Network Verification Star Wars amd The Empire Strikes Back.

Slides:



Advertisements
Similar presentations
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Advertisements

Models and techniques for verification of Software Defined Networks
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.
H EADER S PACE A NALYSIS : S TATIC C HECKING F OR N ETWORKS Peyman Kazemian (Stanford University) George Varghese (UCSD, Yahoo Labs) Nick McKeown (Stanford.
Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
Data Center Network Redesign using SDN
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.
Semester 1 Module 8 Ethernet Switching Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
How SDN will shape networking
Chapter 4: Managing LAN Traffic
Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
CCNA – Cisco Certified Network Associates Routing and Static Routes By Roshan Chaudhary Lecturer Islington College.
Software-Defined Networks Jennifer Rexford Princeton University.
Common Devices Used In Computer Networks
Expensive bugsFrequent protocol changes Operators don’t have the full picture.
Software Defined-Networking. Network Policies Access control: reachability – Alice can not send packets to Bob Application classification – Place video.
VeriFlow: Verifying Network-Wide Invariants in Real Time
Hour 9 Network Hardware. What You’ll Learn in This Hour Bridges Hubs and switches Routers Network Address Translation.
Happy Network Administrators  Happy Packets  Happy Users WIRED Position Statement Aman Shaikh AT&T Labs – Research October 16,
Router and Routing Basics
2010 paro, bhutan IP Basics IP/ISP Services Workshop July, 2010 Paro, Bhutan.
SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.
Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.
Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.
STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.
Proactive Network Configuration Validation with Batfish
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
Verification & Validation By: Amir Masoud Gharehbaghi
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Networking Components WILLIAM NELSON LTEC HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Programming Languages COS 597E: Software Defined Networking.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Plane Verification COS 597E: Software Defined Networking.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
NetEgg: Scenario-based Programming for SDN Policies Yifei Yuan, Dong Lin, Rajeev Alur, Boon Thau Loo University of Pennsylvania 1.
Header Space Analysis: Static Checking for Networks Broadband Network Technology Integrated M.S. and Ph.D. Eun-Do Kim Network Standards Research Section.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
Why Fabric? 1 Complicated technology/vendor/device specific provisioning for networks, especially heterogeneous network DC Network – STP, TRILL, SPB, VXLAN,
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar.
Eric Osborne ARNOG 2016 NFV (and SDN). Introduction About me: 20+ years in Internet networking: startup, Cisco, Level(3) Currently a principal architect.
Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.
Network Concepts.
InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.
Seyed K. Fayaz, Tushar Sharma, Ari Fogel
Konstantin agouros Omkar deshpande
SDN Network Updates Minimum updates within a single switch
Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014
(One-Path) Reachability Logic
Real Time Network Policy Checking using Header Space Analysis
SDN Overview for UCAR IT meeting 19-March-2014
Stanford University Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar In collaboration with Martin Casado and Scott.
CS 31006: Computer Networks – The Routers
Software Defined Networking (SDN)
Programmable Networks
Lecture 10, Computer Networks (198:552)
With slides from Ahmed Khurshid
Control-Data Plane Separation
Presentation transcript:

Network Verification Star Wars amd The Empire Strikes Back

Long ago in a network far away, rebel forces began to claim that networking was a separate planet and required specialized verification engines... Early attempts to colonize networking using weapons from the Verification Empire such as Model Checking and SAT solvers resulted in these weapons blowing up....

What is the problem? Who cares? “It surprised me that forward rules are so complicated” - anonymous

Networks today P1 P2 10*  P1 1*  P2,P2 SQL Drop SQL Load balancing Access Control Lists (ACLs) Multiple Protocols: 6000 RFCs (MPLS, GRE...) Multiple Vendors: Broadcom, Arista, Cisco,... Manual Configurations: Additional arcane programs kept working by “masters of complexity” (Shenker) Crude tools: SNMP, NetFlow, TraceRoute,...

Motivation to do better Internal: > 1 hr customer visible outage/quarter (P. Patel) Azure: 30,000 cores down 3 hrs, L2/L3 configuration bug Bing: Entire data center, 8 hours, L2/L3 configuration bug External: (2012 NANOG Network Operator Survey): 35% > 25 tickets per month, > 1 hour to resolve Welsh: vast majority of Google “production failures” due to “bugs in configuration settings” As we migrate to services ($100B public cloud market), network failure a debilitating cost. 5

Networks Tomorrow Online services  latency, cost sensitive Merchant Silicon  Build your own router Rise of Data centers  Custom networks Software defined Networks (SDNs)  custom design “routing program” P4 (next generation SDN)  redefine hardware forwarding at runtime 6 Opportunity to custom design networks to optimize goal. Potential simplifications but hard to get right

What specific problems does this paper address? Reachability, slicing, loops...

What specific problems does this paper not address? Control Plane, Implementation errors, Dynamism, Synthesis...

What is model checking? Why is it different from proof assistants like Coq? Why is it used in hardware design (Ana Klimovic?)

Model Checking Before model checking, Hoare style proofs:  manual effort Model checking: automatic search over state space to check property Must tame “state space explosion” using compression. Clarke (2007) Advances: symbolic model checking (BDDs), bounded model checking, adding expressivity (e.g., real time model checking) 10

Why not use model checking for networks? Or SAT Solvers?

Standard model checkers work badly for networks So why not use standard model checking to check for reachability properties (S  D) across all possible packets that could be sent? Works poorly with network state-space explosion (120-bit headers, millions of rules) Also, networks need all headers that do not reach destination. Many model checkers use SAT solvers that provide one solution, not all. 12

Central question: is Header Space Analysis just model checking?

Classical perspective “Model checking “ networks, so to speak Conquers network state-space explosion (120-bit headers, 10 6 rules) Difference 1: Abstraction of router forwarding  compositional, invertible semantics Difference 2: Structure allows “difference of cubes” to compactly represent header space. Different from Binary Decision Diagrams Difference 2: All counterexamples not just one 14

Isn’t the HSA insight just that network forwarding can be represented by Match- Action, an SDN/OpenFlow idea?

Many forwarding flavors/ 1 essence 16 IP Router ESSENTIAL INSIGHT FOR OPENFLOW. BUT HSA PAPER USES SAME INSIGHT FOR UNDERSTANDING EXISTING PROTOCOLS 10*  P1 1*  P2 MAC Bridge 01A1A2 01A1A2  P1... PREFIX MATCH EXACT MATCH MPLS Switch 5, 6 5  P1,Pop 5... INDEXED LOOKUP

Besides abstracting routers, what is the more general idea in the HSA paper?

Idea: Treat Network as a Program Model header as point in high dimensional space and all networking boxes as transformers of header space, so that Packet Forwarding xx1..x1 Match + Send to port 3 Rewrite with 1xx011..x1 Action 11xx..0x + Send to port 2 Rewrite with 1x01xx..x1 ROUTER ABSTRACTED AS SET OF GUARDED COMMANDS.. NETWORK BECOMES A PROGRAM  CAN USE PL METHODS

HSA is a form of semantics but there is not a single theorem in the paper? Are there implicit theorems

Yes: Composition, Inversion T 1 (h, p) R1R2R3 Theorem: Network behavior = composition of router transfer functions (Compositionality) Theorem: given header h at destination p, we can invert to find (h’,s): headers sent at source s’ to produce (h,p) (Inversion) 20

Why the stress on “real time” in NetPlumber How is the dependency graph built (C.Z. Lee)?

Graph on rules not nodes, edge when range of rule R intersects domain of rule S S ? VERIFYING CHANGES BY SDN CONTROLLERS BEFORE THEY TAKE EFFECT

Incremental program verification is considered very hard. How did NetPlumber pull it off?

What can we learn from model checkers that is missing in the HAS/NetPlumber paper?

What we can learn from model checkers Best existing network verification tools (Veriflow, NetPlumber) are very fast and scale to large networks. Existing model checkers are more expressive because they have a: Specification Language: (e.g., Temporal Logic) to describe properties A modelling language (e.g., Promela in SPIN) to model the network By contrast, in all existing work the network model is hardcoded and the specification language is minimal (except NetPlumber) 25

Wait a minute, NetPlumber has a policy language. What is it lacking? Differential reachability... Needs negation

SPEED From the viewpoint of verification EXPRESSIVITY Hassel, Veriflow NetPlumber  Model checkers, SAT Solvers, Datalog NSDI 2015 The Empire Strikes Back

What other aspects of static checking? Control Plane, Quantities, Dynamism, Specification Mining... c

NSDI 2015 Papers on Network Verification Catching Protocol Implementation Bugs (Kevin McKenzie): PIC Catching routing configuration errors: Batfish Doing reachability in Datalog to have a more expressive policy language and more expressive network model: NoD

Is network verification used in practice (C. Shah)?

Network Verification in Practice SecGuru: a simpler form of NoD is used in production in Azure and catches roughly 1 bug a day Veriflow Networks: from UIUC is commercializing Veriflow Forward Networks: from Stanford is commercializing HAS/NetPlumber

How can we push the idea of treating networks as programs further? What is the startup potential (Zak Stratton)?

33 Specificatio n Policy Language, Semantics Test Packet Generation Verification Synthesis (e.g., Forwarding Rules) Performance verification? Network Design Static checking (Local) Wiring Checkers Network Design Automation? Early work HOW MIGHT WE GO BEYOND EARLY WORK? WHAT NEW AREAS CAN WE TOUCH? JOIN THE PARTY! Dynamic checkers/ debuggers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.