9.1-Programming SDNs

Question 1

2 SDN mininet projects

Answer 1

1) write my own virtual switch

2) Use programming language designed for SDN to create a firewall

Question 2

Consistency problems. Updating switch flow table entries from the controller

Answer 2

1) updates may disrupt packets along an end to end path (Packet level consistency problem)
2) Packets from the same flow may be disrupted (flow level consistency problem)

Question 3

SDN Programming: Three steps

Answer 3

1) The controller need to Read/monitor network state (as well as various events in the network)
2) To Compute Policy based on state the controller sees on the network (Decision plane… deciding the forwarding behavior)
3) Write policy back to the switches by installing the appropriate flow table state into the switches.

Question 4

Reading state: extra unexpected events

Answer 4

Solution:

1) Programmer specifies “Limit (1)”
2) Run-time system hides events

Question 5

Consistency: Reading state

These 3 approaches help guarantee consistency when “reading state”

Answer 5

1) Predicates (i.e “and” and “not”)
2) Dynamically unfold rules as traffic arrives
3) suppression (limit 1 and hide events)

Question 6

Consistency: writing state

Answer 6

Solution:
Two phase commit

1) Packets are either subjective to the old config on all switches
2) Or to the new configuration on all switches

But packets are not subjective to the new on some switches and the old on others

Question 7

What problems can arise from inconsistent “writes” of network state?

Answer 7

1) Forwarding loops
2) Security policy violations
3) A flood of traffic at the controller

Question 8

What are some ways of coping with inconsistency?

Answer 8

1) keeping the old and new state on the routers/switches (two phase state)

Question 9

Network Virtualization

Answer 9

Abstraction of physical network

Question 10

Why virtual Networking?

Answer 10

“Ossification” of internet architecture

enables evolution by letting multiple architectures exist in parallel.

Question 11

Motivations for virtual networking?

Answer 11

1) Facilitating research/evolution by allowing coexistence

2) Adjusting resources to demand

Question 12

Promise of Network Virtualization

Answer 12

1) Rapid innovation (software speed)
2) New forms of network control
3) (potentially) simpler programming

Question 13

SDN vs Network Virtualization

Answer 13

SDN helped to allow network virtualization
SDN separates data and control
Network virtualization separates logical and physical

Question 14

Network virtualization

Answer 14

1) Allowing multiple tenants to share underlying physical infrastructure
2) Separating logical and physical

Question 15

Design goals for network virtualization

Answer 15

Flexible, manageable, scalable, secure, programmable, able to support different techs (homogeneous)

Question 16

Mininet

Answer 16

Network Virtualization

Question 17

The openflow switch

Answer 17

performs forwarding between the interfaces in the root name space… but because the interfaces are paired we get the illusion of sending traffic between h2 and h3.

Question 18

Technologies that enable virtual networks

Answer 18

VMs and tunneling

Question 19

Programming SDNs

Answer 19

Programming openflow not easy!

Question 20

Frenetic

Answer 20

SQL - like Query language

Example:

SELECT (bytes)
WHERE (in:2 & srcport:80)
groupBy (dstMAC)
every (60)

Question 21

Problem

Answer 21

Modules affect same traffic

Composition policies help with this
For example:
Parallel or Sequential

Question 22

Policy composition

Answer 22

Parallel: Perform both operations simultaneously (+)
Sequential: perform one operation, then the next (»)

Question 23

Pyretic

Answer 23

SDN Language (express policies) and Run-time (compiling these policies to openflow rules)

Question 24

Pyretic features

Answer 24

1) Network policy as function
2) Boolean predicates
3) Virtual packet header fields
4) Composition

Question 25

Openflow: bit patterns

Answer 25

Match statements for which matching packets are subject to a particular action

Contrast… Pyretic: functions
map packets->to other packets

Question 26

Pyretic functions

Answer 26

Identity packet -> returns original packet
None -> returns empty set 0
Match (f=v)-> Returns the identity if field F matches V and returns none or dropped otherwise
Mod (F=V) returns same packet with field f set to v
fwd(a) -> mod (outport t = a)
flood()

Question 27

Sequential composition example

Answer 27

match(dst IP=2.2.2.8)»fwd(1)

Question 28

Parallel composition example

Answer 28

match(dst IP=2.2.2.8)&raquo_space; fwd(1) +

match(dst IP=2.2.2.9)&raquo_space; fwd(2)

Question 29

Pyretic

Answer 29

1) Network policy as functions
2) Predicates on packets
3) Virtual packet headers
4) Policy composition

Question 30

Pyretic

Answer 30

Northbound API which sits on top of an SDN controller allowing operater/programmer to write rules without regards on how openflow rules get installed.