flow-based management language
DESCRIPTION
Flow-based Management Language. Tim Hinrichs Natasha Gude * Martín Casado John Mitchell Scott Shenker University of Chicago Stanford University Stanford University Stanford University ICSI/UC Berkeley. Network Configuration Today. Distributed state - PowerPoint PPT PresentationTRANSCRIPT
Flow-based Management Language
Network Configuration Today•Distributed state
• VLANs, subnets, ACLs, NAT, routing policies…
•Problems
• Low-level, indirect mechanisms[Maltz04]
• Topology-dependent[Bellovin99]
• Connectivity is difficult to reason about[Xie04]
Our Goal
Design a policy language to simplify network configuration without loss of
today’s expressiveness.
Language Goals•Maintain Today’s Expressiveness• Support High-level Naming• “Guests must send all HTTP traffic via a proxy”
• Single Point of Declaration• Clear how traffic will be treated
• Support Composition and Exception Policy Models• Performance• Amenable to efficient implementation
• Extensibility•Multiple Authorship
FML Overview•Form of nonrecursive Datalog•Flow-based
An FML policy is a set of rules declared over a flow and its high-level attributes
•Attributes include src/dst access points, hosts, and users
•Rules that match a flow dictate its policy
Rule Definition
action :- condition
h :- []b1 ∧ … ∧ []bn
“Guest users must send all HTTP trafficvia a proxy”
allow(Flow) :- guest(Usrc) ∧ http = Prot ∧ proxy(Hdst)
allow(Flow) :- guest(Usrc) ∧ http = Prot ∧ proxy(Hdst)allow(Flow) :- guest(Usrc) ∧ http = Prot ∧ proxy(Hdst)allow(Flow) :- guest(Usrc) ∧ http = Prot ∧ proxy(Hdst)allow(Flow) :- guest(Usrc) ∧ http = Prot ∧ proxy(Hdst)
An FML policy is an unordered set of rules
allow(Flow) :- guest(Usrc) ∧ http = Prot ∧ proxy(Hdst)
Example Rules
Policy Model Goals•Exception Model
waypoint(Flow, proxy) :- guest(Usrc) ∧ http = Prot
deny(Flow) :- guest(Usrc)
•Composition Model
waypoint(Flow, proxy) :- guest(Usrc) ∧ http = Prot
rate-limit(Flow, 1Mbps) :- http = Prot
Conflict Resolution•Action Reconciliation
deny > [ waypoint, rate-limit ] > allow
•Ordering of Rule SetsPolicy 1 > Policy 2
waypoint(Flow, proxy) :- guest(Usrc) ∧ http = Prot
cascade()deny(Flow) :- guest(Usrc)
Implementation Requirements
•At least per flow interposition•Name-to-address bindings
Any system providing these capabilities can support FML.
NOX
•Openflow Controller•Maintains Global View of
Topology•Dictates Switch Behavior•Provides Authentication
Framework
Policy Engine
+Flow
Flow ActionsRule Lookup
Policy
CompilerNamespace
Auth Bindings
Performance
# FML Rules
Flow
s/se
cond
Deployment Experience•Medical University Network in Japan• 200 hosts• In-use for 10 months• 40 line policy• NAC-focused
http_redirect(Flow) :- unauthenticated = Usrc ∧ (workstation(Hsrc) |
laptop(Hsrc)) ∧ http = Prot
Ongoing Work•Distribute Policy Enforcement• Virtualized Datacenter Support in Progress
•Expand FML to Define Actions• Conflict Resolution Scheme
•Administrator Debugging Tools
Questions?