论文信息 - SymNet: static checking for stateful networks

SymNet: static checking for stateful networks

Today's networks deploy many stateful procesing boxes ranging from NATs to firewalls and application optimizers: these boxes operate on packet flows, rather than individual packets. As more and more middleboxes are deployed, understanding their composition is becoming increasingly difficult. Static checking of network configurations is a promising approach to help understand whether a network is configured properly, but existing tools are limited as they only support stateless processing. We propose to use symbolic execution---a technique prevalent in compilers---to check network properties more general than basic reachability. The key idea is to track the possible values for specified fields in the packet as it travels through a network. Each middlebox or router will impose constraints on certain fields of the packet via forwarding actions, packet modifications and filtering. The symbolic approach also allows us to model middlebox per-flow state in a scalable way. We have implemented this technique in a tool we call SymNet and conducted preliminary evaluation. Early results show SymNet scales well and models basic stateful middleboxes, opening the possibility of analyzing complex stateful middlebox behaviours.

[1] Mark Handley,et al. How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP , 2012, NSDI.

[2] George Varghese,et al. Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[3] George Varghese,et al. Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[4] George Varghese,et al. Automatic Test Packet Generation , 2012, IEEE/ACM Transactions on Networking.

[5] Brighten Godfrey,et al. Debugging the data plane with anteater , 2011, SIGCOMM.

[6] Eddie Kohler,et al. The Click modular router , 1999, SOSP.

[7] Albert G. Greenberg,et al. On static reachability analysis of IP networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[8] A. Tarski. A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .