1 / 86

Participatory Networking: An API for Application Control of SDNs

Participatory Networking: An API for Application Control of SDNs. Andrew Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurth i. Cornell. Participatory Networking. 1. SSHGuard. 2. Ekiga. 3. ZooKeeper. 4. Hadoop. Motivation. 1. SSHGuard.

axl
Download Presentation

Participatory Networking: An API for Application Control of SDNs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Participatory Networking:An API for Application Control of SDNs • Andrew Ferguson, Arjun Guha, Chen Liang, • Rodrigo Fonseca, and Shriram Krishnamurthi Cornell

  2. Participatory Networking

  3. 1. SSHGuard 2. Ekiga 3. ZooKeeper 4. Hadoop Motivation

  4. 1. SSHGuard blocks hosts in response to login attempts 2. Ekiga uses knowledge from host OS 3. ZooKeeper prefers to deny traffic close to source 4. Hadoop SSHGuard SSHGuard SSHGuard SSHGuard SSHGuard SSHGuard SSHGuard

  5. 1. SSHGuard open source VOIP client 2. Ekiga network needs dictated by end-user 3. ZooKeeper prefers to reserve bandwidth 4. Hadoop Ekiga Ekiga

  6. 1. SSHGuard Paxos-like coordination service 2. Ekiga network needs dictated by placement 3. ZooKeeper prefers high-priority switch queues 4. Hadoop ZooKeeper ZooKeeper ZooKeeper

  7. 1. SSHGuard open source data processing platform 2. Ekiga network weights known by scheduler 3. ZooKeeper prefers to reserve bandwidth 4. Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop Hadoop

  8. SDN Controllers SSHGuard Ekiga ZooKeeper Hadoop SSHGuard Ekiga SSHGuard

  9. 1. decompose control and visibility 2. resolve conflicts between requests Challenges

  10. Participatory Networking

  11. 1. Requests 2. Hints 3. Queries PANE Participatory Networking

  12. Participatory Networking • End-user API for SDNs • Exposes existing mechanisms • No effect on unmodified applications

  13. Decomposing Control

  14. Hadoop Shares

  15. bandwidth 100Mbps root bandwidth 50Mbps root adf Share Tree

  16. PANE This traffic will be short and bursty Reserve 2 Mbps from now to +5min? Yes OK How much web traffic in the last hour? 67,560 bytes

  17. PANE Current: 80 Mbps Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth 100Mbps bandwidth 100Mbps No Reserve 50 Mbps? Current: 0 Mbps Current: 80 Mbps Current: 0 Mbps Yes Reserve 80 Mbps?

  18. Resolving Conflicts

  19. bandwidth 100Mbps root bandwidth 50Mbps root adf Share Tree

  20. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.2, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Policy Trees

  21. Packet: src 10.0.0.1 dst 10.0.0.2:80 (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.2, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Policy Trees

  22. Hierarchical Flow Tables +P 0 GMB=30 GMB=30 Allow GMB=10 GMB=10 Packet: src 10.0.0.1 dst 10.0.0.2:80 (dstPort = 22, Deny) ? +S +D (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.1, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation

  23. Hierarchical Flow Tables GMB=30 +P GMB=30 GMB=10 +D (dstIP=10.0.0.2, GMB=30) +S (srcIP=10.0.0.1, GMB=20) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Only Requirements: Associative, 0-identity Conflict Resolution

  24. D and S identical. Deny overrides Allow. GMB combines as max Rate-limit combines as min +D In node +S Sibling Child overrides Parent for Access Control GMB combines as max Rate-limit combines as min +P Parent-Sibling PANE’s Conflict Resolution Operators

  25. Implementation

  26. (dstPort = 22, Deny) (dstPort = 22, Deny) (dstPort = 22, Deny) (dstPort = 22, Deny) (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (dstIP=10.0.0.2, GMB=30) (dstIP=10.0.0.2, GMB=30) (dstIP=10.0.0.2, GMB=30) (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (dstPort=80, GMB=10) (dstPort=80, GMB=10) (dstPort=80, GMB=10) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) (srcIP=10.0.0.1, Allow) (srcIP=10.0.0.1, Allow) (srcIP=10.0.0.1, Allow) (srcIP=10.0.0.1, Allow) PANE

  27. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) (srcIP=10.0.0.2, GMB=20)

  28. PANE

  29. PANE

  30. PANE

  31. PANE

  32. 24Mbps 24Mbps 5Mbps 8Mbps PANE

  33. 24Mbps PANE

  34. PANE 0.6

  35. Evaluation

  36. 1. SSHGuard access control 2. Ekiga bandwidth reservations 3. ZooKeeper queues for low latency 4. Hadoop centralized traffic weights Evaluation

  37. PANE 22 Hosts • Three equal-sized sort jobs: • Two Low Priority with 25% weight • One High Priority with 50% weight Dynamically apply QoS to High Priority flows using PANE.

  38. PANE 22 Hosts Hadoop’s OpenFlow rules

  39. For applications that know what they want from the network • Allows these applications to co-exist Conclusion

  40. pane.cs.brown.edu Andrew Ferguson adf@cs.brown.edu

  41. Arjun Guha • Chen Liang • Rodrigo Fonseca • Shriram Krishnamurthi Co-authors Brown ↦ Cornell ↦ UMass Amherst Brown ↦ Duke Brown Brown pane.cs.brown.edu Andrew Ferguson adf@cs.brown.edu

  42. Backup Slides

  43. Proof of Correctness

  44. GMB=30 GMB=30 Allow GMB=10 GMB=10 (dstPort = 22, Deny) +S +P (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet: src 10.0.0.1 dst 10.0.0.2:80 Hierarchical Flow Tables

  45. Compiler Correctness

  46. Coq Proof Assistant

  47. compile Packet: src 10.0.0.1 dst 10.0.0.2:80 GMB 30 Theorem

  48. Protocol

More Related