P-Rex: fast verification of MPLS networks with multiple link failures

Future communication networks are expected to be highly automated, disburdening human operators of their most complex tasks. However, while first powerful and automated network analysis tools are emerging, existing tools provide only limited (and inefficient) support of reasoning about failure scenarios. We present P-Rex, a fast what-if analysis tool, that allows us to test important reachability and policy-compliance properties even under an arbitrary number of failures, in polynomial-time, i.e., without enumerating all failure scenarios (the usual approach today, if supported at all). P-Rex targets networks based on Multiprotocol Label Switching (MPLS) and its Segment Routing (SR) extension and comes with an expressive query language based on regular expressions. It takes into account the actual router tables, and is hence well-suited for debugging. We also report on an industrial case study and demonstrate that P-Rex supports rich queries, performing what-if analyses in less than 70 minutes in most cases, in a 24-router network with over 100,000 MPLS forwarding rules.

[1]  George Varghese,et al.  Efficient Network Reachability Analysis Using a Succinct Control Plane Representation , 2016, OSDI.

[2]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[3]  Óscar González de Dios,et al.  RSVP-TE Extensions for Collecting Shared Risk Link Group (SRLG) Information , 2017, RFC.

[4]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[5]  Ken Thompson,et al.  Programming Techniques: Regular expression search algorithm , 1968, Commun. ACM.

[6]  J. Richard Büchi Regular canonical systems , 1964 .

[7]  Laurent Vanbever,et al.  Network-Wide Configuration Synthesis , 2016, CAV.

[8]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[9]  Limin Jia,et al.  FSR: Formal Analysis and Implementation Toolkit for Safe Interdomain Routing , 2011, IEEE/ACM Transactions on Networking.

[10]  Junda Liu,et al.  Libra: Divide and Conquer to Verify Forwarding Tables in Huge Networks , 2014, NSDI.

[11]  Alia Atlas,et al.  Basic Specification for IP Fast Reroute: Loop-Free Alternates , 2008, RFC.

[12]  Laurent Vanbever,et al.  NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion , 2018, NSDI.

[13]  R. Martin,et al.  Resilience Analysis of Packet-Switched Communication Networks , 2009, IEEE/ACM Transactions on Networking.

[14]  David M. Kahn Undecidable Problems for Probabilistic Network Programming , 2017, MFCS.

[15]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[16]  J. Brzozowski Canonical regular expressions and minimal state graphs for definite events , 1962 .

[17]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[18]  Kim G. Larsen,et al.  WNetKAT: A Weighted SDN Programming and Verification Language , 2016, OPODIS.

[19]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[20]  Alexandra Silva,et al.  A Coalgebraic Decision Procedure for NetKAT , 2015, POPL.

[21]  Ratul Mahajan,et al.  Don't Mind the Gap: Bridging Network-wide Objectives and Device-level Configurations , 2016, SIGCOMM.

[22]  Stefan Schmid,et al.  Polynomial-Time What-If Analysis for Prefix-Manipulating MPLS Networks , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[23]  Stefan Schwoon,et al.  Model checking pushdown systems , 2002 .

[24]  Chunming Qiao,et al.  Failure protection in layered networks with shared risk link groups , 2004 .

[25]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[26]  Michael Menth,et al.  Resilience analysis of packet-witched communication networks , 2009, IEEE/ACM Trans. Netw..