Checking the OpenFlow Rule Installation and Operational Verification

Troubleshooting in SDN-based networks tends to be a cumbersome task that might overwhelm human attention. Researchers have uncovered various misconfiguration errors such as faulty rules and anomalous forwarding logic caused by missing batch-update acknowledgements and faulty protocol implementations. In this paper, we address the issue of inspecting entries in SDN flow tables by actively probing the data plane. iRecent works such as Monocle and Pronto address this by inserting a test rule per OpenFlow entry. However, this leads to an excessive increase in the size of the OpenFlow tables and unfortunately a wastage of the already scarce TCAM memory and an increase in the packet matching time. We present an efficient testing approach that uses a minimal number of test rules, as large as the number of the neighboring switches which is a handful number compared to Monocle and Pronto where the number of test of rules can be in the order of thousands depending on the size of the OpenFlow table. Furthermore, we devise an efficient and fast probe generation algorithm that generates one single probe packet per rule. Our experiment demonstrates that it takes approximately 1 second to test 3000 rules.

[1]  Matthew Caesar,et al.  Automatically Correcting Networks with NEAt , 2018, NSDI.

[2]  Dejan Kostic,et al.  Monocle: dynamic, fine-grained data plane monitoring , 2015, CoNEXT.

[3]  John B. Carter,et al.  SDN traceroute: tracing SDN forwarding without changing network behavior , 2014, HotSDN.

[4]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[5]  Chen Qian,et al.  Pronto: Efficient Test Packet Generation for Dynamic Network Data Planes , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[6]  George Varghese,et al.  Automatic Test Packet Generation , 2012, IEEE/ACM Transactions on Networking.

[7]  Tiffany Hyun-Jin Kim,et al.  SDNProbe: Lightweight Fault Localization in the Error-Prone Environment , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[8]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[9]  Anis Yazidi,et al.  A General Formalism for Defining and Detecting OpenFlow Rule Anomalies , 2017, 2017 IEEE 42nd Conference on Local Computer Networks (LCN).

[10]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[11]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[12]  Kai Bu,et al.  RuleScope: Inspecting Forwarding Faults for Software-Defined Networking , 2017, IEEE/ACM Transactions on Networking.

[13]  Wei Xu,et al.  MED: The Monitor-Emulator-Debugger for Software-Defined Networks , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[14]  Myungjin Lee,et al.  CherryPick: tracing packet trajectory in software-defined datacenter networks , 2015, SOSR.

[15]  Nick McKeown,et al.  I Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks , 2014, NSDI.

[16]  George Varghese,et al.  Real Time Network Policy Checking Using Header Space Analysis , 2013, NSDI.