SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus...
Transcript of SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus...
![Page 1: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/1.jpg)
SNAP: Stateful Network-Wide Abstractions for Packet Processing
Mina Tahmasbi Arashloo1, Yaron Koral1, Michael Greenberg2, Jennifer Rexford1, and David Walker1
1 Princeton University, 2 Pomona College
![Page 2: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/2.jpg)
Software Defined Networks (SDN) - Centralized Control
2
![Page 3: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/3.jpg)
Software Defined Networks (SDN) - Centralized Control
3
![Page 4: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/4.jpg)
Software Defined Networks (SDN) - Centralized Control
3
![Page 5: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/5.jpg)
Software Defined Networks (SDN) - Centralized Control
3
Program your network from a central logical point!
![Page 6: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/6.jpg)
OpenFlow - Abstractions for SDN
4
Prio match action
![Page 7: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/7.jpg)
OpenFlow - Abstractions for SDN
4
1 dstip = 10.0.0.1 outport ← 12 dstip = 10.0.0.2 drop
Prio match action
… ……
![Page 8: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/8.jpg)
OpenFlow - Abstractions for SDN
4
1 dstip = 10.0.0.1 outport ← 12 dstip = 10.0.0.2 drop
Prio match action
… ……
Each Rule can • Match on header
fields • modify/forward/drop
packets
![Page 9: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/9.jpg)
Is OpenFlow Enough?
• OpenFlow rules are “stateless”
• Rule tables process each packet independently from the rest
• Algorithms almost always need “stateful” processing
• i.e., decide what to do with the packet based on packets seen so far!
5
![Page 10: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/10.jpg)
Option #1 - All the state on the controller
6
![Page 11: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/11.jpg)
Option #1 - All the state on the controller
6
![Page 12: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/12.jpg)
Option #1 - All the state on the controller
6
![Page 13: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/13.jpg)
Option #1 - All the state on the controller
6
new rules
![Page 14: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/14.jpg)
Option #1 - All the state on the controller
6
new rules Centralized control but not efficient!
• Switches process packets at ns scale • Going through the controller, each update could
take from ms to a few seconds
![Page 15: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/15.jpg)
Option #2 - Middleboxes (MBs)
• Use dedicated blackboxes for each functionality alongside with switches
7
![Page 16: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/16.jpg)
Option #2 - Middleboxes (MBs)
• Use dedicated blackboxes for each functionality alongside with switches
7
Efficient but we lose centralized control!
• MBs are ad-hoc blackboxes • They make it hard to reason about network’s
behavior
![Page 17: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/17.jpg)
Our Goal
Stateful packet processing
with centralized control
without compromising on efficiency
8
![Page 18: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/18.jpg)
Insight
• New switches offer more sophisticated stateful packet processing functionality
• The switch has local state • Rules can match on/modify local state
9
![Page 19: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/19.jpg)
Let’s push stateful processing to switches!
10
![Page 20: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/20.jpg)
Let’s push stateful processing to switches!
10
![Page 21: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/21.jpg)
SNAP - Language and Compiler Overview
11
+ ;• The stateful program is
written on top of one big switch
![Page 22: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/22.jpg)
SNAP - Language and Compiler Overview
11
+ ;• The stateful program is
written on top of one big switch
• The actual network has collections of switches
![Page 23: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/23.jpg)
SNAP - Language and Compiler Overview
11
+ ;
??
• The stateful program is written on top of one big switch
• The actual network has collections of switches
• How should we realize the program collectively on the network of switches?
![Page 24: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/24.jpg)
12
Program
+ ;
SNAP - Language and Compiler Overview
IntermediateRepresentation
(FDD)
Distributed version of
the program’sFDD
“Stateful” Rules
![Page 25: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/25.jpg)
13
+ ;
SNAP - Language
![Page 26: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/26.jpg)
Packets!
14
…srcip dstip srcport
![Page 27: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/27.jpg)
Programming Model
• SNAP’s expressions are functions
15
current state
input packet
updated state
set of packets
![Page 28: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/28.jpg)
Programming Model
• SNAP’s expressions are functions
15
current state
input packet
updated state
set of packets
![Page 29: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/29.jpg)
Programming Model
• SNAP’s expressions are functions
15
current state
input packet
updated state
set of packets
![Page 30: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/30.jpg)
Programming Model
• SNAP’s expressions are functions
15
Reads/Modifies state Reads/Duplicate/Modifies packet
current state
input packet
updated state
set of packets
![Page 31: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/31.jpg)
Programming Model
• SNAP’s expressions are functions
15
Reads/Modifies state Reads/Duplicate/Modifies packet
current state
input packet
updated state
set of packets
![Page 32: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/32.jpg)
Running Example - Detecting Malicious Domains
• Domains that change TTL frequently are suspected to be malicious
16
CS
![Page 33: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/33.jpg)
Running Example - Detecting Malicious Domains
• Domains that change TTL frequently are suspected to be malicious
16
CS
IP address of www.google.com?
![Page 34: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/34.jpg)
Running Example - Detecting Malicious Domains
• Domains that change TTL frequently are suspected to be malicious
16
CS
domain: www.google.com IP: 74.125.224.72
TTL (valid for): 1 day
![Page 35: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/35.jpg)
TTL Change Tracking in SNAP
17
![Page 36: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/36.jpg)
TTL Change Tracking in SNAP
18
![Page 37: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/37.jpg)
TTL Change Tracking in SNAP
19State variable is a key-value dictionary
![Page 38: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/38.jpg)
TTL Change Tracking in SNAP
20
![Page 39: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/39.jpg)
TTL Change Tracking in SNAP
21
![Page 40: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/40.jpg)
Adding Forwarding
• Operator wants to specify where packets should be forwarded to
22
• Forwarding is composed with TTL change tracking
![Page 41: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/41.jpg)
SNAP Compiler
23
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch
?
?
?
?
?
![Page 42: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/42.jpg)
SNAP Compiler
25
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch
?
?
?
?
ttl_change → last_ttl → seen
![Page 43: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/43.jpg)
SNAP Compiler
26
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch
?
?
?
?
ttl_change → last_ttl → seen
![Page 44: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/44.jpg)
Why Forwarding Decision Diagrams (FDDs)?
• Efficient
• in terms of number of generated rules
• for extraction of mapping from packets to state variables (next phase)
27
![Page 45: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/45.jpg)
Forwarding Decision Diagrams (FDDs)
• Generalization of binary decision diagrams [1]
• Intermediate node : test on header fields and state
• Leaf : set of action sequences
28
dstip = 10.0.0.1
srcip = dstip
s[srcip] = 2
{s[dstip] ← 2} {drop}
[1] Fast NetKAT Compiler, Smolka et.al, SIGPLAN 2015
![Page 46: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/46.jpg)
Forwarding Decision Diagrams (FDDs)
• Three types of tests
• field = value • field1 = field2 • state_var[e1] = e2
29
dstip = 10.0.0.1
srcip = dstip
s[srcip] = 2
{s[dstip] ← 2} {drop}
![Page 47: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/47.jpg)
Forwarding Decision Diagrams (FDDs)
• Three types of tests
• field = value • field1 = field2 • state_var[e1] = e2
30
dstip = 10.0.0.1
srcip = dstip
s[srcip] = 2
{s[dstip] ← 2} {drop}
![Page 48: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/48.jpg)
Forwarding Decision Diagrams (FDDs)
• Three types of tests
• field = value • field1 = field2 • state_var[e1] = e2
31
dstip = 10.0.0.1
srcip = dstip
s[srcip] = 2
{s[dstip] ← 2} {drop}
![Page 49: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/49.jpg)
Forwarding Decision Diagrams (FDDs)
• Three types of tests
• field = value • field1 = field2 • state_var[e1] = e2
32
dstip = 10.0.0.1
srcip = dstip
s[srcip] = 2
{s[dstip] ← 2} {drop}
![Page 50: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/50.jpg)
Forwarding Decision Diagrams (FDDs)
• Three types of tests
• field = value • field1 = field2 • state_var[e1] = e2
33
dstip = 10.0.0.1
srcip = dstip
s[srcip] = 2
{s[dstip] ← 2} {drop}
![Page 51: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/51.jpg)
SNAP Expression to FDD
34
dstip = CS_ip
srcport = DNS
seen[dns.domain] = True
{outport ← EE}
{outport ← CS}
last_ttl[dns.domain]= dns.ttl
{last_ttl[dns.domain] ← dns.ttl;ttl_change[dns.domain]++;
outport ← CS}
{seen[dns.domain] ← True;last_ttl[dns.domain] ← dns.ttl;ttl_change[dns.domain] ←0;
outport ← CS}
{drop}
dstip = EE_ip
![Page 52: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/52.jpg)
SNAP Expression to FDD
35
dstip = CS_ip
seen[dns.domain] = True
{outport ← EE}
{outport ← CS}
last_ttl[dns.domain]= dns.ttl
{last_ttl[dns.domain] ← dns.ttl;ttl_change[dns.domain]++;
outport ← CS}
{seen[dns.domain] ← True;last_ttl[dns.domain] ← dns.ttl;ttl_change[dns.domain] ←0;
outport ← CS}
{drop}
dstip = EE_ip
srcport = DNS
![Page 53: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/53.jpg)
SNAP Compiler
36
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch
?
?
?
ttl_change → last_ttl → seen
✔
![Page 54: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/54.jpg)
SNAP Compiler
38
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch
?
?
ttl_change → last_ttl → seen
✔
flows to CS need all threestate variables
![Page 55: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/55.jpg)
SNAP Compiler
39
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch
?
?
ttl_change → last_ttl → seen
✔
flows to CS need all threestate variables
![Page 56: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/56.jpg)
Optimal Distribution of the FDD
40
optimizing network
congestion
CS
![Page 57: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/57.jpg)
Optimal Distribution of the FDD
40
optimizing network
congestion
CS
![Page 58: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/58.jpg)
Optimal Distribution of the FDD
41
optimizing network
congestion
CS
![Page 59: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/59.jpg)
SNAP Compiler
42
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch ?
ttl_change → last_ttl → seen
✔
flows to CS need all threestate variables
✔
![Page 60: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/60.jpg)
SNAP Compiler
43
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch ?
ttl_change → last_ttl → seen
✔
flows to CS need all threestate variables
✔
![Page 61: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/61.jpg)
SNAP Compiler
44
Identify State Dependencies
Translate to Intermediate Representation (FDD)
Identify mapping from packets to state variables
Optimally distribute the FDD
Generate rules per switch
ttl_change → last_ttl → seen
✔
flows to CS need all threestate variables
✔
✔
![Page 62: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/62.jpg)
Putting It All Together
45
ISP1
ISP2
CS
EE
dstip = CS_ip
srcport = DNS
seen[dns.domain] = True
{outport ← EE}4
5
6
1
{drop}
dstip = EE_ip
![Page 63: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/63.jpg)
Putting It All Together
45
ISP1
ISP2
CS
EE
dstip = CS_ip
srcport = DNS
seen[dns.domain] = True
{outport ← EE}4
5
6
1
{drop}
dstip = EE_ip
![Page 64: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/64.jpg)
Putting It All Together
45
ISP1
ISP2
CS
EE
dstip = CS_ip
srcport = DNS
seen[dns.domain] = True
{outport ← EE}4
5
6
1
{drop}
dstip = EE_ip
![Page 65: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/65.jpg)
Putting It All Together
46
ISP1
ISP2
CS
EE
6 dstip = CS_ip
seen[dns.domain] = True
{outport ← EE}4
5
6
1
{drop}
dstip = EE_ip
srcport = DNS
![Page 66: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/66.jpg)
Putting It All Together
46
ISP1
ISP2
CS
EE
6dstip = CS_ip
seen[dns.domain] = True
{outport ← EE}4
5
6
1
{drop}
dstip = EE_ip
srcport = DNS
![Page 67: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/67.jpg)
Putting It All Together
47
seen[dns.domain] = True
{outport ← CS}
6
7 {seen[dns.domain] ← True;last_ttl[dns.domain] ← dns.ttl;ttl_change[dns.domain] ←0;
outport ← CS}
ISP1
ISP2
CS
EE
6
![Page 68: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/68.jpg)
Putting It All Together
48
ISP1
ISP2
CS
EE
6
seen[dns.domain] = True
{outport ← CS}
6
7 {seen[dns.domain] ← True;last_ttl[dns.domain] ← dns.ttl;ttl_change[dns.domain] ←0;
outport ← CS}
![Page 69: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/69.jpg)
Putting It All Together
48
ISP1
ISP2
CS
EE
6
seen[dns.domain] = True
{outport ← CS}
6
7 {seen[dns.domain] ← True;last_ttl[dns.domain] ← dns.ttl;ttl_change[dns.domain] ←0;
outport ← CS}
![Page 70: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/70.jpg)
Evaluation
• Evaluated on three campus networks and four ASs
• 25-160 switches • 100-650 links
• Cold-start compilation takes 35-600 seconds • most of the time goes for optimally distributing the
FDD
• Re-compilation time can be reduced to under one minute by fixing state placement
49
![Page 71: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/71.jpg)
Related Work• NetKAT
• inspired basic language constructs
• Fast NetKAT Compiler
• stateless FDDs
• Stateful NetKAT (largely concurrent with SNAP)
• simple registers (vs general dictionaries) • formal definition and proof of correctness for updates • Different optimization goal (rule space)
50
![Page 72: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/72.jpg)
Thanks! Questions?
51
![Page 73: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/73.jpg)
Atomic Blocks
• We assume that state reads/writes in a single switch happen atomically.
• If the programmer puts a part of the program in the atomic block, all the state variables in the block end up on the same switch
![Page 74: SNAP: Stateful Network-Wide Abstractions for Packet ... - IBM · • Evaluated on three campus networks and four ASs • 25-160 switches • 100-650 links • Cold-start compilation](https://reader034.fdocuments.net/reader034/viewer/2022052103/603d485b316a0f1b00005a2d/html5/thumbnails/74.jpg)
Distributing a State Variable
• We can partition a state variable into disjoint part and place the partitions on different switches
• state variable s from IP addresses to X can be partitioned to state variables si from a subset of IP addresses IPi
• IPi s are disjoint
• Each si can be placed on a separate switch