12 research outputs found
Control Plane Compression
We develop an algorithm capable of compressing large networks into a smaller
ones with similar control plane behavior: For every stable routing solution in
the large, original network, there exists a corresponding solution in the
compressed network, and vice versa. Our compression algorithm preserves a wide
variety of network properties including reachability, loop freedom, and path
length. Consequently, operators may speed up network analysis, based on
simulation, emulation, or verification, by analyzing only the compressed
network. Our approach is based on a new theory of control plane equivalence. We
implement these ideas in a tool called Bonsai and apply it to real and
synthetic networks. Bonsai can shrink real networks by over a factor of 5 and
speed up analysis by several orders of magnitude.Comment: Extended version of the paper appearing in ACM SIGCOMM 201
LIGHTYEAR: Using Modularity to Scale BGP Control Plane Verification
Current network control plane verification tools cannot scale to large
networks, because of the complexity of jointly reasoning about the behaviors of
all nodes in the network. In this paper we present a modular approach to
control plane verification, whereby end-to-end network properties are verified
via a set of purely local checks on individual nodes and edges. The approach
targets the verification of safety properties for BGP configurations and
provides guarantees in the face of both arbitrary external route announcements
from neighbors and arbitrary node/link failures. We have proven the approach
correct and also implemented it in a tool called Lightyear. Experimental
results show that Lightyear scales dramatically better than prior control plane
verifiers. Further, we have used Lightyear to verify three properties of the
wide area network of a major cloud provider, containing hundreds of routers and
tens of thousands of edges. To our knowledge no prior tool has been
demonstrated to provide such guarantees at that scale. Finally, in addition to
the scaling benefits, our modular approach to verification makes it easy to
localize the causes of configuration errors and to support incremental
re-verification as configurations are updatedComment: 12 pages (+ 2 pages references), 3 figures submitted to NSDI '2
Modular Control Plane Verification via Temporal Invariants
Satisfiability Modulo Theory (SMT)-based tools for network control plane
analysis make it possible to reason exhaustively about interactions with peer
networks and to detect vulnerabilities such as accidental use of a network as
transit or prefix hijacking. SMT-based reasoning also facilitates synthesis and
repair. To scale SMT-based verification to large networks, we introduce
Timepiece, a new modular control plane verification system. While past
verifiers like Minesweeper were based on analysis of stable paths, we show that
such models, when deployed naively in service of modular verification, are
unsound. To rectify the situation, we adopt a routing model based around a
logical notion of time and develop a sound, expressive, and scalable
verification engine. Our system requires that a user specifies interfaces
between module components. We develop methods for defining these interfaces
using predicates inspired by temporal logic, and show how to use those
interfaces to verify a range of network-wide properties such as reachability,
"no transit," and "no hijacking." Verifying a prefix-filtering policy using a
non-modular verification engine times out on a 320-node fattree network after 4
hours. However, Timepiece verifies a 4,500-node fattree in 6.5 minutes on a
96-core virtual machine. Modular verification of individual routers is
embarrassingly parallel and completes in seconds, which allows verification to
scale beyond non-modular engines, while still allowing the full power of
SMT-based symbolic reasoning.Comment: 12 pages (+3 pages references, 1 page proofs), 7 figures, submitted
to NSDI 202
Switch as a Verifier: Toward Scalable Data Plane Checking via Distributed, On-Device Verification
Data plane verification (DPV) is important for finding network errors.
Current DPV tools employ a centralized architecture, where a server collects
the data planes of all devices and verifies them. Despite substantial efforts
on accelerating DPV, this centralized architecture is inherently unscalable. In
this paper, to tackle the scalability challenge of DPV, we circumvent the
scalability bottleneck of centralized design and design Coral, a distributed,
on-device DPV framework. The key insight of Coral is that DPV can be
transformed into a counting problem on a directed acyclic graph, which can be
naturally decomposed into lightweight tasks executed at network devices,
enabling scalability. Coral consists of (1) a declarative requirement
specification language, (2) a planner that employs a novel data structure DVNet
to systematically decompose global verification into on-device counting tasks,
and (3) a distributed verification (DV) protocol that specifies how on-device
verifiers communicate task results efficiently to collaboratively verify the
requirements. We implement a prototype of Coral. Extensive experiments with
real-world datasets (WAN/LAN/DC) show that Coral consistently achieves scalable
DPV under various networks and DPV scenarios, i.e., up to 1250 times speed up
in the scenario of burst update, and up to 202 times speed up on 80% quantile
of incremental verification, than state-of-the-art DPV tools, with little
overhead on commodity network devices
ProbNV: probabilistic verification of network control planes
ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet scalable enough to handle challenging properties, such as probabilistic all-failures analysis of medium-sized networks with 100-200 devices. When there are a small, bounded number of failures, networks with up to 500 devices may be verified in seconds. ProbNV operates by translating raw CISCO configurations into a probabilistic and functional programming language designed for network verification. This language comes equipped with a novel type system that characterizes the sort of representation to be used for each data structure: concrete for the usual representation of values; symbolic for a BDD-based representation of sets of values; and multi-value for an MTBDD-based representation of values that depend upon symbolics. Careful use of these varying representations speeds execution of symbolic simulation of network models. The MTBDD-based representations are also used to calculate probabilistic properties of network models once symbolic simulation is complete. We implement the language and evaluate its performance on benchmarks constructed from real network topologies and synthesized routing policies
Computer Aided Verification
The open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency