Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf ·...
Transcript of Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf ·...
![Page 1: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/1.jpg)
Towards Correct Network Virtualization
Soudeh Ghorbani
Brighten Godfrey
UIUC
HotSDN 2014
![Page 2: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/2.jpg)
Virtualization
Hypervisor
VM
x86
App App
VM
App App
VM
App App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 3: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/3.jpg)
Virtualization
Hypervisor
VM
x86
App App
VM
App App
VM
App App
Network Virtualization
Firewall
Physical Network
Load-balancer Router
L2 bridge
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 4: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/4.jpg)
Virtualization
Hypervisor
VM
x86
App App
VM
App App
VM
App App
Network Virtualization
Firewall
Physical Network
Load-balancer Router
L2 bridge
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Diagram inspired by Teemu Koponen’s NSDI 2014 talk on “Network Virtualization in Multi-tenant Datacenters”.
![Page 5: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/5.jpg)
Is the physical implementation a faithful reproduction of the virtual network?
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 6: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/6.jpg)
Virtual firewall
Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 7: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/7.jpg)
Virtual firewall
Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 8: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/8.jpg)
Virtual firewall
Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
X
![Page 9: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/9.jpg)
Virtual firewall
Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 10: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/10.jpg)
Virtual firewall
Policy: permit an external server to talk to an internal client if and only if the client has sent a request to the server.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 11: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/11.jpg)
Virtual firewall app
Firew
all S
witch
Priority
Flow Action
10 srcip=130.126.*.* Send to controller, fwd(1)
0 * Send to controller
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 12: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/12.jpg)
Virtual firewall app
Firew
all S
witch
Priority
Flow Action
10 srcip=130.126.*.* Send to controller, fwd(1)
0 * Send to controller
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 13: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/13.jpg)
Virtual firewall app
Firew
all S
witch
Priority
Flow Action
10 srcip=130.126.*.* Send to controller, fwd(1)
0 * Send to controller
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 14: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/14.jpg)
Virtual firewall app
Firew
all S
witch
Priority
Flow Action
10 srcip=130.126.*.* Send to controller, fwd(1)
0 * Send to controller
(Part
of
the)
Fir
ew
all
Contr
oller
App
switch(msg.getType()) { case PACKET_IN: if ( internal.contains(msg.srcMAC()) ) { whitelisted[msg.dstMAC()][msg.srcMACA()] = true; }else { if (whitelisted[msg.srcMAC()][msg.dstMAC()] ){ whitelist(sw, msg); }else{ blacklist(sw, msg); } }
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 15: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/15.jpg)
Virtual firewall app
Firew
all S
witch
Priority
Flow Action
10 srcip=130.126.*.* Send to controller, fwd(1)
0 * Send to controller
(Part
of
the)
Fir
ew
all
Contr
oller
App
switch(msg.getType()) { case PACKET_IN: if ( internal.contains(msg.srcMAC()) ) { whitelisted[msg.dstMAC()][msg.srcMACA()] = true; }else { if (whitelisted[msg.srcMAC()][msg.dstMAC()] ){ whitelist(sw, msg); }else{ blacklist(sw, msg); } }
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Packet-in from an internal client? Save state: dst server is allowed to send back.
![Page 16: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/16.jpg)
Virtual firewall app
Firew
all S
witch
Priority
Flow Action
10 srcip=130.126.*.* Send to controller, fwd(1)
0 * Send to controller
(Part
of
the)
Fir
ew
all
Contr
oller
App
switch(msg.getType()) { case PACKET_IN: if ( internal.contains(msg.srcMAC()) ) { whitelisted[msg.dstMAC()][msg.srcMACA()] = true; }else { if (whitelisted[msg.srcMAC()][msg.dstMAC()] ){ whitelist(sw, msg); }else{ blacklist(sw, msg); } }
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Packet-in from an external server? • If the server is
allowed to send, install rules to allow bidirectional traffic.
• Else, blacklist the external server.
![Page 17: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/17.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
1
Virtual firewall
![Page 18: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/18.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
1
Virtual firewall
2
![Page 19: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/19.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
1
Virtual firewall
2
3
![Page 20: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/20.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
1
Virtual firewall
2
3
4
![Page 21: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/21.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
1
2
3
4 5
Virtual firewall
![Page 22: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/22.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug
![Page 23: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/23.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug Flow Action
src=130.126.*.* Send to controller, fwd(1)
* Send to controller
![Page 24: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/24.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug Flow Action
src=130.126.*.* Send to controller, fwd(1)
* Send to controller
Flow Action
src=130.126.*.* Send to controller, fwd(1)
Flow Action
* Send to controller
![Page 25: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/25.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug
![Page 26: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/26.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug
![Page 27: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/27.jpg)
Firewall App
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug
X
![Page 28: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/28.jpg)
Network virtualization: What could go wrong?
App Virtualization technique
Incorrect-behavior
Stateful firewall One-to-many mapping
Blacklisting the legitimate hosts
NAT One-to-many mapping
Dropping requested packets
Load-balancer One-to-many mapping
Overloading some servers and leaving some underutilized
Firewall & router Many-to-one mapping
Blacklisting the legitimate hosts
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 29: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/29.jpg)
Related work
Incorrect behavior caused by moving, observed in:
1. “LIME: Transparent, Live Migration of a Software-Defined Network”, Soudeh Ghorbani, Cole Schlesinger, Matthew Monaco, Eric Keller, Matthew Caesar, Jennifer Rexford, David Walker, under submission.
2. “OpenNF: Enabling Innovation in Network Function Control”, Aaron Gember-Jacobson, Raajay Viswanathan, Chaithan Prakash, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella, SIGCOMM 2014.
These existing solutions are:
◦ Only a short-term fix while virtual network is being moved.
◦ Infeasible when incorrect behavior is permanent rather than
transient.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 30: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/30.jpg)
Root-cause of the incorrect behavior
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 31: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/31.jpg)
Firewall App
X
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug
![Page 32: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/32.jpg)
Firewall App
X
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug
![Page 33: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/33.jpg)
Firewall App
X
Root-cause: forwarding decision has some dependency on the history, the sequence of previous
‘send’ and ‘receive’ events.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
Firewall + virtualization = bug
![Page 34: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/34.jpg)
Who programs the network?
The entities that can make or influence the forwarding decisions:
◦ Controller
◦ Switch: random forwarding like ECMP
◦ Data packet: indirectly through local state, e.g., idle-timers
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 35: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/35.jpg)
Who programs the network?
The entities that can make or influence the forwarding decisions:
◦ Controller
◦ Switch: random forwarding like ECMP
◦ Data packet: indirectly through local state, e.g., idle-timers
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 36: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/36.jpg)
Can existing correctness definitions detect the incorrect behavior?
Correctness conditions: 1. Per-packet/flow consistency: prevents loops,
black-holes,…
Consensus Routing [NSDI’08], Consistent Updates [SIGCOMM’12]
2. Congestion freedom
zUpdates [SIGCOMM’13], SWAN [SIGCOMM’13], On Consistent Updates in Software-Defined Networks [HotNets’13]
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 37: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/37.jpg)
Can existing correctness definitions detect the incorrect behavior?
Correctness conditions: 1. Per-packet/flow consistency: prevents loops,
black-holes,…
Consensus Routing [NSDI’08], Consistent Updates [SIGCOMM’12]
2. Congestion freedom
zUpdates [SIGCOMM’13], SWAN [SIGCOMM’13], On Consistent Updates in Software-Defined Networks [HotNets’13]
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
None of these conditions were violated in our examples! 1
![Page 38: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/38.jpg)
Can existing correctness definitions detect the incorrect behavior?
Correctness conditions: 1. Per-packet/flow consistency: prevents loops,
black-holes,…
Consensus Routing [NSDI’08], Consistent Updates [SIGCOMM’12]
2. Congestion freedom
zUpdates [SIGCOMM’13], SWAN [SIGCOMM’13], On Consistent Updates in Software-Defined Networks [HotNets’13]
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
None of these conditions were violated in our examples! 1
“Correctness is what users want.” Leslie Lamport 2
![Page 39: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/39.jpg)
Can existing correctness definitions detect the incorrect behavior?
Correctness conditions: 1. Per-packet/flow consistency: prevents loops,
black-holes,…
Consensus Routing [NSDI’08], Consistent Updates [SIGCOMM’12]
2. Congestion freedom
zUpdates [SIGCOMM’13], SWAN [SIGCOMM’13], On Consistent Updates in Software-Defined Networks [HotNets’13]
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
None of these conditions were violated in our examples! 1
“Correctness is what users want.” Leslie Lamport 2
Techniques designed to preserve those correctness conditions could break the
otherwise correct behavior. 3
![Page 40: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/40.jpg)
Can existing correctness definitions detect the incorrect behavior?
Correctness conditions: 1. Per-packet/flow consistency: prevents loops,
black-holes,…
Consensus Routing [NSDI’08], Consistent Updates [SIGCOMM’12]
2. Congestion freedom
zUpdates [SIGCOMM’13], SWAN [SIGCOMM’13], On Consistent Updates in Software-Defined Networks [HotNets’13]
“Correctness is what users want.” Leslie Lamport 2
Techniques designed to preserve those correctness conditions could break the
otherwise correct behavior. 3
We need new definitions of correctness and new techniques to achieve those. 4
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
None of these conditions were violated in our examples! 1
![Page 41: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/41.jpg)
A new correctness condition: End-to-end correctness
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 42: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/42.jpg)
A new correctness condition: End-to-end correctness
?
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 43: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/43.jpg)
A new correctness condition: End-to-end correctness
?
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 44: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/44.jpg)
A new correctness condition: End-to-end correctness
𝑃𝑟𝐿[𝐸] ≈ 𝑃𝑟𝑃[𝐸]
• A mapping of a logical network L to a physical network P is said to be end-to-end correct iff where E is the partially ordered set of ‘send’ and ‘receive’ events.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 45: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/45.jpg)
A new correctness condition: End-to-end correctness
𝑃𝑟𝐿[𝐸] ≈ 𝑃𝑟𝑃[𝐸]
• A mapping of a logical network L to a physical network P is said to be end-to-end correct iff where E is the partially ordered set of ‘send’ and ‘receive’ events.
• Key features: • distinguishes between events that happen
always, sometimes, and never.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 46: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/46.jpg)
A new correctness condition: End-to-end correctness
𝑃𝑟𝐿[𝐸] ≈ 𝑃𝑟𝑃[𝐸]
• A mapping of a logical network L to a physical network P is said to be end-to-end correct iff where E is the partially ordered set of ‘send’ and ‘receive’ events.
• Key features: • distinguishes between events that happen
always, sometimes, and never.
• permissive of the differences in packet loss or timing that do not affect correctness.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 47: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/47.jpg)
A new correctness condition: End-to-end correctness
𝑃𝑟𝐿[𝐸] ≈ 𝑃𝑟𝑃[𝐸]
• A mapping of a logical network L to a physical network P is said to be end-to-end correct iff where E is the partially ordered set of ‘send’ and ‘receive’ events.
• Key features: • distinguishes between events that happen
always, sometimes, and never.
• permissive of the differences in packet loss or timing that do not affect correctness.
• permissive of the legitimate differences in orderings of events.
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 48: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/48.jpg)
So far: We identified the problem: incorrect application-level behavior under the existing virtualization techniques.
1
We developed an analytical framework to reason about the problem.
3
Research Vision: Developing a general algorithm. 4 Proving its correctness. 5 Developing a correct virtualization System.
6
We identified its root-cause: dependence on the history.
2
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014
![Page 49: Towards Correct Network Virtualizationpages.cs.wisc.edu/~soudeh/files/e2e_hotsdn_slides.pdf · virtualization techniques. 1 We developed an analytical framework to reason about the](https://reader034.fdocuments.net/reader034/viewer/2022052611/5f0946a07e708231d4260c37/html5/thumbnails/49.jpg)
Thanks!
Questions?
Soudeh Ghorbani and Brighten Godfrey HotSDN 2014