Christopher Monsanto and Joshua Reich, Princeton University; Nate Foster, Cornell University; Jennifer Rexford and David Walker, Princeton University Awarded Community Award!
Abstract:
Managing a network requires support for multiple concurrent tasks, from routing and traffic monitoring, to access control and server load balancing. Software-Defined Networking (SDN) allows applications to realize these tasks directly, by installing packet-processing rules on switches. However, today’s SDN platforms provide limited support for creating modular applications. This paper introduces new abstractions for building applications out of multiple, independent modules that jointly manage network traffic. First, we define composition operators and a library of policies for forwarding and querying traffic. Our parallel composition operator allows multiple policies to operate on the same set of packets, while a novel sequential composition operator allows one policy to process packets after another. Second, we enable each policy to operate on an abstract topology that implicitly constrains what the module can see and do. Finally, we define a new abstract packet model that allows programmers to extend packets with virtual fields that maybe used to associate packets with high-level meta-data. We realize these abstractions in Pyretic, an imperative, domain-specific language embedded in Python.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {180291,
author = {Christopher Monsanto and Joshua Reich and Nate Foster and Jennifer Rexford and David Walker},
title = {Composing Software Defined Networks},
booktitle = {10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13)},
year = {2013},
isbn = {978-1-931971-00-3},
address = {Lombard, IL},
pages = {1--13},
url = {https://www.usenix.org/conference/nsdi13/technical-sessions/presentation/monsanto},
publisher = {USENIX Association},
month = apr
}
Constructing modular software-defined networking (SDN) applications is a difficult, if not infeasible, task given the APIs exposed by current SDN controllers. Slicing layers, e.g., FlowVisor, only facilitate modular control of disjoint traffic subsets. Composing several applications that operate on the same traffic subset---e.g., one application for defining access control policies and a second for defining routing policies---remains an open challenge.
Toward this end, the authors introduce Pyretic, a novel programming language for writing composable SDN applications using a set of high level topology and packet abstractions. Pyretic improves on Frenetic (an earlier incarnation of a similar language) by adding support for sequential composition: given two policy functions f and g that operate on packets, sequential composition achieves g(f(p)). The key components that enable such composition support are (1) the use of topology abstractions to define what each module can see and do with the network, and (2) an abstract packet model that introduces virtual fields into packets, and that allows both regular and virtual fields to accommodate a stack of values. Modular applications are written using the static policy language NetCore (an extended version of an earlier language by the same authors). NetCore provides primitive actions (e.g., forward, move header fields), matching predicates (e.g., match packets based on the value in a specific header field), query policies (e.g., invoke a callback function for each packet containing a source IP address which has not yet been seen), and policies (e.g., filter based on predicates, sequential composition of two policies). Application developers must also provide functions that map policies applied to an abstracted topology to the underlying topology, and vice versa.
Given the complexity of Pyretic, it is hard to do the language justice in a single paper. The paper provides several example applications, and more are available with the Pyretic reference implementation, but the full power of Pyretic remains an open issue. For brevity, the paper does not include details on the compilation process from high-level language to switch forwarding rules. An analysis of compiler performance, forwarding rule installation, and other aspects of Pyretic also remains an open issue. Although network operators may desire even higher level abstractions for writing network applications, Pyretic certainly advances the state of the art in SDN languages and composing SDN applications.
connect with us