ABSTRACT
Software-Defined Networking (SDN) enables network operators the flexibility to program their own forwarding rules, providing more than one way to achieve the same behaviour. Verifying equivalence between rulesets is a fundamental analysis and verification building block for SDN as it can be used to: (1) confirm a ruleset optimised for power efficiency or table occupancy remains equivalent, (2) verify a ruleset modified for new hardware, (3) regression test an SDN application to detect bugs early.
We present a practical and novel canonical Multi-Terminal Binary Decision Diagram (MTBDD) representation of OpenFlow 1.3 ruleset forwarding behaviour which can be trivially compared for equivalence. Basing our representation on an MTBDD provides a proven canonical form which is also compact. In this paper, we present the algorithms required to correctly flatten multi-table pipelines into an equivalent single-table, resolve equivalences in OpenFlow actions, and build the final MTBDD representation from a priority ordered ruleset. OpenFlow rulesets can typically be converted to an MTBDD within tens of seconds. We release our open-source implementation to the SDN community.
- {n. d.}. Equivalence checking implementation {Source Code}. https://github.com/wandsdn/ofequivalenceGoogle Scholar
- Sheldon B. Akers. 1978. Binary decision diagrams. IEEE Trans. Comput. 6 (1978), 509--516. Google ScholarDigital Library
- David A Applegate, Gruia Calinescu, David S Johnson, Howard Karloff, Katrina Ligett, and Jia Wang. 2007. Compressing rectilinear pictures and minimizing access control lists. In Proc. 18th annual ACM-SIAM symposium on Discrete algorithms. Society for Industrial and Applied Mathematics, 1066--1075. Google ScholarDigital Library
- Mina Tahmasbi Arashloo, Yaron Koral, Michael Greenberg, Jennifer Rexford, and David Walker. 2016. SNAP: Stateful network-wide abstractions for packet processing. In Proc. 2016 ACM SIGCOMM Conf. 29--43. Google ScholarDigital Library
- Josh Bailey and Stephen Stuart. 2016. Faucet: Deploying SDN in the enterprise. Queue 14, 5 (2016). Google ScholarDigital Library
- Beate Bollig and Ingo Wegener. 1996. Improving the variable ordering of OBDDs is NP-complete. IEEE Trans. Comput. 45, 9 (1996), 993--1002. Google ScholarDigital Library
- Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, et al. 2014. P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 87--95. Google ScholarDigital Library
- Karl S Brace, Richard L Rudell, and Randal E Bryant. 1990. Efficient implementation of a BDD package. In Design Automation Conf., 1990. Proc., 27th ACM/IEEE. 40--45. Google ScholarDigital Library
- Randal E Bryant. 1986. Graph-based algorithms for boolean function manipulation. IEEE Trans. Comput. 100, 8 (1986), 677--691. Google ScholarDigital Library
- Edmund M. Clarke, Masahiro Fujita, Patrick C. McGeer, K. McMillan, J.C.-Y. Yang, and X. Zhao. 1993. Multi-terminal binary decision diagrams: An efficient data structure for matrix representation. Int. Workshop on Logic Synthesis (1993).Google Scholar
- Edmund M Clarke, Kenneth L McMillan, Xudong Zhao, Masahiro Fujita, and Jerry Yang. 1993. Spectral transforms for large boolean functions with applications to technology mapping. In Proc. 30th int. Design Automation Conf. 54--60. Google ScholarDigital Library
- Scott Hazelhurst, Anton Fatti, and Andrew Henwood. 1998. Binary decision diagram representations of firewall and router access lists. Department of Computer Science, University of the Witwatersrand, Tech. Rep (1998).Google Scholar
- Takeru Inoue, Toru Mano, Kimihiro Mizutani, Shinichi Minato, and Osamu Akashi. 2018. Fast packet classification algorithm for network-wide forwarding behaviors. Computer Communications 116 (2018), 101--117.Google ScholarCross Ref
- Kalapriya Kannan and Subhasis Banerjee. 2013. Compact TCAM: Flow entry compaction in TCAM for power aware SDN. In Int. Conf. on Distributed Computing and Networking. Springer, 439--444.Google ScholarCross Ref
- Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In NSDI, Vol. 12. 113--126. Google ScholarDigital Library
- Donald E. Knuth. 2009. The Art of Computer Programming, Volume 4, Fascicle 1: Bitwise Tricks & Techniques; Binary Decision Diagrams. Addison-Wesley Professional. Google ScholarDigital Library
- Chang-Yeong Lee. 1959. Representation of Switching Circuits by Binary-Decision Programs. Bell Labs Technical Journal 38, 4 (1959), 985--999.Google ScholarCross Ref
- David Meyer. 2001. University of Oregon route views archive project. https://routeviews.org/Google Scholar
- Open Networking Foundation. 2015. OpenFlow Switch Specification - Version 1.3.5. Retrieved September 8, 2015 from https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-switch-v1.3.5.pdfGoogle Scholar
- osrg. {n. d.}. Ryu SDN Framework. https://osrg.github.io/ryu/Google Scholar
- Heng Pan, Hongtao Guan, Junjie Liu, Wanfu Ding, Chengyong Lin, and Gaogang Xie. 2013. The FlowAdapter: Enable flexible multi-table processing on legacy hardware. In Proc. 2nd ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 85--90. Google ScholarDigital Library
- Heng Pan, Gaogang Xie, Zhenyu Li, Peng He, and Laurent Mathy. 2017. FlowConvertor: Enabling portability of SDN applications. In IEEE INFOCOM 2017 - Conf. on Computer Communications. 1--9.Google ScholarCross Ref
- Amit Prakash and Adnan Aziz. 2001. OC-3072 packet classification using BDDs and pipelined SRAMs. In Hot Interconnects 9, 2001. IEEE, 15--20. Google ScholarDigital Library
- Steffen Smolka, Spiridon Eliopoulos, Nate Foster, and Arjun Guha. 2015. A fast compiler for NetKAT. ACM SIGPLAN Notices 50, 9 (2015), 328--341. Google ScholarDigital Library
- Fabio Somenzi. 2015. CUDD: CU decision diagram package release 3.0. 0. (2015).Google Scholar
- WAND. 2018. Redcables SDN Network @ WAND, Waikato University. Retrieved March 12, 2018 from https://redcables.wand.nz/Google Scholar
- Hongkun Yang and Simon S. Lam. 2013. Real-Time Verification of Network Properties Using Atomic Predicates. IEEE/ACM Transactions on Networking 24 (2013), 887--900. Google ScholarDigital Library
- Liang Yang, Bryan Ng, Winston KG Seah, and Lindsay Groves. 2017. Equivalent forwarding set evaluation in software defined networking. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). 576--579.Google ScholarCross Ref
- Lihua Yuan, Hao Chen, Jianning Mai, Chen-Nee Chuah, Zhendong Su, and Prasant Mohapatra. 2006. Fireman: A toolkit for firewall modeling and analysis. In 2006 IEEE Symposium on Security and Privacy. Google ScholarDigital Library
Index Terms
- Identifying Equivalent SDN Forwarding Behaviour
Recommendations
Performance Analysis of SDN/OpenFlow Controllers: POX Versus Floodlight
Software-Defined Networking (SDN) is an emerging network architecture that is adaptable, dynamic, cost-effective, and manageable. The SDN architecture is a form of network virtualization where the network controlling functions and forwarding functions ...
Auto-Configuration of SDN Switches in SDN/Non-SDN Hybrid Network
AINTEC '15: Proceedings of the 11th Asian Internet Engineering ConferenceThis paper proposes an auto-configuration mechanism for a newly attached SDN (Software-defined Networking) switch and intermediate switches in an SDN/non-SDN hybrid network. Automation of initial configuration of SDN switches brings the benefit of ...
SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks
RAID 2015: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404The new paradigm of Software-Defined Networking SDN enables exciting new functionality for building networks. Its core component is the so called SDN controller also termed network operating system. An SDN controller is logically centralized and ...
Comments