Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 10, Computer Networks (198:552)

Published byMaija-Liisa Lehtonen Modified over 5 years ago

Similar presentations

Presentation on theme: "Lecture 10, Computer Networks (198:552)"— Presentation transcript:

1 Lecture 10, Computer Networks (198:552)
Network Verification Lecture 10, Computer Networks (198:552)

2 Traditional IP network
Management plane Traditional IP network Management plane Configure routers Ex: OSPF link weights Ex: BGP local prefs Control plane Track the topology Exchange messages Compute fwding rules Data plane Fwd packets using computed fwding rules Processor Control plane Data plane BGP OSPF Switching fabric Net interface Net interface Net interface Net interface

3 Software-Defined Network (SDN)
Centralized control plane Data plane Data plane Data plane Data plane

4 Why verify networks? High-profile outages
Caused by human errors more than 50% of the time  “Complex systems break in complex ways” Interactions between protocols Interactions between different administrative domains Networks change all the time Security is increasingly important Intellectually interesting Computer-Aided Design (CAD) for networks [George Varghese] BGP OSPF

5 Verification: A problem statement

6 for all M, does N satisfy P?
Decision Procedure: An algorithm that answers yes/no Can ask the question under a network change model: static, incremental, or dynamic for all M, does N satisfy P? Property of interest: Loop freedom Blackholes Reachability Equivalence Sequence of messages: Packets, Routing protocol Link failures Network representation: Data plane Control plane

7 Example: Verifying firewall rules
Assume packets just have 2 bits; there are only 2 ports Firewall config: 10 -> fwd(2); *1 -> fwd(1). All others dropped Boolean representation of the network: N: (d1 & ~d0) | ((d1 | ~d1) & d0) Property: only the packets from 00 are dropped P: (~d1 & ~d0) Messages (M): all combinations of boolean variables d0, d1 Verification question: for all d0, d1, is formula N | P valid? i.e., Is ((d1 & ~d0) | ((d1 | ~d1) & d0)) | (~d1 & ~d0) a tautology? Decision procedure: SAT solver!

8 Typical considerations for verification
Size of network representations O(# rules)? # packets? Some product of these things? Speed of decision procedure, e.g., SAT solving Typically NP-hard or worse in the worst case Verification: leveraging average-case complexity Coverage of possible network events Does property hold under firewall rule changes? New protocol messages? Link failures? Strength of properties and counter-examples Does P hold for all packets? Are we looking for one counterexample, or the whole set of violating packets?

9 Verification, testing, synthesis, eq checks
Verification: for all M, does N satisfy P? Testing: For the given M, does N satisfy P? Synthesis: Given P, can you produce an N that satisfies it For all M? For a given set of M? Let N1 be another network representation Equivalence checking: For all M, do N and N1 behave in the same way?, i.e., Either both satisfy P or both violate it

10 Properties to verify Reachability, isolation, loop freedom
Equivalence between data plane rules Replicated configurations (for availability or performance) Reduce to simpler configurations Waypoint properties e.g., does traffic always go through a monitoring node? Ordering constraints on processing: e.g., DPI must follow ACLs Temporal properties, e.g.: After first message from a source, don’t broadcast traffic destined to it Performance properties: e.g., arrival distributions & congestion

11 10,000 ft overview of the literature
Data plane verification Static: header space analysis Incremental: Veriflow Dynamic: NICE Control and data plane verification Static: p4v Incremental: Batfish Dynamic: Minesweeper

12 Scaling challenges Too many messages and events
Packet headers Link failures Protocol messages Orderings between events matters! Too many network rules Too large a network

13 Discussion of Header Space Analysis
Compact boolean representation + composition operations Why is an inverse always well-defined? Linear fragmentation assumption Representation as difference of two HSAs Generic loops and infinite loops Per-port loop detection vs. stopping at any port: pros & cons? What else could you run on the propagation tree?

14 Discussion of VeriFlow
Trie-like representation of packet headers Forwarding equivalence classes: help scale! Implicit assumption that many FECs aren’t affected at once What computations could you do over the forwarding graph? How do you check for blackholes using VeriFlow? Could you extend the trie for performance verification? Are there bad wildcard rules that make the “affected FEC” set grow really large with a rule insertion (e.g., exponentially)? What changes are required for packet modification?

Download ppt "Lecture 10, Computer Networks (198:552)"

Similar presentations

Path Splicing with Network Slicing

Path Splicing with Network Slicing
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.

Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.

Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.
Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.
Link-State Routing Reading: Sections 4.2 and 4.3.4 COS 461: Computer Networks Spring 2011 Mike Freedman

Link-State Routing Reading: Sections 4.2 and COS 461: Computer Networks Spring 2011 Mike Freedman
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.

Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
Network Layer Moving datagrams. How do it know? Tom-Tom.

Network Layer Moving datagrams. How do it know? Tom-Tom.
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.

Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.
Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.
TCOM 515 Lecture 6.

TCOM 515 Lecture 6.
1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)

1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks
VeriFlow: Verifying Network-Wide Invariants in Real Time

VeriFlow: Verifying Network-Wide Invariants in Real Time
1 Lecture #5 Access Control Lists (ACLs) Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University,

1 Lecture #5 Access Control Lists (ACLs) Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University,
 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

Similar presentations

Ads by Google