Tiramisu: Fast Multilayer Network Verification

Today’s distributed network control planes are highly sophisticated, with multiple interacting protocols operating at layers 2 and 3. The complexity makes network configurations highly complex and bug-prone. State-of-theart tools that check if control plane bugs can lead to violations of key properties are either too slow, or do not model common network features. We develop a new, general multilayer graph control plane model that enables using fast, propertycustomized verification algorithms. Our tool, Tiramisu can verify if policies hold under failures for various real-world and synthetic configurations in < 0.08s in small networks and < 2.2s in large networks. Tiramisu is 2-600X faster than state-of-the-art without losing generality.

[1]  George Varghese,et al.  Efficient Network Reachability Analysis Using a Succinct Control Plane Representation , 2016, OSDI.

[2]  Michael D. Ernst,et al.  Scalable verification of border gateway protocol configurations with an SMT solver , 2016, OOPSLA.

[3]  Limin Jia,et al.  FSR: Formal Analysis and Implementation Toolkit for Safe Interdomain Routing , 2011, IEEE/ACM Transactions on Networking.

[4]  David R. Karger,et al.  On approximating the longest path in a graph , 1997, Algorithmica.

[5]  David A. Maltz,et al.  Unraveling the Complexity of Network Management , 2009, NSDI.

[6]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[7]  Ramesh Govindan,et al.  A General Approach to Network Configuration Analysis , 2015, NSDI.

[8]  Steve Uhlig,et al.  Modeling the routing of an autonomous system with C-BGP , 2005, IEEE Network.

[9]  João L. Sobrinho,et al.  An algebraic theory of dynamic network routing , 2005, IEEE/ACM Transactions on Networking.

[10]  Matthew Roughan,et al.  The Internet Topology Zoo , 2011, IEEE Journal on Selected Areas in Communications.

[11]  Stefan Schmid,et al.  P-Rex: fast verification of MPLS networks with multiple link failures , 2018, CoNEXT.

[12]  Aditya Akella,et al.  Demystifying configuration challenges and trade-offs in network-based ISP services , 2011, SIGCOMM.

[13]  Laurent Vanbever,et al.  NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion , 2018, NSDI.

[14]  Mukul R. Prasad,et al.  Delta-net: Real-time Network Verification Using Atoms , 2017, NSDI.

[15]  Stojan Trajanovski,et al.  Optimization problems in correlated networks , 2016, Computational social networks.

[16]  Ratul Mahajan,et al.  Measuring ISP topologies with Rocketfuel , 2004, IEEE/ACM Transactions on Networking.

[17]  Brighten Godfrey,et al.  Plankton: Scalable network configuration verification through model checking , 2019, NSDI.

[18]  Ratul Mahajan,et al.  Control plane compression , 2018, SIGCOMM.

[19]  João L. Sobrinho,et al.  Network routing with path vector protocols: theory and applications , 2003, SIGCOMM '03.

[20]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[21]  Gordon T. Wilfong,et al.  The stable paths problem and interdomain routing , 2002, TNET.

[22]  Albert G. Greenberg,et al.  Routing design in operational networks: a look from the inside , 2004, SIGCOMM '04.