short-paper

Exodus: toward automatic migration of enterprise network configurations to SDNs

Authors:

Andrew D. Ferguson,

Rodrigo Fonseca,

Shriram KrishnamurthiAuthors Info & Claims

SOSR '15: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research

Article No.: 13, Pages 1 - 7

https://doi.org/10.1145/2774993.2774997

Published: 17 June 2015 Publication History

Abstract

We present the design and a prototype of Exodus, a system that consumes a collection of router configurations (e.g., in Cisco IOS), compiles these into a common, intermediate semantic form, and then produces corresponding SDN controller software in a high-level language. Exodus generates networks that are functionally similar to the original networks, with the advantage of having centralized programs that are verifiable and evolvable. Exodus supports a wide array of IOS features, including non-trivial kinds of packet-filtering, reflexive access-lists, NAT, VLANs, static and dynamic routing. Implementing Exodus has exposed several limitations in both today's languages for SDN programming and in OpenFlow itself. We briefly discuss these lessons learned and provide guidance for future SDN migration efforts.

References

[1]

F. Baker. Requirements for IP Version 4 Routers. RFC 1812, June 1995.

Digital Library

[2]

T. Benson, A. Akella, and D. Maltz. Unraveling the Complexity of Network Management. In Proc. NSDI. 2009.

Digital Library

[3]

T. Benson, A. Akella, and D. A. Maltz. Mining Policies from Enterprise Network Configuration. In Proc. IMC. 2009.

Digital Library

[4]

D. F. Caldwell, A. Gilbert, J. Gottlieb, A. G. Greenberg, G. Hjálmtýsson, and J. Rexford. The cutting EDGE of IP router configuration. Proc. HotNets, 2003.

Digital Library

[5]

V. Capretta, B. Stepien, A. Felty, and S. Matwin. Formal Correctness of Conflict Detection for Firewalls. In Proc. Workshop on Formal Methods in Security Engineering. 2007.

Digital Library

[6]

M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: Taking Control of the Enterprise. In Proc. ACM Sigcomm. 2007.

Digital Library

[7]

M. Casado, T. Koponen, R. Ramanathan, and S. Shenker. Virtualizing the Network Forwarding Plane. In Proc. PRESTO. 2010.

Digital Library

[8]

M. Casado, T. Koponen, S. Shenker, and A. Tootoonchian. Fabric: A Retrospective on Evolving SDN. In Proc. HotSDN. 2012.

Digital Library

[9]

M. Casado, T. Garfinkel, A. Akella, M. J. Freedman, D. Boneh, N. McKeown, and S. Shenker. SANE: A Protection Architecture for Enterprise Networks. In Proc. USENIX-SS. 2006.

Digital Library

[10]

A. Ferguson, A. Guha, C. Liang, R. Fonseca, and S. Krishnamurthi. Participatory Networking: An API for Application Control of SDNs. In Proc. ACM Sigcomm. 2013.

Digital Library

[11]

N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J. Rexford, A. Story, and D. Walker. Frenetic: A Network Programming Language. In ICFP. 2011.

Digital Library

[12]

A. Greenberg, et al. A clean slate 4d approach to network control and management. ACM CCR, 35(5): 41--54, October 2005.

Digital Library

[13]

D. Jackson. Software Abstractions: Logic, Language, and Analysis. The MIT Press, April 2006. ISBN 0262101149.

Digital Library

[14]

S. Jain, et al. B4: Experience with a Globally-Deployed Software Defined WAN. In Proc. ACM Sigcomm. 2013.

Digital Library

[15]

N. Kang, Z. Liu, J. Rexford, and D. Walker. Optimizing the "One Big Switch" Abstraction in Software-defined Networks. In Proc. CoNEXT. 2013.

Digital Library

[16]

Y. Kanizo, D. Hay, and I. Keslassy. Palette: Distributing Tables in Software-Defined Networks. In Proc. IEEE INFOCOM. 2013.

[17]

P. Kazemian, G. Varghese, and N. McKeown. Header Space Analysis: Static Checking for Networks. In Proc. NSDI. 2012.

Digital Library

[18]

H. Kim, T. Benson, A. Akella, and N. Feamster. The Evolution of Network Configuration: A Tale of Two Campuses. In Proc. IMC. 2011.

Digital Library

[19]

B. Lantz, B. Heller, and N. McKeown. A Network in a Laptop: Rapid Prototyping for Software-Defined Networks. In Proc. HotNets. 2010.

Digital Library

[20]

D. Levin, M. Canini, S. Schmid, F. Schaffert, and A. Feldmann. Panopticon: Reaping the benefits of partial SDN deployment in enterprise networks. In Proc. USENIX ATC. 2014.

Digital Library

[21]

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. OpenFlow: Enabling Innovation in Campus Networks. ACM CCR, 38(2): 69--74, March 2008.

Digital Library

[22]

C. Monsanto, J. Reich, N. Foster, J. Rexford, and D. Walker. Composing Software-Defined Networks. In Proc. NSDI. 2013.

Digital Library

[23]

T. Nelson, C. Barratt, D. J. Dougherty, K. Fisler, and S. Krishnamurthi. The Margrave Tool for Firewall Analysis. In Proc. USENIX LISA. 2010.

Digital Library

[24]

T. Nelson, A. D. Ferguson, M. J. G. Scheer, and S. Krishnamurthi. Tierless programming and reasoning for software-defined networks. In Proc. NSDI. 2014.

Digital Library

[25]

Google Protocol Buffers. https://code.google.com/p/protobuf/.

[26]

C. E. Rothenberg, M. R. Nascimento, M. R. Salvador, C. N. A. Corrêa, S. Cunha de Lucena, and R. Raszuk. Revisiting Routing Control Platforms with the Eyes and Muscles of Software-defined Networking. In Proc. HotSDN. 2012.

Digital Library

[27]

S. Shenker. The future of networking and the past of protocols. Talk at Open Networking Summit, Oct. 2011.

[28]

P. Srisuresh and K. Egevang. Traditional IP Network Address Translator (Traditional NAT). RFC 3022, January 2001.

Digital Library

[29]

Y. Sung, X. Sun, S. Rao, G. Xie, and D. Maltz. Towards Systematic Design of Enterprise Networks. Networking, IEEE/ACM Transactions on, 19(3): 695--708, 2011.

Digital Library

[30]

M. Yu, X. Sun, N. Feamster, S. Rao, and J. Rexford. A survey of virtual LAN usage in campus networks. Network & Service Management Series, IEEE Communications Magazine, July 2011.

[31]

H. Zeng, P. Kazemian, G. Varghese, and N. McKeown. Automatic Test Packet Generation. In Proc. CoNEXT. 2012.

Digital Library

[32]

S. Zhang, A. Mahmoud, S. Malik, and S. Narain. Verification and Synthesis of Firewalls using SAT and QBF. IEEE International Conference on Network Protocols (ICNP), 2012.

Digital Library

Cited By

Sun HLiao XWang JQi QZhuang ZLiao JOliver Wu D(2024)Fast and Scalable ACL Policy Solving Under Complex Constraints With Graph Neural NetworksIEEE/ACM Transactions on Networking10.1109/TNET.2024.340952932:5(4175-4190)Online publication date: Oct-2024
https://doi.org/10.1109/TNET.2024.3409529
Zhang DZhang JBu Y(2022)Performance Analysis of Mimic Defense based SDN Security PolicyProceedings of the 2022 2nd International Conference on Control and Intelligent Robotics10.1145/3548608.3561128(7-12)Online publication date: 24-Jun-2022
https://dl.acm.org/doi/10.1145/3548608.3561128
Rajoriya MPrakash Gupta C(2021)A Taxonomy on Distributed Controllers in Software Defined Networking2021 5th International Conference on Computing Methodologies and Communication (ICCMC)10.1109/ICCMC51019.2021.9418048(120-126)Online publication date: 8-Apr-2021
https://doi.org/10.1109/ICCMC51019.2021.9418048
Show More Cited By

Index Terms

Exodus: toward automatic migration of enterprise network configurations to SDNs
1. Networks
  1. Network services
    1. Network management
2. Software and its engineering

Recommendations

Language support for verifiable SDNs
SPLASH Companion 2016: Companion Proceedings of the 2016 ACM SIGPLAN International Conference on Systems, Programming, Languages and Applications: Software for Humanity

Programming languages for Software-Defined Networks (SDNs) provide higher abstractions on top of hardware-based APIs like OpenFlow. Researchers started to develop SDN programming languages based on mathematical foundations, which makes these languages ...
Toward Scalable Emulation of Future Internet Applications with Simulation Symbiosis
DS-RT 2015: Proceedings of the 19th International Symposium on Distributed Simulation and Real Time Applications

Mininet is a popular container-based emulation environment built on Linux for testing OpenFlow applications. Using Mininet, one can compose an experimental network using a set of virtual hosts and virtual switches with flexibility. However, it is well ...
DC-CAMP: Dynamic Controller Creation, Allocation and Management Protocol in SDN
Abstract
Software-defined networking (SDN) is a new paradigm that influences all networking aspects. SDN decouples the control and data planes. Decoupling the control and data planes makes possible the management of network equipment in a more comfortable ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SOSR '15: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research

June 2015

226 pages

ISBN:9781450334518

DOI:10.1145/2774993

Program Chairs:
Jennifer Rexford
Princeton
,
Amin Vahdat
Google

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication
ONS: Open Networking Summit

In-Cooperation

USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

National Science Foundation

Conference

SOSR 2015

Sponsor:

SIGCOMM
ONS

SOSR 2015: ACM SIGCOMM Symposium on SDN Research

June 17 - 18, 2015

California, Santa Clara

Acceptance Rates

SOSR '15 Paper Acceptance Rate 7 of 43 submissions, 16%;

Overall Acceptance Rate 7 of 43 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
457
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sun HLiao XWang JQi QZhuang ZLiao JOliver Wu D(2024)Fast and Scalable ACL Policy Solving Under Complex Constraints With Graph Neural NetworksIEEE/ACM Transactions on Networking10.1109/TNET.2024.340952932:5(4175-4190)Online publication date: Oct-2024
https://doi.org/10.1109/TNET.2024.3409529
Zhang DZhang JBu Y(2022)Performance Analysis of Mimic Defense based SDN Security PolicyProceedings of the 2022 2nd International Conference on Control and Intelligent Robotics10.1145/3548608.3561128(7-12)Online publication date: 24-Jun-2022
https://dl.acm.org/doi/10.1145/3548608.3561128
Rajoriya MPrakash Gupta C(2021)A Taxonomy on Distributed Controllers in Software Defined Networking2021 5th International Conference on Computing Methodologies and Communication (ICCMC)10.1109/ICCMC51019.2021.9418048(120-126)Online publication date: 8-Apr-2021
https://doi.org/10.1109/ICCMC51019.2021.9418048
Ali MShah NKhan Khattak M(2020)DAI: Dynamic ACL Policy Implementation for Software-Defined Networking2020 IEEE 17th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET)10.1109/HONET50430.2020.9322835(138-142)Online publication date: 14-Dec-2020
https://doi.org/10.1109/HONET50430.2020.9322835
Tian BZhang XZhai ELiu HYe QWang CWu XJi ZSang YZhang MYu DTian CZheng HZhao BWu JHall W(2019)Safely and automatically updating in-network ACL configurations with intent languageProceedings of the ACM Special Interest Group on Data Communication10.1145/3341302.3342088(214-226)Online publication date: 19-Aug-2019
https://dl.acm.org/doi/10.1145/3341302.3342088
Huang XCheng SCao KCong PWei THu S(2019)A Survey of Deployment Solutions and Optimization Strategies for Hybrid SDN NetworksIEEE Communications Surveys & Tutorials10.1109/COMST.2018.287106121:2(1483-1507)Online publication date: Oct-2020
https://doi.org/10.1109/COMST.2018.2871061
Diekmann CHupel LMichaelis JHaslbeck MCarle G(2018)Verified iptables Firewall Analysis and VerificationJournal of Automated Reasoning10.1007/s10817-017-9445-161:1-4(191-242)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1007/s10817-017-9445-1
Zhao YWang LWu WBosilca GVuduc RYe JTang WXu ZWu WYang JTian QZimmermann R(2017)Efficient Communications in Training Large Scale Neural NetworksProceedings of the on Thematic Workshops of ACM Multimedia 201710.1145/3126686.3126749(110-116)Online publication date: 23-Oct-2017
https://dl.acm.org/doi/10.1145/3126686.3126749
Basu SFoster NHojjat HPalacharla PSkalka CWang X(2017)Life on the EdgeProceedings of the Symposium on Architectures for Networking and Communications Systems10.1109/ANCS.2017.31(178-190)Online publication date: 18-May-2017
https://dl.acm.org/doi/10.1109/ANCS.2017.31
Park HCho BHwang ILee J(2017)Study on the SDN‐IP–based solution of well‐known bottleneck problems in private sector of national R&E network for big data transferConcurrency and Computation: Practice and Experience10.1002/cpe.436530:1Online publication date: 12-Nov-2017
https://doi.org/10.1002/cpe.4365
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents