9.1 Programming SDNs

Question 1

Consistent updates in SDN Problems

Answer 1

1. Updates may disrupt packets along an end to end path

2. Packets from the same flow may be disrupted

Question 2

SDN Programming 3 steps

Answer 2

1. Read/monitor network state as well as events in the network (such as failures, topology changes, security events)
2. compute policy based on state controller sees from network (decision plane)
3. write policy back to switches by installing appropriate flow table state into switches

Question 3

Which steps in SDN program can present an issue

Answer 3

Reading and writing

Question 4

Reading State Problem: Limited # of rules

Answer 4

Limited # of rules due to space on switches. Cannot install all possible patterns

Question 5

Reading state problem: Limited # of rules - SOLUTION

Answer 5

Dynamically unfold rules as traffic arrives.
Programmer specifies GroupBy(srcip)
Runtime dynamically adds rules as traffic arrives

Question 6

Reading State Problem: Extra Unexpected events

Answer 6

extra unexpected events may cause inconsistencies

If a packet arrives as another one is being processed by the controller (installing a rule), it could cause issues.

Question 7

Reading State Problem: Extra Unexpected events - SOLUTION

Answer 7

Programmer specifies “Limit(1)”

Runtime system hides the extra events

Question 8

Approaches to maintaining consistency while reading state

Answer 8

predicates
unfolding
suppression

Question 9

Reasons to write policies

Answer 9

maintenance
unexpected failure
traffic failure

Question 10

Things to ensure when writing policies

Answer 10

no forwarding loops
no black holes
no security violations

Question 11

black hole

Answer 11

router or switch receives a packet but doesn’t know what to do with it.

Question 12

Writing Consistent Policy: Two Phase Commit

Answer 12

Version numbers in packets {P1, P2}
tag the packet on ingress so that the switches keep copies of both P1 and P2 for some time
When all switches have received rules corresponding to the new policy then incoming packets can be tagged with P2.
After time/sure no more P1 come in, we trash P1 ruleset

Question 13

Writing Consistent Policy: Two Phase Commit - Optimization

Answer 13

don’t run on all switches.

only apply mechanism on switches affected by packets under old ruleset

Question 14

Network Virtualization

Answer 14

Abstraction of physical network.

Multiple logical networks on shared physical substrate

Question 15

Why virtual networking

Answer 15

network virtualization enables evolution by letting multiple architectures exist in parallel

Question 16

Promise of Network Virtualization

Answer 16

1. Rapid innovation
2. New forms of network control
3. (potentially) simpler programming

Question 17

SDN vs Network Virtualization

Answer 17

SDN = separate data & control

Network Virtualization = separate logical & physical

Question 18

Design goals for network virtualization

Answer 18

flexible
manageable
scalable
secure
programmable
able to support different technologies

Question 19

how are virtual networks implemented?

Answer 19

Nodes: VMs
Edges: Tunnels

Question 20

Process of one packet from vm1 to vm2 through tunnel

Answer 20

encapsulate ethernet packet as it leaves vm in an ip packet which is destined for a new vm and the new host will decapsulate the packet

Question 21

Programming SDNs: Problems

Answer 21

programming openflow is not easy

low level of abstraction
controller only sees events that switches do not know how to handle
race conditions if switch level rules not installed properly

Question 22

Programming SDNs: Solution

Answer 22

Provide “northbound” api - programming interface that allows applications to program the network

Question 23

Northbound api

Answer 23

allows an application to at a high level tell the controller what it wants the switch to do.

Question 24

Northbound api benefits

Answer 24

vender independence

ability to quickly modify or customize control through various popular languages (python)

Question 25

Frenetic

Answer 25

Sql like query language

sits ontop of a northbound api

Question 26

Problem: Modules affect same traffic

Answer 26

too many cooks it’ll spoil the broth baby i think thats not true, ooooooo too many cooks can spoil the broth but will fill our hearts with so much, so much love. Too many cooks.

Question 27

Problem: Modules affect same traffic - SOLUTION

Answer 27

Composition operators - ways that specify how individual modules combine to create a cohesive program

Question 28

Policy Composition: Parallel

Answer 28

Perform both operations simultaneously

count and forward at the same time

Question 29

Policy Composition: Sequential

Answer 29

Perform one operation, then the next

firewall, then switch

Question 30

Pyretic features

Answer 30

Network policy as function
Boolean predicates
Virtual packet header fields
composition

Question 31

Pyretic sequential policy composition syntax

Answer 31

match(dstIP=2.2.2.8)&raquo_space; fwd(1)

|&raquo_space;

Question 32

Pyretic parallel policy composition syntax

Answer 32

match(dstIP=2.2.2.8)&raquo_space; fwd(1) +
match(dstIP=2.2.2.9)&raquo_space; fwd(2)

+

Question 33

Dynamic policies

Answer 33

timeseries of static policies
current policy is self.policy

1. set a default policy
2. Register callback that updates policy

Question 34

Pyretic summary/overview

Answer 34

1. Network policy as function
2. predicates on packets
3. virtual packet headers
4. policy composition