ABSTRACT
Hierarchical policies are useful in many contexts in which resources are shared among multiple entities. Such policies can easily express the delegation of authority and the resolution of conflicts, which arise naturally when decision-making is decentralized. Conceptually, a hierarchical policy could be used to manage network resources, but commodity switches, which match packets using flow tables, do not realize hierarchies directly.
This paper presents Hierarchical Flow Tables (HFT), a framework for specifying and realizing hierarchical policies in software defined networks. HFT policies are organized as trees, where each component of the tree can independently determine the action to take on each packet. When independent parts of the tree arrive at conflicting decisions, HFT resolves conflicts with user-defined conflict-resolution operators, which exist at each node of the tree. We present a compiler that realizes HFT policies on a distributed network of OpenFlow switches, and prove its correctness using the Coq proof assistant. We then evaluate the use of HFT to improve performance of networked applications.
Supplemental Material
- http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt. Last accessed April 6th, 2012.Google Scholar
- A. D. Ferguson, A. Guha, J. Place, R. Fonseca, and S. Krishnamurthi. Participatory Networking. In Proc. Hot-ICE '12, San Jose, CA, 2012. Google ScholarDigital Library
- N. Foster, M. J. Freedman, R. Harrison, J. Rexford, M. L. Meola, and D. Walker. Frenetic: A High-Level Language for OpenFlow Networks. In Proc. PRESTO '10, Philadelphia, PA, 2010. Google ScholarDigital Library
- S. Godik and T. M. (editors). eXtensible Access Control Markup Language, version 1.1, Aug. 2003.Google Scholar
- T. L. Hinrichs, N. S. Gude, M. Casado, J. C. Mitchell, and S. Shenker. Practical Declarative Network Management. In Proc. WREN '09, Barcelona, Spain, 2009. Google ScholarDigital Library
- P. Hunt, M. Konar, F. P. Junqueira, and B. Reed. ZooKeeper: Wait-free coordination for Internet-scale systems. In Proc. USENIX ATC '10, Boston, MA, 2010. Google ScholarDigital Library
- W. Kim, P. Sharma, J. Lee, S. Banerjee, J. Tourrilhes, S.-J. Lee, and P. Yalagandula. Automated and Scalable QoS Control for Network Convergence. In Proc. INM/WREN '10, San Jose, CA, 2010. Google ScholarDigital Library
- T. Koponen, M. Casado, N. Gude, J. Stribling, L. Poutievski, M. Zhu, R. Ramanathan, Y. Iwata, H. Inoue, T. Hama, and S. Shenker. Onix: A Distributed Control Platform for Large-scale Production Networks. In Proc. OSDI '10, Vancouver, BC, Canada, 2010. Google ScholarDigital Library
- L. Lamport. The Part-Time Parliament. ACM Trans. Comput. Syst., 16(2):133--169, May 1998. Google ScholarDigital Library
- N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. OpenFlow: Enabling Innovation in Campus Networks. SIGCOMM CCR, 38:69--74, 2008. Google ScholarDigital Library
- C. Monsanto, N. Foster, R. Harrison, and D. Walker. A Compiler and Run-time System for Network Programming Languages. In Proc. POPL '12, Philadelphia, PA, 2012. Google ScholarDigital Library
- M. Reitblatt, N. Foster, J. Rexford, and D. Walker. Consistent Updates for Software-Defined Networks: Change You Can Believe in! In Proc. HotNets '11, Cambridge, MA, 2011. Google ScholarDigital Library
- A. Roy, S. M. Rumble, R. Stutsman, P. Levis, D. Mazières, and N. Zeldovich. Energy Management in Mobile Devices with the Cinder Operating System. In Proc. EuroSys '11, Salzburg, Austria, 2011. Google ScholarDigital Library
- R. Sherwood, G. Gibb, K.-K. Yap, G. Appenzeller, M. Casado, N. McKeown, and G. Parulkar. Can the Production Network Be the Testbed? In Proc. OSDI '10, Vancouver, BC, Canada, 2010. Google ScholarDigital Library
- The Coq Development Team. The Coq proof assistant reference manual - version 8.3. http://coq.inria.fr/, 2011.Google Scholar
- A. Voellmy and P. Hudak. Nettle: Taking the Sting Out of Programming Network Routers. In Proc. PADL '11, Austin, TX, 2011. Google ScholarDigital Library
- Z. Yang, D. Wetherall, and T. Anderson. A DoS-limiting Network Architecture. In Proc. SIGCOMM '05, Philadelphia, PA, 2005. Google ScholarDigital Library
Index Terms
- Hierarchical policies for software defined networks
Recommendations
Policy transformation in software defined networks
SIGCOMM '12: Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communicationA Software Defined Network (SDN) enforces network-wide policies by installing packet-handling rules across a distributed collection of switches. Today's SDN platforms force programmers to decide how to decompose a high-level policy into the low-level ...
Policy transformation in software defined networks
Special october issue SIGCOMM '12A Software Defined Network (SDN) enforces network-wide policies by installing packet-handling rules across a distributed collection of switches. Today's SDN platforms force programmers to decide how to decompose a high-level policy into the low-level ...
Available bandwidth measurement in software defined networks
SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied ComputingSoftware Defined Networking (SDN) is an emerging paradigm that is expected to revolutionize computer networks. With the decoupling of data and control plane and the introduction of open communication interfaces between layers, SDN enables ...
Comments