-
Notifications
You must be signed in to change notification settings - Fork 99
Query Policies
In traditional OpenFlow programs, collecting traffic statistics involves installing rules (so that byte and packet counters are available), issuing queries to poll these counters, parsing the responses when they arrive, and combining counter values across multiple rules. In Pyretic, network monitors are just another simple type of policy that may be conjoined to any of the other policies seen so far. The table below shows several different kinds of monitoring policies available in Pyretic, including policies that monitor raw packets, packet counts, and byte counts. The forwarding behavior of these policies is the same as a policy that drops all packets.
Syntax | Summary |
packets( limit=n, group_by=[f1,f2,...]) |
callback on every packet received for up to n packets identical on fields f1,f2,... |
count_packets( interval=t, group_by=[f1,f2,...]) |
count every packet received callback every t seconds providing count for each group |
count_bytes( interval=t, group_by=[f1,f2,...]) |
count every byte received callback every t seconds providing count for each group |
For example, a programmer may create a new query for the first packet arriving from each unique source IP
Q = packets(limit=1,group_by=['srcip'])
and restrict it to web-traffic requests (i.e., packets destined to TCP port 80):
match(dstport=80) >> Q
To print each packet that arrives at Q, the programmer registers a callback routine to handle Q's callback,
def printer(pkt):
print pkt
Q.register_callback(printer)
The runtime system handles all of the low-level details of supporting queries-installing rules, polling the counters, receiving the responses, combining the results as needed, and composing query implementation with the implementation of other policies. For example, suppose the programmer composes the example monitoring query with a routing policy that forwards packets based on the destination IP address. The runtime system ensures that the first TCP port 80 packet from each source IP address reaches the application's printer routine, while guaranteeing that this packet (and all subsequent packets from this source) are forwarded to the output port indicated by the routing policy.
When using proactively compiled counting queries in mininet with OpenVSwitch, it is possible that counts are under-reported when the network policy changes too fast. This is because counters may not be updated frequently enough for switch rules that change too fast, resulting in the polled flow counters not accounting for all traffic processed by those rules.