9.1 - Programming SDNs Flashcards

1
Q

OpenFlow API updates to multiple switches in a path may result in what problems?

A
  1. Packet-level consistency problem

2. Flow-level consistency problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Packet-level consistency problem

A

Switches updated at different times in the same path may not have consistent states, and this could result in disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Flow-level consistency problem

A

Updates that occur in the middle of a flow may cause packets from that same flow to be subjected to two different states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three steps of SDN programming?

A
  1. Read/monitor state
  2. Compute policy
  3. Write policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

“Read/Monitor State” step of SDN programming

A

These events may include:

  • failures
  • topology changes
  • security events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

“Compute Policy” step of SDN programming

A

This is the role of the decision plane in decided what the forwarding behavior of the network should be in response to various states from the network switches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

“Write Policy” step of SDN programming

A

Installing the appropriate flow table state into the switches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In what two steps can consistency errors occur?

A
  1. Read - reading the network at different times can result in inconsistencies
  2. Write - the controller may be writing policy as traffic is actively flowing through the network which can disrupt packets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Simple match-action rules do not allow certain exception to be expressed. What is a solution to this problem?

A

A runtime system that can translate PREDICATES such as AND or NOT into low-level OpenFlow rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Switches only have a limited amount of space to store rules. What is a solution to this problem?

A

The run-time system dynamically “UNFOLDS” rules as traffic arrives. This guarantees that there are only rules in the switch which correspond to active traffic.

Example: programmer could specify something such as “group by IP address”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What happens if a switch receives additional packets in a flow before a rule has arrived from the controller?

A
  • A programmer can specify a limit of 1 packet which can initiate a rule request, and the subsequent packets should be SUPPRESSED.
  • The system can then hide the extra events.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are three approaches to handling consistency in the reading state?

A
  1. Predicates
  2. Rule Unfolding
  3. Suppression
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are some reasons that a controller may want to write policy to change the state in network switches?

A
  • Maintenance
  • Unexpected Failure
  • Traffic Engineering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What invariants does a controller attempt to maintain when writing policy?

A
  • No forwarding loops
  • No black holes
  • No security violations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How might a forwarding loop occur?

A

If an operator wishes to redirect traffic off of a particular link, he might change the weight of that link. However if that state were updated in one switch before another, the other switch in the new path could forward the traffic back because it’s unaware of the new shortest route.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What’s the solution to preventing a forwarding loop due to inconsistent states among switches?

A

Two-Phase Commit:

Packets are tagged on ingress, and copies of both rule sets are maintained for some time. Packets aren’t tagged with the new rule set until all switches have received the updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

T/F: One way of coping with inconsistencies is having different controllers for different switches.

A

FALSE - Each controller may be making independent decisions, so this could lead to an inconsistent state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

T/F: One way of coping with inconsistencies is keeping a “hot spare” replica.

A

FALSE - This does no good if the spare also writes state inconsistently to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

T/F: One way of coping with inconsistencies is keeping both the old and new state on the routers and switches.

A

TRUE - This is the “two-phase commit” approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

T/F: One way of coping with inconsistencies is resolving conflicts on the routes.

A

FALSE - No router has a complete view of the network state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Network Virtualization?

A

It is an abstraction of a physical network.

  • Multiple logical networks can by same underlying physical network.
  • Logical networks can have a different topology than the physical network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Tunnels

A

Tunnels are how nodes connect on a virtual network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

One of the main motivations for the rise of virtual network was the ______ of Internet architecture.

A

One of the main motivations for the rise of virtual network was the “OSSIFICATION” of Internet architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How does network virtualization enable evolution?

A

By allowing multiple architectures to exist in parallel.

25
Q

Where has network virtualization really taken off in practice?

A

Multi-tenant data centers

26
Q

T/F: One of the motivations for virtual networking is easier troubleshooting.

A

FALSE - Virtual networks are not inherently easier to troubleshoot.

27
Q

T/F: One of the motivations for virtual networking is facilitation research and evolution by co-existence.

A

TRUE - Experimental networks can co-exist with production networks

28
Q

T/F: One of the motivations for virtual networking is being able to adjust resources to demand.

A

TRUE - Resources devoted to any particular service can be scaled up or down

29
Q

T/F: One of the motivations for virtual networking is better forwarding performance.

A

FALSE - Virtual networks do not necessarily provide better performance. In fact it may be worse.

30
Q

What are some of the promised benefits of network virtualization?

A
  1. Rapid Innovation
  2. New Forms of Network Control
  3. (Potentially) Simpler Programming
31
Q

Why is “rapid innovation” a benefit of network virtualization?

A

Innovation can proceed at the rate which software evolves as opposed to hardware cycles.

32
Q

How are SDN and Network Virtualization different?

A
  • SDN is a tool for implementing network virtualization. It is defined by the separation of data and control planes.
  • Network virtualization is an application of SDN. It is defined by the separation of logical and physical networks.
33
Q

T/F: Allowing multiple tenants to share underlying physical infrastructure is a characteristic of Network Virtualization.

A

TRUE

34
Q

T/F: Controlling behavior from a centralized controller is a characteristic of Network Virtualization.

A

FALSE - This is a characteristic of SDN

35
Q

T/F: Separating logical and physical networks is a characteristic of Network Virtualization.

A

TRUE

36
Q

T/F: Separating data and control planes is a characteristic of Network Virtualization.

A

FALSE - This is a characteristic of SDN

37
Q

What are some of the design goals of Network Virtualization?

A
  • Flexible
  • Manageable
  • Scalable
  • Secure
  • Programmable
  • Able to support different technologies
38
Q

What are the two components of Virtual Networks?

A
  • Nodes

- Edges

39
Q

What is one way of virtualizing a physical node?

A
  • Virtual Machines (or Virtual Environments)

- The hypervisor “slices” the underlying hardware to provide the illusion of multiple guest nodes

40
Q

How are edges implemented in virtual networks?

A
  • The appearance that two nodes on separate VMs are connected over a layer 2 topology can be created using TUNNELS
  • Tunnels encapsulate packets as they leave a VM and the host on the other end encapsulates the packet
41
Q

What are some problems with programming with OpenFlow?

A
  • It’s not easy. There is a low level of abstraction.
  • The controller only sees events that switches do not know how to handle.
  • There can be race conditions if switch-level rules are not installed properly
42
Q

What is the solution to network programming given the problems with OpenFlow?

A
  • A “northbound” API that allows for applications to be written without writing low-level or “southbound” OpenFlow rules
43
Q

What are the benefits of programming against an API rather than directly with OpenFlow?

A
  • Vendor Independence

- The ability to quickly modify or customize control through various popular programming languages

44
Q

What are some example of applications that may need to be written?

A
  • large virtual switches
  • security apps
  • middlebox interpretation
45
Q

“Northbound” API

A
  • API that allows for applications to be written for controllers without writing low-level or “southbound” OpenFlow rules
46
Q

Frenetic

A

A SQL-like query language that uses the northbound API

47
Q

Composition Operators

A

Specify how individually programmed modules are combined to create a single set of OpenFlow rules.

48
Q

What are two ways of composing policies?

A
  1. Parallel

2. Sequential

49
Q

Parallel Policies

A

Operations are performed simultaneously.

Example: Counting and Forwarding

50
Q

Sequential Policies

A

Operations are performed one after another.

Example: Firewall, then Switch
Example: Load Balancer

51
Q

How are sequential policies used in a load balancer?

A

First a policy load balances the traffic. Predicates are used to decide how to balance packets.

Then a routing policy is implemented to forward packets to the appropriate destination.

52
Q

Pyretic

A

An SDN Language and Runtime

Language - provides a way to express policies

Runtime: Compiles policies into OpenFlow rules

53
Q

“Located” Packets

A

One of the key abstractions of Pyretic, the idea that we can apply a policy based on a packet at it’s location in the network (i.e. switch or port)

54
Q

What are some of the features of Pyretic?

A
  • Network policy as a function
  • Boolean predicates
  • Virtual packet header fields
  • Composition Operators
55
Q

What are some example functions in Pyretic?

A

identity - returns the original packet

none - (drop) returns an empty set

match (f = v) - returns packets where f = v

mod - returns packet with f set to v

fwd(a) - modifies output port field

flood - returns to packet on each port of the spanning tree (like a hub)

56
Q

How is sequential composition expressed in Pyretic?

A

> > Operator

Example: match()&raquo_space; fwd()

57
Q

How is parallel composition expressed in Pyretic?

A

+ Operator

Example: match()&raquo_space; fwd() + match()&raquo_space; fwd()

58
Q

Dynamic Policies

A

Policies whose forwarding behavior can change.

  • Represented as a time series of static policies