3,451 research outputs found
Scaling Network Verification using Symmetry and Surgery
Abstract On the surface, large data centers with about 100,000 stations and nearly a million routing rules are complex and hard to verify. However, these networks are highly regular by design; for example they employ fat tree topologies with backup routers interconnected by redundant patterns. To exploit these regularities, we introduce network transformations: given a reachability formula and a network, we transform the network into a simpler to verify network and a corresponding transformed formula, such that the original formula is valid in the network if and only if the transformed formula is valid in the transformed network. Our network transformations exploit network surgery (in which irrelevant or redundant sets of nodes, headers, ports, or rules are "sliced" away) and network symmetry (say between backup routers). The validity of these transformations is established using a formal theory of networks. In particular, using Van BenthemHennessy-Milner style bisimulation, we show that one can generally associate bisimulations to transformations connecting networks and formulas with their transforms. Our work is a development in an area of current wide interest: applying programming language techniques (in our case bisimulation and modal logic) to problems in switching networks. We provide experimental evidence that our network transformations can speed up by 65x the task of verifying the communication between all pairs of Virtual Machines in a large datacenter network with about 100,000 VMs. An all-pair reachability calculation, which formerly took 5.5 days, can be done in 2 hours, and can be easily parallelized to complete in minutes
Control Plane Compression
We develop an algorithm capable of compressing large networks into a smaller
ones with similar control plane behavior: For every stable routing solution in
the large, original network, there exists a corresponding solution in the
compressed network, and vice versa. Our compression algorithm preserves a wide
variety of network properties including reachability, loop freedom, and path
length. Consequently, operators may speed up network analysis, based on
simulation, emulation, or verification, by analyzing only the compressed
network. Our approach is based on a new theory of control plane equivalence. We
implement these ideas in a tool called Bonsai and apply it to real and
synthetic networks. Bonsai can shrink real networks by over a factor of 5 and
speed up analysis by several orders of magnitude.Comment: Extended version of the paper appearing in ACM SIGCOMM 201
Abstract Interpretation of Stateful Networks
Modern networks achieve robustness and scalability by maintaining states on
their nodes. These nodes are referred to as middleboxes and are essential for
network functionality. However, the presence of middleboxes drastically
complicates the task of network verification. Previous work showed that the
problem is undecidable in general and EXPSPACE-complete when abstracting away
the order of packet arrival.
We describe a new algorithm for conservatively checking isolation properties
of stateful networks. The asymptotic complexity of the algorithm is polynomial
in the size of the network, albeit being exponential in the maximal number of
queries of the local state that a middlebox can do, which is often small.
Our algorithm is sound, i.e., it can never miss a violation of safety but may
fail to verify some properties. The algorithm performs on-the fly abstract
interpretation by (1) abstracting away the order of packet processing and the
number of times each packet arrives, (2) abstracting away correlations between
states of different middleboxes and channel contents, and (3) representing
middlebox states by their effect on each packet separately, rather than taking
into account the entire state space. We show that the abstractions do not lose
precision when middleboxes may reset in any state. This is encouraging since
many real middleboxes reset, e.g., after some session timeout is reached or due
to hardware failure
Towards Model Checking Real-World Software-Defined Networks (version with appendix)
In software-defined networks (SDN), a controller program is in charge of
deploying diverse network functionality across a large number of switches, but
this comes at a great risk: deploying buggy controller code could result in
network and service disruption and security loopholes. The automatic detection
of bugs or, even better, verification of their absence is thus most desirable,
yet the size of the network and the complexity of the controller makes this a
challenging undertaking. In this paper we propose MOCS, a highly expressive,
optimised SDN model that allows capturing subtle real-world bugs, in a
reasonable amount of time. This is achieved by (1) analysing the model for
possible partial order reductions, (2) statically pre-computing packet
equivalence classes and (3) indexing packets and rules that exist in the model.
We demonstrate its superiority compared to the state of the art in terms of
expressivity, by providing examples of realistic bugs that a prototype
implementation of MOCS in UPPAAL caught, and performance/scalability, by
running examples on various sizes of network topologies, highlighting the
importance of our abstractions and optimisations
- …