![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gdtNetwork configuration must respond to changing network conditions
- eg: peak/offpeak, shifts in traffic load, security events
- eg: ratelimit bittorrent traffic in business hours, if host infected then send to captive portal
Dynamic-driven control domains:
- time (peak, dates)
- history (data usage, traffic rate, delay or loss)
- user (identity or policy group)
- plus the usual packet headers
Resonance: a finite state machine
- dynamic event handler listens to network events then updates state
- the state change may update the flowtable entries on switches
Example: access control for campus network
- guest portals and infection scanners want to change user VLANs, but changing a device's IP address needs a reboot
- doing this in OpenFlow can express what the host can reach in different state, the host doesn't need to readdress as the VLAN doesn't change
Can run seperate state machines and then sequentially compose them.
- eg: authentication (with states Authenticated, Unauthenticated) and instrusion detection (with states Quarantined, Clean)
Summary:
- network configuration often has to respond to events
- state machines can determine which rules to install
- composition can help keep the FSM simple
- eg: peak/offpeak, shifts in traffic load, security events
- eg: ratelimit bittorrent traffic in business hours, if host infected then send to captive portal
Dynamic-driven control domains:
- time (peak, dates)
- history (data usage, traffic rate, delay or loss)
- user (identity or policy group)
- plus the usual packet headers
Resonance: a finite state machine
- dynamic event handler listens to network events then updates state
- the state change may update the flowtable entries on switches
Example: access control for campus network
- guest portals and infection scanners want to change user VLANs, but changing a device's IP address needs a reboot
- doing this in OpenFlow can express what the host can reach in different state, the host doesn't need to readdress as the VLAN doesn't change
Can run seperate state machines and then sequentially compose them.
- eg: authentication (with states Authenticated, Unauthenticated) and instrusion detection (with states Quarantined, Clean)
Summary:
- network configuration often has to respond to events
- state machines can determine which rules to install
- composition can help keep the FSM simple