Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/2908080.2908124acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

SDNRacer: concurrency analysis for software-defined networks

Published: 02 June 2016 Publication History

Abstract

Concurrency violations are an important source of bugs in Software-Defined Networks (SDN), often leading to policy or invariant violations. Unfortunately, concurrency violations are also notoriously difficult to avoid, detect and debug. This paper presents a novel approach and a tool, SDNRacer, for detecting concurrency violations of SDNs. Our approach is enabled by three key ingredients: (i) a precise happens- before model for SDNs that captures when events can happen concurrently; (ii) a set of sound, domain-specific filters that reduce reported violations by orders of magnitude, and; (iii) a sound and complete dynamic analyzer, based on the above, that can ensure the network is free of harmful errors such as data races and per-packet incoherence. We evaluated SDNRacer on several real-world OpenFlow controllers, running both reactive and proactive applications in large networks. We show that SDNRacer is practically effective: it quickly pinpoints harmful concurrency violations without overwhelming the user with false positives.

References

[1]
OpenFlow Switch Specification. Version 1.0.0. https://www.opennetworking.org/images/ stories/downloads/sdn-resources/ onf-specifications/openflow/ openflow-spec-v1.0.0.pdf.
[2]
Open vSwitch. Production Quality, Multilayer Open Virtual Switch. http://openvswitch.org/.
[3]
Anduo, W. Zhou, B. Godfrey, and M. Caesar. Software-Defined Networks as Databases. In Presented as part of the Open Networking Summit 2014 (ONS 2014), Santa Clara, CA, 2014. USENIX. URL https: //www.usenix.org/conference/ons2014/ technical-sessions/presentation/wang.
[4]
T. Ball, N. Bjørner, A. Gember, S. Itzhaky, A. Karbyshev, M. Sagiv, M. Schapira, and A. Valadarsky. VeriCon: Towards Verifying Controller Programs in Software-defined Networks. In ACM PLDI ’14.
[5]
R. Beckett, X. K. Zou, S. Zhang, S. Malik, J. Rexford, and D. Walker. An Assertion Language for Debugging SDN Applications. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN ’14. ACM.
[6]
P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar. ONOS: Towards an Open, Distributed SDN OS. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN ’14. ACM.
[7]
Big Switch Networks, Inc. Floodlight Circuit Pusher Application. https://github.com/floodlight/ floodlight/tree/v0.91/apps/circuitpusher, 2013.
[8]
Big Switch Networks, Inc. Floodlight Firewall. https://github.com/floodlight/ floodlight/tree/v0.91/src/main/java/net/ floodlightcontroller/firewall, 2013.
[9]
Big Switch Networks, Inc. Floodlight Forwarding Application. https://github.com/floodlight/ floodlight/blob/v0.91/src/main/java/ net/floodlightcontroller/forwarding/ Forwarding.java, 2013.
[10]
Big Switch Networks, Inc. Floodlight Learning Switch. https://github.com/floodlight/ floodlight/tree/v0.91/src/main/java/net/ floodlightcontroller/learningswitch, 2013.
[11]
Big Switch Networks, Inc. Floodlight Load-Balancer Application. https://github.com/floodlight/ floodlight/tree/v0.91/src/main/java/net/ floodlightcontroller/loadbalancer, 2013.
[12]
M. Canini, D. Venzano, P. Pereˇs´ıni, D. Kosti´c, and J. Rexford. A NICE Way to Test OpenFlow Applications. In USENIX NSDI ’12.
[13]
A. T. Clements, M. F. Kaashoek, N. Zeldovich, R. T. Morris, and E. Kohler. The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors. In ACM SOSP ’13.
[14]
D. Dimitrov, V. Raychev, M. Vechev, and E. Koskinen. Commutativity Race Detection. In ACM PLDI ’14. 1145/2594291.2594322.
[15]
C. Flanagan and S. N. Freund. FastTrack: Efficient and Precise Dynamic Race Detection. In ACM PLDI ’09. 1145/1542476.1542490.
[16]
Floodlight. Floodlight Open SDN Controller. http:// projectfloodlight.org/floodlight.
[17]
N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J. Rexford, A. Story, and D. Walker. Frenetic: A Network Programming Language. In ACM ICFP ’11. 2034773.2034812.
[18]
A. Guha, M. Reitblatt, and N. Foster. Machine-verified Network Controllers. In ACM PLDI ’13. 2491956.2462178.
[19]
S. Jain, A. Kumar, S. Mandal, J. Ong, L. Poutievski, A. Singh, S. Venkata, J. Wanderer, J. Zhou, M. Zhu, J. Zolla, U. Hölzle, S. Stuart, and A. Vahdat. B4: Experience with a Globallydeployed Software Defined WAN. In ACM SIGCOMM ’13.
[20]
P. Kazemian, M. Chang, H. Zeng, G. Varghese, N. McKeown, and S. Whyte. Real Time Network Policy Checking Using Header Space Analysis. In USENIX NSDI ’13,.
[21]
P. Kazemian, G. Varghese, and N. McKeown. Header Space Analysis: Static Checking for Networks. In USENIX NSDI ’12,.
[22]
A. Khurshid, W. Zhou, M. Caesar, and P. B. Godfrey. Veriflow: Verifying Network-wide Invariants in Real Time. SIGCOMM Comput. Commun. Rev., 42(4), Sept. 2012. 1145/2377677.2377766.
[23]
M. Ku´zniar, P. Pereˇs´ıni, and D. Kosti´c. What You Need to Know About SDN Flow Tables. In International Conference on Passive and Active Measurement, PAM ’15. Springer International Publishing. 978-3-319-15509-8_26.
[24]
L. Lamport. Time, clocks, and the ordering of events in a distributed system. Communications of the ACM, 21(7), 1978.
[26]
R. Mahajan and R. Wattenhofer. On Consistent Updates in Software Defined Networks. In Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks, HotNets-XII, 2013.
[27]
H. Mai, A. Khurshid, R. Agarwal, M. Caesar, P. B. Godfrey, and S. T. King. Debugging the Data Plane with Anteater. In ACM SIGCOMM ’11. 2018436.2018470.
[28]
R. Majumdar, S. D. Tetali, and Z. Wang. Kuai: A Model Checker for Software-defined Networks. In Proceedings of the 14th Conference on Formal Methods in Computer-Aided Design, FMCAD ’14.
[29]
J. Mccauley. POX: A Python-based OpenFlow Controller. https://github.com/noxrepo/pox.
[30]
J. McCauley. POX Angler Forwarding Application. https://github.com/noxrepo/pox/blob/ angler/pox/forwarding/l2_multi.py, 2012.
[31]
J. McCauley. POX EEL Forwarding Application. https://github.com/noxrepo/pox/blob/eel/ pox/forwarding/l2_multi.py, 2015.
[32]
J. McCauley. POX EEL L2 Learning Switch. https://github.com/noxrepo/pox/blob/eel/ pox/forwarding/l2_learning.py, 2015.
[33]
J. Miserez, P. Bielik, A. El-Hassany, L. Vanbever, and M. Vechev. SDNRacer: Detecting Concurrency Violations in Software-defined Networks. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research, in ACM SOSR ’15.
[34]
[35]
C. Monsanto, N. Foster, R. Harrison, and D. Walker. A Compiler and Run-time System for Network Programming Languages. In ACM POPL ’12.
[36]
[37]
T. Nelson, A. D. Ferguson, M. J. G. Scheer, and S. Krishnamurthi. Tierless Programming and Reasoning for Softwaredefined Networks. In USENIX NSDI ’14.
[38]
Open Networking Laboratory. ONOS (Open Network Operating System): Forwarding Application. https://github.com/opennetworkinglab/ onos/tree/onos-1.2/apps/fwd, 2015.
[39]
V. Raychev, M. Vechev, and M. Sridharan. Effective Race Detection for Event-driven Programs. In ACM OOPSLA ’13.
[40]
M. Reitblatt, N. Foster, J. Rexford, C. Schlesinger, and D. Walker. Abstractions for Network Update. In ACM SIGCOMM ’12.
[41]
C. Rotsos, N. Sarrar, S. Uhlig, R. Sherwood, and A. W. Moore. OFLOPS: An Open Framework for Openflow Switch Evaluation. In International Conference on Passive and Active Measurement, PAM’12. Springer-Verlag. 978-3-642-28537-0_9.
[42]
C. Scott, A. Wundsam, B. Raghavan, A. Panda, A. Or, J. Lai, E. Huang, Z. Liu, A. El-Hassany, S. Whitlock, H. Acharya, K. Zarifis, and S. Shenker. Troubleshooting Blackbox SDN Control Software with Minimal Causal Sequences. In ACM SIGCOMM ’14.

Cited By

View all
  • (2024)Concurrent NetKAT with PortsProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3636048(1722-1730)Online publication date: 8-Apr-2024
  • (2024) Ambusher : Exploring the Security of Distributed SDN Controllers Through Protocol State Fuzzing IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340296719(6264-6279)Online publication date: 2024
  • (2024)INCS: Intent-driven network-wide configuration synthesis based on deep reinforcement learningComputer Networks10.1016/j.comnet.2024.110640251(110640)Online publication date: Sep-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2016
726 pages
ISBN:9781450342612
DOI:10.1145/2908080
  • General Chair:
  • Chandra Krintz,
  • Program Chair:
  • Emery Berger
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 51, Issue 6
    PLDI '16
    June 2016
    726 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/2980983
    • Editor:
    • Andy Gill
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Commutativity Specification
  2. Happens-before
  3. Nondeter- minism
  4. OpenFlow
  5. Software Defined Networking

Qualifiers

  • Research-article

Conference

PLDI '16
Sponsor:

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)22
  • Downloads (Last 6 weeks)1
Reflects downloads up to 25 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Concurrent NetKAT with PortsProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3636048(1722-1730)Online publication date: 8-Apr-2024
  • (2024) Ambusher : Exploring the Security of Distributed SDN Controllers Through Protocol State Fuzzing IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340296719(6264-6279)Online publication date: 2024
  • (2024)INCS: Intent-driven network-wide configuration synthesis based on deep reinforcement learningComputer Networks10.1016/j.comnet.2024.110640251(110640)Online publication date: Sep-2024
  • (2022)E-Government Cybersecurity Modeling in the Context of Software-Defined NetworksCybersecurity Measures for E-Government Frameworks10.4018/978-1-7998-9624-1.ch001(1-21)Online publication date: 11-Mar-2022
  • (2020)NetSMCProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388256(181-200)Online publication date: 25-Feb-2020
  • (2020)A Survey and Classification of Software-Defined Storage SystemsACM Computing Surveys10.1145/338589653:3(1-38)Online publication date: 28-May-2020
  • (2020)Actor-Based Model Checking for Software-Defined NetworksJournal of Logical and Algebraic Methods in Programming10.1016/j.jlamp.2020.100617(100617)Online publication date: Oct-2020
  • (2019)Conditional dynamic partial order reduction and optimality resultsProceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3293882.3338987(433-437)Online publication date: 10-Jul-2019
  • (2019)Performance interactions between P-HTTP and TCP implementationsACM SIGCOMM Computer Communication Review10.1145/263876.26388627:2(65-73)Online publication date: 27-Feb-2019
  • (2019)A cluster-based approach for routing in dynamic networksACM SIGCOMM Computer Communication Review10.1145/263876.26388527:2(49-64)Online publication date: 27-Feb-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media