9.1 - Programming SDNs Flashcards Preview

CS 6250 Test 3 > 9.1 - Programming SDNs > Flashcards

Flashcards in 9.1 - Programming SDNs Deck (58)
Loading flashcards...
1

OpenFlow API updates to multiple switches in a path may result in what problems?

1. Packet-level consistency problem

2. Flow-level consistency problem

2

Packet-level consistency problem

Switches updated at different times in the same path may not have consistent states, and this could result in disruption.

3

Flow-level consistency problem

Updates that occur in the middle of a flow may cause packets from that same flow to be subjected to two different states.

4

What are the three steps of SDN programming?

1. Read/monitor state

2. Compute policy

3. Write policy

5

"Read/Monitor State" step of SDN programming

These events may include:

- failures

- topology changes

- security events

6

"Compute Policy" step of SDN programming

This is the role of the decision plane in decided what the forwarding behavior of the network should be in response to various states from the network switches.

7

"Write Policy" step of SDN programming

Installing the appropriate flow table state into the switches.

8

In what two steps can consistency errors occur?

1. Read - reading the network at different times can result in inconsistencies

2. Write - the controller may be writing policy as traffic is actively flowing through the network which can disrupt packets

9

Simple match-action rules do not allow certain exception to be expressed. What is a solution to this problem?

A runtime system that can translate PREDICATES such as AND or NOT into low-level OpenFlow rules.

10

Switches only have a limited amount of space to store rules. What is a solution to this problem?

The run-time system dynamically "UNFOLDS" rules as traffic arrives. This guarantees that there are only rules in the switch which correspond to active traffic.

Example: programmer could specify something such as "group by IP address"

11

What happens if a switch receives additional packets in a flow before a rule has arrived from the controller?

- A programmer can specify a limit of 1 packet which can initiate a rule request, and the subsequent packets should be SUPPRESSED.

- The system can then hide the extra events.

12

What are three approaches to handling consistency in the reading state?

1. Predicates

2. Rule Unfolding

3. Suppression

13

What are some reasons that a controller may want to write policy to change the state in network switches?

- Maintenance

- Unexpected Failure

- Traffic Engineering

14

What invariants does a controller attempt to maintain when writing policy?

- No forwarding loops

- No black holes

- No security violations

15

How might a forwarding loop occur?

If an operator wishes to redirect traffic off of a particular link, he might change the weight of that link. However if that state were updated in one switch before another, the other switch in the new path could forward the traffic back because it's unaware of the new shortest route.

16

What's the solution to preventing a forwarding loop due to inconsistent states among switches?

Two-Phase Commit:

Packets are tagged on ingress, and copies of both rule sets are maintained for some time. Packets aren't tagged with the new rule set until all switches have received the updates.

17

T/F: One way of coping with inconsistencies is having different controllers for different switches.

FALSE - Each controller may be making independent decisions, so this could lead to an inconsistent state.

18

T/F: One way of coping with inconsistencies is keeping a "hot spare" replica.

FALSE - This does no good if the spare also writes state inconsistently to the network.

19

T/F: One way of coping with inconsistencies is keeping both the old and new state on the routers and switches.

TRUE - This is the "two-phase commit" approach

20

T/F: One way of coping with inconsistencies is resolving conflicts on the routes.

FALSE - No router has a complete view of the network state.

21

What is Network Virtualization?

It is an abstraction of a physical network.

- Multiple logical networks can by same underlying physical network.

- Logical networks can have a different topology than the physical network.

22

Tunnels

Tunnels are how nodes connect on a virtual network.

23

One of the main motivations for the rise of virtual network was the ______ of Internet architecture.

One of the main motivations for the rise of virtual network was the "OSSIFICATION" of Internet architecture.

24

How does network virtualization enable evolution?

By allowing multiple architectures to exist in parallel.

25

Where has network virtualization really taken off in practice?

Multi-tenant data centers

26

T/F: One of the motivations for virtual networking is easier troubleshooting.

FALSE - Virtual networks are not inherently easier to troubleshoot.

27

T/F: One of the motivations for virtual networking is facilitation research and evolution by co-existence.

TRUE - Experimental networks can co-exist with production networks

28

T/F: One of the motivations for virtual networking is being able to adjust resources to demand.

TRUE - Resources devoted to any particular service can be scaled up or down

29

T/F: One of the motivations for virtual networking is better forwarding performance.

FALSE - Virtual networks do not necessarily provide better performance. In fact it may be worse.

30

What are some of the promised benefits of network virtualization?

1. Rapid Innovation

2. New Forms of Network Control

3. (Potentially) Simpler Programming

31

Why is "rapid innovation" a benefit of network virtualization?

Innovation can proceed at the rate which software evolves as opposed to hardware cycles.

32

How are SDN and Network Virtualization different?

- SDN is a tool for implementing network virtualization. It is defined by the separation of data and control planes.

- Network virtualization is an application of SDN. It is defined by the separation of logical and physical networks.

33

T/F: Allowing multiple tenants to share underlying physical infrastructure is a characteristic of Network Virtualization.

TRUE

34

T/F: Controlling behavior from a centralized controller is a characteristic of Network Virtualization.

FALSE - This is a characteristic of SDN

35

T/F: Separating logical and physical networks is a characteristic of Network Virtualization.

TRUE

36

T/F: Separating data and control planes is a characteristic of Network Virtualization.

FALSE - This is a characteristic of SDN

37

What are some of the design goals of Network Virtualization?

- Flexible

- Manageable

- Scalable

- Secure

- Programmable

- Able to support different technologies

38

What are the two components of Virtual Networks?

- Nodes

- Edges

39

What is one way of virtualizing a physical node?

- Virtual Machines (or Virtual Environments)

- The hypervisor "slices" the underlying hardware to provide the illusion of multiple guest nodes

40

How are edges implemented in virtual networks?

- The appearance that two nodes on separate VMs are connected over a layer 2 topology can be created using TUNNELS

- Tunnels encapsulate packets as they leave a VM and the host on the other end encapsulates the packet

41

What are some problems with programming with OpenFlow?

- It's not easy. There is a low level of abstraction.

- The controller only sees events that switches do not know how to handle.

- There can be race conditions if switch-level rules are not installed properly

42

What is the solution to network programming given the problems with OpenFlow?

- A "northbound" API that allows for applications to be written without writing low-level or "southbound" OpenFlow rules

43

What are the benefits of programming against an API rather than directly with OpenFlow?

- Vendor Independence

- The ability to quickly modify or customize control through various popular programming languages

44

What are some example of applications that may need to be written?

- large virtual switches

- security apps

- middlebox interpretation

45

"Northbound" API

- API that allows for applications to be written for controllers without writing low-level or "southbound" OpenFlow rules

46

Frenetic

A SQL-like query language that uses the northbound API

47

Composition Operators

Specify how individually programmed modules are combined to create a single set of OpenFlow rules.

48

What are two ways of composing policies?

1. Parallel

2. Sequential

49

Parallel Policies

Operations are performed simultaneously.

Example: Counting and Forwarding

50

Sequential Policies

Operations are performed one after another.

Example: Firewall, then Switch
Example: Load Balancer

51

How are sequential policies used in a load balancer?

First a policy load balances the traffic. Predicates are used to decide how to balance packets.

Then a routing policy is implemented to forward packets to the appropriate destination.

52

Pyretic

An SDN Language and Runtime

Language - provides a way to express policies

Runtime: Compiles policies into OpenFlow rules

53

"Located" Packets

One of the key abstractions of Pyretic, the idea that we can apply a policy based on a packet at it's location in the network (i.e. switch or port)

54

What are some of the features of Pyretic?

- Network policy as a function

- Boolean predicates

- Virtual packet header fields

- Composition Operators

55

What are some example functions in Pyretic?

identity - returns the original packet

none - (drop) returns an empty set

match (f = v) - returns packets where f = v

mod - returns packet with f set to v

fwd(a) - modifies output port field

flood - returns to packet on each port of the spanning tree (like a hub)

56

How is sequential composition expressed in Pyretic?

>> Operator

Example: match() >> fwd()

57

How is parallel composition expressed in Pyretic?

+ Operator

Example: match() >> fwd() + match() >> fwd()

58

Dynamic Policies

Policies whose forwarding behavior can change.

- Represented as a time series of static policies