Consistent SDNs through Network State Fuzzing

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly

Consistent SDNs through Network State Fuzzing

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Unfortunately, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to periodically test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted in IEEE Transactions of Network and Service Management (TNSM), 2019 with the title "Towards Consistent SDNs: A Case for Network State Fuzzing

Switch as a Verifier: Toward Scalable Data Plane Checking via Distributed, On-Device Verification

Data plane verification (DPV) is important for finding network errors. Current DPV tools employ a centralized architecture, where a server collects the data planes of all devices and verifies them. Despite substantial efforts on accelerating DPV, this centralized architecture is inherently unscalable. In this paper, to tackle the scalability challenge of DPV, we circumvent the scalability bottleneck of centralized design and design Coral, a distributed, on-device DPV framework. The key insight of Coral is that DPV can be transformed into a counting problem on a directed acyclic graph, which can be naturally decomposed into lightweight tasks executed at network devices, enabling scalability. Coral consists of (1) a declarative requirement specification language, (2) a planner that employs a novel data structure DVNet to systematically decompose global verification into on-device counting tasks, and (3) a distributed verification (DV) protocol that specifies how on-device verifiers communicate task results efficiently to collaboratively verify the requirements. We implement a prototype of Coral. Extensive experiments with real-world datasets (WAN/LAN/DC) show that Coral consistently achieves scalable DPV under various networks and DPV scenarios, i.e., up to 1250 times speed up in the scenario of burst update, and up to 202 times speed up on 80% quantile of incremental verification, than state-of-the-art DPV tools, with little overhead on commodity network devices

Network analysis, inference and verification

Securely operating large-scale networks is a non-trivial task involving interactions between various hardware devices, protocols, and configurations, all of which need to work in tandem for the network to be secure and in the desired state that the network administrators want it to be in. Misconfigurations or malicious activities in the network can disrupt it resulting in dire effects including but not limited to outages of critical applications and breach of sensitive information. In this work, we propose a robust framework for diagnosing such anomalies across enterprise networks, and study their impact in terms of changes in routing behavior and reachability. To study the network as closely as possible to its actual behavior we perform analysis on data plane features as they govern the journey of a packet during its life-cycle across the network. We perform temporal analysis of the network as a whole and inspect the evolution of various properties. We then determine the deviation of the network relative to its previous states and identify as accurately as possible if the current state is anomalous. Given the historic states of the network over some time, we also try to infer high-level policies and invariants in the network. These allow for running various verification techniques on the network. Finally, we propose a network verification tool designed to verify the network as a dynamic, multi-layer distributed system. The richness of this tool’s network model allows it to find network issues that are not detectable using state of the art tools which work solely on either data plane states or control plane states without examining the interaction of the two among themselves and temporally with the network environment. Building on this verification tool, we propose a technique for high-coverage testing of end-to-end network correctness using the real software that is deployed in these networks; our design is effectively a hybrid, using an explicit-state model checker to explore all network-wide execution paths and event orderings, but executing real software as subroutines for each device. We show that this approach can detect correctness issues that would be missed both by existing verification and testing approaches, and a prototype implementation suggests that the technique can scale to larger networks with reasonable performance. Thus, our framework provides an end to end solution for network analysis, inference and verification

Verifiably-safe software-defined networks for CPS

Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., not requiring manual intervention at any stage), but still maintain iron-clad safety guarantees. Software-defined networking standards like OpenFlow provide a means for scalably building tailor-made network architectures, but there is no guarantee that these systems are safe, correct, or secure. In this work we propose a methodology and accompanying tools for specifying and modeling distributed systems such that existing formal verification techniques can be transparently used to analyze critical requirements and properties prior to system implementation. We demonstrate this methodology by iteratively modeling and verifying an OpenFlow learning switch network with respect to network correctness, network convergence, and mobility-related properties. We posit that a design strategy based on the complementary pairing of software-defined networking and formal verification would enable the CPS community to build next-generation systems without sacrificing the safety and reliability that these systems must deliver

TransNFV: Integrating Transactional Semantics for Efficient State Management in Virtual Network Functions

Managing shared mutable states in high concurrency state access operations is a persistent challenge in Network Functions Virtualization (NFV). This is particularly true when striving to meet chain output equivalence (COE) requirements. This paper presents TransNFV, an innovative NFV framework that incorporates transactional semantics to optimize NFV state management. The TransNFV integrates VNF state access operations as transactions, resolves transaction dependencies, schedules transactions dynamically, and executes transactions efficiently. Initial findings suggest that TransNFV maintains shared VNF state consistency, meets COE requirements, and skillfully handles complex cross-flow states in dynamic network conditions. TransNFV thus provides a promising solution to enhance state management and overall performance in future NFV platforms