SlideShare a Scribd company logo

VeriFlow Presentation

K
Krystle Bates

Presentation about VeriFlow (SDN) and NetPlumber (HSA)

Technology
1 of 32
Download to read offline
VeriFlow: Verifying Network-Wide Invariants in Real Time Krystle Bates Yenming Chen
Agenda ● Introduction ● VeriFlow ● Experiments ● Comparison: Header Space Analysis (HSA) ● Lessons Learned ● Conclusion & Discussion
Introduction
SDN’s Refresh ● Software Defined Network (SDN) allows the use of programming network devices Fig. 1: Software Defined Networking Architecture [1]
Challenges of SDNs - A logically-centralized network applications allow bugs occur due to the increases in software complexities. - The use of multiple applications or user’s ability to program the same physical network simultaneously, could result in conflicting rules.
Overview Approach - Uses real-time data plane verification. - Has a standardized and open interface to read and write the data plane of network devices and a centralized device can run code and is responsible for transmitting commands to network devices.
Challenges - Obtaining real time view of network - Verification speed Photo by ✿ SUMAYAH ©™ - Creative Commons Attribution-NonCommercial-ShareAlike License https://farm8.staticflickr.com/7042/7098318665_9cb251bcd2_b.jpg
VeriFlow
Structure of VeriFlow - Real - Time analysis - Function by - Dynamic Monitor - Model Behavior - Custom Algorithms for Error Detection
1. Limit the Search Space Generate Equivalence Classes Veriflow Updates
Computing Equivalence Classes (EC)
2. Represent Forwarding Behavior Generate Equivalence Classes Generate Forwarding Graphs Veriflow Updates
Forwarding Graphs
3. Run Query to Check Invariants Generate Equivalence Classes Run Queries Generate Forwarding Graphs Veriflow Updates
Experiment
Evaluation #1- Microbenchmarking VeriFlow run time Goal - Observe Veriflow’s different phases contributions to the overall run time Simulated an IP network with 172 routers Replayed BGP traces, with 5 million RIB entries and 90k BGP updates
Performance Results 97.8% of the updates were verified within 1 millisecond
Evaluation #2 - Effect on TCP Connection Setup Latency Goal - Understand the impact of Veriflow on TCP connection setup latency Mininet OpenFlow network 10 switched arranged in chain-like topology A host connect to every switch Nox controller running “learning switch” app TCP connections between random pairs of hosts
Evaluation Results
Time Consume
Comparison: HSA
Header Space Analysis Operating overview ● Extract header from packets in binary {0,1} ● Construct forwarding transfer function T(h,p) ● Mathematical computation for verification Achievements ● Reachability analysis ● Loop detection ● Slice isolation P. Kazemian, G. Varghese and N. McKeown, “Header space analysis: static checking for networks”, NSDI'12 Proceedings of USENIX conference on Networked Systems Design and Implementation, 2012 Time Consume ~= second base
NetPlumber Features ● Based on HSA ● Built dependency graph Improvements of HSA ● Incremental update rules (achieve real-time) ● Without ad hoc code required by HSA (generalize to probe nodes) ● Cluster graph and reduce inner-edges (parallelization) P. Kazemian, M.l Chang, H. Zeng, G. Varghese , N. McKeown, S. Whyte, “Real Time Network Policy Checking using Header Space Analysis”, NSDI'12 Proceedings of USENIX conference on Networked Systems Design and Implementation, 2013
conti. NetPlumber
Time Consume ~= millisecond
Lessons Learned
VeriFlow vs NetPlumber (HSA) VeriFlow NetPlumber(HSA) History 2013 by UIUC 2013(2012) by Stanford Apply Layer Data-Plane Data-Plane Data Structure Tree Graph Time Consume millisecond millisecond Steps Class / Flow / Queries Space / Topology / Algebra Verification Custom Query Procedure Algebra Operation Both support forwarding actions and verification
Conclusion & Discussion
Conclusion VeriFlow achieves real-time verification - A layer between SDN controller and network elements - Finds faulty flows issued by SDN applications - Verifies network-wide invariants as each flow is inserted Can prevent a flow from reaching the network
Thanks for your attention!
Problems and Discussion 1) Is there any limitation on Data-Plane verification ? 2) How can we improve the speed of Veriflow ? 3) Within the experimental results, there is a long tail behavior in the CDF. Why do you think that is? 4) Is it possible for VeriFlow to deal with the control logic error? 5) Is SDN pre-requisite for VeriFlow? Can we implement VeriFlow without the SDN's implementation? 6) Can Veriflow replace firewall in a networked system?
References - A. Khurshid, X. Zou, W. Zhou, M. Caesar, P. Godfrey, VeriFlow: Verifying Network-Wide Invariants in Real Time, (Paper) and “VeriFlow: Verifying Network-Wide Invariants in Real Time”, PPT, http://conferences.sigcomm.org/sigcomm/2012/slides/sdn/session2/03-Veriflow.pdf, 2012 - P. Kazemian, G. Varghese, N. McKeown, “Header Space Analysis: Static Checking For Networks” - G. N. Nde and R. Khondoker, "SDN testing and debugging tools: A survey," 2016 5th International Conference on Informatics, Electronics and Vision (ICIEV), Dhaka, 2016, pp. 631-635. - D. Nicol, K. Jin, M. Caesar, B. Sanders, “A Hypothesis Testing Framework for Network Security”, PPT - Peyman Kazemian, Network Debugging, http://yuba.stanford.edu/~peyman/research.html

Recommended

Investigating the Impact of Network Topology on the Processing Times of SDN C...
Investigating the Impact of Network Topology on the Processing Times of SDN C...Investigating the Impact of Network Topology on the Processing Times of SDN C...
Investigating the Impact of Network Topology on the Processing Times of SDN C...Steffen Gebert
 
ppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservicesppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for MicroservicesNane Kratzke
 
SDN interfaces and performance analysis of SDN components
SDN interfaces and performance analysis of SDN componentsSDN interfaces and performance analysis of SDN components
SDN interfaces and performance analysis of SDN componentsSteffen Gebert
 
Efficient Topology Discovery in Software Defined Networks
Efficient Topology Discovery in Software Defined NetworksEfficient Topology Discovery in Software Defined Networks
Efficient Topology Discovery in Software Defined NetworksFarzaneh Pakzad
 
Group Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksGroup Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksKnut-Helge Vik
 
SDN: is it a solution for network security?
SDN: is it a solution for network security?SDN: is it a solution for network security?
SDN: is it a solution for network security?ARCCN
 
Capstone Poster Final Draft - 2
Capstone Poster Final Draft - 2Capstone Poster Final Draft - 2
Capstone Poster Final Draft - 2Krishna Prasad A R
 
Ravi Namboori Software Defined Network Presentation
Ravi Namboori Software Defined Network PresentationRavi Namboori Software Defined Network Presentation
Ravi Namboori Software Defined Network Presentationravi namboori
 

Recommended

Investigating the Impact of Network Topology on the Processing Times of SDN C...
Investigating the Impact of Network Topology on the Processing Times of SDN C...Investigating the Impact of Network Topology on the Processing Times of SDN C...
Investigating the Impact of Network Topology on the Processing Times of SDN C...Steffen Gebert
 
ppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservicesppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for MicroservicesNane Kratzke
 
SDN interfaces and performance analysis of SDN components
SDN interfaces and performance analysis of SDN componentsSDN interfaces and performance analysis of SDN components
SDN interfaces and performance analysis of SDN componentsSteffen Gebert
 
Efficient Topology Discovery in Software Defined Networks
Efficient Topology Discovery in Software Defined NetworksEfficient Topology Discovery in Software Defined Networks
Efficient Topology Discovery in Software Defined NetworksFarzaneh Pakzad
 
Group Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksGroup Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksKnut-Helge Vik
 
SDN: is it a solution for network security?
SDN: is it a solution for network security?SDN: is it a solution for network security?
SDN: is it a solution for network security?ARCCN
 
Capstone Poster Final Draft - 2
Capstone Poster Final Draft - 2Capstone Poster Final Draft - 2
Capstone Poster Final Draft - 2Krishna Prasad A R
 
Ravi Namboori Software Defined Network Presentation
Ravi Namboori Software Defined Network PresentationRavi Namboori Software Defined Network Presentation
Ravi Namboori Software Defined Network Presentationravi namboori
 
An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed DebuggingAnant Narayanan
 
Link Capacity Estimation in Wireless Software Defined Networks
Link Capacity Estimation in Wireless Software Defined NetworksLink Capacity Estimation in Wireless Software Defined Networks
Link Capacity Estimation in Wireless Software Defined NetworksFarzaneh Pakzad
 
Insight DE project
Insight DE projectInsight DE project
Insight DE projectKat Chuang
 
SC'18 BoF Presentation
SC'18 BoF PresentationSC'18 BoF Presentation
SC'18 BoF Presentationrcastain
 
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...I MT
 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...Christian Esteve Rothenberg
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Resume
ResumeResume
ResumeSiddharth Joshi
 
Smart Contract Security Testing
Smart Contract Security TestingSmart Contract Security Testing
Smart Contract Security TestingDilum Bandara
 
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013Randy Bias
 
Krabbenhoft_TavernaARC_BOSC2009
Krabbenhoft_TavernaARC_BOSC2009Krabbenhoft_TavernaARC_BOSC2009
Krabbenhoft_TavernaARC_BOSC2009bosc
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-newGifty Susan Mani
 
OpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorOpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorMahesh Dananjaya
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsPLUMgrid
 
Sdn&security
Sdn&securitySdn&security
Sdn&securityCristiano Monteiro
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVCisco DevNet
 
The Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudThe Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudChunghan Lee
 
Software defined network
Software defined networkSoftware defined network
Software defined networkDeeptiman Mallick
 
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience ReportMaking Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience ReportQAware GmbH
 
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...DigitalOcean
 
BuildingSDNmanageableswitch.pdf
BuildingSDNmanageableswitch.pdfBuildingSDNmanageableswitch.pdf
BuildingSDNmanageableswitch.pdfFernando Velez Varela
 
DesignofSDNmanageableswitch.pdf
DesignofSDNmanageableswitch.pdfDesignofSDNmanageableswitch.pdf
DesignofSDNmanageableswitch.pdfFernando Velez Varela
 

More Related Content

What's hot

An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed DebuggingAnant Narayanan
 
Link Capacity Estimation in Wireless Software Defined Networks
Link Capacity Estimation in Wireless Software Defined NetworksLink Capacity Estimation in Wireless Software Defined Networks
Link Capacity Estimation in Wireless Software Defined NetworksFarzaneh Pakzad
 
Insight DE project
Insight DE projectInsight DE project
Insight DE projectKat Chuang
 
SC'18 BoF Presentation
SC'18 BoF PresentationSC'18 BoF Presentation
SC'18 BoF Presentationrcastain
 
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...I MT
 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...Christian Esteve Rothenberg
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Smart Contract Security Testing
Smart Contract Security TestingSmart Contract Security Testing
Smart Contract Security TestingDilum Bandara
 
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013Randy Bias
 
Krabbenhoft_TavernaARC_BOSC2009
Krabbenhoft_TavernaARC_BOSC2009Krabbenhoft_TavernaARC_BOSC2009
Krabbenhoft_TavernaARC_BOSC2009bosc
 
OpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorOpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorMahesh Dananjaya
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsPLUMgrid
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVCisco DevNet
 
The Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudThe Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudChunghan Lee
 
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience ReportMaking Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience ReportQAware GmbH
 
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...DigitalOcean
 

What's hot (20)

An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed Debugging
 
Link Capacity Estimation in Wireless Software Defined Networks
Link Capacity Estimation in Wireless Software Defined NetworksLink Capacity Estimation in Wireless Software Defined Networks
Link Capacity Estimation in Wireless Software Defined Networks
 
Insight DE project
Insight DE projectInsight DE project
Insight DE project
 
SC'18 BoF Presentation
SC'18 BoF PresentationSC'18 BoF Presentation
SC'18 BoF Presentation
 
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...
Colloque IMT -04/04/2019- L'IA au cœur des mutations industrielles - L'IA pou...
 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
Resume
ResumeResume
Resume
 
Smart Contract Security Testing
Smart Contract Security TestingSmart Contract Security Testing
Smart Contract Security Testing
 
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
 
Krabbenhoft_TavernaARC_BOSC2009
Krabbenhoft_TavernaARC_BOSC2009Krabbenhoft_TavernaARC_BOSC2009
Krabbenhoft_TavernaARC_BOSC2009
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-new
 
OpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorOpenFlow Aware Network Processor
OpenFlow Aware Network Processor
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
 
Sdn&security
Sdn&securitySdn&security
Sdn&security
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFV
 
The Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public CloudThe Impact of Software-based Virtual Network in the Public Cloud
The Impact of Software-based Virtual Network in the Public Cloud
 
Software defined network
Software defined networkSoftware defined network
Software defined network
 
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience ReportMaking Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
 
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
 

Similar to VeriFlow Presentation

Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined NetworksShreeya Shah
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingUS-Ignite
 
Software-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to NetworkingSoftware-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to NetworkingAnju Ann
 
Software_Defined_Networking.pptx
Software_Defined_Networking.pptxSoftware_Defined_Networking.pptx
Software_Defined_Networking.pptxAsfawGedamu
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3Wen-Pai Lu
 
SDN - a new security paradigm?
SDN - a new security paradigm?SDN - a new security paradigm?
SDN - a new security paradigm?Sophos Benelux
 
Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...
Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...
Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...Radisys Corporation
 
SDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologySDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologyIRJET Journal
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingAnkita Mahajan
 
Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Jean-Marc ANDRE
 
FlowN vs FlowVisor: Scalable Network Virtualization in SDN
FlowN vs FlowVisor: Scalable Network Virtualization in SDNFlowN vs FlowVisor: Scalable Network Virtualization in SDN
FlowN vs FlowVisor: Scalable Network Virtualization in SDNHao Jiang
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
Software Defined Networking
Software Defined NetworkingSoftware Defined Networking
Software Defined NetworkingAnshuman Singh
 
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkThe Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkOpen Networking Summits
 
SDN Multi-Controller Domain.pptx
SDN Multi-Controller Domain.pptxSDN Multi-Controller Domain.pptx
SDN Multi-Controller Domain.pptxSandeep Maurya
 

Similar to VeriFlow Presentation (20)

BuildingSDNmanageableswitch.pdf
BuildingSDNmanageableswitch.pdfBuildingSDNmanageableswitch.pdf
BuildingSDNmanageableswitch.pdf
 
DesignofSDNmanageableswitch.pdf
DesignofSDNmanageableswitch.pdfDesignofSDNmanageableswitch.pdf
DesignofSDNmanageableswitch.pdf
 
Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined Networks
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined Networking
 
Software-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to NetworkingSoftware-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to Networking
 
Software_Defined_Networking.pptx
Software_Defined_Networking.pptxSoftware_Defined_Networking.pptx
Software_Defined_Networking.pptx
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3
 
Final_Report
Final_ReportFinal_Report
Final_Report
 
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX BoxesCloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
 
SDN - a new security paradigm?
SDN - a new security paradigm?SDN - a new security paradigm?
SDN - a new security paradigm?
 
Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...
Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...
Radisys/Wind River: The Telcom Cloud - Deployment Strategies: SDN/NFV and Vir...
 
SDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologySDN: A New Approach to Networking Technology
SDN: A New Approach to Networking Technology
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined Networking
 
Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?
 
FlowN vs FlowVisor: Scalable Network Virtualization in SDN
FlowN vs FlowVisor: Scalable Network Virtualization in SDNFlowN vs FlowVisor: Scalable Network Virtualization in SDN
FlowN vs FlowVisor: Scalable Network Virtualization in SDN
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
Software Defined Networking
Software Defined NetworkingSoftware Defined Networking
Software Defined Networking
 
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkThe Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
 
SDN Multi-Controller Domain.pptx
SDN Multi-Controller Domain.pptxSDN Multi-Controller Domain.pptx
SDN Multi-Controller Domain.pptx
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

VeriFlow Presentation

  • 1. VeriFlow: Verifying Network-Wide Invariants in Real Time Krystle Bates Yenming Chen
  • 2. Agenda ● Introduction ● VeriFlow ● Experiments ● Comparison: Header Space Analysis (HSA) ● Lessons Learned ● Conclusion & Discussion
  • 4. SDN’s Refresh ● Software Defined Network (SDN) allows the use of programming network devices Fig. 1: Software Defined Networking Architecture [1]
  • 5. Challenges of SDNs - A logically-centralized network applications allow bugs occur due to the increases in software complexities. - The use of multiple applications or user’s ability to program the same physical network simultaneously, could result in conflicting rules.
  • 6. Overview Approach - Uses real-time data plane verification. - Has a standardized and open interface to read and write the data plane of network devices and a centralized device can run code and is responsible for transmitting commands to network devices.
  • 7. Challenges - Obtaining real time view of network - Verification speed Photo by ✿ SUMAYAH ©™ - Creative Commons Attribution-NonCommercial-ShareAlike License https://farm8.staticflickr.com/7042/7098318665_9cb251bcd2_b.jpg
  • 9. Structure of VeriFlow - Real - Time analysis - Function by - Dynamic Monitor - Model Behavior - Custom Algorithms for Error Detection
  • 10. 1. Limit the Search Space Generate Equivalence Classes Veriflow Updates
  • 12. 2. Represent Forwarding Behavior Generate Equivalence Classes Generate Forwarding Graphs Veriflow Updates
  • 14. 3. Run Query to Check Invariants Generate Equivalence Classes Run Queries Generate Forwarding Graphs Veriflow Updates
  • 16. Evaluation #1- Microbenchmarking VeriFlow run time Goal - Observe Veriflow’s different phases contributions to the overall run time Simulated an IP network with 172 routers Replayed BGP traces, with 5 million RIB entries and 90k BGP updates
  • 17. Performance Results 97.8% of the updates were verified within 1 millisecond
  • 18. Evaluation #2 - Effect on TCP Connection Setup Latency Goal - Understand the impact of Veriflow on TCP connection setup latency Mininet OpenFlow network 10 switched arranged in chain-like topology A host connect to every switch Nox controller running “learning switch” app TCP connections between random pairs of hosts
  • 22. Header Space Analysis Operating overview ● Extract header from packets in binary {0,1} ● Construct forwarding transfer function T(h,p) ● Mathematical computation for verification Achievements ● Reachability analysis ● Loop detection ● Slice isolation P. Kazemian, G. Varghese and N. McKeown, “Header space analysis: static checking for networks”, NSDI'12 Proceedings of USENIX conference on Networked Systems Design and Implementation, 2012 Time Consume ~= second base
  • 23. NetPlumber Features ● Based on HSA ● Built dependency graph Improvements of HSA ● Incremental update rules (achieve real-time) ● Without ad hoc code required by HSA (generalize to probe nodes) ● Cluster graph and reduce inner-edges (parallelization) P. Kazemian, M.l Chang, H. Zeng, G. Varghese , N. McKeown, S. Whyte, “Real Time Network Policy Checking using Header Space Analysis”, NSDI'12 Proceedings of USENIX conference on Networked Systems Design and Implementation, 2013
  • 27. VeriFlow vs NetPlumber (HSA) VeriFlow NetPlumber(HSA) History 2013 by UIUC 2013(2012) by Stanford Apply Layer Data-Plane Data-Plane Data Structure Tree Graph Time Consume millisecond millisecond Steps Class / Flow / Queries Space / Topology / Algebra Verification Custom Query Procedure Algebra Operation Both support forwarding actions and verification
  • 29. Conclusion VeriFlow achieves real-time verification - A layer between SDN controller and network elements - Finds faulty flows issued by SDN applications - Verifies network-wide invariants as each flow is inserted Can prevent a flow from reaching the network
  • 31. Problems and Discussion 1) Is there any limitation on Data-Plane verification ? 2) How can we improve the speed of Veriflow ? 3) Within the experimental results, there is a long tail behavior in the CDF. Why do you think that is? 4) Is it possible for VeriFlow to deal with the control logic error? 5) Is SDN pre-requisite for VeriFlow? Can we implement VeriFlow without the SDN's implementation? 6) Can Veriflow replace firewall in a networked system?
  • 32. References - A. Khurshid, X. Zou, W. Zhou, M. Caesar, P. Godfrey, VeriFlow: Verifying Network-Wide Invariants in Real Time, (Paper) and “VeriFlow: Verifying Network-Wide Invariants in Real Time”, PPT, http://conferences.sigcomm.org/sigcomm/2012/slides/sdn/session2/03-Veriflow.pdf, 2012 - P. Kazemian, G. Varghese, N. McKeown, “Header Space Analysis: Static Checking For Networks” - G. N. Nde and R. Khondoker, "SDN testing and debugging tools: A survey," 2016 5th International Conference on Informatics, Electronics and Vision (ICIEV), Dhaka, 2016, pp. 631-635. - D. Nicol, K. Jin, M. Caesar, B. Sanders, “A Hypothesis Testing Framework for Network Security”, PPT - Peyman Kazemian, Network Debugging, http://yuba.stanford.edu/~peyman/research.html