New Directions for Network Verification

Network verification has recently gained popularity in the programming languages and verification community. Much of the recent work in this area has focused on verifying the behavior of simple networks, whose actions are dictated by static, immutable rules configured ahead of time. However, in reality, modern networks contain a variety of middleboxes, whose behavior is affected both by their configuration and by mutable state updated in response to packets received by them. In this position paper we critically review recent progress on network verification, propose some next steps towards a more complete form of network verification, dispel some myths about networks, provide a more formal description of our approach, and end with a discussion of the formal questions posed to this community by the network verification agenda.

[1]  Alon Y. Halevy,et al.  Static analysis in datalog extensions , 2001, JACM.

[2]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[3]  Shriram Krishnamurthi,et al.  Tierless Programming and Reasoning for Software-Defined Networks , 2014, NSDI.

[4]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.

[5]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[6]  Kathi Fisler,et al.  A balance of power: expressive, analyzable controller programming , 2013, HotSDN '13.

[7]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[8]  David Walker,et al.  Composing Software Defined Networks , 2013, NSDI.

[9]  Arjun Guha,et al.  Machine-verified network controllers , 2013, PLDI.

[10]  Amin Vahdat,et al.  A scalable, commodity data center network architecture , 2008, SIGCOMM '08.

[11]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[12]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[13]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[14]  Atul Prakash,et al.  SPAN: a unified framework and toolkit for querying heterogeneous access policies , 2009 .

[15]  George Varghese,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[16]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Kathi Fisler,et al.  The Margrave Tool for Firewall Analysis , 2010, LISA.

[18]  Navendu Jain,et al.  Demystifying the dark side of the middle: a field study of middlebox failures in datacenters , 2013, Internet Measurement Conference.

[19]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[20]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[21]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1979, CACM.