Skip to content
This repository has been archived by the owner on Jun 27, 2018. It is now read-only.

Query Policies

joshreich edited this page Dec 5, 2014 · 7 revisions

In traditional OpenFlow programs, collecting traffic statistics involves installing rules (so that byte and packet counters are available), issuing queries to poll these counters, parsing the responses when they arrive, and combining counter values across multiple rules. In Pyretic, network monitors are just another simple type of policy that may be conjoined to any of the other policies seen so far. The table below shows several different kinds of monitoring policies available in Pyretic, including policies that monitor raw packets, packet counts, and byte counts. The forwarding behavior of these policies is the same as a policy that drops all packets.

Syntax Summary
packets(
 limit=n,
 group_by=[f1,f2,...])
callback on every packet received
for up to n packets identical
on fields f1,f2,...
count_packets(
 interval=t,
 group_by=[f1,f2,...])
count every packet received
callback every t seconds
providing count for each group
count_bytes(
 interval=t,
 group_by=[f1,f2,...])
count every byte received
callback every t seconds
providing count for each group

For example, a programmer may create a new query for the first packet arriving from each unique source IP

 Q = packets(limit=1,group_by=['srcip'])

and restrict it to web-traffic requests (i.e., packets destined to TCP port 80):

 match(dstport=80) >> Q

To print each packet that arrives at Q, the programmer registers a callback routine to handle Q's callback,

 def printer(pkt):
   print pkt

 Q.register_callback(printer)

The runtime system handles all of the low-level details of supporting queries-installing rules, polling the counters, receiving the responses, combining the results as needed, and composing query implementation with the implementation of other policies. For example, suppose the programmer composes the example monitoring query with a routing policy that forwards packets based on the destination IP address. The runtime system ensures that the first TCP port 80 packet from each source IP address reaches the application's printer routine, while guaranteeing that this packet (and all subsequent packets from this source) are forwarded to the output port indicated by the routing policy.

Note

When using proactively compiled counting queries in mininet with OpenVSwitch, it is possible that counts are under-reported when the network policy changes too fast. This is because counters may not be updated frequently enough for switch rules that change too fast, resulting in the polled flow counters not accounting for all traffic processed by those rules.

Clone this wiki locally