VERIFYING CONTROLLER ACTIONS IN SOFTWARE-DEFINED NETWORKS WITH CONTROLLER CLUSTERS

US 20170041427A1
Filed: 08/07/2015
Published: 02/09/2017
Est. Priority Date: 08/07/2015
Status: Active Grant

First Claim

Patent Images

1. A method of verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said method comprising:

utilizing at least one processor to execute computer code that performs the steps of;

intercepting at least one message at the primary controller;

wherein the at least one intercepted message comprises a message that induces one or more changes in the network;

intercepting at least one cache update in the network;

replicating the at least one intercepted message and the at least one intercepted cache update;

directing the at least one replicated message and the replicated at least one cache update to a verification subsystem; and

verifying the at least one replicated message and the at least one replicated cache update in the verification subsystem.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and arrangements for verifying controller actions in a clustered software defined network. A contemplated method includes: intercepting at least one message at the primary controller; wherein the at least one intercepted message comprises a message that induces one or more changes in the network; intercepting at least one cache update in the network; replicating the at least one intercepted message and the at least one cache update; directing the at least one replicated message and the at least one replicated cache update to a verification subsystem; and verifying the at least one replicated message and the at least one replicated cache update in the verification subsystem. Other variants and embodiments are broadly contemplated herein.

10 Citations

View as Search Results

20 Claims

1. A method of verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said method comprising:
- utilizing at least one processor to execute computer code that performs the steps of;
  
  intercepting at least one message at the primary controller;
  
  wherein the at least one intercepted message comprises a message that induces one or more changes in the network;
  
  intercepting at least one cache update in the network;
  
  replicating the at least one intercepted message and the at least one intercepted cache update;
  
  directing the at least one replicated message and the replicated at least one cache update to a verification subsystem; and
  
  verifying the at least one replicated message and the at least one replicated cache update in the verification subsystem.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the verification subsystem comprises:
    - at least one of the secondary controllers;
      
      said verifying comprising comparing a response of the primary controller to the at least one replicated message with a response of the at least one of the secondary controllers to the at least one replicated message.
  - 3. The method according to claim 2, wherein said verifying comprises verifying that the response of the at least one of the secondary controllers matches the response of the primary controller.
  - 4. The method according to claim 3, wherein said verifying comprises propagating one or more tainted messages.
  - 5. The method according to claim 1, wherein the verification subsystem comprises a data store that receives the at least one replicated cache update.
  - 6. The method according to claim 1, wherein the verification subsystem resides on a network separate from the clustered software defined network.
  - 7. The method according to claim 1, comprising:
    - detecting a trigger at one or more of;
      
      the primary controller, and at least one of the secondary controllers; and
      
      propagating at least one taint within the verification subsystem to map one or more responses to the detected trigger.
  - 8. The method according to claim 1, wherein the verification subsystem comprises a subsystem having access to more than one controller.
  - 9. The method according to claim 1, wherein said verifying comprises verifying responses to the at least one message via a majority check of the plurality of secondary controllers.
  - 10. The method according to claim 1, wherein said intercepting of messages comprises intercepting messages at a hypervisor.

11. An apparatus for verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said apparatus comprising:
- at least one processor; and
  
  a computer readable storage medium having computer readable program code embodied therewith and executable by the at least one processor, the computer readable program code comprising;
  
  computer readable program code that intercepts at least one message at the primary controller;
  
  wherein the at least one intercepted message comprises a message that induces one or more changes in the network;
  
  computer readable program code that intercepts at least one cache update in the network;
  
  computer readable program code that replicates the at least one intercepted message and the at least one intercepted cache update;
  
  computer readable program code that directs the at least one replicated message and the at least one replicated cache update to a verification subsystem; and
  
  computer readable program code that verifies the at least one replicated message and the at least one replicated cache update in the verification subsystem.

12. A computer program product for verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said computer program product comprising:
- a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code that intercepts at least one message at the primary controller;
  
  wherein the at least one intercepted message comprises a message that induces one or more changes in the network;
  
  computer readable program code that intercepts at least one cache update in the network;
  
  computer readable program code that replicates the at least one intercepted message and the at least one intercepted cache update;
  
  computer readable program code that directs the at least one replicated message and the at least one replicated cache update to a verification subsystem; and
  
  computer readable program code that verifies the at least one replicated message and the at least one replicated cache update in the verification subsystem.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The computer program product of claim 12, wherein:
    - the verification subsystem comprises at least one of the secondary controllers;
      
      the verifying comprising comparing a response of the primary controller to the at least one replicated message with a response of the at least one of the secondary controllers to the at least one replicated message.
  - 14. The computer program product according to claim 12, wherein the verification subsystem comprises a data store that receives the at least one replicated cache update.
  - 15. The computer program product according to claim 12, wherein the verification subsystem resides on a network separate from the clustered software defined network.
  - 16. The computer program product according to claim 12, comprising:
    - computer readable program code that detects a trigger at one or more of;
      
      the primary controller, and at least one of the secondary controllers; and
      
      computer readable program code that propagates at least one taint within the verification subsystem to map one or more responses to the detected trigger.
  - 17. The computer program product according to claim 12, wherein the verification subsystem comprises a subsystem having access to more than one controller.
  - 18. The computer program product according to claim 12, wherein the verifying comprises verifying responses to the at least one message via a majority check of the plurality of secondary controllers.
  - 19. The computer program product according to claim 12, wherein the intercepting of messages comprises intercepting messages at a hypervisor.

20. A method comprising:
- intercepting messages, at a hypervisor, to and from a controller in a clustered software defined network;
  
  the intercepted messages including one or more of;
  
  at least one network update; and
  
  at least one cache update for a distributed data store in communication with the network;
  
  replicating all the intercepted messages to a verification subsystem;
  
  the verification subsystem comprising a distributed subsystem which includes at least one randomly selected controller node in the network and an out-of-band verifier; and
  
  utilizing the verification subsystem to verify responses to the messages from the suspect controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Mahajan, Kshiteej Sharad, Dhawan, Mohan, Mann, Vijay, Poddar, Rishabh

Granted Patent

US 9,942,348 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0631   using root cause analysis; ...

H04L 41/0695   the faulty arrangement bein...

H04L 41/40   using virtualisation of net...

H04L 45/00   Routing or path finding of ...

H04L 45/64   using an overlay routing layer

H04L 45/645   Splitting route computation...

H04L 63/00   Network architectures or ne...

H04L 67/1095   Replication or mirroring of...

H04L 67/5682   Policies or rules for updat...

VERIFYING CONTROLLER ACTIONS IN SOFTWARE-DEFINED NETWORKS WITH CONTROLLER CLUSTERS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VERIFYING CONTROLLER ACTIONS IN SOFTWARE-DEFINED NETWORKS WITH CONTROLLER CLUSTERS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links