STN: A Robust and Distributed Control Plane Marco Canini, Daniele De Cicco, Petr Kuznetsov, Dan Levin, Stefan Schmid and Stefano Vissicchio Telekom Innovation Laboratories •  How to realize distributed policy composition, with: •  Support for multi-authorship and transactional semantics, that is: •  Robust to a number of controller stop-failures SDN Policy Composition Review STN: Software Transactional Networking Conceptualizing STN Policy may originate from mul'ple authors, deﬁned across mul'ple func'onal modules. Foster ’11, Monsanto ’13: Modular, Rou9ng Monitoring Waypoint parallel and sequen9al composi9on Composition Controller Applica9on Controller Pla7orm ...necessitates policy composi'on prior to network update. Monitoring Monitoring Waypoint Controller Applica9on Apply(p) Ack Apply(p) Nack(reason) STN Middleware Controller Pla7orm Atomic Read-Modify Write Lock Lock Lock Lock Lock Ferguson ’12,’13: Policy trees for mul9-‐authorship How it all ﬁts together Rou9ng Rou9ng Lock Prototype implemented on pyre'c as an interface that provides: •  distributed policy composi'on •  support for mul'-‐authorship •  transac'onal all-‐or-‐nothing policy composi9on seman9cs •  per-‐packet consistent policy updates Lock STN in Ac9on (Ack Case) STN in Ac9on (Nack Case) Packet Header Space Waypoint Composition Monitoring Controller Applica9on Apply(p1) Waypoint Ack Apply(p2) Rou9ng Ack Apply(p1) STN Interface 1.  Precedence must be deﬁned across policy sources 2.  Packet forwarding rule priori9es must be deﬁned, and respect policy source precedence ReitblaS ’12: Consistent network updates Problem: Distributed Policy Composition Rou9ng Monitoring Waypoint Rou9ng Monitoring Waypoint Controller Applica9on Controller Applica9on Network Informa9on Base Network Informa9on Base Waypoint Ack Apply(p2) Nack(reason) STN Interface Match Action src=10.1.0/2 4 fwd(IDS) tcp=80 count + fwd X Match Action src=10.1.0/2 4 fwd(IDS) dst=10.1/16 fwd(2) STN prevents concurrent, conﬂic9ng policy updates from aﬀec9ng any traﬃc The Result: Linearizable Concurrent Policy Updates Control Applica9on Factoriza9on Controller Replica9on Model Switch Reader-‐Writer Model Concurrent Policy Composi9on Gone Wrong controller A Linearizability (an equivalent sequen9al history) is the “holy grail” safety property Robustness to Controller “Stop-Failures” controller B Impossible to guarantee a determinis9c outcome without policy synchroniza'on Inspiration from Software Transactional Memory process 1 read write process 2 process 3 read Transactional Interface Shared Datastructure write Theorem 1 Theorem 2 STN ensures linearizability and wait-freedom with exponential tag complexity STN is resilliant to f controller stop-failures with optimal tag complexity f+2 Wait-‐freedom is the “holy grail” liveness property References [1] Software Transactional Networking: Concurrent and Consistent Policy Composition, In Proceedings of SIGCOMM HotSDN 2013 [2] The Case for Reliable Software Transactional Networking, Research Report CoRR, http://arxiv.org/abs/1004.4701