1,833 research outputs found
Forwarding Tables Verification through Representative Header Sets
Forwarding table verification consists in checking the distributed
data-structure resulting from the forwarding tables of a network. A classical
concern is the detection of loops. We study this problem in the context of
software-defined networking (SDN) where forwarding rules can be arbitrary
bitmasks (generalizing prefix matching) and where tables are updated by a
centralized controller. Basic verification problems such as loop detection are
NP-hard and most previous work solves them with heuristics or SAT solvers. We
follow a different approach based on computing a representation of the header
classes, i.e. the sets of headers that match the same rules. This
representation consists in a collection of representative header sets, at least
one for each class, and can be computed centrally in time which is polynomial
in the number of classes. Classical verification tasks can then be trivially
solved by checking each representative header set. In general, the number of
header classes can increase exponentially with header length, but it remains
polynomial in the number of rules in the practical case where rules are
constituted with predefined fields where exact, prefix matching or range
matching is applied in each field (e.g., IP/MAC addresses, TCP/UDP ports). We
propose general techniques that work in polynomial time as long as the number
of classes of headers is polynomial and that do not make specific assumptions
about the structure of the sets associated to rules. The efficiency of our
method rely on the fact that the data-structure representing rules allows
efficient computation of intersection, cardinal and inclusion. Finally, we
propose an algorithm to maintain such representation in presence of updates
(i.e., rule insert/update/removal). We also provide a local distributed
algorithm for checking the absence of black-holes and a proof labeling scheme
for locally checking the absence of loops
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates
under the premise that the logically centralized control plane has an accurate
representation of the actual data plane state. Unfortunately, bugs,
misconfigurations, faults or attacks can introduce inconsistencies that
undermine correct operation. Previous work in this area, however, lacks a
holistic methodology to tackle this problem and thus, addresses only certain
parts of the problem. Yet, the consistency of the overall system is only as
good as its least consistent part. Motivated by an analogy of network
consistency checking with program testing, we propose to add active probe-based
network state fuzzing to our consistency check repertoire. Hereby, our system,
PAZZ, combines production traffic with active probes to periodically test if
the actual forwarding path and decision elements (on the data plane) correspond
to the expected ones (on the control plane). Our insight is that active traffic
covers the inconsistency cases beyond the ones identified by passive traffic.
PAZZ prototype was built and evaluated on topologies of varying scale and
complexity. Our results show that PAZZ requires minimal network resources to
detect persistent data plane faults through fuzzing and localize them quickly
while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted
in IEEE Transactions of Network and Service Management (TNSM), 2019 with the
title "Towards Consistent SDNs: A Case for Network State Fuzzing
A Fast Compiler for NetKAT
High-level programming languages play a key role in a growing number of
networking platforms, streamlining application development and enabling precise
formal reasoning about network behavior. Unfortunately, current compilers only
handle "local" programs that specify behavior in terms of hop-by-hop forwarding
behavior, or modest extensions such as simple paths. To encode richer "global"
behaviors, programmers must add extra state -- something that is tricky to get
right and makes programs harder to write and maintain. Making matters worse,
existing compilers can take tens of minutes to generate the forwarding state
for the network, even on relatively small inputs. This forces programmers to
waste time working around performance issues or even revert to using
hardware-level APIs.
This paper presents a new compiler for the NetKAT language that handles rich
features including regular paths and virtual networks, and yet is several
orders of magnitude faster than previous compilers. The compiler uses symbolic
automata to calculate the extra state needed to implement "global" programs,
and an intermediate representation based on binary decision diagrams to
dramatically improve performance. We describe the design and implementation of
three essential compiler stages: from virtual programs (which specify behavior
in terms of virtual topologies) to global programs (which specify network-wide
behavior in terms of physical topologies), from global programs to local
programs (which specify behavior in terms of single-switch behavior), and from
local programs to hardware-level forwarding tables. We present results from
experiments on real-world benchmarks that quantify performance in terms of
compilation time and forwarding table size
Using alloy to formally model and reason about an OpenFlow network switch
Openflow provides a standard interface for separating a network into a data plane and a programmatic control plane. This enables easy network reconfiguration, but introduces the potential for programming bugs to cause network effects. To study OpenFlow switch behavior, we used Alloy to create a software abstraction describing the internal state of a network and its OpenFlow switches. This work is an attempt to model the static and dynamic behaviour a network built using OpenFlow switches
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
VERMONT : an In-band telemetry-based approach for live network property verification
The verification of network properties is often an exhaustive and time-consuming effort. The number of configurations needed to be analyzed by static verification increases as the networks grow larger, and the processing time consumed becomes prohibitive. Equally important, existing approaches fall short of detecting violations in dynamic environments. While the field of static verification has received significant attention in the last few years, few research efforts have been made to verify networks in production time. Capitalizing on the emergence of programmable data planes, in this thesis, we propose VERMONT, an In-Band Network Telemetry verification approach that continuously verifies network properties as the state of the networks changes. The key contribution of our work is an in-network system capable of continuously collecting the metadata from the network to verify properties in real-time. By efficiently retrieving only the necessary information from the network, VERMONT can accurately and quickly reason whether a set of proper ties is being held or not at a given time within the network. We implemented VERMONT, evaluated its performance using realistic settings, and compared it with a state-of-the-art approach. The results show that the proposed solution is technically feasible and performs at least one order of magnitude faster than a static verification counterpart. We also pro vide evidence that VERMONT incurs a very low resource usage footprint considering its application in several real-world networks.A verificação de propriedades de rede geralmente representa um esforço exaustivo e de morado. O número de configurações que precisam ser analisadas pela verificação estática aumenta à medida que as redes crescem, e o tempo de processamento consumido torna se proibitivo. Igualmente importante, as abordagens existentes não conseguem detectar violações em ambientes dinâmicos. Embora o campo de verificação estática tenha rece bido atenção significativa nos últimos anos, poucos esforços de pesquisa foram feitos para verificar redes em tempo de “execução”. Aproveitando o surgimento de planos de dados programáveis, nesta dissertação propomos VERMONT, uma abordagem de verificação ba seada em telemetria de rede in-band que verifica continuamente propriedades à medida que o estado da rede muda. A principal contribuição do trabalho é um sistema capaz de coletar, continuamente, metadados da rede para verificar as propriedades em tempo real. Ao recuperar com eficiência apenas as informações necessárias, VERMONT pode “racio cinar” com precisão e rapidez se um conjunto de propriedades está sendo satisfeito ou não em um determinado momento. Implementamos VERMONT, avaliamos seu desempenho usando configurações realistas e a comparamos com uma abordagem de última geração. Os resultados mostram que a solução proposta é tecnicamente viável e executa pelo me nos uma ordem de grandeza mais rápido do que uma contraparte de verificação estática. Também fornecemos evidências de que VERMONT incorre em uma utilização de recursos muito baixa, considerando sua aplicação em várias redes do mundo real
Diagnose network failures via data-plane analysis
Diagnosing problems in networks is a time-consuming and error-prone process. Previous tools to assist operators primarily focus on analyzing control
plane configuration. Configuration analysis is limited in that it cannot find
bugs in router software, and is harder to generalize across protocols since it
must model complex configuration languages and dynamic protocol behavior.
This paper studies an alternate approach: diagnosing problems through
static analysis of the data plane. This approach can catch bugs that are
invisible at the level of configuration files, and simplifies unified analysis of a
network across many protocols and implementations. We present Anteater, a
tool for checking invariants in the data plane. Anteater translates high-level
network invariants into boolean satisfiability problems, checks them against
network state using a SAT solver, and reports counterexamples if violations
have been found. Applied to a large campus network, Anteater revealed 23
bugs, including forwarding loops and stale ACL rules, with only five false
positives. Nine of these faults are being fixed by campus network operators
- …