can't touch this: consistent network updates for multiple ...stefan/dsn16slides.pdf · can’t...
TRANSCRIPT
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Can’t Touch This: Consistent Network Updates forMultiple Policies
Szymon Dudycz, Arne Ludwig and Stefan Schmid
June 29, 2016
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 1/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Motivation
Downtime on GitHub
In 2012 GitHub introduced loops in their network which led toperformance drops for a day and 18 minutes of hard downtimeneeded to reconfigure the switches.
Other companies that had misconfigured their switches include etc.Amazon, GoDaddy and United Airlines.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 2/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Motivation
Downtime on GitHub
In 2012 GitHub introduced loops in their network which led toperformance drops for a day and 18 minutes of hard downtimeneeded to reconfigure the switches.
Other companies that had misconfigured their switches include etc.Amazon, GoDaddy and United Airlines.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 2/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Software Defined Network
Software Defined Network
Switches are controlled by a centralized controller. In principle,SDN is designed to enable formally consistent network operations.
However there are still challenges related to distributed computing,in particular delays when updating switches.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 3/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Software Defined Network
Software Defined Network
Switches are controlled by a centralized controller. In principle,SDN is designed to enable formally consistent network operations.
However there are still challenges related to distributed computing,in particular delays when updating switches.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 3/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Software Defined Network
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 4/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Tagging
Algorithm (Reitblatt et al. SIGCOMM’12)
Each switch remembers two paths for each policy
Additional field in header of each packet
Cons
Middleboxes may change header
Requires more space in switch
New links start being used late
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 5/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Tagging
Algorithm (Reitblatt et al. SIGCOMM’12)
Each switch remembers two paths for each policy
Additional field in header of each packet
Cons
Middleboxes may change header
Requires more space in switch
New links start being used late
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 5/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Loop freedom
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Loop freedom
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Loop freedom
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Loop freedom
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 6/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Rounds
At the beginning of the round, the controller updates any subset ofswitches. The switches in this subset can be updated in any order.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 7/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 8/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 8/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 8/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 8/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 8/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 8/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Controller
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 8/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Rounds
Rounds
At the beginning of the round, the controller updates any subset ofswitches. The switches in this subset can be updated in any order.
Ludwig et al. showed that O(log n) rounds is always enough toupdate a single policy in loop-free manner.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 9/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
Policy 1
Policy 2
Old path
New path
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 10/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Touches
Touches
Multiple policies rules in one switch can be updated in bulk. Wecall one switch interaction a touch.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 11/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Policies
v w
In w must be updated after v
In v must be updated after w
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 12/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Goal
How to minimize number of touches?
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 13/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
NP-hardness
It is NP-hard to minimize number of touches even with only 3policies.
The reduction is from a restricted variant of shortest commonsupersequence.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 14/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
NP-hardness
It is NP-hard to minimize number of touches even with only 3policies.The reduction is from a restricted variant of shortest commonsupersequence.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 14/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Easy case?
What about 2 policies, each of them updatable in 2 rounds?
Still NP-hard.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 15/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Easy case?
What about 2 policies, each of them updatable in 2 rounds?Still NP-hard.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 15/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Node classification
s v2 v3 v4 v5 v6 d
FORWARD BACKWARD
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 16/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Node classification
s v2 v3 v4 v5 v6 d
s v5 v3 v6 v4 v2 d
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 17/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Node classification
s v2 v3 v4 v5 v6 d
s v5 v3 v6 v4 v2 d
BF
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 17/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Node classification
s v2 v3 v4 v5 v6 d
s v5 v3 v6 v4 v2 d
BF FF
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 17/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Node classification
s v2 v3 v4 v5 v6 d
s v5 v3 v6 v4 v2 d
BF FF BB
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 17/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Node classification
s v2 v3 v4 v5 v6 d
s v5 v3 v6 v4 v2 d
BF FF BB FB
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 17/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
In single policy 2 round schedules: (Ludwig et al. PODC’15)
there cannot be any BB nodes
FB nodes must be updated in the first round, and BF nodesmust be updated in the last round
FF nodes can be updated in any round
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 18/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
In 2 policies 3 round schedules:
Round1 2 3
FBFB FBBF BFBFFBFF BFFB BFFFFFFB FFBFFFFF FFFF
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 19/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
Idea:
Reduction from Max-2SAT in which each variable appears inat most 3 clauses.
Create for each variable node of type FFFF and for eachclause 2 nodes of type FBBF .
Decision whether to update variable node in 1st or 3rd roundcorresponds to decision whether it should be assigned true orfalse.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 20/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
v
FFFF BFFB
w u
FFFF FBFB BFFB
Round1 2 3
FBFB FBBF BFBFFBFF BFFB BFFFFFFB FFBFFFFF FFFF
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 21/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
v
FFFF BFFB
w u
FFFF FBFB BFFB
Round1 2 3
FBFB FBBF BFBFFBFF BFFB BFFFFFFB FFBFFFFF FFFF
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 21/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
x
C1 C2
v w u
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 22/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
x
C1 C2
v w u
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 22/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
x
C1 C2
v w u
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 22/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Sketch of proof
Steps to finish the reduction:
Clause gadget, so that only one variable of each clause mustbe satisfied.
Splitting clauses into two policies.
Connecting the pieces, so that all vertices are of required type.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 23/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Schedule composition
What if we just need to compose schedules for each policies?
It is polynomial time computable as long as number of policies isconstant.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 24/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Schedule composition
What if we just need to compose schedules for each policies?It is polynomial time computable as long as number of policies isconstant.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 24/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Schedule composition
Policy 1: v1, v5, v3, v4
Policy 2: v6, v3, v4, v2
Policy 3: v4, v5, v6, v1, v2
v1, v4, v5, v6, v3, v1, v4, v2
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 25/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1
2 2 3
v2v3 2
3 3 3
v2v3v1 3
3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1 2
2 3
v2v3 2
3 3 3
v2v3v1 3
3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1 2 2
3
v2v3 2
3 3 3
v2v3v1 3
3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1 2 2 3
v2v3 2
3 3 3
v2v3v1 3
3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1 2 2 3
v2v3 2 3
3 3
v2v3v1 3
3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1 2 2 3
v2v3 2 3 3
3
v2v3v1 3
3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1 2 2 3
v2v3 2 3 3 3
v2v3v1 3
3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Dynamic algorithm
Policy 1: v1, v2, v3
Policy 2: v2, v3, v1
ε v1 v1v2 v1v2v3
ε 0 1 2 3
v2 1 2 2 3
v2v3 2 3 3 3
v2v3v1 3 3 4 4
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 26/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Schedule Composition
When there are more than two policies, the array becomesmultidimensional
The running time is O(mnm), where n is the number of nodesand m number of policies
If number of policies is not constant, then the problem isNP-hard
Reduction from directed feedback vertex set
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 27/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Conclusion
Results:
It is NP-hard to minimize number of touches.
If there is constant number of policies then there ispolynomial time algorithm for composing schedules.
However if the number of policies is not constant then theproblem is also NP-hard.
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 28/29
MotivationSoftware Defined Network
ModelHardness Proof
Efficient Schedule CompositionConclusion
Conclusion
Open problems:
Characterization of easy instances or good heuristic algorithmfor loop-free multiple policy problem.
Other consistency properties
Waypoint enforcement with loop freedom is in Ludwig et al.SIGMETRICS’2016
Algorithm for loop-free single policy problem optimized fornumber of rounds
Improving O(log n) rounds algorithm by Ludwig et al. PODC’2015
Szymon Dudycz, Arne Ludwig and Stefan Schmid Consistent Network Updates for Multiple Policies 29/29