red: congestion! Need to update blue first!
![Page 79: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/79.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Schedule:1. red@w,blue@u,blue@v
w
s t
u v
1 1
1
Round 1: prepare
No flow! No flow!
No flow!
![Page 80: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/80.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Schedule:1. red@w,blue@u,blue@v
w
s t
u v
1 1
1
2. blue@s
2
Round 2
flow! No flow!
No flow!
![Page 81: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/81.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Schedule:1. red@w,blue@u,blue@v
w
s t
u v
1 1
1
2. blue@s
2
3. red@sRound 3
Capacity 2: ok!
3
No flow!
![Page 82: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/82.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Schedule:1. red@w,blue@u,blue@v
w
s t
u v
1 1
1
2. blue@s
2
3. red@sRound 4
Capacity 2: ok!
3
4
4. blue@w
![Page 83: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/83.jpg)
What about capacity constraints?
1
2
2
1 1
1
1
Schedule:1. red@w,blue@u,blue@v
w
s t
u v
1 1
1
2. blue@s
2
3. red@sRound 4
3
4
4. blue@w
Note: this (non-trivial) example was just a DAG,
without loops!
![Page 84: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/84.jpg)
Solution: Dependency Graph onBlock Decomposition of DAGs
1
2
2
1 1
1
1
Flow 1
Flow 2
Block for a given flow: subgraph between two
consecutive nodes whereold and new route meet. w
s t
u v
![Page 85: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/85.jpg)
1
2
2
1 1
1
1
Block for a given flow: subgraph between two
consecutive nodes whereold and new route meet. w
s t
u v
Just one red block: r1
r1
Solution: Dependency Graph onBlock Decomposition of DAGs
![Page 86: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/86.jpg)
1
2
2
1 1
1
1
Block for a given flow: subgraph between two
consecutive nodes whereold and new route meet. w
s t
u v
Two blue blocks: b1 and b2
b1 b2
Solution: Dependency Graph onBlock Decomposition of DAGs
![Page 87: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/87.jpg)
1
2
2
1 1
1
1
Block for a given flow: subgraph between two
consecutive nodes whereold and new route meet. w
s t
u v
Dependencies: update b2 after r1 after b1.
b1 b2r1
Solution: Dependency Graph onBlock Decomposition of DAGs
![Page 88: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/88.jpg)
Many Open Problems!
❏ We know for DAG:❏ For k=2 flows, polynomial-time algorithm to compute
schedule with minimal number of rounds!❏ For general k, NP-hard
❏ For general k flows, polynomial-time algorithm tocompute feasible update
❏ Everything else: unkown!❏ In particular: what if flow graph is not a DAG?
![Page 89: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/89.jpg)
What’s new about this problem?
❏ Much classic literature on, e.g.,
❏ Disruption-free IGP route changes
❏ Ship-in-the-Night techniques
❏ SDN: new model (centralized and direct control of routes) and new properties
❏ Not only connectivity consistency but also policy consistency(e.g., waypoints) and performance consistency
Survey of ConsistentNetwork UpdatesKlaus-Tycho Foerster, Stefan Schmid, and Stefano Vissicchio. ArXiv Technical Report, September 2016.
Further reading: 35-page survey!
![Page 90: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/90.jpg)
Further Reading:
Can't Touch This: Consistent Network Updates for Multiple Policies
Szymon Dudycz, Arne Ludwig, and Stefan Schmid.
46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Toulouse, France, June 2016.
Transiently Secure Network Updates
Arne Ludwig, Szymon Dudycz, Matthias Rost, and Stefan Schmid.
42nd ACM SIGMETRICS, Antibes Juan-les-Pins, France, June 2016.
Scheduling Loop-free Network Updates: It's Good to Relax!
Arne Ludwig, Jan Marcinkowski, and Stefan Schmid.
ACM Symposium on Principles of Distributed Computing (PODC), Donostia-San Sebastian, Spain, July 2015.
Good Network Updates for Bad Packets: Waypoint Enforcement Beyond Destination-Based Routing Policies
Arne Ludwig, Matthias Rost, Damien Foucard, and Stefan Schmid.
13th ACM Workshop on Hot Topics in Networks (HotNets), Los Angeles, California, USA, October 2014.
Congestion-Free Rerouting of Flows on DAGs
Saeed Akhoondian Amiri, Szymon Dudycz, Stefan Schmid, and Sebastian Wiederrecht.
ArXiv Technical Report, November 2016.
Survey of Consistent Network Updates
Klaus-Tycho Foerster, Stefan Schmid, and Stefano Vissicchio.
ArXiv Technical Report, September 2016.
survey
loop-freedom
multiple policies
waypointing
loop-freedom
waypointing
capacity constraints
![Page 91: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/91.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Opportunity: innovative servicesand algorithms
![Page 92: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/92.jpg)
• Traditionally: shortest paths, IP destination-based
• SDN: non-shortest, non-confluent, may depend on otherheader fields (e.g., TCP port), etc.
Example Benefit: Traffic Engineering
Example: limitation of traditional networks
Node R4 can‘t route blue and green traffic differently: same destination (destination-based)!
Credits: Kurose&Ross, Top-Down Approach
R2
D
R3R5
A
R6
R4
![Page 93: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/93.jpg)
• Traditionally: shortest paths, IP destination-based
• SDN: non-shortest, non-confluent, may depend on otherheader fields (e.g., TCP port), etc.
Example Benefit: Traffic Engineering
Example: limitation of traditional networks
Node R4 can‘t route blue and green traffic differently: same destination (destination-based)!
Credits: Kurose&Ross, Top-Down Approach
R2
D
R3R5
A
R6
R4
With SDN (or MPLS etc.)
![Page 94: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/94.jpg)
• SDN supports even more complex routes
• For example, service chain: traffic is steered (e.g., using SDN) througha sequence of (virtualized) middleboxes to compose a more complexnetwork service
s tcache
firewallWAN
optimizer
Example Benefit: Waypoint Routing
Waypoints!
For predictableperformance: bw
reservation!
![Page 95: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/95.jpg)
s t
s tor
And what if requestsallow for alternatives
and different decompositions?
Requests can be more complex
Already non-trivial!
![Page 96: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/96.jpg)
s t
s tor
And what if requestsallow for alternatives
and different decompositions?
Requests can be more complex
Already non-trivial!
Known as PR (Processing and Routing) Graph: allows to model different
choices and implementations!
![Page 97: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/97.jpg)
What about this one?!
Credits: https://tools.ietf.org/html/draft-ietf-sfc-use-case-mobility-06
IETF Draft:
Customer LB1Cache LB2 FW NAT Internet
❏ Service chain for mobile operators
❏ Load-balancers are used to route (parts of) the traffic through cache
![Page 98: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/98.jpg)
Example: admission control and embedding
A
A
B
C
D10 Gbps
10 Gbps
5 Gbps
Substrate:
C
Requests:
10 Gbps
B C
5 Gbps
A B10 Gbps
?
?
?Which ones can be
admitted and embedded?
![Page 99: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/99.jpg)
A
A
B
C
D10 Gbps
10 Gbps
5 Gbps
Substrate:
C
Requests:
10 Gbps
B C
5 Gbps
A B10 Gbps
?
?
Example: admission control and embedding
Which ones can be
admitted and embedded?
![Page 100: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/100.jpg)
A
A
B
C
D0 Gbps
0 Gbps
5 Gbps
Substrate:
C
Requests:
10 Gbps
B C
5 Gbps
A B10 Gbps
?
?
Example: admission control and embedding
Which ones can be
admitted and embedded?
![Page 101: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/101.jpg)
A
A
B
C
D0 Gbps
0 Gbps
5 Gbps
Substrate:
C
Requests:
10 Gbps
B C
5 Gbps
A B10 Gbps
?
Example: admission control and embedding
Which ones can be
admitted and embedded?
![Page 102: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/102.jpg)
A
A
B
C
D0 Gbps
0 Gbps
0 Gbps
Substrate:
C
Requests:
10 Gbps
A B10 Gbps
B C
5 Gbps
Example: admission control and embedding
Which ones can be
admitted and embedded?
![Page 103: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/103.jpg)
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
Chains, alternative chains, but even trees. Trick: reduction to flow problem using product graphs.
![Page 104: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/104.jpg)
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
A
fw gw
x86
Substrate:
D
B
C
Product graph:
B
DCA
B
DCA
B
DCA
B
DCA
B
DCA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A Dith request ri:
Copy graph for each edge of chain
Placement constraint
![Page 105: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/105.jpg)
A
fw gw
x86
Substrate:
D
B
C
Product graph:
B
DCA
B
DCA
B
DCA
B
DCA
B
DCA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A D
Processing edge: processing happens on C: connect C to C in next layer!
ith request ri:
Routing edge: graph edge on same layer
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
![Page 106: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/106.jpg)
A
fw gw
x86
Substrate:
D
B
C
Product graph:
B
DCA
B
DCA
B
DCA
B
DCA
B
DCA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A D
Super-source
ith request ri:
Super-sink
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
![Page 107: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/107.jpg)
A
ith request ri:
fw gw
x86
Substrate:
D
B
C
Product graph:
B
DCA
B
DCA
B
DCA
B
DCA
B
DCA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A D
Any (si,ti) flow presents a route of the request ri!
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
![Page 108: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/108.jpg)
ith request ri:
fw gw
x86
Substrate:
D
B
Product graph:D
C
B
DCA
CB
A
B
DCA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A D
B
D
BA A
DC
A C
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
process!process!
route!
route!
route!
Any (si,ti) flow presents a route of the request ri!
![Page 109: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/109.jpg)
A
ith request ri:
fw gw
x86
Substrate:
D
C
Product graph:
B
DCA
DA
B
DCA
B
DCA
DA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A D
B
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
BC
BC
process!route!
Any (si,ti) flow presents a route of the request ri!
![Page 110: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/110.jpg)
A
ith request ri:
fw gw
x86
Substrate:
D
C
Product graph:
B
DCA
DA
B
DCA
B
DCA
DA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A D
B
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
BC
BC
This problem can be solved using mincost unsplittable multi-commodity flow (approximation) algorithms (e.g.,
randomized rounding).
Any (si,ti) flow presents a route of the request ri!
![Page 111: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/111.jpg)
A
ith request ri:
fw gw
x86
Substrate:
D
C
Product graph:
B
DCA
DA
B
DCA
B
DCA
DA
fw gw
x86
si ti
si
Si ti
or
ti
C
B C
A D
B
Good News 1: If approximation is good enough, can use product graphs and randomized rounding for “Fairly Simple” Requests!
BC
BC
But note: cannot keep track of dependencies across stages (e.g.,
allocation on links or nodes): may yield oversubscription.
Any (si,ti) flow presents a route of the request ri!
This problem can be solved using mincost unsplittable multi-commodity flow (approximation) algorithms (e.g.,
randomized rounding).
![Page 112: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/112.jpg)
s t
Novelty:
❏ Traditionally: routes form simple paths (e.g., shortest paths)
❏ Now: routing through middleboxes may require moregeneral paths, with loops: a walk
How to compute a shortest route
through a waypoint?
Approximations Are Okay, But What About Optimal Embeddings?
2 2
![Page 113: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/113.jpg)
Comuting A Shortest Walk Through A Single Given Waypoint is Non-Trivial!
s
❏ Computing shortest routes through waypointsis non-trivial!
wt
Assume unit capacity and demand for simplicity!
![Page 114: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/114.jpg)
s
❏ Computing shortest routes through waypointsis non-trivial!
wt
Greedy fails: choose shortest path from s to w…
Assume unit capacity and demand for simplicity!
Comuting A Shortest Walk Through A Single Given Waypoint is Non-Trivial!
![Page 115: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/115.jpg)
s
wt
Greedy fails: … now need long path from w to t
❏ Computing shortest routes through waypointsis non-trivial! Assume unit capacity and
demand for simplicity!
Comuting A Shortest Walk Through A Single Given Waypoint is Non-Trivial!
![Page 116: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/116.jpg)
s
wt
Greedy fails: … now need long path from w to t
Total length: 2+6=8
❏ Computing shortest routes through waypointsis non-trivial! Assume unit capacity and
demand for simplicity!
Comuting A Shortest Walk Through A Single Given Waypoint is Non-Trivial!
![Page 117: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/117.jpg)
s
wt
A better solution: jointly optimize the two segments!
Total length: 4+2=6
❏ Computing shortest routes through waypointsis non-trivial! Assume unit capacity and
demand for simplicity!
Comuting A Shortest Walk Through A Single Given Waypoint is Non-Trivial!
![Page 118: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/118.jpg)
Relationship to Shortest Disjoint Paths
If capacities are 1, segments need to be
edge-disjoint: A disjoint paths problem
• A well-known combinatorial problem!
• NP-hard on directed networks
• Feasibility in P on undirected networks for small
(constant) number of flows
• Polytime randomized algorithm for 2 disjoint paths
(recent result!)
s1
t1s2
t2
s3
t3
![Page 119: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/119.jpg)
NP-hard on Directed Networks:Reduction from Disjoint Paths Problem
s1
s2
t1
t2
w
Reduction: From joint shortest paths (s1,t1),(s2,t2)
to shortest walk (s,w,t) problem
Fact: computing 2-disjoint paths (2DP) is NP-hard on directed graphs.
We show: If waypoint routing was in P, we could solve 2DP fast. Contradiction!
![Page 120: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/120.jpg)
s1
s2
t1
t2
w
•Reduction: To find shortest paths (s1,t1), (s2,t2), introduce waypoint w and connect t1 to s2
via w….
Reduction: From joint shortest paths (s1,t1),(s2,t2)
to shortest walk (s,w,t) problem
NP-hard on Directed Networks:Reduction from Disjoint Paths Problem
![Page 121: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/121.jpg)
s1
s2
t1
t2
w
•Reduction: To find shortest paths (s1,t1), (s2,t2), introduce waypoint w and connect t1 to s2
via w….
Reduction: From joint shortest paths (s1,t1),(s2,t2)
to shortest walk (s,w,t) problem
… and ask for shortest waypoint route (s1,w,t2)
NP-hard on Directed Networks:Reduction from Disjoint Paths Problem
![Page 122: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/122.jpg)
s1
s2
t1
t2
w
Reduction: From joint shortest paths (s1,t1),(s2,t2)
to shortest walk (s,w,t) problem
NP-hard on Directed Networks:Reduction from Disjoint Paths ProblemThe walk (s1,w,t2) walk defines a (s1,t1)
and a (s2,t2) path pair before/after the waypoint! Solves original problem:
Contradiction!
•Reduction: To find shortest paths (s1,t1), (s2,t2), introduce waypoint w and connect t1 to s2
via w….
… and ask for shortest waypoint route (s1,w,t2)
![Page 123: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/123.jpg)
What about waypoint routes on undirected networks?
![Page 124: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/124.jpg)
Path 1
❏ For a single waypoint, can even compute shortest route (walk)!
❏ Recall: there is a randomized polytime algorithm for 2 disjoint paths
What about waypoint routes on undirected networks? (2)
Idea: Reduce it to disjoint paths problem!
S TPath 2
u v3 u vStep 1: replace
weights with parallel links
Step 2: compute 2 disjoint paths (A,W) and (W,B)
W
![Page 125: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/125.jpg)
Path 1
❏ For a single waypoint, can even compute shortest route (walk)!
❏ Recall: there is a randomized polytime algorithm for 2 disjoint paths
What about waypoint routes on undirected networks? (2)
Idea: Reduce it to disjoint paths problem!
S TPath 2
u v3 u vStep 1: replace
weights with parallel links
Step 2: compute 2 disjoint paths (A,W) and (W,B)
W
Good news: For a single waypoint, shortest
paths can be computed even faster!
![Page 126: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/126.jpg)
❏ Suurballe’s algorithm: finds two (edge-)disjoint shortestpaths between same endpoints:
ts
Walking Through a Waypoint on Steroids: Suurballe’s Algorithm
![Page 127: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/127.jpg)
❏ Suurballe’s algorithm: finds two (edge-)disjoint shortestpaths between same endpoints:
ts
•How to compute a shortest (s,w,t) route with this algorithm??
Walking Through a Waypoint on Steroids: Suurballe’s Algorithm
![Page 128: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/128.jpg)
❏ Step 1: replace capacities with parallel edges: paths will become edge-disjoint
s tw s tw22
Walking Through a Waypoint on Steroids: Reduction to Suurballe’s Algorithm
![Page 129: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/129.jpg)
❏ Step 2: Reduction to Suurballe’s algorithm:
t
s
wG•In order to find shortest (s,w,t) route…
Walking Through a Waypoint on Steroids: Reduction to Suurballe’s Algorithm
![Page 130: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/130.jpg)
t
s
wS+ T+
G•… connect S+ to s and t, and w to T+…
❏ Step 2: Reduction to Suurballe’s algorithm:
Walking Through a Waypoint on Steroids: Reduction to Suurballe’s Algorithm
![Page 131: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/131.jpg)
t
s
wS+ T+
G•… ask Suurballe for 2 disjoint paths from S+ to T+…
❏ Step 2: Reduction to Suurballe’s algorithm:
Walking Through a Waypoint on Steroids: Reduction to Suurballe’s Algorithm
![Page 132: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/132.jpg)
t
s
wG•Solution! Undirected: direction does not matter.
❏ Step 2: Reduction to Suurballe’s algorithm:
Walking Through a Waypoint on Steroids: Reduction to Suurballe’s Algorithm
![Page 133: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/133.jpg)
Wait A Moment…!?
Can we not use Suurballe as well to solve 2 disjoint paths?
t
s
S+
G
w T+
s1
S+
G
T+
s2
t1
t2
Reduction Waypoint Routing ⇒ Suurballe
Reduction 2 Disjoint Paths ⇒ Suurballe
![Page 134: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/134.jpg)
Wait A Moment…!?
No! Solves a much easier problem: 2 routes from {s1,s2} to {t1,t2}.
t
s
S+
G
w T+
s1
S+
G
T+
s2
t1
t2
Reduction Waypoint Routing ⇒ Suurballe
Reduction 2 Disjoint Paths ⇒ Suurballe
![Page 135: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/135.jpg)
❏ Remark 1: Suurballe is actually for directed substrategraphs, so need gadget to transform problem in right form:
y
x
u v u v
❏ Remark 2: Suurballe: for vertex disjoint❏ Suurballe & Tarjan: edge disjoint
Remarks: Under the rug…
![Page 136: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/136.jpg)
Further ReadingAn Approximation Algorithm for Path Computation and FunctionPlacement in SDNsGuy Even, Matthias Rost, and Stefan Schmid.23rd International Colloquium on Structural Information and Communication Complexity (SIROCCO), Helsinki, Finland, July 2016.
Competitive and Deterministic Embeddings of Virtual NetworksGuy Even, Moti Medina, Gregor Schaffrath, and Stefan Schmid.Journal Theoretical Computer Science (TCS), Elsevier, 2013.
Charting the Complexity Landscape of Waypoint RoutingSaeed Akhoondian Amiri, Klaus-Tycho Foerster, Riko Jacob, and Stefan Schmid. ArXiv Technical Report, May 2017.
Walking Through WaypointsSaeed Akhoondian Amiri, Klaus-Tycho Foerster, and Stefan Schmid. ArXiv Technical Report, August 2017.
Online Admission Control and Embedding of Service ChainsTamás Lukovszki and Stefan Schmid.SIROCCO, July 2015.
![Page 137: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/137.jpg)
You: Great, I can embed service
chains at low resource cost and
providing minimal bandwidth
guarantees!
![Page 138: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/138.jpg)
You: Great, I can embed service
chains at low resource cost and
providing minimal bandwidth
guarantees!
Boss: So can I promise our
customers a predictable
performance?
![Page 139: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/139.jpg)
You: Great, I can embed service
chains at low resource cost and
providing minimal bandwidth
guarantees!
Boss: So can I promise our
customers a predictable
performance?
You: hmmm….
![Page 140: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/140.jpg)
The Many Faces of Performance Interference
vSDN-2 vSDN-2 vSDN-2
vSDN-1vSDN-1vSDN-1
An Experiment: 2 vSDNs with bw guarantee!
Assume: perfectperformance isolation on
the network!
Consider: 2 SDN-basedvirtual networks (vSDNs)
sharing physical resources!
![Page 141: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/141.jpg)
SDN Network Hypervisor
vSDN-1
controller
vSDN-2
controller
vSDN-2 vSDN-2 vSDN-2
vSDN-1vSDN-1vSDN-1
To enable multi-tenancy, take existing network
hypervisor (e.g. Flowvisor, OpenVirteX): provides
network abstraction and control plane translation!
An Experiment: 2 vSDNs with bw guarantee!
The Many Faces of Performance Interference
![Page 142: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/142.jpg)
SDN Network Hypervisor
vSDN-1
controller
vSDN-2
controller
vSDN-2 vSDN-2 vSDN-2
1 packet-in
vSDN-1vSDN-1vSDN-1
2 translate
packet-in
3 packet-in4 flow-mod
5 packet-out
7 flow-mod
8 packet-out
6 translate
7 flow-mod7 flow-mod
Translation could include,
e.g., switchDPID, port
numbers, …
Translation could include,
e.g., switchDPID, port
numbers, …
An Experiment: 2 vSDNs with bw guarantee!
The Many Faces of Performance Interference
Intercepts controlplane messages.
![Page 143: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/143.jpg)
SDN Network Hypervisor
vSDN-1
controller
vSDN-2
controller
vSDN-2 vSDN-2 vSDN-2
1 packet-in
vSDN-1vSDN-1vSDN-1
2 translate
packet-in
3 packet-in4 flow-mod
5 packet-out
7 flow-mod
8 packet-out
6 translate
7 flow-mod7 flow-mod
It turns out: the network hypervisor can be source of unpredictable performance!
An Experiment: 2 vSDNs with bw guarantee!
The Many Faces of Performance Interference
![Page 144: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/144.jpg)
SDN Network Hypervisor
vSDN-1
controller
vSDN-2
controller
vSDN-2 vSDN-2 vSDN-2
1 packet-in
vSDN-1vSDN-1vSDN-1
2 translate
packet-in
3 packet-in4 flow-mod
5 packet-out
7 flow-mod
8 packet-out
6 translate
7 flow-mod7 flow-mod
Experiment: web latency dependson hypervisor CPU load!
The Many Faces of Performance Interference
![Page 145: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/145.jpg)
Performance also dependson hypervisor type…
(multithreaded or not, which versionof Nagle’s algorithm, etc.)
… number of tenants…
The Many Faces of Performance Interference
![Page 146: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/146.jpg)
Performance also dependson hypervisor type…
(multithreaded or not, which versionof Nagle’s algorithm, etc.)
… number of tenants…
The Many Faces of Performance Interference
Conclusion: For a predictableperformance, a complete systemmodel is needed! But this is hard: depends on specific technologies,
uncertainties in demand, etc.
![Page 147: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/147.jpg)
Performance also dependson hypervisor type…
(multithreaded or not, which versionof Nagle’s algorithm, etc.)
… number of tenants…
The Many Faces of Performance Interference
Conclusion: For a predictableperformance, a complete systemmodel is needed! But this is hard: depends on specific technologies,
uncertainties in demand, etc.
Further reading:Logically Isolated, Actually Unpredictable? MeasuringHypervisor Performance in Multi-Tenant SDNsArsany Basta, Andreas Blenk, Wolfgang Kellerer, and Stefan Schmid. ArXiv Technical Report, May 2017.
![Page 148: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/148.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Simple dataplane
![Page 149: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/149.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Really?!
![Page 150: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/150.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Failover via controller too
slow.
![Page 151: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/151.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Failover via controller too
slow.
OpenFlow allows to
preconfigure conditional failover
rules: 1st line of defense!
![Page 152: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/152.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Failover via controller too
slow.
OpenFlow allows to
preconfigure conditional failover
rules: 1st line of defense!
The Crux: How to define
conditional rules which have local
failure knowledge
only?
![Page 153: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/153.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Failover via controller too
slow.
OpenFlow allows to
preconfigure conditional failover
rules: 1st line of defense!
Open problem: How many link failures can be tolerated in k-
connected network without
going through controller? The Crux: How
to define conditional rules which have local
failure knowledge
only?
![Page 154: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/154.jpg)
Solution: Use Arborescences (Chiesa et al.)
❏ Assume:
❏ k-connected network G
❏ destination d
❏ G decomposed into k d-rooted arc-disjointspanning arborescences
Basic principle:
❏ Route along fixed arborescence (“directed spanning tree”) towards the destination d
❏ If packet hits a failed edge at vertex v, reroute along a different arborescence
Known result: always exist in k-connected
graphs (efficient)
The Crux: which arborescence to choose next? Influences resiliency!
![Page 155: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/155.jpg)
Simple Example: Hamilton Cycle
Chiesa et al.: if k-connected graph has k arc disjoint Hamilton Cycles, k-1 resilient routing can
be constructed!
![Page 156: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/156.jpg)
Example: 3-Resilient Routing Function for 2-dim Torus
k=4 connected
![Page 157: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/157.jpg)
Edge
-Dis
join
t H
amilt
on
Cyc
le 1
Example: 3-Resilient Routing Function for 2-dim Torus
![Page 158: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/158.jpg)
Edge
-Dis
join
t H
amilt
on
Cyc
le 1
spans all nodes: each node visited exactly once!
Example: 3-Resilient Routing Function for 2-dim Torus
![Page 159: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/159.jpg)
Edge
-Dis
join
t H
amilt
on
Cyc
le 2
Example: 3-Resilient Routing Function for 2-dim Torus
![Page 160: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/160.jpg)
Edge
-Dis
join
t H
amilt
on
Cyc
le 2
Edge disjoint: Together span all edges!
Example: 3-Resilient Routing Function for 2-dim Torus
![Page 161: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/161.jpg)
4 A
rc-D
isjo
int
Arb
ore
sce
nce
s
Make Hamilton cycles directed: so 4 Arc-
Disjoint Hamilton Cycles.
Example: 3-Resilient Routing Function for 2-dim Torus
![Page 162: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/162.jpg)
4 A
rc-D
isjo
int
Arb
ore
sce
nce
s
Example: 3-Resilient Routing Function for 2-dim Torus
d
Failover: In order to reach destination d: go along 1st directed HC, if hit failure, reverse direction, if
again failure switch to 2nd HC, if again failure reverse direction: no more failures possible!
![Page 163: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/163.jpg)
4 A
rc-D
isjo
int
Arb
ore
sce
nce
s
dTorus 4-connected, has 4 arc disjoint
Hamilton cycles, so can construct optimal 3-resilient routing!
Example: 3-Resilient Routing Function for 2-dim Torus
![Page 164: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/164.jpg)
Further Reading
Exploring the Limits of Static Failover RoutingMarco Chiesa, Andrei Gurtov, Aleksander Mądry, Slobodan Mitrović, Ilya Nikolaevkiy, Aurojit Panda, Michael Schapira, Scott Shenker. Arxiv Technical Report, 2016.
Load-Optimal Local Fast Rerouting for Dependable NetworksYvonne-Anne Pignolet, Stefan Schmid, and Gilles Tredan.47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, Colorado, USA, June 2017.
![Page 165: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/165.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
SDNs support formal verifiability
![Page 166: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/166.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Really?!
![Page 167: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/167.jpg)
Examples: Reachability and What-if Analysis
Questions operators may have:
❏ Reachability: «Is it possible / not possible to reach, fromingress port x, egress port y?»
❏ To ensure connectivity
❏ But also policies: professor network not reachablefrom student dorms (logical isolation)
❏ What-if analysis: «How can the forwarding behavior looklike if there are up to k concurrent link failures?»
Policy-compliance under failures is difficult!
![Page 168: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/168.jpg)
«Simple» in MPLS
❏ MPLS = forwarding based on a label stack❏ Idea: forward according to top label
❏ Usually, top label swapped at each hop
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1020
1121 12
22 Default routing oftwo flows
![Page 169: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/169.jpg)
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1020
1121 12
22 Default routing oftwo flows
❏ For failover: push and pop label
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1121
12
2230|1130|21
1121
31|1131|21
One failure: push 30: route around (v2,v3)
1020
«Simple» in MPLS
❏ MPLS = forwarding based on a label stack❏ Idea: forward according to top label
❏ Usually, top label swapped at each hop
![Page 170: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/170.jpg)
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1020
1121 12
22 Default routing oftwo flows
❏ For failover: push and pop label
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1121
12
2230|1130|21
1121
31|1131|21
One failure: push 30: route around (v2,v3)
If (v2,v3) failed, push 30 and
forward to v6.
Pop
Normal swap
«Simple» in MPLS
❏ MPLS = forwarding based on a label stack❏ Idea: forward according to top label
❏ Usually, top label swapped at each hop
![Page 171: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/171.jpg)
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1020
1121 12
22 Default routing oftwo flows
❏ For failover: push and pop label
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1121
12
2230|1130|21
1121
31|1131|21
One failure: push 30: route around (v2,v3)
If (v2,v3) failed, push 30 and
forward to v6.
Pop
Normal swap
What about multiple link failures?
«Simple» in MPLS
❏ MPLS = forwarding based on a label stack❏ Idea: forward according to top label
❏ Usually, top label swapped at each hop
![Page 172: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/172.jpg)
Multiple Link Failures: Push Recursively!
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1020
1121 12
22
1020 11
2112
22
1020
1121
12
22
30|1130|21
1121
31|1131|21
40|30|1140|30|21
30|1130|21
1121
31|1131|21
Original Routing
One failure: push 30: route around (v2,v3)
Two failures: first push 30: route
around (v2,v3)
Recursively push 40: route around (v2,v6)
Push 30
Push 40
![Page 173: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/173.jpg)
Multiple Link Failures: Push Recursively!
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1020
1121 12
22
1020 11
2112
22
1020
1121
12
22
30|1130|21
1121
31|1131|21
40|30|1140|30|21
30|1130|21
1121
31|1131|21
Original Routing
One failure: push 30: route around (v2,v3)
Two failures: first push 30: route
around (v2,v3)
Recursively push 40: route around (v2,v6)
But masking links one-by-one can be inefficient:
(v7,v3,v8) could be shortcut to (v7,v8).
![Page 174: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/174.jpg)
Multiple Link Failures: Push Recursively!
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
v1 v2 v3 v4
v5 v6 v7 v8
in1
in2
out1
out2
1020
1121 12
22
1020 11
2112
22
1020
1121
12
22
30|1130|21
1121
31|1131|21
40|30|1140|30|21
30|1130|21
1121
31|1131|21
Original Routing
One failure: push 30: route around (v2,v3)
Two failures: first push 30: route
around (v2,v3)
Recursively push 40: route around (v2,v6)
But masking links one-by-one can be inefficient:
(v7,v3,v8) could be shortcut to (v7,v8).
More efficient but also more complex!How complex?
![Page 175: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/175.jpg)
Tables
Failover Tables
Flow Table
Protected link
Alternative link
Label
![Page 176: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/176.jpg)
Can be verified in polynomial time:Leverage automata theory!
MPLS configurations, Segment Routing etc.
Pushdown Automaton and PrefixRewriting System Theory
Compilation
Interpretation
pX ⇒ qXXpX ⇒ qYXqY ⇒ rYY
rY ⇒ rrX ⇒ pX
![Page 177: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/177.jpg)
MPLS vs SDN
❏ (Simplified) MPLS rules: prefix rewriting
FT: in x L → out x OP, where OP = {swap,push,pop}
FFT: out x L → out x OP, where OP = {swap,push,pop}
❏ Simple compared to what we can do with SDN:
in x L* → out x L*
Arbitrary string replacement!
vs
![Page 178: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/178.jpg)
Tractability of Verification
Even without failures: reachability test is undecidable in SDN!
Proof: Can emulate a Turing machine.
?!in out
in’ out’
![Page 179: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/179.jpg)
Tractability of Verification
Even without failures: reachability test is undecidable in SDN!
Proof: Can emulate a Turing machine.
?!
Self-loop: could be replaced by “dummy
switch”.
in out
in’ out’
![Page 180: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/180.jpg)
Tractability of Verification
Even without failures: reachability test is undecidable in SDN!
Proof: Can emulate a Turing machine.
?!
Idea: packet header stores Turing machine configuration
(tape, head, state).
in out
in’ out’
![Page 181: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/181.jpg)
in out
Tractability of Verification
Even without failures: reachability test is undecidable in SDN!
Proof: Can emulate a Turing machine.
?!Switch action: each time packet
arrives, performs one Turing machine step and updates header.
in’ out’
![Page 182: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/182.jpg)
Tractability of Verification
Even without failures: reachability test is undecidable in SDN!
Proof: Can emulate a Turing machine.
?!in out
in’ out’
Only if accept or reject, forwarded to out. Is it ever reached?
Undecidable!
![Page 183: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/183.jpg)
Further Reading
WNetKAT: A Weighted SDN Programming and Verification LanguageKim G. Larsen, Stefan Schmid, and Bingtian Xue.20th International Conference on Principles of Distributed Systems (OPODIS), Madrid, Spain, December 2016.
Polynomial-Time What-If Analysis for Prefix-Manipulating MPLS NetworksStefan Schmid and Jiri Srba. 37th IEEE Conference on Computer Communications (INFOCOM), Honolulu, Hawaii, USA, April 2018.
![Page 184: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/184.jpg)
❏ Tradeoff expressiveness of rule and verification complexity?
❏ Is it worth using less general rules so fast (automated) verification is possible?
❏ Example: MPLS is not hard to verify!
❏ What about more programmable and stateful dataplanes?
Many Open Research Questions
![Page 185: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/185.jpg)
End of Algorithms
![Page 186: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/186.jpg)
Security
![Page 187: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/187.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
![Page 188: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/188.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Increasingly virtualized
Challenge: security!
![Page 189: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/189.jpg)
Virtu
alization
Layer
User
Kernel
VM VM VM
Virtual Switches
NIC
Virtual Switch
Virtual switches reside in the server’s virtualization layer(e.g., Xen’s Dom0). Goal: provide connectivity and isolation.
![Page 190: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/190.jpg)
Increasing Complexity:# Parsed Protocols
Number of parsed high-level protocols constantly increases:
![Page 191: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/191.jpg)
User
Kernel
VM VM VM
NIC
Virtual Switch
Increasing workloads and advancements in network virtualizationdrive virtual switches to implement middlebox functions such as
load-balancing, DPI, firewalls, etc.
Increasing Complexity:Introduction of middlebox functionality
![Page 192: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/192.jpg)
User
Kernel
VM VM VM
NIC
Virtual Switch
Increasing Complexity:Unified Packet Parsing
Ethernet
LLC
VLAN
MPLS
IPv4
ICMPv4
TCP
UDP
ARP
SCTP
IPv6
ICMPv6
IPv6 ND
GRE
LISP
VXLAN
PBB
IPv6 EXT HDR
TUNNEL-ID
IPv6 ND
IPv6 EXT HDR
IPv6HOPOPTS
IPv6ROUTING
IPv6Fragment
IPv6DESTOPT
IPv6ESP
IPv6 AH
RARP
IGMP
L2,L2.5,L3,L4
How to parse all these protocols without lowering forwarding performance?!
![Page 193: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/193.jpg)
User
Kernel
VM VM VM
NIC
Virtual Switch
Unified packet parsing allows parse more and more protocols efficiently: in a single pass!
Increasing Complexity:Unified Packet Parsing
Ethernet
LLC
VLAN
MPLS
IPv4
ICMPv4
TCP
UDP
ARP
SCTP
IPv6
ICMPv6
IPv6 ND
GRE
LISP
VXLAN
PBB
IPv6 EXT HDR
TUNNEL-ID
IPv6 ND
IPv6 EXT HDR
IPv6HOPOPTS
IPv6ROUTING
IPv6Fragment
IPv6DESTOPT
IPv6ESP
IPv6 AH
RARP
IGMP
L2,L2.5,L3,L4
![Page 194: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/194.jpg)
User
Kernel
VM VM VM
NIC
Virtual Switch
Unified packet parsing allows parse more and more protocols efficiently: in a single pass!
Increasing Complexity:Unified Packet Parsing
Ethernet
LLC
VLAN
MPLS
IPv4
ICMPv4
TCP
UDP
ARP
SCTP
IPv6
ICMPv6
IPv6 ND
GRE
LISP
VXLAN
PBB
IPv6 EXT HDR
TUNNEL-ID
IPv6 ND
IPv6 EXT HDR
IPv6HOPOPTS
IPv6ROUTING
IPv6Fragment
IPv6DESTOPT
IPv6ESP
IPv6 AH
RARP
IGMP
L2,L2.5,L3,L4
This centralization is fast! But more complex to get it right.
![Page 195: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/195.jpg)
Complexity: The Enemy of Security!
❏ Data plane security not well-explored (in general, not only virtualized): mostsecurity research on control plane
❏ Two conjectures:
Ctrl
1. Virtual switches increase the attack surface.
2. Impact of attack larger than with traditional data planes.
![Page 196: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/196.jpg)
The Attack Surface: Closer…
Attack surface becomes closer:
❏ Packet parser typicallyintegrated into the code base ofvirtual switch
❏ First component of the virtualswitch to process networkpackets it receives from thenetwork interface
❏ May process attacker-controlledpackets!
Ctrl
VM
Ctrl
![Page 197: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/197.jpg)
The Attack Surface: … More Complex …
Ctrl
VM
CtrlEthernet
LLC
VLAN
MPLS
IPv4
ICMPv4
TCP
UDP
ARP
SCTP
IPv6
ICMPv6
IPv6 ND
GRE
LISP
VXLAN
L2,L2.5,L3,L4
L2,L2.5,L3,L4
L2,L2.5,L3,L4
L2,L2.5,L3,L4
PBB
IPv6 EXT HDR
TUNNEL-ID
IPv6 ND
IPv6 EXT HDR
IPv6HOPOPTS
IPv6ROUTING
IPv6Fragment
IPv6DESTOPT
IPv6ESP
IPv6 AH
RARP
IGMP
![Page 198: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/198.jpg)
… Elevated Priviledges and Collocation …
Ctrl
VM
Ctrl
L2,L2.5,L3,L4
L2,L2.5,L3,L4
L2,L2.5,L3,L4
L2,L2.5,L3,L4
❏ Collocated (at least partially) with hypervisor’s Dom0 kernelspace, guest VMs, imagemanagement, block storage, identity management, …
User
Kernel
VM VM VM
NIC
Virtual Switch
![Page 199: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/199.jpg)
VM
Ctrl
❏ Collocated (at least partially) with hypervisor’s Dom0 kernelspace, guest VMs, imagemanagement, block storage, identity management, …
❏ … the controller itself.
… Elevated Priviledges and Collocation …
User
Kernel
VM VM VM
NIC
Virtual Switch
![Page 200: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/200.jpg)
VM
Ctrl
❏ Collocated (at least partially) with hypervisor’s (Dom0 kernelspace), guest VMs, imagemanagement, block storage, identity management, …
❏ … the controller itself.
… Centralization …
User
Kernel
VM VM VM
NIC
Virtual Switch
Available communication channels to (SDN/Openstack) controller!
Controller needs to be reachable from all servers.
![Page 201: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/201.jpg)
Larger Impact: Case Study OVS
1. Rent a VM in the cloud (cheap)
User
Kernel
VM VM VM
Virtual Switch
![Page 202: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/202.jpg)
Larger Impact: Case Study OVS
2. Send malformed MPLS packet to virtual switch (unified parserparses label stack packet beyond the threshold)
User
Kernel
VM VM VM
Virtual Switch
![Page 203: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/203.jpg)
Larger Impact: Case Study OVS
3. Stack buffer overflow in (unified) MPLS parsing code:
enables remote code execution
User
Kernel
VM VM VM
Virtual Switch
![Page 204: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/204.jpg)
Larger Impact: Case Study OVS
4. Send malformed packet to server (virtual switch) where controlleris located (use existing communication channel)
User
Kernel
Ctrl
Virtual Switch
User
Kernel
VM VM VM
Virtual Switch
![Page 205: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/205.jpg)
Larger Impact: Case Study OVS
5. Spread
User
Kernel
Ctrl
Virtual Switch
User
Kernel
VM VM VM
Virtual SwitchUser
Kernel
VM VM VM
Virtual Switch
User
Kernel
VM VM VM
Virtual Switch
![Page 206: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/206.jpg)
A New Threat Model
❏ Limited skills required
❏ Use standard fuzzer to find crashes
❏ Construct malformed packet
❏ Build ROP chain
❏ Limited resources
❏ rent a VM in the cloud
❏ No physical access needed
User
Kernel
VM VM VM
Virtual Switch
No need to be a state-level attacker to compromise the dataplane (and beyond)!
Similar problems in NFV: need even more complex parsing/processing. And are often built on top of OvS.
![Page 207: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/207.jpg)
Countermeasures
❏ Software countermeasures already exist❏ but come at overhead
❏ Better designs❏ Virtualize dataplane components: decouple them from
hypervisor?
❏ Remote attestation for OvS Flow Tables?
❏ Control plane communication firewalls?
❏ …
![Page 208: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/208.jpg)
Further Reading
The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet ParserKashyap Thimmaraju, Bhargava Shastry, Tobias Fiebig, Felicitas Hetzelt, Jean-Pierre Seifert, Anja Feldmann, and Stefan Schmid.9th ACM Cloud Computing Security Workshop (CCSW), collocated with ACM CCS, Dallas, Texas, USA, November 2017.
Reigns to the Cloud: Compromising Cloud Systems via the Data PlaneKashyap Thimmaraju, Bhargava Shastry, Tobias Fiebig, Felicitas Hetzelt, Jean-Pierre Seifert, Anja Feldmann, and Stefan Schmid.ArXiv Technical Report, October 2016.
![Page 209: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/209.jpg)
Ctrl
Control
Programs
Control
Programs
A Mental Model for This Talk
Challenge: centralization!
![Page 210: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/210.jpg)
Ctrl
❏ Controllers react to switch events(packet-ins, link failures, etc.) for MAC learning, support mobility, VM migration, failover, etc.
❏ Reaction: send flowmods, packet-outs, performing path-paving…
❏ Triggering such events may beexploited for (covert) communication or even port scans, etc. even in presence offirewall/IDS/…
Central Controller Can Increase Attack Surface: E.g., May Be Exploited For Covert Communication
Trig
ger
Rea
ct
![Page 211: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/211.jpg)
Ctrl
Teleportation
Trig
ger
Rea
ct
DENY: h1 ↔ h2
❏ May be used to bypass firewall
❏ Not easy to detect:
❏ Traffic follows normal pattern of control communication, indirectly via controller
❏ Teleportation channel is inside (encrypted) OpenFlowchannel
❏ Need e.g., to correlate packet-ins, packet-outs, flow-mods, etc. h1
h2
![Page 212: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/212.jpg)
Ctrl
Teleportation: Out-of-Band Forwarding
S1S2
❏ E.g., exploiting ONOS Intent Reactive Forwarding (ifwd)
❏ By default, ifwd installs host-to-host connectivity when receiving a packet-in for which no flows exist (using path-pave technique)
X
h2
1 Packet-in
DENY: h1 ↔ h2
Pac
ket-
in(X
→h
2)
1
Knows: h2 on S2
![Page 213: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/213.jpg)
❏ E.g., exploiting ONOS Intent Reactive Forwarding (ifwd)
❏ By default, ifwd installs host-to-host connectivity when receiving a packet-in for which no flows exist (using path-pave technique)
Packet-out
Ctrl
Teleportation: Out-of-Band Forwarding
S1S2
X
h2
1 Packet-in
DENY: h1 ↔ h2
Pac
ket-
in(X
→h
2)
1
Knows: h2 on S2
2
Packet-o
ut
2
![Page 214: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/214.jpg)
❏ E.g., exploiting ONOS Intent Reactive Forwarding (ifwd)
❏ By default, ifwd installs host-to-host connectivity when receiving a packet-in for which no flows exist (using path-pave technique)
Packet-out
Ctrl
Teleportation: Out-of-Band Forwarding
S1S2
X
h2
1 Packet-in
DENY: h1 ↔ h2
3
Knows: h2 on S2
3
Flow
-mo
d
2
Flow-mod3
Flow
-mo
d
Establish path through firewall: no more packet-ins, blocked. (But could use another MAC address next time.)
![Page 215: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/215.jpg)
❏ E.g., exploiting ONOS Intent Reactive Forwarding (ifwd)
❏ By default, ifwd installs host-to-host connectivity when receiving a packet-in for which no flows exist (using path-pave technique)
Packet-out
Ctrl
Teleportation: Out-of-Band Forwarding
S1S2
X
h2
1 Packet-in
DENY: h1 ↔ h2
3
Knows: h2 on S2
3
Flow
-mo
d
2
Flow-mod3
Flow
-mo
d
Establish path through firewall: no more packet-ins, blocked. (But could use another MAC address next time.)
Further reading:Outsmarting Network Security with SDN TeleportationKashyap Thimmaraju, Liron Schiff, and Stefan Schmid.2nd IEEE European Symposium on Security and Privacy (EuroS&P), Paris, France, April 2017.
![Page 216: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/216.jpg)
Ctrl
Control
Programs
Control
Programs
Let’s talk about opportunities!
Opportunity: centralization!
![Page 217: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/217.jpg)
Trajectory Sampling
❏ Method to infer packet routes
❏ Low overhead, direct and passive measurement
Principle: Sample subset ofpackets consistently (e.g., hash over immutable fields)
Example: Adversarial Trajectory Sampling
Collector
sampled!
not sampled!
Packets sampled either at all or no location!
![Page 218: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/218.jpg)
Trajectory Sampling
❏ Method to infer packet routes
❏ Low overhead, direct and passive measurement
Principle: Sample subset ofpackets consistently (e.g., hash over immutable fields)
Example: Adversarial Trajectory Sampling
Collector
sampled!
not sampled!
Packets sampled either at all or no location!
But: Fails when switches are malicious! E.g., switch knows which headers are currently not sampled:
no risk of detection!
![Page 219: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/219.jpg)
A Malicious Switch Could Do Many Things…
Mirror!
Exfiltration
![Page 220: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/220.jpg)
A Malicious Switch Could Do Many Things…
Mirror!
Exfiltration
Also: drop packets (that are currently not sampled), inject packets, change VLAN tag, …
![Page 221: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/221.jpg)
A Malicious Switch Could Do Many Things…
Mirror!
Exfiltration
„Could SDN be used to render trajectorysampling more robust to such behavior?“
Also: drop packets (that are currently not sampled), inject packets, change VLAN tag, …
![Page 222: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/222.jpg)
A Malicious Switch Could Do Many Things…
Mirror!
Exfiltration
Idea: Introduce risk of detection! Good nodes G1, G2, G3, could help
detect if bad node B does not know their sampling range!
G1
B
G2
G3
![Page 223: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/223.jpg)
Adversarial Trajectory Sampling: A Case of SDN?
SDN Controller
Adversarial Trajectory Sampling
Controller distributes hashranges redundantly…
… but securely over (secure) communication channels.
Idea: design SDN application thatmakes sampling unpredictable!
![Page 224: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/224.jpg)
Adversarial Trajectory Sampling: A Case of SDN?
SDN Controller
Adversarial Trajectory Sampling
Controller distributes hashranges redundantly…
… but securely over (secure) communication channels.
How to minimize sampling overheadand maximize detection probability?
An algorithmic question.
Idea: design SDN application thatmakes sampling unpredictable!
![Page 225: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/225.jpg)
Adversarial Trajectory Sampling: A Case of SDN?
SDN Controller
Adversarial Trajectory Sampling
Controller distributes hashranges redundantly…
… but securely over (secure) communication channels.
How to minimize sampling overheadand maximize detection probability?
An algorithmic question.
Idea: design SDN application thatmakes sampling unpredictable!
Further reading:Software-Defined Adversarial Trajectory SamplingKashyap Thimmaraju, Liron Schiff, and Stefan Schmid.ArXiv Technical Report, May 2017.
![Page 226: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/226.jpg)
Challenges
Conclusions
Ctrl
Control
Programs
Control
Programs
E.g., innovative services
E.g., waypointrouting, traffic
engineering
Opportunities
![Page 227: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/227.jpg)
ChallengesOpportunities
Conclusions
Ctrl
Control
Programs
Control
Programs
E.g., decoulping: evolve control
plane independently of
dataplane
E.g., keepingcontroller up-
to-date
E.g., consistentnetworkupdate
![Page 228: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/228.jpg)
ChallengesOpportunities
Conclusions
Ctrl
Control
Programs
Control
Programs
E.g., simple and open interface E.g., complexity
of verification, local failover, ….?
E.g., functionalitythat should stay
here?
![Page 229: SDN+NFV: Algorithmic and Security Challengesstefan/forth17.pdf · SDN/NFV Opportunities: Programmability, (logical) centralization and virtualization (multi-tenancy). Some (often](https://reader033.fdocuments.net/reader033/viewer/2022050600/5fa77fe5a50e022d3631ca95/html5/thumbnails/229.jpg)
Ctrl
Control
Programs
Control
Programs
Thank you! Questions?