Towards Correct-by-Construction SDN
نویسندگان
چکیده
High-level SDN languages raise the level of abstraction in SDN programming from managing individual switches to programming network-wide policies. In this talk, we present Cocoon (for Correct by Construction Networking), an SDN programming language designed around the idea of iterative refinement. The network programmer starts with a high-level description of the desired network behavior, focusing on the service the network should provide to each packet, as opposed to how this service is implemented within the network fabric. The programmer then iteratively refines the top-level specification, adding details of the topology, routing, fault recovery, etc., until reaching a level of detail sufficient for the Cocoon compiler to generate an SDN application that manages network switches via the southbound interface (we currently support P4 [3]). We designed Cocoon with the following goals in mind: Correctness Cocoon uses the Corral model checker [6] to establish that each refinement correctly implements the behavior it refines, ensuring that behaviors specified at any refinement step hold on the resulting SDN application. Generality Cocoon enables a wide range of SDN applications, ranging from network virtualization, through softwaredefined IXPs, to home networks. Dynamism A Cocoon program specifies both data and control plane behavior, akin to languages like FlowLog [7], Maple [9], and VeriCon [2]. This is in contrast to languages such as NetKAT [1], which specify a snapshot of data plane behavior but rely on a general-purpose programming language to implement the control plane by emitting a stream of snapshots in response to network events. Flexibility Existing high-level languages rely on fixed compilation strategies in mapping the high-level network program to a switch-level implementation. Cocoon allows the programmer to specify how each high-level component is implemented and deployed, while automatically verifying the correctness of the implementation.
منابع مشابه
Towards a Richer Set of Services in Software-Defined Networks
Software-Defined Networking (SDN) has drawn increasing attention from both industry and academia, owing to its premise to simplify the management and control over large networks. While the SDN technology was initially deployed within datacenters, there are currently early deployments of SDN in Wide-Area Networks; SDN is further envisioned to be deployed in the near future within fixed and mobil...
متن کاملSDN malware: problems of current protection systems and potential countermeasures
Software-Defined Networking (SDN) is an emerging topic and securing its data and control plane is of great importance. The main goal of malicious SDN applications would be to compromise the SDN controller which is responsible for managing the SDN-based network. In this paper, we discuss two existent mechanisms aiming at protecting aforementioned planes: (i) sandboxing of SDN applications and (i...
متن کاملDynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks
For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself...
متن کاملTowards a carrier SDN: an example for elastic inter-datacenter connectivity.
We propose a network-driven transfer mode for cloud operations in a step towards a carrier SDN. Inter-datacenter connectivity is requested in terms of volume of data and completion time. The SDN controller translates and forwards requests to an ABNO controller in charge of a flexgrid network.
متن کاملSDN Security: A Survey
The pull of Software-Defined Network- ing (SDN) is magnetic. There are few in the networking community who have escaped its impact. As the benefits of network visibility and network device programmability are discussed, the question could be asked as to who exactly will benefit? Will it be the network operator or will it, in fact, be the network intruder? As SDN devices and systems hit the mark...
متن کامل