SDN-Pyretic1原版完整课件.pptx

《SDN-Pyretic1原版完整课件.pptx》由会员分享，可在线阅读，更多相关《SDN-Pyretic1原版完整课件.pptx（29页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、 Modular SDN Programming with PyreticJoshua Reich,Christopher Monsanto,Nate Foster,Jennifer Rexford,and David WalkerUSENIX,2013Presented by Ye Tian for Course CS05112Pyretic Controller One member of the Frenetic family of SDN programming languages.Based on Python Programmer friendly Reference http:/

2、www.frenetic-lang.org/Tutorial DocumentationRunning Pyretic Run Pyretic using“pyretic.py”Options-m MODE i|r0|p0-v VERBOSITY low|high$pyretic.py v high m p0 pyretic.examples.pyretic_switchRunning Pyretic MODE i:every packet is processed in the controller runtime.Unsurpsingly slow,but useful for debug

3、ging.r0:rules are reactively pushed to switches based on the Pyretic policy and the packets seen.f0:rules are proactively pushed to switches based on the Pyretic policy.Generally the highest performance mode currently available.Main Method Every Pyretic program must have a main method Import at mini

4、mum the Pyretic core library.Main Method Import in the main functionPacket Model A packet contains all the OpenFlow recognized fields srcmac,dstmac,ethertype,srcip,dstip,A packet also contains other information,switch inport outport Language Basics:Policy A policy is a function that takes a packet a

5、s input and returns a set of packets.Describes what the network switches should do with incoming packets.Example:A function that takes any packet and returns the empty set,cause the network to drop all packets.A function that takes any packet arriving at a given location(switch and port)and returns

6、the set of identical packets but located respectively at the ports at that switch which lie on the network spanning tree,cause the network to flood all packets.(modify outport)Language Basics:PolicyPOLICY SYNTAX SEMANTICS EXAMPLEmatch match(f=v)returns set containing packet if packets field f matche

7、s value v,empty set otherwisematch(dstmac=EthAddr(00:00:00:00:00:01)drop drop returns empty set dropidentity identity returns set containing copy of packetidentitymodify modify(f=v)returns set containing copy of packet where field f is set to value vmodify(srcmac=EthAddr(00:00:00:00:00:01)Language B

8、asics:PolicyPOLICY SYNTAX SEMANTICS EXAMPLEforward fwd(a)returns set containing copy of packet where outport field is set to afwd(1)(equals to modify(outport=1)flood flood()returns set containing one copy of packet for each port on the spanning treeflood()parallel compositionA+Breturns the union of

9、As output and Bs outputfwd(1)+fwd(2)Language Basics:PolicyPOLICY SYNTAX SEMANTICS EXAMPLEsequential compositionA Breturns Bs output where As output is Bs inputmodify(dstip=IPAddr(10.0.0.2)fwd(2)match(switch=1)flood()negation A returns logical negation of filter policies match(switch=1)Language Basic

10、s:Filter Policy Filter policies are policies that dont change the packet-either a set containing just the packet is returned or the empty set is returned.match,drop,identity negation(),conjunction(&),and disjunction(|)are only defined on filter policies Language Basics:Filter Policy A filter policy

11、A policy condition2 type error condition1 OKcondition1=match(dstmac=EthAddr(00:00:00:00:00:01)&match(srcmac=EthAddr(00:00:00:00:00:02)condition2=match(dstmac=EthAddr(00:00:00:00:00:01)match(srcmac=EthAddr(00:00:00:00:00:02)Language Basics:Conditional Execution Use filters for conditional execution o

12、rsplit=(match(dstip=IPAddr(10.0.0.1)fwd(1)+(match(dstip=IPAddr(10.0.0.1)fwd(2)split=if_(match(dstip=IPAddr(10.0.0.1),fwd(1),fwd(2)Query Policy Network monitors are just another simple type of policy that may be conjoined to any of the other policiesSyntax Summarypackets(limit=n,group_by=f1,f2,.)call

13、back on every packet received for up to n packets identical on fields f1,f2,.count_packets(interval=t,group_by=f1,f2,.)count every packet received,callback every t seconds providing count for each group count_bytes(interval=t,group_by=f1,f2,.)count every byte received,callback every t seconds provid

14、ing count for each group Query Policy For example,create a new query for the first packet arriving from each unique source IPand restrict it to web-traffic requests To print each packet that arrives at Q,registers a callback routine to handle Qs callback,Q=packets(limit=1,group_by=srcip)match(dstpor

15、t=80)Q def printer(pkt):print pkt Q.register_callback(printer)Dynamic Policy Query policies are often used to drive changes to other dynamic policies.Dynamic policies have behavior(defined by self.policy)that changes over time,according to the programmers specification.Dynamic Policy For example,the

16、 routine round_robin takes the first packet from a new client(source IP address)and updates the policys behavior(by assigning self.policy to a new value)so all future packets from this source are assigned to the next server in the sequence(by rewriting the destination IP address);Dynamic Policy Pack

17、ets from all other clients are treated as before.After updating the policy,round_robin also moves the currently up server to the next server in the list.def round_robin(self,pkt):self.policy=if_(match(srcip=pktsrcip),modify(dstip=self.server),self.policy)self.client+=1 self.server=self.serversself.c

18、lient%m Dynamic Policy Creates a new round-robin load balancer dynamic policy class rrlb by subclassing DynamicPolicy and providing an initialization method that registers round_robin as a callback routine:class rrlb(DynamicPolicy):def _init_(self,s,servers):self.switch=s self.servers=servers.Q=pack

19、ets(limit=1,group_by=srcip)Q.register_callback(self.round_robin)self.policy=match(dstport=80)Q def round_robin(self,pkt):.Dynamic Policy Creates a new instance of rrlb(say one running on switch 3 and sending requests to server replicas at 2.2.2.8,2.2.2.9 and 2.2.2.10)in the standard way servers=IP(2.2.2.8),IP(2.2.2.9),IP(2.2.2.10)rrlb_on_switch3=rrlb(3,servers)HubLearning SwitchLearning SwitchLearning SwitchLearning SwitchLearning SwitchWhen switch sees ICMP request from h1 to h2When switch sees ICMP response from h2 to h1 Flow table entries