Title: A SOFT Way for OpenFlow Switch Interoperability Testing
The increasing adoption of Software Defined Networking, and OpenFlow in particular, brings great hope for increasing extensibility and lowering costs of deploying new network functionality. A key component in these networks is the OpenFlow agent, a piece of software that a switch runs to enable remote programmatic access to its forwarding tables. While testing high-level network functionality, the correct behavior and interoperability of any OpenFlow agent are taken for granted. However, existing tools for testing agents are not exhaustive nor systematic, and only check that the agent's basic functionality works. In addition, the rapidly changing and sometimes vague OpenFlow specifications can result in multiple implementations that behave differently.
In this talk, I will present SOFT (Systematic OpenFlow Testing), an approach for testing the interoperability of OpenFlow switches. Our key insight is in automatically identifying the testing inputs that cause different OpenFlow agent implementations to behave inconsistently. To this end, we first symbolically execute each agent under test in isolation to derive which set of inputs causes which behavior. We then crosscheck all distinct behaviors across different agent implementations and evaluate whether a common input subset causes inconsistent behaviors. Our evaluation shows that our tool identified several inconsistencies between the publicly available Reference OpenFlow switch and Open vSwitch implementations.
Title: SPARTA: Scalable Per-Address RouTing Architecture for Data Centers
SPARTA is a novel network architecture for data center Ethernet networks that implements a per-address forwarding mechanism to preserve Ethernet˘s self-configuration and mobility support, while increasing its scalability and usable bandwidth. SPARTA is explicitly designed to accommodate unmodified commodity hosts and Ethernet switch chips, make efficient use of switch table space, and avoid using TCAM entries for basic forwarding. We evaluated SPARTA on Fat Tree, HyperX, and Jellyfish topologies and found that it achieves performance comparable to or greater than Equal-Cost Multipath (ECMP) forwarding, which is currently limited to layer-3 IP networks, without any multipath hardware support. We describe an OpenFlow-based implementation of SPARTA in detail and discuss ways to extend SPARTA to enhance network resilience, perform fine-grained traffic engineering, and implement other network applications.
Title: Security as an App and Security as a Service: New Killer Apps for Software Defined Networking?
OpenFlow is an open standard that has gained tremendous interest in the last few years within the network community. It is an embodiment of the software defined networking (SDN) paradigm, in which higher level flow routing decisions are derived from a control layer which, unlike classic network switch implementations, is separated from the data handling layer. The central attraction to this paradigm is that by decoupling the control logic from the closed and proprietary implementations of traditional network switch infrastructure, researchers can more easily design and distribute innovative flow handling and network control algorithms. Indeed, we also believe that OpenFlow can, in time, prove to be one of the more impactful technologies to drive a variety of innovations in network security. OpenFlow could offer a dramatic simplification to the way we design and integrate complex network security applications/services into large networks. However, to date there remains a stark paucity of compelling OpenFlow security applications/services.
In this talk I will propose new killer apps for SDN, namely security as an app (SaaA) and security as a service (SaaS), and I will introduce our new technologies to enable them. In SaaA, various security functions are provided as OpenFlow (OF) apps for network operators to simply download and use, similar to the way of using iPhone/Android apps. For SaaA, I will introduce FRESCO, a new OpenFlow (OF) security application development framework designed to facilitate the rapid design, and modular composition of OF-enabled security modules (e.g., for threat detection and mitigation). FRESCO offers a Click-inspired programming framework that enables security researchers to implement, share, and compose together, many different security detection and mitigation modules. In SaaS, website/network operators, e.g., tenants in a cloud, can outsource security-monitoring tasks to the cloud security provider. For SaaS, I will introduce CloudWatcher, a new framework that provides security monitoring services for large and dynamic cloud networks. I will demonstrate the utility of FRESCO and CloudWatcher, and report various performance and efficiency aspects of our proposed frameworks. In summary, with the innovations of FRESCO and CloudWatcher, we hope to enable new killer apps (i.e., SaaA and SaaS) for SDN.
Title: Reliable Network Compilers
Managing a network is a difficult task. Operators must configure a collection of distributed devices to provide a range of services from routing, to load balancing, to monitoring, and to provide security. One way to address this challenge is to specify the behavior of the network using simple, declarative, and high-level abstractions, and leave the tedious job of generating low-level hardware configurations to a compiler. But this approach, while attractive, requires placing trust in the compiler, a large and potentially buggy piece of software. In this talk, we give an overview of subtle bugs in prototype network compilers, including NetCore, Nettle, and PANE.
We then address these problems with a new and better approach. We present a machine-verified compiler and runtime system from a high-level, NetCore-like language. Our verification ensures programmers using the high-level language do not need to think about several sources of non-determinism and other, low-level peculiarities that are manifest in OpenFlow networks. In doing our verification, we developed a formal models and a library of reasoning tools that let us precisely reason about OpenFlow networks. We believe these artifacts can be reused to develop other SDN tools.
Title: OpenRadio: Software Defined Wireless Infrastructure
Future mobile networks are faced with three trends: exponentially increasing traffic demand, chaotic network deployments with the advent of femtocells, and demand for supporting heterogeneous services (voice, video, data, smart grid etc). To adapt to these trends, wireless infrastructure has to scale in a cost-effective fashion to meet traffic demand, make it easier to manage chaotic deployments, and be flexible enough to accommodate heterogeneous services.
In this talk, I will discuss OpenRadio, our vision for a virtualized wireless infrastructure as the fundamental building block for future wireless networks. Our design approach can be summed up in three steps: separate service definition from infrastructure, design programmable wireless infrastructure fabrics, and enable flexible service definition in software. We argue how the above design approach enables an infrastructure that can be shared among multiple operators to enable cost-effective deployment, simplifies network management by enabling fine grained dynamic macro-resource allocation, and provides flexibility to customize the network for different services in software.
Title: Scenario-Based Tools for Network Configurations
Logical methods for network configuration analysis have evident benefits. Unfortunately, some of these methods suffer from either soundness or usability gaps. We have found that using model-based techniques offers a useful compromise between these hazards. Models can exploit the underlying logical methods to the fullest, while translating elegantly to scenarios, which network operators understand. In this talk I will discuss current and upcoming efforts applying such tools to the analysis of network configurations.
Title: Formal Verification of Computer Switch Networks
Formal verification has seen much success in several domains of hardware and software design. For example, in hardware verification there has been much work in the verification of microprocessors and memory systems. Similarly, software verification has seen success in device-drivers and concurrent software. The area of network verification, which consists of both hardware and software components, has received relatively less attention. Traditionally, the focus in this domain has been on performance and security, with less emphasis on functional correctness. I will discuss how the shift to Software Defined Networks provides us with an opportunity to partition the verification problem into two separate problems: verification of the switch network and verification of the controller via verification of the rule updates. I will then focus on verification of the switch network. Here I will review the formal verification techniques that have been used thus far, with the goal of understanding the characteristics of the problem domain that are helpful for each of the techniques, as well as those that pose specific challenges.
Title: Unlocking the Full Innovation Potential of Software Defined Networking
SDN has gained a lot of momentum in the industry, but the question still remains if it has 'arrived'. In the CTO office at Dell we decided to take a few steps back and try to understand lack of a wide range of SDN applications. While 'execution priority' has been a primary challenge, we also determined that the weak extensibility of the current data plane architecture is a key limiting factor.
In this talk we focus, not a killer app, but how to create a 'killer platform'. We will present our recent work on data-plane extensibility beyond just L2/L3. We will also introduce the concept of a 'statistics plane' that can unlock a latent potential for rich applications. Finally we propose a 'service oriented architecture' approach to the SDN application framework.
Title: Software Defined Networking (SDN): A New Approach to Networking
Software-defined Networking (SDN) is a new approach to networking that has the potential to enable on-going network innovation and enable the network as a programmable plug-and-play component of the larger cloud infrastructure. Key aspects of SDN include: separation of data and control planes; a uniform vendor agnostic interface called OpenFlow between control and data planes; logically centralized control plane, realized using a network OS, that constructs and presents a logical map of the entire network to services or control applications on top; and slicing and virtualization of the underlying network. In SDN a researcher, network administrator, or third party can introduce a new capability by writing a software program that simply manipulates the logical map of a slice of the network.
I will elaborate on the SDN story in his talk: the rationale, design, deployments, and coming together of a SDN ecosystem so far.
Title: Composing Software Defined Networks
In Software Defined Networking (SDN), an application comprising many disparate tasks must be converted into a single set of packet-processing rules on the switches. Unfortunately, today's SDN platforms do not support expressing these tasks as separate modules, and composing them to create an application. This leads to monolithic programs that are neither portable, nor reusable. To address this problem, we are creating the FV system that presents each application module with an abstract view of the network topology customized to the application logic, where one module may implement the "switching fabric'' for another. For example, a firewall module may run on "one big switch'' that is implemented by a routing module. The programmer can specify network views, the relationship between (virtual) switches in different views, and which traffic each module can measure and control. For example, conceptually the firewall functionality runs before the routing functionality. Using sequential composition, the FV compiler can synthesize a single set of rules and queries for each physical switch. FV enables the creation of sophisticated SDN applications, as illustrated by example several example programs.
This is joint work with Josh Reich, Chris Monsanto, and David Walker at Princeton, and Nate Foster at Cornell.
Title: The Twain Shall Meet: Toward Practical Integration of SDN and Middleboxes
There are two seemingly disparate camps for enabling network innovation. The first relies on a traditional approach of retrofitting -Y´middleboxesĦ, while more recent work argues for a cleaner software-defined networking (SDN) paradigm. Existing efforts in the middlebox world to address the management complexity sidestep the issue of integration with SDN and invent new control interfaces and/or change how middlebox functions are realized. On the other hand, the prevalent view in the SDN world appears to be that middleboxes can be easily integrated with existing mechanisms. However, there appear to be no actual design or deployment efforts validating this assumption. This talk is an initial exercise in exploring if and how we can practically bridge the gap between the SDN and middlebox worlds.
Title: SDN-enhanced Services in Enterprises and Data Centers
With the emergence of the software-defined networking paradigm, there is a new opportunity to more seamlessly integrate applications and IT processes with the network through programmable interfaces. Industry standard protocols such as OpenFlow and recent efforts to define service-oriented APIs for the network provide new ways to address many of the challenges in automating the network-related aspects of enterprise applications. While SDN has been positioned for network-level control and management functions, relatively less attention has been given to developing SDN-based solutions that improve higher-level applications or service management processes.
In this talk we explore the ability of SDN to automate networking tasks in various IT applications and management service use cases. We identify the network touch-points in a number of these cases and describe new workflows that leverage SDN technology to reduce manual effort, enable more informed decisions, or reduce the amount of time needed to complete service requests.