frenetic: a high- level language for openflow...
TRANSCRIPT
![Page 1: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/1.jpg)
Frenetic: A High-Level Language for OpenFlow NetworksNate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker
11.28.2010PRESTO 2010, Philadelphia, PA
![Page 2: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/2.jpg)
Background
OpenFlow/NOX allowed us to take back the network• Direct access to dataplane hardware• Programmable control plane via open API
OpenFlow/NOX made innovation possible, not easy• Low level interface mirrors hardware • Thin layer of abstraction• Few built-in features
So let’s give the network programmer some help…
2
![Page 3: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/3.jpg)
OpenFlow Architecture
3
Priority Pattern Action Counters
0-65535 Physical Port, Link Source/Destination/Type, VLAN, Network Source/Destination/Type, Transport Source/Destination
ForwardModifyDrop
Bytes, Count
OpenFlow Switch Flow Table
Controller
Switches
Network Events• Flow table miss• Port status• Join/leave• Query responses
Control Messages• Send packet• Add/remove flow• Statistics Queries
![Page 4: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/4.jpg)
NOX
Programming Networks with NOX
4
In general, program modules do not compose• If m yields r, and some m¶yields r¶, then (m ^m¶) does not yield (r^ r¶)
Forwarding Monitoring Access Control
Application
• Destination addressing • Transport ports • Individual MACs
![Page 5: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/5.jpg)
Example
5
Simple Network Repeater• Forward packets received on port 1 out 2; vice versa
1 2
Controller
Switch
![Page 6: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/6.jpg)
Simple Repeater
6
def simple_repeater():# Repeat Port 1 to Port 2p1 = {IN_PORT:1}a1 = [(OFPAT_OUTPUT, PORT_2)]install(switch, p1, HIGH, a1)
# Repeat Port 2 to Port 1p2 = {IN_PORT:2}a2 = [(OFPAT_OUTPUT, PORT_1)]install(switch, p2, HIGH, a2)
Priority Pattern Action CountersHIGH IN_PORT:1 OUTPUT:2 (0,0)
HIGH IN_PORT:2 OUTPUT:1 (0,0)
NOX Program
Flow Table
1 2
Controller
Switch
![Page 7: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/7.jpg)
Example
7
Simple Network Repeater• Forward packets received on port 1 out 2; vice versa• Monitor incoming HTTP traffic totals per host
1 2
Controller
Switch
with Host Monitoring
![Page 8: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/8.jpg)
Simple Repeater with Host Monitoring
8
# Repeat port 1 to 2def port1_to_2():
p1 = {IN_PORT:1}a1 = [(OFPAT_OUTPUT, PORT_2)]install(switch, p1, HIGH, a1)
# Callback to generate rules per hostdef packet_in(switch, inport, pkt):
p = {DL_DST:dstmac(pkt)}pweb = {DL_DST:dstmac(pkt),
DL_TYPE:IP,NW_PROTO:TCP,TP_SRC:80}
a = [(OFPAT_OUTPUT, PORT_1)]install(switch, pweb, HIGH, a)install(switch, p, MEDIUM, a)
def main():register_callback(packet_in)port1_to_2()
Priority Pattern Action CountersHIGH {IN_PORT:1} OUTPUT:2 (0,0)
HIGH {DL_DST:mac,DL_TYPE:IP_TYPE,NW_PROTO:TCP, TP_SRC:80} OUTPUT:1 (0,0)
MEDIUM {DL_DST:mac} OUTPUT:1 (0,0)
def simple_repeater():# Port 1 to port 2p1 = {IN_PORT:1}a1 = [(OFPAT_OUTPUT, PORT_2)]install(switch, p1, HIGH, a1)
# Port 2 to Port 1p2 = {IN_PORT:2}a2 = [(OFPAT_OUTPUT, PORT_1)]install(switch, p2, HIGH, a2)
![Page 9: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/9.jpg)
OpenFlow/NOX Difficulties
Low-level, brittle rules• No support for operations like union and intersection
Split architecture• Between logic running on the switch and controller
No compositionality• Manual refactoring of rules to compose subprograms
Asynchronous interactions• Between switch and controller
9
![Page 10: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/10.jpg)
Our Solution: Frenetic
A High-level Language• High-level patterns to
describe flows• Unified abstraction• Composition
A Run-time System• Handles module interactions• Deals with asynchronous
behavior
10
NOX
![Page 11: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/11.jpg)
Frenetic Version
11
# Static repeating between ports 1 and 2def simple_repeater():rules=[Rule(inport_fp(1), [output(2)]),
Rule(inport_fp(2), [output(1)])]register_static(rules)
# per host monitoring es: E(int)def per_host_monitoring():q = (Select(bytes) *
Where(protocol(tcp) & srcport(80))*GroupBy([dstmac]) * Every(60))
log = Print(“HTTP Bytes:”)q >> l
# Composition of two separate modulesdef main():simple_repeater()per_host_monitoring()
1 2
Controller
Switch
![Page 12: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/12.jpg)
• No refactoring of rules
• Pure composition of modules
• Unified “see every packet” abstraction
• Run-time deals with the rest
Frenetic Version
12
# Static repeating between ports 1 and 2def simple_repeater():rules=[Rule(inport_fp(1), [output(2)]),
Rule(inport_fp(2), [output(1)])]register_static(rules)
# per host monitoring es: E(int)def per_host_monitoring():q = (Select(bytes) *
Where(protocol(tcp) & srcport(80))*GroupBy([dstmac]) * Every(60))
log = Print(“HTTP Bytes:”)q >> l
# Composition of two separate modulesdef main():simple_repeater()per_host_monitoring()
![Page 13: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/13.jpg)
Frenetic Language
Network as a stream of discrete, heterogenous events• Packets, node join, node leave, status change, time, etc…
Unified Abstraction• “See every packet”• Relieves programmer from reasoning about split architecture
Compositional Semantics• Standard operators from Functional Reactive Programming (FRP)
13Event Stream
Single Value or Event. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
![Page 14: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/14.jpg)
Frenetic Run-time System
Frenetic programs interact only with the run-time• Programs create subscribers• Programs register rules
Run-time handles the details• Manages switch-level rules• Handles NOX events • Pushes values onto the
appropriate event streams
14
NOX
![Page 15: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/15.jpg)
NOX
Run-time System Implementation
Reactive, microflow based run-time system
15
Check Subscribers
Check Rules
Monitoring Loop
Stats Request
Do Actions
Install Flow
Send Packet
Update StatsStats In
Packets Stats
Subscribers
Rules
Flow Removed
Subscribe Register
NOX
Frenetic Program
Frenetic Run-time System
Packet InPacket Packet
Rule
Packet
![Page 16: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/16.jpg)
Optimizing Frenetic
“See every packet” abstraction can negatively affect performance in the worst case• Naïve implementation strategy• Application directed
Using an efficient combination of operators, we can keep packets in the dataplane• Must match switch capabilities
–Filtering, Grouping, Splitting, Aggregating, Limiting• Expose this interface to the programmer explicitly
16
![Page 17: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/17.jpg)
Does it Work in Practice?
Frenetic programs perform comparably with pure NOX• But we still have room for improvement
17
Learning Switch
Web StatsStatic
Web StatsLearning
Heavy HittersLearning
Pure NOX
Lines of Code 55 29 121 125Traffic to Controller (Bytes) 71224 1932 5300 18010
Naïve Frenetic
Lines of Code 15 7 19 36Traffic to Controller (Bytes) 120104 6590 14075 95440
Optimized Frenetic
Lines of Code 14 5 16 32Traffic to Controller (Bytes) 70694 3912 5368 19360
![Page 18: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/18.jpg)
Frenetic Scalability
Frenetic scales to larger networks comparably with NOX
18
25
Hosts
0 50
FreneticNOX
80
60
40
20
Traf
fic to
Con
trol
ler (
kB)
![Page 19: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/19.jpg)
Memcached with dynamic membership• Forwards queries to a dynamic member set• Works with unmodified memcached clients/servers
Defensive Network Switch• Identifies hosts conducting network scanning• Drops packets from suspected scanners
Memcached
Larger Applications
19
ServersClientget(key)set(k,v)
a-i
j-q
r-z
a-m
n-z
![Page 20: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/20.jpg)
Ongoing and Future Work
Surface Language• Current prototype is in Python – to ease transition• Would like a standalone language
Optimizations• More programs can also be implemented efficiently• Would like a compiler to identify and rewrite optimizations
Proactive Strategy• Current prototype is reactive, based on microflow rules• Would like to enable proactive, wildcard rule installation
Network Wide Abstractions• Current prototype focuses only on a single switch • Need to expand to multiple switches
20
![Page 21: Frenetic: A High- Level Language for OpenFlow Networksfrenetic-lang.org/publications/frenetic-presto10-slides.pdf · Frenetic: A High- Level Language for OpenFlow Networks Nate Foster,](https://reader034.vdocuments.site/reader034/viewer/2022043011/5fa5788801e6a36ecd50b01e/html5/thumbnails/21.jpg)
Questions?
See our recent submission for more details…http://www.cs.cornell.edu/~jnfoster/papers/frenetic-draft.pdf
21