TY - GEN
T1 - Composing software-defined networks
AU - Monsanto, Christopher
AU - Reich, Joshua
AU - Foster, Nate
AU - Rexford, Jennifer
AU - Walker, David
PY - 2019/1/1
Y1 - 2019/1/1
N2 - Managing a network requires support for multiple concurrent tasks, from routing and traffic monitoring, to access control and server load balancing. Software-Defined Networking (SDN) allows applications to realize these tasks directly, by installing packet-processing rules on switches. However, today's SDN platforms provide limited support for creating modular applications. This paper introduces new abstractions for building applications out of multiple, independent modules that jointly manage network traffic. First, we define composition operators and a library of policies for forwarding and querying traffic. Our parallel composition operator allows multiple policies to operate on the same set of packets, while a novel sequential composition operator allows one policy to process packets after another. Second, we enable each policy to operate on an abstract topology that implicitly constrains what the module can see and do. Finally, we define a new abstract packet model that allows programmers to extend packets with virtual fields that may be used to associate packets with high-level meta-data. We realize these abstractions in Pyretic, an imperative, domain-specific language embedded in Python.
AB - Managing a network requires support for multiple concurrent tasks, from routing and traffic monitoring, to access control and server load balancing. Software-Defined Networking (SDN) allows applications to realize these tasks directly, by installing packet-processing rules on switches. However, today's SDN platforms provide limited support for creating modular applications. This paper introduces new abstractions for building applications out of multiple, independent modules that jointly manage network traffic. First, we define composition operators and a library of policies for forwarding and querying traffic. Our parallel composition operator allows multiple policies to operate on the same set of packets, while a novel sequential composition operator allows one policy to process packets after another. Second, we enable each policy to operate on an abstract topology that implicitly constrains what the module can see and do. Finally, we define a new abstract packet model that allows programmers to extend packets with virtual fields that may be used to associate packets with high-level meta-data. We realize these abstractions in Pyretic, an imperative, domain-specific language embedded in Python.
UR - http://www.scopus.com/inward/record.url?scp=85076669711&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076669711&partnerID=8YFLogxK
M3 - Conference contribution
T3 - Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013
SP - 1
EP - 13
BT - Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013
PB - USENIX Association
T2 - 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013
Y2 - 2 April 2013 through 5 April 2013
ER -