Verifying controller actions in software-defined networks with controller clusters
First Claim
1. A method of verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said method comprising:
- utilizing one or more processors to execute computer code that performs the steps of;
intercepting at least one message at the primary controller wherein the at least one message is associated with an external trigger comprising a communication event arising from outside the primary controller;
wherein the at least one intercepted message comprises a message that induces one or more changes in the network;
intercepting at least one cache update in the network, wherein the at least one cache update is responsive to an internal trigger comprising a communication event arising within the primary controller;
replicating, to at least one randomly selected secondary controller from the plurality of secondary controllers, the at least one intercepted message and the at least one intercepted cache update;
directing a response to the at least one message from the primary controller, a response to the at least one cache update, a response to the at least one replicated message, and a response to the replicated at least one cache update to a verification subsystem; and
verifying the at least one replicated message and the at least one replicated cache update in the verification subsystem, wherein the verifying comprises comparing the responses from the primary controller with the responses from the at least one randomly selected secondary controller.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and arrangements for verifying controller actions in a clustered software defined network. A contemplated method includes: intercepting at least one message at the primary controller; wherein the at least one intercepted message comprises a message that induces one or more changes in the network; intercepting at least one cache update in the network; replicating the at least one intercepted message and the at least one cache update; directing the at least one replicated message and the at least one replicated cache update to a verification subsystem; and verifying the at least one replicated message and the at least one replicated cache update in the verification subsystem. Other variants and embodiments are broadly contemplated herein.
8 Citations
18 Claims
-
1. A method of verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said method comprising:
-
utilizing one or more processors to execute computer code that performs the steps of; intercepting at least one message at the primary controller wherein the at least one message is associated with an external trigger comprising a communication event arising from outside the primary controller; wherein the at least one intercepted message comprises a message that induces one or more changes in the network; intercepting at least one cache update in the network, wherein the at least one cache update is responsive to an internal trigger comprising a communication event arising within the primary controller; replicating, to at least one randomly selected secondary controller from the plurality of secondary controllers, the at least one intercepted message and the at least one intercepted cache update; directing a response to the at least one message from the primary controller, a response to the at least one cache update, a response to the at least one replicated message, and a response to the replicated at least one cache update to a verification subsystem; and verifying the at least one replicated message and the at least one replicated cache update in the verification subsystem, wherein the verifying comprises comparing the responses from the primary controller with the responses from the at least one randomly selected secondary controller. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said system comprising:
-
a plurality of processors; and one or more computer readable storage medium having computer readable program code embodied therewith and executable by the plurality of processors, the computer readable program code comprising; computer readable program code that intercepts at least one message at the primary controller, wherein the at least one message is associated with an external trigger comprising a communication event arising from outside the primary controller; wherein the at least one intercepted message comprises a message that induces one or more changes in the network; computer readable program code that intercepts at least one cache update in the network, wherein the at least one cache update is responsive to an internal trigger comprising a communication event arising within the primary controller; computer readable program code that replicates, to at least one randomly selected secondary controller from the plurality of secondary controllers, the at least one intercepted message and the at least one intercepted cache update; computer readable program code that directs a response to the at least one message from the primary controller, a response to the at least one cache update, a response to the at least one replicated messages and a response to the at least one replicated cache update to a verification subsystem; and computer readable program code that verifies the at least one replicated message and the at least one replicated cache update in the verification subsystem, wherein the verifying comprises comparing the responses from the primary controller with the responses from the at least one randomly selected secondary controller.
-
-
11. A computer program product for verifying controller actions in a clustered software defined network comprising a primary controller and a plurality of secondary controllers, said computer program product comprising:
-
a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising; computer readable program code that intercepts at least one message at the primary controller, wherein the at least one message is associated with an external trigger comprising a communication event arising from outside the primary controller; wherein the at least one intercepted message comprises a message that induces one or more changes in the network; computer readable program code that intercepts at least one cache update in the network, wherein the at least one cache update is responsive to an internal trigger comprising a communication event arising within the primary controller; computer readable program code that replicates, to at least one randomly selected secondary controller from the plurality of secondary controllers, the at least one intercepted message and the at least one intercepted cache update; computer readable program code that directs a response to the at least one message from the primary controller, a response to the at least one cache update, a response to the at least one replicated message, and a response to the at least one replicated cache update to a verification subsystem; and computer readable program code that verifies the at least one replicated message and the at least one replicated cache update in the verification subsystem, wherein the verifying comprises comparing the responses from the primary controller with the responses from the at least one randomly selected secondary controller. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
intercepting messages, at a hypervisor, to and from a controller in a clustered software defined network; the intercepted messages including at least one network update corresponding to an external trigger comprising a communication event arising from outside the controller, and at least one cache update for a distributed data store in communication with the network, wherein the at least one cache update is responsive to an internal trigger comprising a communication event arising within the controller; replicating all the intercepted messages to a verification subsystem comprising at least one randomly selected secondary controller; the verification subsystem comprising a distributed subsystem which includes at least one randomly selected controller node in the network and an out-of-band verifier; and utilizing the verification subsystem to verify responses to the messages from a suspect controller by comparing the responses, to the external trigger and the internal triggers, from the controller, with responses, to the replicated intercepted messages, from the at least one randomly selected secondary controller.
-
Specification