Network Debugging Challenges and Solutions

6 888 lecture 16 n.w
1 / 36
Embed
Share

Discover the complexities of network debugging and how different fields have overcome similar challenges. Explore the reasons behind the difficulty in answering simple network questions and the critical role of network management in maintaining functionality. Learn about tools and techniques used in digital hardware and software design specifications, as well as the importance of managing network operations effectively.

  • Network Debugging
  • Software Design
  • Hardware Design
  • Network Management
  • Complexity
rayaanacharya
mcintosh_e Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. 6.888 Lecture 16: Header Space Analysis Mohammad Alizadeh Slides courtesy of Peyman Kazemian (Stanford) Spring 2016 1

  2. Digital Hardware Design Specification $10B tool business supports a $250B chip industry Functional Description (RTL) Testbench & Vectors Functional Verification Logical Synthesis 100s of Books >10,000 Papers 10s of Classes Static Timing Place & Route Design Rule Checking (DRC) Layout vs Schematic (LVS) Layout Parasitic Extraction (LPE) Manufacture & Validate 2

  3. Software Design Specification $10B tool business supports a $300B S/W industry Functional Description (Code) Testbench Static Code Analysis Invariant Checker Model Checking 100s of Books >100,000 Papers 10s of Classes Interactive Debugger Run-time Checker 3

  4. Managing Networks (Today) traceroute, ping, tcpdump, SNMP, Netflow . er, that s about it. 4

  5. Why is network debugging hard? Complex interaction o Between multiple protocols on a switch/router. o Between state on different switches/routers. Multiple uncoordinated writers of state. Network owner can t o Observe all state. o Control all state.

  6. Networks are kept working by Masters of Complexity

  7. Simple questions are hard to answer o Can host A talk to host B? o What are all the packet headers from A that can reach B? o Is Group X provably isolated from Group Y? o Are there any loops in the network? o What happens if I remove this line in the config file? 7

  8. How have other fields overcome similar challenges? 8

  9. Communication Engineering De- Frequency Modulation S D Modulation Antenna Amplifier Antenna Band Pass Filter Cos(wt) Cos(wt) 9

  10. Digital Hardware Design B clock out A 10

  11. Digital Hardware Design B clock out A 11

  12. Systems Framework for Networks Input ACL IP Output ACL MAC Table Spanning Tree VLAN Table table Filtering Rules ARP Table MAC Table Spanning Tree Input ACL IP Output ACL table MAC Table MPLS Mappings IP Table ARP Table MAC Table Spanning Tree 12

  13. Systems Framework for Networks Input ACL IP Output ACL MAC Table Spanning Tree VLAN Table table Filtering Rules ARP Table MAC Table Spanning Tree Input ACL IP Output ACL table MAC Table MPLS Mappings IP Table ARP Table MAC Table Spanning Tree 13

  14. Header Space Analysis 14

  15. Header Space Framework Step 1: o Ignore protocol dependent meaning of header bits and see it as a flat sequence of 0s and 1s. o Model a packet as a point in {0,1}L space The Header Space SRC MAC DST MAC SRC IP Data DST IP 0101..1 1010..1 0010..0 0010..0 Header Data 0101..11010..10010..00010..0 L 010xxx011..x001xxxxx01110 15

  16. Header Space Framework Step 2 Model all networking boxes as transformers of header space 1101..00 3 Transfer Function: 1 Packet Forwarding 1110..00 2 Match Action + + 0xx1..x1 11xx..0x Send to port 3 Rewrite with 1xx011..x1 Rewrite with 1x01xx..x1 Send to port 2 Why is the output a set of packets? 16

  17. Transfer Function Example IPv4 Router Forwarding Behavior 1 2 172.24.74.x 172.24.128.x 171.67.x.x Port1 Port2 Port3 o o 3 o (h,1) if dst_ip(h) = 172.24.74.x T(h, p) = (h,2) if dst_ip(h) = 172.24.128.x (h,3) if dst_ip(h) = 171.67.x.x 17

  18. Transfer Function Example IPv4 Router forwarding + Time to Live (TTL) 1 2 172.24.74.x 172.24.128.x 171.67.x.x Port1 Port2 Port3 o o 3 o (dec_ttl(h),1) if dst_ip(h) = 172.24.74.x T(h, p) = (dec_ttl(h),2) if dst_ip(h) = 172.24.128.x (dec_ttl(h),3) if dst_ip(h) = 171.67.x.x 18

  19. Transfer Function Example IPv4 Router forwarding + TTL + MAC rewrite 1 2 172.24.74.x 172.24.128.x 171.67.x.x Port1 Port2 Port3 o o 3 o (rw_mac(dec_ttl(h),next_mac) , 1) if dst_ip(h) = 172.24.74.x T(h, p) = (rw_mac(dec_ttl(h),next_mac) , 2) if dst_ip(h) = 172.24.128.x (rw_mac(dec_ttl(h),next_mac) , 3) if dst_ip(h) = 171.67.x.x 19

  20. Other Examples: Rewrite: rewrite bits 0-2 with value 101 o (h & 000111 ) | 101000 Encapsulation: encap packet in a 1010 header. o (h >> 4) | 1010 . Decapsulation: decap 1010xxx packets o (h << 4) | 000 xxxx TTL Decrement: o if ttl(h) == 0: Drop o if ttl(h) > 0: h 0 000000010 0 Load Balancing: o LB(h,p) = {(h,P1), (h,Pn)} 20

  21. Composing Transfer Functions By composing transfer functions, we can find the end to end behavior of networks. R1 R2 R3 T1(h, p) 21

  22. Inverting Transfer Functions Tell us all possible input packets that can generate an output packet. T(h,p) T-1(h,p) Input Header Space Output Header Space 22

  23. Header Space Framework Step 3- Header Space Set Algebra. o Intersection o Complementation o Difference o Check subset and equality condition. Every region of Header Space, can be described by union of Wildcard Expressions. (example: 10xx U 011x) Goal: do set operation on wildcard expressions. 23

  24. HS Set Algebra- Intersection Bit by bit intersect using intersection table: o Example: o If result has any z , then intersection is empty: o Example: wildcard empty 24

  25. Algorithms 25

  26. Finding Reachability All Packets that A All Packets that A can use to communicate with B can possibly send All Packets that A can possibly send to box 2 through box 1 A T-11 Box 1 Box 2 T2(T1(X,A)) T-12 T-11 T1(X,A) T4(T1(X,A)) T-14 T-13 All Packets that A can possibly send to box 4 through box 1 B Box 4 Box 3 T-13 T3(T2(T1(X,A)) U T3(T4(T1(X,A)) 26

  27. Finding Loops Is there a loop in the network? o Inject an all-x test packet from every switch-port o Follow the packet until it comes back to injection port T1(X,P) T2(T1(X,P)) Box 2 T-12 T-13 T-11 Box 1 Box 3 T-14 Original HS Returned HS T3(T2(T1(X,P))) T4(T3(T2(T1(X,P)))) Box 4 27

  28. Finding Loops Is the loop infinite? Finite Loop Infinite Loop ? 28

  29. Checking Isolation of Slices How to check if two slices are isolated? o Slice definitions don t intersect. o Packets don t leak after forwarding. 29

  30. Header Space Library (Hassel) 30

  31. Header Space Library (Hassel) Two versions Python and C. Foundation Layer o Implements Header Space and Transfer Function objects. Application Layer o Reachability, Loop Detection and Slice Isolation checks. o < 100 LoC for these checks. Parser (only available in Python) o CLI Parsing tool for Cisco IOS, Juniper Junos and OpenFlow table dump. Example: for Cisco IOS, reads IP table, ARP table, MAC table, Spanning tree output and Config file. o Keeps mapping from TF Rule to CLI line number. Available online: git clone https://bitbucket.org/peymank/hassel-public.git 31

  32. Optimizations: 10,000X Speedup IP Table compression Lazy subtraction Dead object deletion Lookup based search Lazy TE evaluation 32

  33. Stanford backbone network Loop detection test Vlan RED Spanning Tree Vlan BLUE Spanning Tree Owns 6 x /16 IP domains. ~750K IP fwd rule. ~1.5K ACL rules. ~100 Vlans. Vlan forwarding. 33

  34. Limitations 1. When I add a new forwarding rule, how can I dynamically check in real-time if it will violate my network policy? 1. How do I track down the source code that was the root cause of a data plane error? 1. Is the network causing poor performance or the server? Are QoS settings to blame, poor load balancing, etc? 1. If switch hardware is malfunctioning, how will I know? How will I identify the switch/rule? 34

  35. Related Research Pyretic, Procera, [2012] Frenetic, NetCore, Formal specification languages Policy Control Program Veriflow, NetPlumber [2012] Dynamic checking of lowest level design Control Plane WWW, ndb [2012] Anteater, HSA [2011] Dynamic troubleshooting to Identify root cause Static checking of lowest level design (several) Consistent Updates ATPG [2012], NetSONAR [2013] Packet forwarding NETWORK

  36. 36

Related


No related presentations.

More Related Content