research-article

Decentralizing SDN Policies

Authors:

Aleksandr Karbyshev,

Sharon ShohamAuthors Info & Claims

POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

Pages 663 - 676

https://doi.org/10.1145/2676726.2676990

Published: 14 January 2015 Publication History

Abstract

Software-defined networking (SDN) is a new paradigm for operating and managing computer networks. SDN enables logically-centralized control over network devices through a "controller" --- software that operates independently of the network hardware. Network operators can run both in-house and third-party SDN programs on top of the controller, e.g., to specify routing and access control policies.

In practice, having the controller handle events limits the network scalability. Therefore, the feasibility of SDN depends on the ability to efficiently decentralize network event-handling by installing forwarding rules on the switches. However, installing a rule too early or too late may lead to incorrect behavior, e.g., (1) packets may be forwarded to the wrong destination or incorrectly dropped; (2) packets handled by the switch may hide vital information from the controller, leading to incorrect forwarding behavior. The second issue is subtle and sometimes missed even by experienced programmers.

The contributions of this paper are two fold. First, we formalize the correctness and optimality requirements for decentralizing network policies. Second, we identify a useful class of network policies which permits automatic synthesis of a controller which performs optimal forwarding rule installation.

Supplementary Material

MPG File (p663-sidebyside.mpg)

Download
1638.79 MB

References

[1]

The Open Networking Foundation. http://opennetworking.org.

[2]

OpenFlow Switch Specification, Oct. 2013. Version 1.4.0.

[3]

ANDERSON, C. J., FOSTER, N., GUHA, A., JEANNIN, J.-B., KOZEN, D., SCHLESINGER, C., AND WALKER, D. NetKAT: Semantic foundations for networks. In POPL (2014), S. Jagannathan and P. Sewell, Eds., ACM, pp. 113--126.

Digital Library

[4]

BALL, T., BJØRNER, N., GEMBER, A., ITZHAKY, S., KARBYSHEV, A., SAGIV, M., SCHAPIRA, M., AND VALADARSKY, A. Vericon: Towards verifying controller programs in software-defined networks. In PLDI (June 2014), SIGPLAN, ACM.

Digital Library

[5]

CANINI, M., VENZANO, D., PERES, P., KOSTIC, D., AND REXFORD, J. A NICE Way to Test OpenFlow Applications. In NSDI (2012).

Digital Library

[6]

FOSTER, N., GUHA, A., REITBLATT, M., STORY, A., FREEDMAN, M. J., KATTA, N. P., MONSANTO, C., REICH, J., REXFORD, J., SCHLESINGER, C., WALKER, D., AND HARRISON, R. Languages for software-defined networks. IEEE Communications Magazine 51, 2 (2013), 128--134.

[7]

HUANG, S. S., GREEN, T. J., AND LOO, B. T. Datalog and emerging applications: an interactive tutorial. In Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data (2011), ACM, pp. 1213--1216.

Digital Library

[8]

KATTA, N. P., REXFORD, J., AND WALKER, D. Logic programming for software-defined networks. In ACM SIGPLAN Workshop on Cross- model Language Design and Implementation (Sept. 2012).

[9]

KAZEMIAN, P., VARGHESE, G., AND MCKEOWN, N. Header Space Analysis: Static Checking For Networks. In NSDI (2012).

Digital Library

[10]

KOPONEN, T., AMIDON, K., BALLAND, P., CASADO, M., CHANDA, A., FULTON, B., GANICHEV, I., GROSS, J., GUDE, N., INGRAM, P.,JACKSON, E., LAMBETH, A., LENGLET, R., LI, S.-H., PADMANAB-HAN, A., PETTIT, J., PFAFF, B., RAMANATHAN, R., S HENKER, S., SHIEH, A., STRIBLING, J., THAKKAR, P., WENDLANDT, D., YIP, A., AND ZHANG, R. Network virtualization in multi-tenant datacenters. In NSDI (2014).

Digital Library

[11]

KUPERSTEIN, M., VECHEV, M. T., AND YAHAV, E. Automatic inference of memory fences. SIGACT News 43, 2 (2012), 108--123.

Digital Library

[12]

KUZNIAR, M., PERESINI, P., CANINI, M., VENZANO, D., AND KOSTIC, D. A SOFT Way for OpenFlow Switch Interoperability Testing. In CoNEXT (2012), pp. 265--276.

Digital Library

[13]

MONSANTO, C., FOSTER, N., HARRISON, R., AND WALKER, D. A compiler and run-time system for network programming languages. SIGPLAN Not. 47, 1 (Jan. 2012), 217--230.

Digital Library

[14]

NELSON, T., FERGUSON, A. D., SCHEER, M. J. G., AND KRISHNA-MURTHI, S. Tierless programming and reasoning for software-defined networks. In NSDI (2014), USENIX Association, pp. 519--531.

Digital Library

[15]

REITBLATT, M., FOSTER, N., REXFORD, J., SCHLESINGER, C., AND WALKER, D. Abstractions for network update. In ACM SIGCOMM (2012), pp. 323--334.

Digital Library

[16]

SKOWYRA, R., LAPETS, A., BESTAVROS, A., AND KFOURY, A. A verification platform for sdn-enabled applications. In HiCoNS (2013).

[17]

THECOQ DEVELOPMENT TEAM. The Coq proof assistant reference manual. TypiCal Project (formerly LogiCal), 2012. Version 8.4.

[18]

VOELLMY, A., WANG, J., YANG, Y. R., FORD, B., AND HUDAK, P. Maple: simplifying SDN programming using algorithmic policies. In ACM SIGCOMM (2013), pp. 87--98.

Digital Library

Cited By

Dundua BKapanadze ISeidl H(2024)Prenex Universal First-order Safety PropertiesInformation Processing Letters10.1016/j.ipl.2024.106488(106488)Online publication date: Feb-2024
https://doi.org/10.1016/j.ipl.2024.106488
Finkbeiner BGieseking MHecking-Harbusch JOlderog E(2020)AdamMC: A Model Checker for Petri Nets with Transits against Flow-LTLComputer Aided Verification10.1007/978-3-030-53291-8_5(64-76)Online publication date: 21-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-53291-8_5
Finkbeiner BGieseking MHecking-Harbusch JOlderog E(2019)Model Checking Data Flows in Concurrent Network UpdatesAutomated Technology for Verification and Analysis10.1007/978-3-030-31784-3_30(515-533)Online publication date: 28-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-31784-3_30
Show More Cited By

Index Terms

Decentralizing SDN Policies
1. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
      1. Specialized application languages

Recommendations

Language support for verifiable SDNs
SPLASH Companion 2016: Companion Proceedings of the 2016 ACM SIGPLAN International Conference on Systems, Programming, Languages and Applications: Software for Humanity

Programming languages for Software-Defined Networks (SDNs) provide higher abstractions on top of hardware-based APIs like OpenFlow. Researchers started to develop SDN programming languages based on mathematical foundations, which makes these languages ...
Fully Integrated Software-Defined Networking (SDN) Testbed Using Open-Source Platforms
Abstract
With the era of IoT, networking concepts, such as Software-Defined Networking (SDN), Network Function Virtualization (NFV), Cloud Computing, Multi-access Edge Computing (MEC), Network Slicing, etc., were introduced to cater to the demands for ...
Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations
SecSoN '18: Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges

In Software-Defined Networks (SDN), so called SDN controllers are responsible for managing the network devices building such a network. Once such a core component of the network has been infected with malicious software (e.g., by a malicious SDN ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 2015

716 pages

ISBN:9781450333009

DOI:10.1145/2676726

General Chair:
Sriram Rajamani
Microsoft Research, India
,
Program Chair:
David Walker
Princeton University, USA

ACM SIGPLAN Notices Volume 50, Issue 1
POPL '15
January 2015
682 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2775051
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 January 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

POPL '15

Sponsor:

SIGPLAN

POPL '15: The 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 15 - 17, 2015

Mumbai, India

Acceptance Rates

POPL '15 Paper Acceptance Rate 52 of 227 submissions, 23%;

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
441
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dundua BKapanadze ISeidl H(2024)Prenex Universal First-order Safety PropertiesInformation Processing Letters10.1016/j.ipl.2024.106488(106488)Online publication date: Feb-2024
https://doi.org/10.1016/j.ipl.2024.106488
Finkbeiner BGieseking MHecking-Harbusch JOlderog E(2020)AdamMC: A Model Checker for Petri Nets with Transits against Flow-LTLComputer Aided Verification10.1007/978-3-030-53291-8_5(64-76)Online publication date: 21-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-53291-8_5
Finkbeiner BGieseking MHecking-Harbusch JOlderog E(2019)Model Checking Data Flows in Concurrent Network UpdatesAutomated Technology for Verification and Analysis10.1007/978-3-030-31784-3_30(515-533)Online publication date: 28-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-31784-3_30
Basta ABlenk ADudycz SLudwig ASchmid SSchmid SDudycz SBlenk ALudwig ABasta A(2018)Efficient Loop-Free Rerouting of Multiple SDN FlowsIEEE/ACM Transactions on Networking10.1109/TNET.2018.281064026:2(948-961)Online publication date: 1-Apr-2018
https://dl.acm.org/doi/10.1109/TNET.2018.2810640
Subramanian KD'Antoni LAkella A(2017)Genesis: synthesizing forwarding tables in multi-tenant networksACM SIGPLAN Notices10.1145/3093333.300984552:1(572-585)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1145/3093333.3009845
Subramanian KD'Antoni LAkella ACastagna GGordon A(2017)Genesis: synthesizing forwarding tables in multi-tenant networksProceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages10.1145/3009837.3009845(572-585)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1145/3009837.3009845
Thimmaraju KSchiff LSchmid S(2017)Outsmarting Network Security with SDN Teleportation2017 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP.2017.21(563-578)Online publication date: Apr-2017
https://doi.org/10.1109/EuroSP.2017.21
McClurg JHojjat HČerný P(2017)Synchronization Synthesis for Network ProgramsComputer Aided Verification10.1007/978-3-319-63390-9_16(301-321)Online publication date: 13-Jul-2017
https://doi.org/10.1007/978-3-319-63390-9_16
Beckett RGreenberg MWalker D(2016)Temporal NetKATACM SIGPLAN Notices10.1145/2980983.290810851:6(386-401)Online publication date: 2-Jun-2016
https://dl.acm.org/doi/10.1145/2980983.2908108
McClurg JHojjat HFoster NČerný P(2016)Event-driven network programmingACM SIGPLAN Notices10.1145/2980983.290809751:6(369-385)Online publication date: 2-Jun-2016
https://dl.acm.org/doi/10.1145/2980983.2908097
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents