Netter: Probabilistic, Stateful Network Models

We study the problem of using probabilistic network models to formally analyze their quantitative properties, such as the effect of different load-balancing strategies on the long-term traffic on a server farm. Compared to prior work, we explore a different design space in terms of tradeoffs between model expressiveness and analysis scalability, which we realize in a language we call Netter. Netter code is compiled to probabilistic automata, undergoing optimization passes to reduce the state space of the generated models, thus helping verification scale. We evaluate Netter on several case studies, including a probabilistic load balancer, a routing scheme reminiscent of MPLS, and a network defense mechanism against link-flooding attacks. Our results show that Netter can analyze quantitative properties of interesting routing schemes that prior work hadn’t addressed, for networks of small size (4–9 nodes and a few different types of flows). Moreover, when specialized to simpler, stateless networks, Netter can parallel the performance of previous stateof-the-art tools, scaling up to millions of nodes.

[1]  Justin Hsu,et al.  Probabilistic Couplings for Probabilistic Reasoning , 2017, ArXiv.

[2]  Elwyn B. Davies,et al.  IPv4 Multihoming Practices and Limitations , 2005, RFC.

[3]  David A. Maltz,et al.  Latency inflation with MPLS-based traffic engineering , 2011, IMC '11.

[4]  Tianlong Yu,et al.  BUZZ: Testing Context-Dependent Policies in Stateful Networks , 2016, NSDI.

[5]  Mukul R. Prasad,et al.  Delta-net: Real-time Network Verification Using Atoms , 2017, NSDI.

[6]  Pramod Bhatotia,et al.  Presented as part of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12) , 2012 .

[7]  George Varghese,et al.  Automatic test packet generation , 2014, CoNEXT '12.

[8]  George Varghese,et al.  Checking Beliefs in Dynamic Networks , 2015, NSDI.

[9]  Lei Xue,et al.  Towards Detecting Target Link Flooding Attack , 2014, LISA.

[10]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[11]  Hongkun Yang,et al.  Real-Time Verification of Network Properties Using Atomic Predicates , 2016, IEEE/ACM Trans. Netw..

[12]  Junda Liu,et al.  Libra: Divide and Conquer to Verify Forwarding Tables in Huge Networks , 2014, NSDI.

[13]  George Varghese,et al.  Real Time Network Policy Checking Using Header Space Analysis , 2013, NSDI.

[14]  Albert G. Greenberg,et al.  On static reachability analysis of IP networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[15]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[16]  George Varghese,et al.  Automatic Test Packet Generation , 2012, IEEE/ACM Transactions on Networking.

[17]  G. Varghese,et al.  Quantitative Network Analysis , 2015 .

[18]  Eli Upfal,et al.  Probability and Computing: Randomized Algorithms and Probabilistic Analysis , 2005 .

[19]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[20]  Kim G. Larsen,et al.  WNetKAT: A Weighted SDN Programming and Verification Language , 2016, OPODIS.

[21]  Sebastian Junges,et al.  The probabilistic model checker Storm , 2020, International Journal on Software Tools for Technology Transfer.

[22]  Virgil D. Gligor,et al.  CoDef: collaborative defense against large-scale link-flooding attacks , 2013, CoNEXT.

[23]  Ying Zhang,et al.  SFC-Checker: Checking the correct forwarding behavior of Service Function chaining , 2016, 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[24]  Stefan Schmid,et al.  P-Rex: fast verification of MPLS networks with multiple link failures , 2018, CoNEXT.

[25]  Lixia Zhang,et al.  Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification , 1997, RFC.

[26]  Eugenio Moggi,et al.  Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[27]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[28]  Limin Jia,et al.  NetSMC: A Custom Symbolic Model Checker for Stateful Network Verification , 2020, NSDI.

[29]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[30]  Min Suk Kang,et al.  On the Feasibility of Rerouting-Based DDoS Defenses , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[31]  Alexandra Silva,et al.  Cantor meets Scott: semantic foundations for probabilistic networks , 2016, POPL.

[32]  Costin Raiciu,et al.  SymNet: Scalable symbolic execution for modern networks , 2016, SIGCOMM.

[33]  Laurent Vanbever,et al.  Bayonet: probabilistic inference for networks , 2018, PLDI.

[34]  Alexandra Silva,et al.  Scalable verification of probabilistic networks , 2019, PLDI.

[35]  Katerina J. Argyraki,et al.  Verifying Reachability in Networks with Mutable Datapaths , 2016, NSDI.

[36]  Hongkun Yang,et al.  Real-time verification of network properties using Atomic Predicates , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[37]  Alexandra Silva,et al.  Probabilistic NetKAT , 2016, ESOP.

[38]  Jared M. Smith,et al.  Routing Around Congestion: Defeating DDoS Attacks and Adverse Network Conditions via Reactive BGP Routing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).