Good Network Updates for Bad Packets Arne Ludwig, Matthias Rost, - PowerPoint PPT Presentation

Good Network Updates for Bad Packets Arne Ludwig, Matthias Rost, Damien Foucard, Stefan Schmid 1

Updates happen ● Network updates happen – Changing security policies ● Network updates are challenging – Even with global view ● Potential high damage if fail – Security policy violation 2

Example 3

Example 4

Example Waypoint Enforcement (WPE) 5

Example ● Eventual consistency 6

Example Bad packet ✔ Eventual consistency ➢ Transient consistency? 7

Example ✔ Eventual consistency ➢ Transient consistency? 8

Example ✔ Eventual consistency ➢ Transient consistency? 9

Example ✔ Eventual consistency ➢ Transient consistency? 10

Example ✔ Eventual consistency ➢ Transient consistency? 11

Example ✔ Eventual consistency ✗ Transient consistency 12

Outline ● What could possibly go wrong? ● It's not a trivial thing! ● But we present an optimal solution. 13

Model and a Trivial Compression Solid lines = current path 14

Model and a Trivial Compression Solid lines = current path Dashed lines = new path Flow-specific path 15

Model and a Trivial Compression Solid lines = current path Dashed lines = new path Flow-specific path 16

Model and a Trivial Compression Solid lines = current path Dashed lines = new path Flow-specific path Safe to be updated Safe to be left untouched 17

Consistency Properties ● WPE = every packet traverses the waypoint at least once ● LF = loop freedom 18

Update all “simultaneously“? 19

Update all “simultaneously“? Not possible in practice! What could possibly go wrong? 20

Update all “simultaneously“? Not possible in practice! What could possibly go wrong? Update times can vary significantly (up to 10x higher than median [Dionysus – SIGCOMM'14]) 21

Update all “simultaneously“? 22

Update all “simultaneously“? ● Not waypoint enforced! 23

Delay ? 24

Delay ? ● Not loop free! 25

Update possible? 26

Update possible? 27

Update possible? 28

Update possible? ● Consistent transient states! 29

Rounds ● Round = set of parallel updates ● ➔ Minimize number of rounds / communication overhead 30

Greedy Update Fails ● Greedy approach may: See paper! – take up to times more rounds – fail to find solution 31

Greedy Update Fails ● Greedy approach may: See paper! – take up to times more rounds – fail to find solution 32

WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 33

WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 34

WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 35

WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 36

WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 37

WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 3.Remaining switches 38

WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 3.Remaining switches Constant in 3 rounds, but not LF! 39

LF and WPE Conflict 40

LF and WPE Conflict ● violate WPE; violate LF 41

Mixed Integer Program Minimize Rounds LF WPE 42

Mixed Integer Program Optimal solution Mixed Integer Unclassified Program (stopped 600sec) Not solvable (provably) 43

Solvability Analysis ● % of solvable instances? ● % of failed greedy? ● 1k random permutations per size ● Max duration 600 seconds Greedy MIP Unclear No solution 44

Solvability Analysis Greedy MIP Unclear No solution 45

Solvability Analysis Greedy MIP Unclear No solution 46

Solvability Analysis Greedy MIP Unclear No solution 47

Conclusion ● Transient consistency is not easy to guarantee ● LF and WPE might even conflict ● Greedy can fail to find consistent updates Dynamic WPE + LF updates are hard to find! 48