81 research outputs found
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates
under the premise that the logically centralized control plane has an accurate
representation of the actual data plane state. Unfortunately, bugs,
misconfigurations, faults or attacks can introduce inconsistencies that
undermine correct operation. Previous work in this area, however, lacks a
holistic methodology to tackle this problem and thus, addresses only certain
parts of the problem. Yet, the consistency of the overall system is only as
good as its least consistent part. Motivated by an analogy of network
consistency checking with program testing, we propose to add active probe-based
network state fuzzing to our consistency check repertoire. Hereby, our system,
PAZZ, combines production traffic with active probes to periodically test if
the actual forwarding path and decision elements (on the data plane) correspond
to the expected ones (on the control plane). Our insight is that active traffic
covers the inconsistency cases beyond the ones identified by passive traffic.
PAZZ prototype was built and evaluated on topologies of varying scale and
complexity. Our results show that PAZZ requires minimal network resources to
detect persistent data plane faults through fuzzing and localize them quickly
while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted
in IEEE Transactions of Network and Service Management (TNSM), 2019 with the
title "Towards Consistent SDNs: A Case for Network State Fuzzing
Switch as a Verifier: Toward Scalable Data Plane Checking via Distributed, On-Device Verification
Data plane verification (DPV) is important for finding network errors.
Current DPV tools employ a centralized architecture, where a server collects
the data planes of all devices and verifies them. Despite substantial efforts
on accelerating DPV, this centralized architecture is inherently unscalable. In
this paper, to tackle the scalability challenge of DPV, we circumvent the
scalability bottleneck of centralized design and design Coral, a distributed,
on-device DPV framework. The key insight of Coral is that DPV can be
transformed into a counting problem on a directed acyclic graph, which can be
naturally decomposed into lightweight tasks executed at network devices,
enabling scalability. Coral consists of (1) a declarative requirement
specification language, (2) a planner that employs a novel data structure DVNet
to systematically decompose global verification into on-device counting tasks,
and (3) a distributed verification (DV) protocol that specifies how on-device
verifiers communicate task results efficiently to collaboratively verify the
requirements. We implement a prototype of Coral. Extensive experiments with
real-world datasets (WAN/LAN/DC) show that Coral consistently achieves scalable
DPV under various networks and DPV scenarios, i.e., up to 1250 times speed up
in the scenario of burst update, and up to 202 times speed up on 80% quantile
of incremental verification, than state-of-the-art DPV tools, with little
overhead on commodity network devices
Network analysis, inference and verification
Securely operating large-scale networks is a non-trivial task involving interactions between various hardware devices, protocols, and configurations, all of which need to work in tandem for the network to be secure and in the desired state that the network administrators want it to be in. Misconfigurations or malicious activities in the network can disrupt it resulting in dire effects including but not limited to outages of critical applications and breach of sensitive information.
In this work, we propose a robust framework for diagnosing such anomalies across enterprise networks, and study their impact in terms of changes in routing behavior and reachability. To study the network as closely as possible to its actual behavior we perform analysis on data plane features as they govern the journey of a packet during its life-cycle across the network. We perform temporal analysis of the network as a whole and inspect the evolution of various properties. We then determine the deviation of the network relative to its previous states and identify as accurately as possible if the current state is anomalous. Given the historic states of the network over some time, we also try to infer high-level policies and invariants in the network. These allow for running various verification techniques on the network. Finally, we propose a network verification tool designed to verify the network as a dynamic, multi-layer distributed system. The richness of this tool’s network model allows it to find network issues that are not detectable using state of the art tools which work solely on either data plane states or control plane states without examining the interaction of the two among themselves and temporally with the network environment. Building on this verification tool, we propose a technique for high-coverage testing of end-to-end network correctness using the real software that is deployed in these networks; our design is effectively a hybrid, using an explicit-state model checker to explore all network-wide execution paths and event orderings, but executing real software as subroutines for each device. We show that this approach can detect correctness issues that would be missed both by existing verification and testing approaches, and a prototype implementation suggests that the technique can scale to larger networks with reasonable performance.
Thus, our framework provides an end to end solution for network analysis, inference and verification
Verifiably-safe software-defined networks for CPS
Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., not requiring manual intervention at any stage), but still maintain iron-clad safety guarantees. Software-defined networking standards like OpenFlow provide a means for scalably building tailor-made network architectures, but there is no guarantee that these systems are safe, correct, or secure. In this work we propose a methodology and accompanying tools for specifying and modeling distributed systems such that existing formal verification techniques can be transparently used to analyze critical requirements and properties prior to system implementation. We demonstrate this methodology by iteratively modeling and verifying an OpenFlow learning switch network with respect to network correctness, network convergence, and mobility-related properties. We posit that a design strategy based on the complementary pairing of software-defined networking and formal verification would enable the CPS community to build next-generation systems without sacrificing the safety and reliability that these systems must deliver
TransNFV: Integrating Transactional Semantics for Efficient State Management in Virtual Network Functions
Managing shared mutable states in high concurrency state access operations is
a persistent challenge in Network Functions Virtualization (NFV). This is
particularly true when striving to meet chain output equivalence (COE)
requirements. This paper presents TransNFV, an innovative NFV framework that
incorporates transactional semantics to optimize NFV state management. The
TransNFV integrates VNF state access operations as transactions, resolves
transaction dependencies, schedules transactions dynamically, and executes
transactions efficiently. Initial findings suggest that TransNFV maintains
shared VNF state consistency, meets COE requirements, and skillfully handles
complex cross-flow states in dynamic network conditions. TransNFV thus provides
a promising solution to enhance state management and overall performance in
future NFV platforms
- …