Header space analysis: Static checking for networks
Introduction
三个目标:
- Help system administrators statically analyze production networks today
- Make it easier for system administrators to guarantee isolation between sets of hosts, users or traffic
- Take the notion of isolation further, and enable the static analysis of networks sliced in more general ways
The Geometric Model
- Header Space: H \mathcal{H} H,将包头视为一和零的平面序列 { 0 , 1 } L \{0,1\}^L { 0,1}L
- Network Space: N \mathcal{N} N,表示为 { 0 , 1 } L × { 1 , ⋯ , P } \{0,1\}^L \times \{1,\cdots,P\} { 0,1}L×{ 1,⋯,P}, { 1 , ⋯ , P } \{1,\cdots,P\} { 1,⋯,P}为端口
- Network Transfer Function: Ψ ( ) \Psi() Ψ(),
Ψ ( h , p ) = { T 1 ( h , p ) i f p ∈ s w i t c h 1 ⋯ ⋯ T n ( h . p ) i f p ∈ s w i t c h n \Psi(h,p)= \left\{ \begin{array}{lr} T_1(h,p) \;\; if \; p \in switch_1 \\ \cdots \;\; \cdots \\ T_n(h.p) \;\; if \; p \in switch_n \end{array} \right. Ψ(h,p)=⎩⎨⎧T1(h,p)ifp∈switch1⋯⋯Tn(h.p)ifp∈switchn
其中 T i T_i Ti表示第 i i i个boxes的转换函数: T ( h , p ) : ( h , p ) → { ( h 1 , p 1 ) , ( h 2 , p 2 ) , ⋯ } T(h,p) : (h,p) \to \{(h_1,p_1), (h_2,p_2), \cdots\} T(h,p):(h,p)→{ (h1,p1),(h2,p2),⋯} - Topology Transfer Function: Γ ( ) \Gamma() Γ(),
Γ ( h , p ) { { h , p ∗ } i f p c o n n e c t e d t o p ∗ { } i f p i s n o t c o n n e c t e d \Gamma(h,p) \left\{ \begin{array}{lr} \{h,p^*\} \;\; if \; p \; connected \; to \; p^* \\ \{\} \;\; if \; p \; is \; not \; connected \end{array} \right. Γ(h,p){ { h,p∗}ifpconnectedtop∗{ }ifpisnotconnected
在链路的一端接受一个数据包,并在另一端返回相同的数据包,保持不变。请注意,链接在此模型中是单向的。 - Multihop Packet Traversal: Φ ( . ) = Ψ ( Γ ( . ) ) \Phi(.) = \Psi( \Gamma(.)) Φ(.)=Ψ(Γ(.)), k k k跳简记为 Φ k ( h , p ) \Phi^k(h,p) Φk(h,p),其中 Γ \Gamma Γ在链接上转发数据包, Ψ \Psi Ψ 传递包通过box
- Slice: S S S,被定义为*(Slice network space, Permission, Slice Transfer Function)*
- Slice network space:subset of the network space controlled by the slice
- Permission:subset of { r
最低0.47元/天 解锁文章
1552
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
