Embed Size (px)
DESCRIPTION
Incremental Consistent Updates. Naga Praveen Katta Jennifer Rexford, David Walker Princeton University. Network Policy. Policy : C ollection of Openflow rules in the entire network. === === ===. === === ===. === === ===. 2. 1. 1. 1. 2. 2. 1. 2. === === ===. - PowerPoint PPT Presentation
Citation preview
Incremental Consistent Updates
Naga Praveen KattaJennifer Rexford, David Walker
Princeton University
2
• Policy : Collection of Openflow rules in the entire network
Network Policy
1
2
1
2
12
1
2
=========
=========
=========
=========
3
• From old policy
Policy Update
1
2
1
2
12
1
2
=========
=========
=========
=========
4
• From old policy to new policy
Policy Update
1
2
1
2
12
1
2
=========
=========
=========
=========
5
Inconsistent policy during transition
1
2
1
2
12
1
2
=========
=========
=========
=========
======
===
=========
======
6
Inconsistent policy during transition
1
2
1
2
12
1
2
=========
=========
=========
=========
======
===
=========
======
Per Packet Consistency (Reitblatt et. al. SIGCOMM’12)
• A packet sees either exclusively the old policy or exclusively the new policy.
7
Both old and new policy on the network
1
2
1
2
12
1
2
8
100% space overhead in intermediate steps
1
2
1
2
12
1
2
9
100% space overhead in intermediate steps
1
2
1
2
12
1
2
Problem Statement
• Can we do a consistent update with less space?
10
Less space overhead but more update time Goals
• General : Works for any policy (with ternary matches)• Efficient : No packet-processing overhead on the controller
Trade Space for time
11
Less space overhead but more update time Goals
• General : Works for any policy (with ternary matches)• Efficient : No packet-processing overhead on the controller
Trade Space for time
Divide entire update into multiple rounds
1. Each round is assigned a set of predicates (predicate : a symbolic ingress packet)
2. Each round updates policy slice for assigned predicates
Slice : rules effecting the packets of a predicate
12
Update the policy slice by slice
1
2
1
2
12
1
2
=========
=========
=========
=========
13
Update the policy slice by slice
1
2
1
2
12
1
2
=========
=========
=========
=========
14
Update the policy slice by slice
1
2
1
2
12
1
2
=========
=========
=========
=========
15
Update the policy slice by slice
1
2
1
2
12
1
2
=========
=========
=========
=========
16
Update the policy slice by slice
1
2
1
2
12
1
2
=========
=========
=========
=========
17
Update the policy slice by slice
1
2
1
2
12
1
2
=========
=========
=========
=========
18
Update the policy slice by slice
1
2
1
2
12
1
2
=========
=========
=========
=========
Given a predicate, how do you compute the slice? How do you update the network with policy slices? How do you assign predicates to slices?
1. Computing a slice for a given predicate
19
Collect matching rules from all switches?
01->111101
Header Modifications
Multiple predicates match a single rule
Packets of predicate never reach a switch.
010101
01
Challenges in computing a slice
20
0*01
11
21
Compute policy slice using symbolic execution
1
2
1
2
12
1
2
Similar to Header Space Analysis (NSDI 2012)
22
Compute policy slice using symbolic execution
1
2
1
2
12
1
2
23
Compute policy slice using symbolic execution
1
2
1
2
12
1
2
=========
=========
=========
=========
24
Similarly compute the old slice
1
2
1
2
12
1
2
=========
=========
=========
=========
25
2. Update policy slice – Add the new slice
1
2
1
2
12
1
2
=========
=========
=========
=========
===
===
===
===
26
Then remove the old slice?
1
2
1
2
12
1
2
=========
=========
=========
=========
===
===
===
===
27
• Cannot remove 1* rule till both 10 and 11 migrate
1
2
1
2
12
1
2
11 -> 2
10 -> 111 -> 2
1* -> 1
10 -> 2
Difficult with multiple dependent predicates
28
• Cannot remove 1* rule till both 10 and 11 migrate
1
2
1
2
12
1
2
11 -> 2
00 -> 101 -> 2
0* -> 1
00 -> 2
Difficult with multiple dependent predicates
Keep track of all dependent predicates
• Add a new rule as soon as any new slice needs it• Delete an old rule as soon as no old slice needs it
29
Optimal order of updates• How many slices in total?• Which predicates in which slice?
3. Choosing the predicates?
30
Divide N ingress predicates into K ordered slices optimally• Avoid exponential preprocessing• Cannot consider slices in isolation
Choosing the predicates
31
Divide N ingress predicates into K ordered slices optimally• Avoid exponential preprocessing• Cannot consider slices in isolation
Pose it as a Mixed Integer Program• Combine individual predicate symbolic analyses• Encode dependency counting
Choosing the predicates
Trade-off dimensions• Rule space overhead • Update time (# rounds/slices)• Traffic volume of migrated rules
32
Fattree topology - 24 Switches, 576 hosts Load Balancer Policy
• Each client chooses server randomly• Packet modification at the ingress• Shortest path forwarding to servers
Optimization solver• Always within 1% in few (~5) seconds
Evaluation
33
Overhead decreases significantly with increased rounds
Spac
e O
verh
ead
(%)
Consistent Updates
Total number of slices
34
Minimizing update times finishes in just 9 slices
Switch space overhead capped at 5%
Number of slices updated Number of slices updated
35
80% traffic migrates in slice 1 and 99% in 3 slices
Switch space overhead capped at 5%
Number of slices updated
36
Policy abstractions come with a cost How to implement efficiently? Keeping the essence of abstraction
Optimizing consistent updates Slice by slice policy update Symbolic execution and MIP
reduction• Uses less rule space• Moves high volume flows early
Conclusion
