NetKAT: semantic foundations for networks

Recent years have seen growing interest in high-level languages for programming networks. But the design of these languages has been largely ad hoc, driven more by the needs of applications and the capabilities of network hardware than by foundational principles. The lack of a semantic foundation has left language designers with little guidance in determining how to incorporate new features, and programmers without a means to reason precisely about their code. This paper presents NetKAT, a new network programming language that is based on a solid mathematical foundation and comes equipped with a sound and complete equational theory. We describe the design of NetKAT, including primitives for filtering, modifying, and transmitting packets; union and sequential composition operators; and a Kleene star operator that iterates programs. We show that NetKAT is an instance of a canonical and well-studied mathematical structure called a Kleene algebra with tests (KAT) and prove that its equational theory is sound and complete with respect to its denotational semantics. Finally, we present practical applications of the equational theory including syntactic techniques for checking reachability, proving non-interference properties that ensure isolation between programs, and establishing the correctness of compilation algorithms.

[1]  J. Conway Regular algebra and finite machines , 1971 .

[2]  David Walker,et al.  Frenetic: a network programming language , 2011, ICFP.

[3]  Oded Shmueli,et al.  Decidability and expressiveness aspects of logic queries , 1987, XP7.52 Workshop on Database Theory.

[4]  Kathi Fisler,et al.  A balance of power: expressive, analyzable controller programming , 2013, HotSDN '13.

[5]  Prithwish Basu,et al.  Formally Verifiable Networking , 2009, HotNets.

[6]  David Walker,et al.  A compiler and run-time system for network programming languages , 2012, POPL '12.

[7]  David Walker,et al.  Abstractions for network update , 2012, SIGCOMM '12.

[8]  Arjun Guha,et al.  Machine-verified network controllers , 2013, PLDI.

[9]  Gunther Schmidt,et al.  Relational Mathematics , 2010, Encyclopedia of Mathematics and its Applications.

[10]  Dexter Kozen,et al.  Certification of Compiler Optimizations Using Kleene Algebra with Tests , 2000, Computational Logic.

[11]  Paul Hudak,et al.  Nettle: Functional Reactive Programming for OpenFlow Networks , 2010 .

[12]  Dexter Kozen,et al.  Kleene Algebra with Tests and the Static Analysis of Programs , 2003 .

[13]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[14]  Paul Hudak,et al.  Maple: simplifying SDN programming using algorithmic policies , 2013, SIGCOMM.

[15]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[16]  Dexter Kozen,et al.  Kleene algebra with tests , 1997, TOPL.

[17]  Bernhard Möller,et al.  Calculating with pointer structures , 1997, Algorithmic Languages and Calculi.

[18]  D. Kozen,et al.  Kleene Algebra with Tests and Program Schematology , 2001 .

[19]  Dexter Kozen,et al.  Kleene Algebra with Tests and Commutativity Conditions , 1996, TACAS.

[20]  Ion Stoica,et al.  Declarative routing: extensible routing with declarative queries , 2005, SIGCOMM '05.

[21]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[22]  David Walker,et al.  Composing Software Defined Networks , 2013, NSDI.

[23]  Dexter Kozen A Completeness Theorem for Kleene Algebras and the Algebra of Regular Events , 1994, Inf. Comput..

[24]  Ehab Al-Shaer,et al.  FlowChecker: configuration analysis and verification of federated openflow infrastructures , 2010, SafeConfig '10.

[25]  Dexter Kozen,et al.  Kleene Algebra with Tests: Completeness and Decidability , 1996, CSL.

[26]  Minlan Yu,et al.  A survey of virtual LAN usage in campus networks , 2011, IEEE Communications Magazine.

[27]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[28]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[29]  Chen Liang,et al.  Participatory networking: an API for application control of SDNs , 2013, SIGCOMM.

[30]  Cole Schlesinger,et al.  Splendid isolation: a slice abstraction for software-defined networks , 2012, HotSDN '12.