I would also like to thank the staff of the Department of Computer Science and Engineering, especially Mr. I want to thank my mother, who, although she is no longer with us, continues to inspire by example.
Software Defined Networks
SDN switches
SDN Controllers
Middleboxes and Network Functions
Rule Updates
Flows may need to be dynamically rerouted in the event of a network failure or congestion to achieve better throughput or reduce latency or both. Traffic may need to be routed through specialized nodes in the correct order in a network [26].
Rules, packets and RUs
Switch model
Thus Ro denotes a set of old rules, Rn a set of new rules and Ru a set of unaffected rules. An update ui on a switch si ∈ S, where S is the set of affected switches, is denoted bysi(Roi, Rni), where Roi denotes the set of old rules and Rni the set of new rules for si.
Asymmetry of rules
In RUU1, the old rules match exactly the same set of packets that match the new rules and vice versa. In the same figure, in another RU U3, for the set of packets P matching 11001, there are no old rules ons1, while rn3 is the new rule.
Disjoint RUs
Thus, not every switch involved may have a set of new rules that match all packets that match a set of old rules, and vice versa. In that case, the set of old (new) rules on an affected switch is the aggregation of the set of old (new) rules of each of the disjoint railway undertakings on that switch.
Properties preserved during RUs
Per-Packet Consistent Updates
When the states associated with all NFs in a network are stored separately by the NFs in a common data store, the NFs are said to be stateless. Since installing P1 on s1 and Pn on sn simultaneously is impractical, we need them to be installed according to the aper package (PPC) [111]: each package must use either the old version of the rules (only P on sn) or new. version of the rules (P1 ats1 and Pn atsn) and never a combination of the two.
Per-Flow Consistent Updates
In a per-flow consistent RU, all the packets in an affected flow use either the new rules or the old rules, but never a combination of both [111]. If PFC is not preserved during a rail operation, per-flow states maintained on NFs or stateful switches will no longer be accurate.
General Requirements for PPC and PFC RUs
Many network applications using SDN require RUs to maintain the per-flow consistency (PFC) property. If, for example, a state switch maintains counters for leakage, the value of those counters will be incorrect.
Contributions of the Thesis
Varying switching and link speeds: The controller for switching links can have different speeds and the execution speeds of switches can vary. Calculating Affected Paths at the Controller: To reduce the number of switches that need to be changed, some algorithms require the controller to identify the paths affected by a rail operator.
Organisation of the Thesis
CCU, the next PPC-preserving algorithm, limits the number of switches changed per RU to the affected switches and inputs and improves the concurrency of unrelated RUs compared to E2PU. This chapter first details the components of SDN to provide background for the algorithms described in the thesis.
SDN Switches
Programmable Data Planes
In switches with programmable data plans, the data plan behavior of the switch is specified by the data plan program. Since the behavior of the data plan and the resources such as table sizes required to implement it are no longer fixed, switching resources can be used according to the needs of the program.
Controllers
SDN languages
The compilers of these languages can generate switching rules in the manner expected by the algorithms in the thesis, to implement the algorithms. The runtime modules of these languages are expected to exchange the messages required by the algorithms with network switches.
Network Virtualisation
Middleboxes and Network Functions
Packets require a series of NFs to be applied to them in a specific sequence, resulting in a service chain (SC) [36]. For example, a packet entering a network may first pass through a Network Address Translator (NAT) that assigns the packet the correct server address, followed by an IDS, which checks for an attack, followed by by a firewall, which drops packets or allows them to pass.
General requirements and Per-Packet Consistent Updates
- Under-specification of two-phase update
- Need for concurrency
- Footprint Proportionality
- Need for rules with wildcards/longest prefix match
- Preventing safety violations in the network
It is not within the scope of the update process to attempt a full recovery from. Even to change one rule in a switch, all inputs must be modified for the intrusion to affect algorithms.
Per-Flow Consistent Updates
- Service Chaining
- Adding or deleting NFs
- Network Virtualization
- Load Balancing
- Packet re-ordering
If P2 is not yet effective there, the packet is forwarded to the IDS, causing an inconsistent state in the IDS. RU PFCs must progress regardless of whether flows are present or active on the network during NJ time.
Enhanced 2 Phase Update with SRT (E2PU-SRT)
- Switch Model
- Algorithm at the control plane
- Handling Failures and Application Aborts
- Switches without an SRT
- Analysis of E2PU-SRT
- Summary of E2PU
Let the number of rules to be removed (no), added to switches in general (nn), and added to an input to satisfy its input functions (ni) be uniform across switches. All inputs are assumed to remove old input rules and add new input rules.
Concurrent Consistent Updates
- Switch Model
- Concurrency Requirements
- Rule installation in internal switches
- Version tagging of packets
- Algorithm at the control plane
- Resuming an update
- Algorithm at the data plane
- Handling Failures in CCU
- Updating only the affected internal switches
- How the data and control plane algorithms work together
- Analysis of CCU
It calls the procedure resume update() in Algorithm 1 to resume updates, which is described in detail in section 3.3.6. The procedure sends "Edit OK", if necessary, to all the input switches. If the timer goes off without receiving a "Ready to Commit", the application must be notified.
Conclusions
Since the changes in CCU are limited to only the affected switches, the values of kn, kc and ko are smaller than those of E2PU, as long as all switches in the network are not affected. The algorithm does not require any flows in the network for the railway operator to move forward and does not require packet buffering at the controller.
Our contributions
Each affected switch examines the timestamp, set to the current time of the inputs, in each data packet. If its value is less than Tlast, it is switched according to the old rules, while if it is greater than or equal to Tlast, it is switched according to the new rules, thus preserving PPC.
PPCU: Algorithm for concurrent PPC updates
- Switch Model
- Algorithm at the data plane of the ingress and egress switches
- Algorithm at the control plane
- Algorithm at the data plane of the affected switches
- How the algorithms at the ingresses, the affected switches and the
If the packet matches a new rule and its T Sp < T, the packet is labeled OLDp. Assume that an affected switch does not have an old (new) rule for an affected packet and the packet is labeledUp.
Handling Asynchronous time at each switch
Let T Sp =t1 of packet p in the network stamped by sg even before RU starts. When the RU starts, the (temporarily) last affected switch should send its current timestamp to Tlast and.
Concurrent Disjoint RUs
Let γ be the maximum time drift of the switches apart (at most 1µs if the network supports PTP [90]). That switch will conclude earlier than M units from Tdel that old packets have left the network.
Providing an all-or-nothing semantics
If the controller cannot read any of the affected switches where the new rules are installed, the application must decide what to do when the outcome of the RU is uncertain from its perspective. PPC is preserved as the new rules are already in place and the affected packages are switched to the new rules.
Implementation
- A Brief Introduction to P4
- Implementation of the data plane algorithm in P4
- Practical considerations
- Analysis of the Algorithm
If the intended destination of the packet retransmitted by a new rule is an unaffected rule, as shown in Figure 4.5 (c), this means T Sp < Tlast and the switch does not have an old rule. 4 Excludes the time for the current packets to be removed from the network at the end of the update, if applicable.
Evaluation
- Goals
- Implementation
- Experiment 1
- Experiment 2
- Experiment 3
- Summary of experiments
When the route of this flow is changed to the one shown in Figure 4.6 as "new path", the policy must also be installed at s11 and removed from s10. In the first case, instead of comparing the throughput of large flows, we compare the number of small flows completed.
Discussion
The total throughput and the number of flows completed during the usable duration are more significant than the duration for which the network remains usable. Experiment 3 also illustrates that more than one non-conflicting update can be performed on the network in the same RU, affecting the same set of switches.
Conclusions
The initialization of T to Tmax can be done while the rule is installed in the switch, without an explicit instruction from the controller, to reduce the update time. The new version of P4 [31] supports atomic modification of registers from the perspective of incoming packets using the "@atomic" tag.
Proof of the Algorithm
So, as discussed above, sf will find that T Sp We discussed in detail in Chapter 2 the need to maintain flow consistency (PFC). In this chapter, an algorithm, EPCU-SRT, is presented to preserve PFC to address server load balancing concerns (section 2.8.4 chapter 2) and to prevent packet reordering (section 2.8.5 in chapter 2 ). The controller receives "Ready to Commit" from all switches and only then sends "Commit OK" to all switches. Each input switch sends an “Ack Commit OK” to the controller with the current time called Ti. After receiving the Commit OK, it installs the v1 rules, which mark packages with the version number v1, with a lower priority than the microrules. Thus, flows that existed at the time of the update with their source address as IP2 continue to terminate at IPda, while flows after sg receive Commit OK terminate at IPdb. Switches without an SRT Let's assume that the v0 rules of an incoming traffic are in the SRT and the incoming traffic does not need to install any new rules. At Rc1+ 3δ+ 2tu+tuµ the ingress switches to the new rules and they can be used immediately. The ProFlow algorithm presented in this chapter provides consistency for flow for any type of update, whether for a service chain, a server load balancing switch, or switches in a virtualized network, as explained in Chapter 2. Summary of the algorithm: Let the latest time at which all the switches in S install new rules be Tlast. When a flow is marked as new (old), all its packets are subsequently switched only according to new (old) rules, regardless of the value of its timestamp. When the next packet of the reverse flow arrives, again before sf r receives Commit OK,. The rest of the affected switches will not update live. Let T Sp>Tlast (Tlast of RU1) since the input clock that stamped p is faster than the rest of the affected switches. Also, if the input clock is slower than the rest of the affected switches, again, this issue will not arise. This is clear when the throughput of the new flow after the old flow stops at 60s is compared to the throughput of the new flow after the RU ends. The product and the difference between the arrival time of the last packet and the completion of the RU are shown in Figure 6.5b. This can be left unspecified for live f l, as explained in Section 6.4, to further improve throughput when P416 is used. A packet named OLDp is switched using old rules, to the rest of the affected switches, wherever old rules exist (line 17 of Algorithm7). If the SYN of a forward flow has T Sp To conclude, PPCU and ProFlow form the first set of general, efficient, and practical update algorithms that enforce strict per-packet and per-flow consistency requirements. The algorithms are general as no assumptions are made about the nature of the updates (supporting rule insertion, rule deletion, or both) or rules (can be wild and asymmetric) or network topology, efficient because updates are limited to switches affected and rules and practical because they operate at line speed and tolerate time movements. Deriving abstractions Radhika Sukapuram og Gautam Barua, "CCU: Algorithm for Concurrent Consistent Updates for a Software Defined Network," Twenty Second National Conference on Communications (NCC 2016), Guwahati. Radhika Sukapuram og Gautam Barua, "PPCU: Proportional Per-Packet Consistent Updates for Software Defined Networks," Poster, IEEE 24th International Conference on Network Protocols (ICNP 2016), Singapore. Radhika Sukapuram and Gautam Barua, "Extended Algorithms for Sustained Network Updates," IEEE Network Function Virtualization and Software Defined Networks (IEEE NFV-SDN 2015), San Francisco. 43] Nate Foster, Rob Harrison, Michael J Freedman, Christopher Monsanto, Jennifer Rexford, Alec Story, and David Walker.Algorithm for Per-Flow Consistent Updates
Switch model
Enhanced Per-Flow Consistent Update with SRT (EPCU-SRT)
Value of the Microrule Expiry Timer T g
Analysis of the Algorithm
Conclusions
Our contributions
Algorithm for concurrent consistent per-flow updates
Discussion
Implementation and evaluation
Conclusions
Proof
Future Work
Update Algorithms
Distributed systems theory
Manuscripts Submitted
