ProbNV: probabilistic verification of network control planes

ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet scalable enough to handle challenging properties, such as probabilistic all-failures analysis of medium-sized networks with 100-200 devices. When there are a small, bounded number of failures, networks with up to 500 devices may be verified in seconds. ProbNV operates by translating raw CISCO configurations into a probabilistic and functional programming language designed for network verification. This language comes equipped with a novel type system that characterizes the sort of representation to be used for each data structure: concrete for the usual representation of values; symbolic for a BDD-based representation of sets of values; and multi-value for an MTBDD-based representation of values that depend upon symbolics. Careful use of these varying representations speeds execution of symbolic simulation of network models. The MTBDD-based representations are also used to calculate probabilistic properties of network models once symbolic simulation is complete. We implement the language and evaluate its performance on benchmarks constructed from real network topologies and synthesized routing policies.

[1]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[2]  Dan Grossman,et al.  Expressing and verifying probabilistic assertions , 2014, PLDI.

[3]  Sebastian Junges,et al.  A Storm is Coming: A Modern Probabilistic Model Checker , 2017, CAV.

[4]  Beate Bollig,et al.  Improving the Variable Ordering of OBDDs Is NP-Complete , 1996, IEEE Trans. Computers.

[5]  Matthew B. Dwyer,et al.  Probabilistic symbolic execution , 2012, ISSTA 2012.

[6]  Timon Gehr,et al.  PSI: Exact Symbolic Inference for Probabilistic Programs , 2016, CAV.

[7]  Ryan Beckett,et al.  NV: an intermediate language for verification of network control planes , 2020, PLDI.

[8]  Enrico Macii,et al.  Algebraic decision diagrams and their applications , 1993, Proceedings of 1993 International Conference on Computer Aided Design (ICCAD).

[9]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[10]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[11]  Ratul Mahajan,et al.  Efficient Verification of Network Fault Tolerance via Counterexample-Guided Refinement , 2019, CAV.

[12]  Andrey Rybalchenko,et al.  Fast BGP Simulation of Large Datacenters , 2019, VMCAI.

[13]  Laurent Vanbever,et al.  Bayonet: probabilistic inference for networks , 2018, PLDI.

[14]  Joshua B. Tenenbaum,et al.  Church: a language for generative models , 2008, UAI.

[15]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[16]  E. Clarke,et al.  Multi-Terminal Binary Decision Diagrams and Hybrid Decision Diagrams , 1996 .

[17]  Alexandra Silva,et al.  Scalable verification of probabilistic networks , 2019, PLDI.

[18]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[19]  Guy Van den Broeck,et al.  Scaling exact inference for discrete probabilistic programs , 2020, Proc. ACM Program. Lang..

[20]  Jean-Baptiste Jeannin,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[21]  Ramesh Govindan,et al.  A General Approach to Network Configuration Analysis , 2015, NSDI.

[22]  Andrew D. Gordon,et al.  Bayesian inference using data flow analysis , 2013, ESEC/FSE 2013.

[23]  Sriram K. Rajamani,et al.  Efficiently Sampling Probabilistic Programs via Program Analysis , 2013, AISTATS.

[24]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[25]  Martin C. Rinard,et al.  Probabilistic modeling and inference are becoming central computational tools across a broad range of fields , 2018 .

[26]  Amin Vahdat,et al.  A scalable, commodity data center network architecture , 2008, SIGCOMM '08.

[27]  Ryan Beckett,et al.  Don't mind the gap: Bridging network-wide objectives and device-level configurations: brief reflections on abstractions for network programming , 2019, CCRV.

[28]  Matthew Roughan,et al.  The Internet Topology Zoo , 2011, IEEE Journal on Selected Areas in Communications.

[29]  Hongkun Yang,et al.  Real-time verification of network properties using Atomic Predicates , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[30]  Alexandra Silva,et al.  Probabilistic NetKAT , 2016, ESOP.

[31]  Aditya Akella,et al.  Tiramisu: Fast Multilayer Network Verification , 2020, NSDI.

[32]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[33]  Kuang-Ching Wang,et al.  The Design and Operation of CloudLab , 2019, USENIX ATC.

[34]  George Varghese,et al.  Checking Beliefs in Dynamic Networks , 2015, NSDI.

[35]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[36]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[37]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[38]  Laurent Vanbever,et al.  NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion , 2018, NSDI.

[39]  Emina Torlak,et al.  Growing solver-aided languages with rosette , 2013, Onward!.

[40]  Ryan Beckett,et al.  Abstract interpretation of distributed network control planes , 2019, Proc. ACM Program. Lang..

[41]  Ratul Mahajan,et al.  Control plane compression , 2018, SIGCOMM.

[42]  Luca de Alfaro,et al.  Symbolic Model Checking of Probabilistic Processes Using MTBDDs and the Kronecker Representation , 2000, TACAS.

[43]  Laurent Vanbever,et al.  Probabilistic Verification of Network Configurations , 2020, SIGCOMM.