SNAP: Stateful Network-Wide Abstractions for Packet Processing (1512.00822v2)

Abstract: Early programming languages for software-defined networking (SDN) were built on top of the simple match-action paradigm offered by OpenFlow 1.0. However, emerging hardware and software switches offer much more sophisticated support for persistent state in the data plane, without involving a central controller. Nevertheless, managing stateful, distributed systems efficiently and correctly is known to be one of the most challenging programming problems. To simplify this new SDN problem, we introduce SNAP. SNAP offers a simpler "centralized" stateful programming model, by allowing programmers to develop programs on top of one big switch rather than many. These programs may contain reads and writes to global, persistent arrays, and as a result, programmers can implement a broad range of applications, from stateful firewalls to fine-grained traffic monitoring. The SNAP compiler relieves programmers of having to worry about how to distribute, place, and optimize access to these stateful arrays by doing it all for them. More specifically, the compiler discovers read/write dependencies between arrays and translates one-big-switch programs into an efficient internal representation based on a novel variant of binary decision diagrams. This internal representation is used to construct a mixed-integer linear program, which jointly optimizes the placement of state and the routing of traffic across the underlying physical topology. We have implemented a prototype compiler and applied it to about 20 SNAP programs over various topologies to demonstrate our techniques' scalability.

• The paper introduces SNAP, a high-level language enabling stateful network-wide packet processing directly on the programmable data plane using the "One Big Switch" abstraction.
• SNAP's compiler utilizes extended forwarding decision diagrams (xFDDs) and MILP optimization to translate policies and determine optimal state variable placement across the distributed network.
• Prototypical implementations demonstrated SNAP's versatility for applications like DNS tunneling detection, highlighting its potential to reduce central controller reliance and improve network resilience.

SNAP: Stateful Network-Wide Abstractions for Packet Processing

The presented paper introduces SNAP, a high-level programming language tailored for programmable data planes in software-defined networks (SDNs). Traditional programming languages for SDNs have hinged on OpenFlow 1.0's match-action paradigm, creating a dichotomy between stateless logic on switches and stateful logic manipulated solely at the controller level. In contrast, SNAP leverages the advancements in switch technology that allow persistent and stateful operations directly on the data plane, thereby facilitating both stateful and stateless computations without the need for the cumbersome central controller interactions typical in older SDN constructs.

Centralized Stateful Programming Abstraction

SNAP provides developers with an abstraction framework called "One Big Switch" (OBS), simplifying the mentality required to interact with the network. Within this paradigm, the programmer writes as if operating on a singular, monolithic switch, despite the actuality of a distributed network infrastructure. This abstracted top-level view enables the inclusion of stateful operations through persistent arrays that can be indexed and modified based on incoming packets. The SNAP compiler subsequently handles the intricate tasks of distributing, deploying, and optimizing placement and access to these stateful arrays onto the actual network topology.

Key to SNAP's innovation is a unique optimization layer. Using a novel variant of binary decision diagrams (BDD), specifically tailored as extended forwarding decision diagrams (xFDD), SNAP efficiently converts high-level policy logic into an optimized, implementable form. This form is conducive to the compilation of MIX Integer Linear Programs (MILP) that jointly optimize traffic routing paths and state variables' placement.

Compiler Design and Functionality

SNAP's compiler is instrumental in translating the high-level program into executable components on SDN hardware. The compiler's front end is adept at constructing xFDDs through sophisticated static analysis, evaluating dependencies and optimizing logic sequencing based on inferred state interactions and packet-field conditions. It is noteworthy that this procedural logic is sensitive to potential race conditions due to concurrent state access, which the compiler adeptly detects and mitigates.

In the back end, the MILP formulation effectively assigns each stateful operation an optimal location to minimize link congestion and routing inefficiencies while respecting network-wide constraints such as ordering of state changes and potential co-location of dependent state variables.

Implementation and Evaluation

SNAP was prototypically validated on various applications, including Chimera and Snort flowbits, showcasing its versatility across diverse networking needs like DNS tunneling detection and FTP monitoring. The implemented prototypes leveraged NetASM to present the feasibility of translating SNAP's abstract commands into low-level switch instructions, primarily using NetASM's support for atomic execution and stateful memory manipulation.

Comprehensive scalability and performance evaluations demonstrated SNAP's rapid response to network topology and policy shifts owing to its dynamic compilation strategy, underlining its potential in both current and future SDN environments.

Implications and Forward Prospects

The introduction of SNAP could significantly alter how network operators approach programming in SDNs by reducing dependency on centralized controllers, thus promoting a more resilient and lower-latency network architecture. From a theoretical standpoint, SNAP enriches the discourse around network abstraction layers, providing a methodology that can be extended or adapted to future technological evolutions, potentially integrating with queue-based policies or supporting deep packet inspection.

Future work could focus on enhancing the expressiveness of SNAP by integrating additional constructs or optimizing resource allocation even further. The synthesis between programmable hardware advancements and SNAP's intuitive programming model will undoubtedly yield transformative impacts on the deployment of sophisticated, high-performance network systems.