Configuration changes are a common source of instability in networks, leading to outages, performance disruptions, and security vulnerabilities. Even when the initial and final configurations are correct, the update process itself often steps through intermediate configurations that exhibit incorrect behaviors. This paper introduces the notion of consistent network updates-updates that are guaranteed to preserve well-defined behaviors when transitioning between configurations. We identify two distinct consistency levels, per-packet and per-flow, and we present general mechanisms for implementing them in Software-Defined Networks using switch APIs like OpenFlow. We develop a formal model of OpenFlow networks, and prove that consistent updates preserve a large class of properties. We describe our prototype implementation, including several optimizations that reduce the overhead required to perform consistent updates. We present a verification tool that leverages consistent updates to significantly reduce the complexity of checking the correctness of network control software. Finally, we describe the results of some simple experiments demonstrating the effectiveness of these optimizations on example applications.
Software-defined networks (SDNs) are a new implementation architecture in which a controller machine manages a distributed collection of switches, by instructing them to install or uninstall packet-forwarding rules and report traffic statistics. The recently formed Open Networking Consortium, whose members include Google, Facebook, Microsoft, Verizon, and others, hopes to use this architecture to transform the way enterprise and data center networks are implemented. But to do this, they need novel programming languages to help them craft network-wide algorithms for routing, energy-efficient network management, dynamic access control, traffic monitoring, and other applications. In this paper, we define a high-level language, called NCore, for expressing packet-forwarding policies and traffic-statistics queries. The language is designed to be simple, expressive, and composi-tional. We define a formal semantics for NCore and show how to compile it to a distributed switch-controller architecture. To ensure that a majority of packets are processed efficiently on switches, we develop a new compilation technique called reactive specialization that generalizes, improves on, and automates the simple (but inefficient) manual techniques commonly used to program SDNs. Reac-tive specialization and the other compilation techniques we develop are highly generic, assuming only that the packet-matching capabilities available on switches satisfy some basic algebraic laws. This generality makes our technology applicable to all current switches we are aware of, including switches that implement the popular OpenFlow protocol. Overall, this paper delivers a design for a high-level network programming language; a novel, general-purpose compilation algorithm based on reactive specialization; a run-time system based on a SDN architecture; the first formal semantics and proofs of cor-rectness in this domain; and an implementation and evaluation that demonstrates the benefits over the current state-of-the-art.
Guarded Kleene Algebra with Tests (GKAT) is a variation on Kleene Algebra with Tests (KAT) that arises by restricting the union (+) and iteration ( * ) operations from KAT to predicate-guarded versions. We develop the (co)algebraic theory of GKAT and show how it can be efficiently used to reason about imperative programs. In contrast to KAT, whose equational theory is PSPACE-complete, we show that the equational theory of GKAT is (almost) linear time. We also provide a full Kleene theorem and prove completeness for an analogue of Salomaa's axiomatization of Kleene Algebra. INTRODUCTIONComputer scientists have long explored the connections between families of programming languages and abstract machines. This dual perspective has furnished deep theoretical insights as well as practical tools. As an example, Kleene's classic result establishing the equivalence of regular expressions and finite automata [22] inspired decades of work across a variety of areas including programming language design, mathematical semantics, and formal verification.Kleene Algebra with Tests (KAT) [25], which combines Kleene Algebra (KA) with Boolean Algebra (BA), is a modern example of this approach. Viewed from the program-centric perspective, a KAT models the fundamental constructs that arise in programs: sequencing, branching, iteration, non-determinism, etc. The equational theory of KAT enables algebraic reasoning and can be finitely axiomatized [30]. Viewed from the machine-centric perspective, a KAT describes a kind of automaton that generates a regular language of traces. This shift in perspective admits techniques from the theory of coalgebras for reasoning about program behavior. In particular, there are efficient algorithms for checking bisimulation, which can be optimized using properties of bisimulations [8,19] or symbolic automata representations [40].KAT has been used to model computation across a wide variety of areas including program transformations [2, 26], concurrency control [10], compiler optimizations [29], cache control [5,9], and more [9]. A prominent recent application is NetKAT [1], a language for reasoning about the packetforwarding behavior of software-defined networks. NetKAT has a sound and complete equational theory, and a coalgebraic decision procedure that can be used to automatically verify many important networking properties including reachability, loop-freedom, and isolation [15]. However, while NetKAT's implementation scales well in practice, the complexity of deciding equivalence for NetKAT is PSPACE-complete in the worst case [1].A natural question to ask is whether there is an efficient fragment of KAT that is reasonably expressive, while retaining a solid foundation. We answer this question positively in this paper with a comprehensive study of Guarded Kleene Algebra with Tests (GKAT), the guarded fragment of KAT. The language is a propositional abstraction of imperative while programs, which have been well-studied in the literature. We establish the fundamental properties of GKAT and develop its ...
Abstract-Modern computer networks perform a bewildering array of tasks, from routing and traffic monitoring, to access control and server load balancing. Yet, managing these networks is unnecessarily complicated and error-prone, due to a heterogeneous mix of devices (e.g., routers, switches, firewalls, and middleboxes) with closed and proprietary configuration interfaces. Software-Defined Networks (SDN) are poised to change this by offering a clean and open interface between networking devices and the software that controls them. In particular, many commercial switches support the OpenFlow protocol, and a number of campus, data-center, and backbone networks have deployed the new technology. Yet, while SDN makes it possible to program the network, it does not make it easy. Today's OpenFlow controllers offer low-level APIs that mimic the underlying switch hardware. To reach SDN's full potential, we need to identify the right higher-level abstractions for creating (and composing) applications. In the Frenetic project, we are designing simple and intuitive abstractions for programming the three main stages of network management: (i) monitoring network traffic, (ii) specifying and composing packet-forwarding policies, and (iii) updating policies in a consistent way. Overall, these abstractions make it dramatically easier for programmers to write and reason about SDN applications.
This paper presents Merlin, a new framework for managing resources in software-defined networks. With Merlin, administrators express high-level policies using programs in a declarative language. The language includes logical predicates to identify sets of packets, regular expressions to encode forwarding paths, and arithmetic formulas to specify bandwidth constraints. The Merlin compiler uses a combination of advanced techniques to translate these policies into code that can be executed on network elements including a constraint solver that allocates bandwidth using parameterizable heuristics. To facilitate dynamic adaptation, Merlin provides mechanisms for delegating control of sub-policies and for verifying that modifications made to sub-policies do not violate global constraints. Experiments demonstrate the expressiveness and scalability of Merlin on real-world topologies and applications. Overall, Merlin simplifies network administration by providing high-level abstractions for specifying network policies and scalable infrastructure for enforcing them.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.