SDN Version Control

We have built a distributed controller that logs flow table changes.  Using a Lamport clock to reason about causality, we preserve histories of the network configurations and the applications and events that caused changes to the network.  Using these histories, we can rollback a buggy network to a previously-working configuration.  Similarly, we can use the histories we collect for:

  1. Debugging: E.g., we can replay the different network configurations to determine exactly when an invariant was violated and which network application violated it.
  3. Analytics: E.g., how are counters changing, what events are occurring frequently in the network?
  5. Security forensics: E.g., as a result of a misconfiguration, how long was my network exposed to malicious traffic, and which nodes on it were?

For more info, please contact: Behram Mistree