Lecture 10, Computer Networks (198:552)

Slides:

Advertisements

Similar presentations

Path Splicing with Network Slicing

Advertisements

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

Chapter 9: Access Control Lists

Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.

Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

Link-State Routing Reading: Sections 4.2 and COS 461: Computer Networks Spring 2011 Mike Freedman

Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.

Network Layer Moving datagrams. How do it know? Tom-Tom.

Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

TCOM 515 Lecture 6.

1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Common Devices Used In Computer Networks

VeriFlow: Verifying Network-Wide Invariants in Real Time

1 Lecture #5 Access Control Lists (ACLs) Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University,

 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

Network Verification Star Wars amd The Empire Strikes Back.

Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

1 Week 5 Lecture 2 IP Layer. 2 Network layer functions transport packet from sending to receiving hosts transport packet from sending to receiving hosts.

Access Control Lists Accessing the WAN – Chapter 5.

Routing and Routing Protocols

Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 20 Omar Meqdadi Department of Computer Science and Software Engineering University.

Access Control Lists (ACL). Access-List Overview 4 A Filter through which all traffic must pass 4 Used to Permit or Deny Access to Network 4 Provides.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.

Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Programming Languages COS 597E: Software Defined Networking.

Spring 2000CS 4611 Routing Outline Algorithms Scalability.

Header Space Analysis: Static Checking for Networks Broadband Network Technology Integrated M.S. and Ph.D. Eun-Do Kim Network Standards Research Section.

Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.

Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.

Routing and Routing Protocols CCNA 2 v3 – Module 6.

IP tutorial - #2 Routing KAIST Dept. of CS NC Lab.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI network layer CCNA Exploration Semester 1 – Chapter 5.

Seyed K. Fayaz, Tushar Sharma, Ari Fogel

Network Layer COMPUTER NETWORKS Networking Standards (Network LAYER)

SDN Network Updates Minimum updates within a single switch

Accessing the WAN – Chapter 5

Dr. Richard Spillman Fall 2006

Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014

Networking Devices.

Advanced Computer Networks

Data Streaming in Computer Networking

COMP 3270 Computer Networks

6.829 Lecture 13: Software Defined Networking

Accessing the WAN – Chapter 5

CS 457 – Lecture 12 Routing Spring 2012.

Intra-Domain Routing Jacob Strauss September 14, 2006.

Accessing the WAN – Chapter 5

Abstractions for Model Checking SDN Controllers

Routing in Packet Networks Shortest Path Routing

Access Control Lists CCNA 2 v3 – Module 11

Software Defined Networking (SDN)

Dynamic Routing Protocols

Dynamic Routing and OSPF

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.

CS4470 Computer Networking Protocols

Communication Networks NETW 501

Switch controller: Routing

CSCI1600: Embedded and Real Time Software

Programmable Networks

Access Control Lists (ACLs)

With slides from Ahmed Khurshid

Computer Networks Protocols

Control-Data Plane Separation

Control-Data Plane Separation

Presentation transcript:

Lecture 10, Computer Networks (198:552) Network Verification Lecture 10, Computer Networks (198:552)

Traditional IP network Management plane Traditional IP network Management plane Configure routers Ex: OSPF link weights Ex: BGP local prefs Control plane Track the topology Exchange messages Compute fwding rules Data plane Fwd packets using computed fwding rules Processor Control plane Data plane BGP OSPF Switching fabric Net interface Net interface Net interface Net interface

Software-Defined Network (SDN) Centralized control plane Data plane Data plane Data plane Data plane

Why verify networks? High-profile outages Caused by human errors more than 50% of the time  “Complex systems break in complex ways” Interactions between protocols Interactions between different administrative domains Networks change all the time Security is increasingly important Intellectually interesting Computer-Aided Design (CAD) for networks [George Varghese] BGP OSPF

Verification: A problem statement

for all M, does N satisfy P? Decision Procedure: An algorithm that answers yes/no Can ask the question under a network change model: static, incremental, or dynamic for all M, does N satisfy P? Property of interest: Loop freedom Blackholes Reachability Equivalence Sequence of messages: Packets, Routing protocol Link failures Network representation: Data plane Control plane

Example: Verifying firewall rules Assume packets just have 2 bits; there are only 2 ports Firewall config: 10 -> fwd(2); *1 -> fwd(1). All others dropped Boolean representation of the network: N: (d1 & ~d0) | ((d1 | ~d1) & d0) Property: only the packets from 00 are dropped P: (~d1 & ~d0) Messages (M): all combinations of boolean variables d0, d1 Verification question: for all d0, d1, is formula N | P valid? i.e., Is ((d1 & ~d0) | ((d1 | ~d1) & d0)) | (~d1 & ~d0) a tautology? Decision procedure: SAT solver!

Typical considerations for verification Size of network representations O(# rules)? # packets? Some product of these things? Speed of decision procedure, e.g., SAT solving Typically NP-hard or worse in the worst case Verification: leveraging average-case complexity Coverage of possible network events Does property hold under firewall rule changes? New protocol messages? Link failures? Strength of properties and counter-examples Does P hold for all packets? Are we looking for one counterexample, or the whole set of violating packets?

Verification, testing, synthesis, eq checks Verification: for all M, does N satisfy P? Testing: For the given M, does N satisfy P? Synthesis: Given P, can you produce an N that satisfies it For all M? For a given set of M? Let N1 be another network representation Equivalence checking: For all M, do N and N1 behave in the same way?, i.e., Either both satisfy P or both violate it

Properties to verify Reachability, isolation, loop freedom Equivalence between data plane rules Replicated configurations (for availability or performance) Reduce to simpler configurations Waypoint properties e.g., does traffic always go through a monitoring node? Ordering constraints on processing: e.g., DPI must follow ACLs Temporal properties, e.g.: After first message from a source, don’t broadcast traffic destined to it Performance properties: e.g., arrival distributions & congestion

10,000 ft overview of the literature Data plane verification Static: header space analysis Incremental: Veriflow Dynamic: NICE Control and data plane verification Static: p4v Incremental: Batfish Dynamic: Minesweeper

Scaling challenges Too many messages and events Packet headers Link failures Protocol messages Orderings between events matters! Too many network rules Too large a network

Discussion of Header Space Analysis Compact boolean representation + composition operations Why is an inverse always well-defined? Linear fragmentation assumption Representation as difference of two HSAs Generic loops and infinite loops Per-port loop detection vs. stopping at any port: pros & cons? What else could you run on the propagation tree?

Discussion of VeriFlow Trie-like representation of packet headers Forwarding equivalence classes: help scale! Implicit assumption that many FECs aren’t affected at once What computations could you do over the forwarding graph? How do you check for blackholes using VeriFlow? Could you extend the trie for performance verification? Are there bad wildcard rules that make the “affected FEC” set grow really large with a rule insertion (e.g., exponentially)? What changes are required for packet modification?