Network-wide Configuration Synthesis

Computer networks are hard to manage. Given a set of high-level requirements (e.g., reachability, security), operators have to manually figure out the individual configuration of potentially hundreds of devices running complex distributed protocols so that they, collectively, compute a compatible forwarding state. Not surprisingly, operators often make mistakes which lead to downtimes. To address this problem, we present a novel synthesis approach that automatically computes correct network configurations that comply with the operator's requirements. We capture the behavior of existing routers along with the distributed protocols they run in stratified Datalog. Our key insight is to reduce the problem of finding correct input configurations to the task of synthesizing inputs for a stratified Datalog program. To solve this synthesis task, we introduce a new algorithm that synthesizes inputs for stratified Datalog programs. This algorithm is applicable beyond the domain of networks. We leverage our synthesis algorithm to construct the first network-wide configuration synthesis system, called SyNET, that support multiple interacting routing protocols (OSPF and BGP) and static routes. We show that our system is practical and can infer correct input configurations, in a reasonable amount time, for networks of realistic size (> 50 routers) that forward packets for multiple traffic classes.Comment: 24 Pages, short version published in CAV 201

Multi-Hop Wireless Networking with OSPF: MPR-based Routing Extensions for MANETs

Incorporating multi-hop wireless networks in the IP infrastructure is an effort to which a growing community participates. One instance of such activity is the extension of the routing protocol OSPF, for operation on MANETs. Such extension allows OSPF, the most widely deployed interior gateway routing protocol on the Internet, to work on heterogeneous networks encompassing both wired and wireless routers. The latter may self-organize as multi-hop wireless subnetworks, and may be mobile. Three solutions have been proposed for this extension, among which two based on techniques derived from multi-point relaying (MPR) techniques and OLSR. This paper analyzes these two approaches and identifies some fundamental discussion items that pertain to adapting OSPF mechanisms to multi-hop wireless networking, before concluding with a proposal for a unique, merged solution based on this analysis

Методи протидії атакам на протокол маршрутизації OSPF

У роботі був зроблений огляд поняття динамічна маршрутизація, основних специфікацій протоколу, вбудованих механізмів захисту, прописаних у специфікації протоколу; проведено аналіз статистичної інформації, щодо вразливостей, знайдених для протоколу OSPF та імплементовано обрані методи протидії атакам до емульованої автономної системи. Метою роботи є побудова ефективних методів протидії атакам на протокол динамічної маршрутизації OSPF. Об'єктом дослідження дипломної роботи є система маршрутизації на основі протоколу OSPF. Предметом дослідження дипломної роботи є механізми захисту протоколу динамічної маршрутизації OSPF.The paper reviews the concept of dynamic routing, the main specifications of the protocol, built-in security mechanisms prescribed in the protocol specifications; the analysis of statistical information on vulnerabilities found for the OSPF protocol was carried out and the chosen methods of counteracting attacks to the emulated autonomous system were implemented. The aim of the thesis is to build effective methods of counteracting attacks on the OSPF dynamic routing protocol. The object of the thesis is a routing system based on the OSPF protocol. The subject of the thesis is the mechanisms of protection of the dynamic routing protocol OSPF