network programming languages - cornell universityjnfoster/systems-industry/nate.pdf · programming...
TRANSCRIPT
![Page 1: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/1.jpg)
Network Programming Languages
Nate Foster
![Page 2: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/2.jpg)
![Page 3: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/3.jpg)
We are at the start of a revolution!
![Page 4: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/4.jpg)
![Page 5: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/5.jpg)
Network architectures are being opened up…
…giving programmers the freedom to tailor their behavior to suit applications!
![Page 6: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/6.jpg)
Open Networking SuccessesData Center Virtualization • Write programs against virtual topologies • Controller maps virtual programs to physical network
Monitoring • Declare continuous traffic queries • Controller polls counters and aggregates results
Traffic Engineering • Optimize bandwidth according to natural criteria • Controller provisions paths using constraint solver
Verification and Debugging • Specify behavior using high-level properties • Controller generates code to enforce key invariants
![Page 7: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/7.jpg)
Open Networking Architecture
Southbound Controller
Application
Northbound Controller
ApplicationApplication
![Page 8: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/8.jpg)
https://www.flickr.com/photos/el_ramon/
![Page 9: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/9.jpg)
Southbound Interfaces
There are now many ways to manage network device configurations programmatically • NetConf • OpenFlow • OVS • P4 • SNMP • YANG • etc.
These interfaces, which are rapidly maturing, provide a solid foundation for network programming
https://www.flickr.com/photos/el_ramon/
![Page 10: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/10.jpg)
![Page 11: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/11.jpg)
But on the northbound side… the situation is bleak Current controllers provide a variety of abstractions: • Device abstraction layers • Isolated slices • Virtual networks • QoS provisioning • NFV service chaining • Custom services (discovery, firewall, etc.)
But the development of these abstractions has been ad hoc, driven more by the needs of particular applications than by fundamental principles
Northbound Interfaces
![Page 12: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/12.jpg)
High-level abstractions
Northbound Interface Design
Good performance
Modularity
Resource allocation
![Page 13: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/13.jpg)
Modular Composition
Southbound Controller
Northbound Controller
(Route + Monitor) ; Firewall
![Page 14: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/14.jpg)
Modular Composition
Southbound Controller
Northbound Controller
Monolithic application
(Route + Monitor) ; Firewall
![Page 15: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/15.jpg)
Modular Composition
This style of programming complicates: •Writing, testing, and debugging programs •Reusing code across applications •Porting applications to new platforms
Southbound Controller
Northbound Controller
Monolithic application
(Route + Monitor) ; Firewall
![Page 16: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/16.jpg)
Pattern Actionsdstip=10.0.0.1 Forward 1
dstip=10.0.0.2 Forward 2
Pattern Actionssrcip=1.2.3.4 Count
Monitor+
Route
![Page 17: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/17.jpg)
Pattern Actionsdstip=10.0.0.1 Forward 1
dstip=10.0.0.2 Forward 2
Pattern Actionssrcip=1.2.3.4 Count
Monitor+
Pattern Actionssrcip=1.2.3.4, dstip=10.0.0.1 Forward 1, Count
srcip=1.2.3.4, dstip=10.0.0.2 Forward 2, Count
srcip=1.2.3.4 Count
dstip=10.0.0.1 Forward 1
dstip=10.0.0.2 Forward 2
Route + Monitor
Route
![Page 18: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/18.jpg)
Machine LanguagesCurrent APIs are derived from the underlying machine languages
Programmers must work in terms of low-level concepts such as: • Flow tables •Matches •Priorities • Timeouts • Events
This approach complicates programs and reasoning
switch_connected
packet_in
barrier_reply
flow_mod
packet_out
barrier_request
South
North
Application
![Page 19: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/19.jpg)
Programming LanguagesBetter would be to have APIs based on higher-level abstractions
Then, programmers could work in terms of natural concepts such as: • Logical predicates •Mathematical functions •Network-wide paths •Policy combinators •Atomic transactions
which would streamline many programs and simplify reasoning
f
South
North
pk pk’
![Page 20: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/20.jpg)
Programming LanguagesBetter would be to have APIs based on higher-level abstractions
Then, programmers could work in terms of natural concepts such as: • Logical predicates •Mathematical functions •Network-wide paths •Policy combinators •Atomic transactions
which would streamline many programs and simplify reasoning
f
South
North
Packet-processing function
pk pk’
![Page 21: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/21.jpg)
Vision • Write network programs in a high-level language • Generate efficient low-level code using a compiler • Reason about network properties automatically
Main Results • Language based on packet-processing functions • Compilers that emit code for OpenFlow switches • Encoded other abstractions (slicing, virtualization, etc.)
![Page 22: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/22.jpg)
NetKAT DesignWhat constructs should an SDN language provide?
![Page 23: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/23.jpg)
NetKAT DesignWhat constructs should an SDN language provide?
![Page 24: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/24.jpg)
NetKAT DesignWhat constructs should an SDN language provide?• Packet predicates
![Page 25: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/25.jpg)
NetKAT DesignWhat constructs should an SDN language provide?• Packet predicates• Packet transformations
![Page 26: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/26.jpg)
NetKAT DesignWhat constructs should an SDN language provide?• Packet predicates• Packet transformations• Path construction
![Page 27: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/27.jpg)
NetKAT DesignWhat constructs should an SDN language provide?• Packet predicates• Packet transformations• Path construction• Path concatenation
![Page 28: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/28.jpg)
NetKAT DesignWhat constructs should an SDN language provide?• Packet predicates• Packet transformations• Path construction• Path concatenation• Path union
![Page 29: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/29.jpg)
NetKAT DesignWhat constructs should an SDN language provide?• Packet predicates• Packet transformations• Path construction• Path concatenation• Path union• Path iteration
![Page 30: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/30.jpg)
NetKAT Language
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
Syntax
Semantics Functions from packet histories to sets of packet histories
Syntactic Sugar if pol then pol1 else pol2 ≜ (pol; pol1) + (!pol; pol2)
![Page 31: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/31.jpg)
NetKAT Language
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
Syntax
Semantics Functions from packet histories to sets of packet histories
Syntactic Sugar if pol then pol1 else pol2 ≜ (pol; pol1) + (!pol; pol2)
`NetKAT can encode switch configurations,
network-wide paths, and even topologies
![Page 32: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/32.jpg)
false⟨pk,..⟩
false drops its input
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
pol ::= false
![Page 33: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/33.jpg)
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
true⟨pk,..⟩
true copies its input
⟨pk,..⟩
| true
![Page 34: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/34.jpg)
field = val⟨pk,..⟩
field = val copies its input if pk.field = val or drops it if not
when pk.field = val
⟨pk,…⟩
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
| field = val
![Page 35: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/35.jpg)
field = val⟨pk,..⟩
field = val copies its input if pk.field = val or drops it if not
when pk.field = val
⟨pk,…⟩
when pk.field ≠ val
field = val⟨pk,..⟩
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
| field = val
![Page 36: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/36.jpg)
field := val⟨pk,..⟩
field := val sets the input’s field component to val
⟨pk[field := val],..⟩
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
| field := val
![Page 37: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/37.jpg)
pol1
pol1 + pol1 duplicates the input, sends one copy to each sub-policy, and takes the union of their outputs
⟨pk,..⟩
pol2
⟨pk1,..⟩,⟨pk2,..⟩
+
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
| pol1 + pol2
![Page 38: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/38.jpg)
⟨pk,..⟩
pol1 ; pol2 runs the input through pol1 and then runs every output produced by pol1 through pol2
;
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
| pol1 ; pol2
pol1
pol2
⟨pk1,..⟩,⟨pk2,..⟩
![Page 39: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/39.jpg)
!pol drops the input if pol produces any output and copies it otherwise
⟨pk,..⟩ ⟨pk,..⟩pol
!
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup
| !pol
![Page 40: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/40.jpg)
pol* repeatedly runs packets through pol to a fixpoint
⟨pk,..⟩
*⟨pk1,..⟩,⟨pk2,..⟩
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup | pol*
pol
![Page 41: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/41.jpg)
dup⟨pk,..⟩
dup duplicates the head packet of the input
⟨pk,pk,..⟩
pol ::= false | true | field = val | field := val | pol1 + pol2 | pol1 ; pol2 | !pol | pol*
| dup | dup
![Page 42: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/42.jpg)
NetKAT by ExampleTopology
![Page 43: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/43.jpg)
NetKAT by ExampleSpecification • Forward packets to hosts 1-4 • Monitor traffic to unknown hosts • Flood broadcast traffic to all hosts • Disallow SSH traffic from hosts 1-2
Topology
{pattern={ethSrc=00:00:00:00:00:01,ethTyp=0x800,ipProto=0x06, tcpDstPort=22},action=[]} {pattern={ethSrc=00:00:00:00:00:02,ethTyp=0x800,ipProto=0x06, tcpDstPort=22},action=[]} {pattern={ethDst=00:00:00:00:00:01},action=[Output(1)]} {pattern={ethDst=00:00:00:00:00:02},action=[Output(2)]} {pattern={ethDst=00:00:00:00:00:03},action=[Output(3)]} {pattern={ethDst=00:00:00:00:00:04},action=[Output(4)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=1},action=[Output(4), Output(3), Output(2)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=2},action=[Output(4), Output(3), Output(1)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=3},action=[Output(4), Output(2), Output(1)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=4},action=[Output(3), Output(2), Output(1)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff},action=[]} {pattern={},action=[Controller]}
Flow Table
![Page 44: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/44.jpg)
Example: Forward
let forward = if ethDst = 00:00:00:00:00:01 then port := 1 else if ethDst = 00:00:00:00:00:02 then port := 2 else if ethDst = 00:00:00:00:00:03 then port := 3 else if ethDst = 00:00:00:00:00:04 then port := 4 else false
![Page 45: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/45.jpg)
Example: Broadcast
let broadcast = if ethDst = ff:ff:ff:ff:ff:ff then flood else false
![Page 46: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/46.jpg)
Example: Routing
let route = forward + broadcast
![Page 47: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/47.jpg)
Example: Monitor
let monitor = if !(ethDst = 00:00:00:00:00:01 + ethDst = 00:00:00:00:00:02 + ethDst = 00:00:00:00:00:03 + ethDst = 00:00:00:00:00:04 + ethDst = ff:ff:ff:ff:ff:ff) then port := unknown else false
![Page 48: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/48.jpg)
Example: Firewall
let firewall = if (ethSrc = 00:00:00:00:00:01 + ethSrc = 00:00:00:00:00:02) ; ethTyp = 0x800 ; ipProto = 0x06 ; tcpDstPort = 22 then false else true
![Page 49: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/49.jpg)
Example: Main Policy
let main = (route + monitor); firewall
compiles to…
{pattern={ethSrc=00:00:00:00:00:01,ethTyp=0x800,ipProto=0x06, tcpDstPort=22},action=[]} {pattern={ethSrc=00:00:00:00:00:02,ethTyp=0x800,ipProto=0x06, tcpDstPort=22},action=[]} {pattern={ethDst=00:00:00:00:00:01},action=[Output(1)]} {pattern={ethDst=00:00:00:00:00:02},action=[Output(2)]} {pattern={ethDst=00:00:00:00:00:03},action=[Output(3)]} {pattern={ethDst=00:00:00:00:00:04},action=[Output(4)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=1},action=[Output(4), Output(3), Output(2)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=2},action=[Output(4), Output(3), Output(1)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=3},action=[Output(4), Output(2), Output(1)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff,port=4},action=[Output(3), Output(2), Output(1)]} {pattern={ethDst=ff:ff:ff:ff:ff:ff},action=[]} {pattern={},action=[Controller]}
![Page 50: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/50.jpg)
NetKAT Policy
Run-Time System
Application
NetKAT Language
Dynamic Applications
![Page 51: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/51.jpg)
NetKAT Policy
Run-Time System
Application
Topology change
NetKAT Policy
NetKAT Language
Dynamic Applications
![Page 52: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/52.jpg)
NetKAT Policy
Run-Time System
Application
Host change
Topology change
NetKAT Policy NetKAT Policy
NetKAT Language
Dynamic Applications
![Page 53: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/53.jpg)
NetKAT Policy
Run-Time System
…
Application
Host change
Topology change
Traffic statistics
NetKAT Policy NetKAT Policy
NetKAT Policy
NetKAT Language
Dynamic Applications
![Page 54: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/54.jpg)
-
= +
Application: IsolationIn many situations, multiple tenants must share the network… …but we don’t want their traffic to interfere with each other!
![Page 55: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/55.jpg)
-
= +
Application: IsolationIn many situations, multiple tenants must share the network… …but we don’t want their traffic to interfere with each other!
{ in } x : pol { out }
Ingress EgressTag Policy
![Page 56: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/56.jpg)
-
= +
Application: IsolationIn many situations, multiple tenants must share the network… …but we don’t want their traffic to interfere with each other!
{ in } x : pol { out }
Ingress EgressTag Policy
let pre = (tag = none; in; tag := x + tag = x) in let post = (out; tag := none + !out) in (pre; pol; post)
![Page 57: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/57.jpg)
Application: Virtualization
Virtual Network
Physical Network
![Page 58: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/58.jpg)
Application: Virtualization
Virtual Network
Physical Network
![Page 59: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/59.jpg)
Application: Virtualization
Virtual Network
Physical Network
![Page 60: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/60.jpg)
Application: Virtualization
Virtual Network
Physical Network
![Page 61: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/61.jpg)
Application: Virtualization
Virtual Network
Physical Network
![Page 62: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/62.jpg)
Application: Virtualization
Virtual Network
Physical Network
![Page 63: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/63.jpg)
Application: Virtualization
Virtual Network
Physical Network
![Page 64: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/64.jpg)
Application: Virtualization
Virtual Network
Physical Network
This idiom can be implemented in NetKAT!
ingress; (raise; application; lower; fabric)*; egress
![Page 65: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/65.jpg)
Application: Verificationpolicy
topo
A network can be encoded by alternating between policy and topology packet-processing steps
![Page 66: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/66.jpg)
true
Application: Verificationpolicy
topo
A network can be encoded by alternating between policy and topology packet-processing steps
![Page 67: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/67.jpg)
true+
(policy; topo)
Application: Verificationpolicy
topo
A network can be encoded by alternating between policy and topology packet-processing steps
![Page 68: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/68.jpg)
true+
(policy; topo)+
(policy; topo; policy; topo)
Application: Verificationpolicy
topo
A network can be encoded by alternating between policy and topology packet-processing steps
![Page 69: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/69.jpg)
true+
(policy; topo)+
(policy; topo; policy; topo)+
(policy; topo; policy; topo; policy; topo)
Application: Verificationpolicy
topo
A network can be encoded by alternating between policy and topology packet-processing steps
![Page 70: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/70.jpg)
true+
(policy; topo)+
(policy; topo; policy; topo)+
(policy; topo; policy; topo; policy; topo)
+(policy; topo)*
Application: Verificationpolicy
topo
A network can be encoded by alternating between policy and topology packet-processing steps
...
![Page 71: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/71.jpg)
true+
(policy; topo)+
(policy; topo; policy; topo)+
(policy; topo; policy; topo; policy; topo)
+(policy; topo)*
Application: Verificationpolicy
topo
A network can be encoded by alternating between policy and topology packet-processing steps
...
`To check whether the network drops packets of type X,
check if type=X; (policy; topo)* is equivalent to false
![Page 72: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/72.jpg)
Closing Thoughts
• What are the big problems that academics working in SDN should be focusing on?
• How can we integrate abstractions being developed in academia into emerging controller platforms?
• How can academics validate work in this area, especially at scale?
![Page 73: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/73.jpg)
Thank you!Collaborators
• Carolyn Anderson (Victoria) • Shrutarshi Basu (Cornell) • Marco Canini (UC Louvain) • Andrew Ferguson (Google) • Rodrigo Fonseca (Brown) • Jean-Baptiste Jeannin (CMU) • Dexter Kozen (Cornell) • Robert Kleinberg (Cornell) • Shriram Krishnamurthi (Brown) • Chen Liang (Duke) • Matthew Milano (Cornell) • Jennifer Rexford (Princeton) • Mark Reitblatt (Cornell) • Cole Schlesinger (Princeton) • Alexandra Silva (Nijmegen) • Emin Gün Sirer (Cornell) • Robert Soulé (Lugano) • Laure Thompson (Cornell) • Dave Walker (Princeton)
Papers, Code, etc.
http://frenetic-‐lang.org/
![Page 74: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/74.jpg)
Extra Slides
![Page 75: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/75.jpg)
Network Updates
Initial Policy
Target Policy
Question: how can we gracefully transition the network from one configuration to another?
![Page 76: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/76.jpg)
Network Updates
Initial Policy
Target Policy
Question: how can we gracefully transition the network from one configuration to another?
![Page 77: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/77.jpg)
Network Updates
Initial Policy
Target Policy
Question: how can we gracefully transition the network from one configuration to another?
`Must reason about all possible packet interleavings!
![Page 78: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/78.jpg)
Approach: develop abstractions that appear to update all of the switches in the network at once
Consistency Property: every packet (or flow) in the network “sees” a single policy version
Implementations: • Order updates • Unobservable updates • One-touch updates • Compositions of consistent • Two-phase update
Consistent Updates
![Page 79: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/79.jpg)
Two-Phase UpdatesVersioning: instrument the compiler so that all forwarding rules match on a policy version
Unobservable Update: install the rules for the new policy in the interior of the network
One-Touch Updates: install rules at the edge that stamp packets with new version
Garbage Collect: delete the rules for the old policy
![Page 80: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/80.jpg)
Two-Phase UpdatesVersioning: instrument the compiler so that all forwarding rules match on a policy version
Unobservable Update: install the rules for the new policy in the interior of the network
One-Touch Updates: install rules at the edge that stamp packets with new version
Garbage Collect: delete the rules for the old policy
`Theorem: Unobservable + One-Touch = Consistent
![Page 81: Network Programming Languages - Cornell Universityjnfoster/systems-industry/nate.pdf · Programming Languages Better would be to have APIs based on higher-level abstractions Then,](https://reader034.vdocument.in/reader034/viewer/2022042115/5e9264bdc66f020c422b4fc6/html5/thumbnails/81.jpg)
Python Learning Switch# switch state table = {}
# helper functions def learn(sw,pkt,pt): table[sw][get_ethernet(pkt).src] = pt
def switch_policy(sw): def f((known,unknown),mac): src = test("ethSrc", mac) dst = test("ethDst", mac) return (known | filter(dst) >> output(table[sw][mac]), unknown & ~src) (known_pol, unknown_pred) = reduce(f, table[sw].keys(), (drop(), true())) return known_pol | filter(unknown_pred) >> (controller() | flood(sw))
def policy(): return union(switch_policy(sw) for sw in table.keys())
# event handler def handler(_, event): print event typ = event['type'] if typ == 'packet_in': pkt = packet.Packet(base64.decode(event[‘payload’]['buffer'])) learn(event[‘switch_id'], pkt, event[‘port_id']) else: pass return PolicyResult(policy())