Incremental Network Configuration Verification

Network configurations are constantly changing, and each change poses a risk of catastrophic network outages. Consequently, the networking community has put significant effort into developing and optimizing configuration verifiers. However, we observe existing configuration verifiers still have a significant drawback: they are not optimized for configuration changes. That is, they always check a snapshot of network configuration from scratch, even though the configuration often changes slightly since the last verification. In this paper, we demonstrate the benefits, opportunities, and challenges of incremental network configuration verification (INCV). We also demonstrate the feasibility of INCV by introducing RealConfig, an incremental configuration verifier that can check configuration changes within one second.

[1]  Mukul R. Prasad,et al.  Delta-net: Real-time Network Verification Using Atoms , 2017, NSDI.

[2]  Peng Zhang,et al.  APKeep: Realtime Verification for Real Networks , 2020, NSDI.

[3]  Ryan Beckett,et al.  Abstract interpretation of distributed network control planes , 2019, Proc. ACM Program. Lang..

[4]  Hongyi Zeng,et al.  Robotron: Top-down Network Management at Facebook Scale , 2016, SIGCOMM.

[5]  Hongkun Yang,et al.  Scalable Verification of Networks With Packet Transformers Using Atomic Predicates , 2017, IEEE/ACM Transactions on Networking.

[6]  Ratul Mahajan,et al.  Automatically Repairing Network Control Planes Using an Abstract Representation , 2017, SOSP.

[7]  George Varghese,et al.  Efficient Network Reachability Analysis Using a Succinct Control Plane Representation , 2016, OSDI.

[8]  Russell J. Clark,et al.  Kinetic: Verifiable Dynamic Network Control , 2015, NSDI.

[9]  Ramesh Govindan,et al.  A General Approach to Network Configuration Analysis , 2015, NSDI.

[10]  Nick Feamster,et al.  The evolution of network configuration: a tale of two campuses , 2011, IMC '11.

[11]  Michael D. Ernst,et al.  Scalable verification of border gateway protocol configurations with an SMT solver , 2016, OOPSLA.

[12]  Ratul Mahajan,et al.  Control plane compression , 2018, SIGCOMM.

[13]  Rüdiger Birkner,et al.  Config2Spec: Mining Network Specifications from Network Configurations , 2020, NSDI.

[14]  Steve Uhlig,et al.  Modeling the routing of an autonomous system with C-BGP , 2005, IEEE Network.

[15]  George Varghese,et al.  Real Time Network Policy Checking Using Header Space Analysis , 2013, NSDI.

[16]  João L. Sobrinho,et al.  An algebraic theory of dynamic network routing , 2005, IEEE/ACM Transactions on Networking.

[17]  Aditya Akella,et al.  Demystifying configuration challenges and trade-offs in network-based ISP services , 2011, SIGCOMM.

[18]  George Varghese,et al.  Automatic Test Packet Generation , 2012, IEEE/ACM Transactions on Networking.

[19]  Jun Li,et al.  Real Time Control Plane Verification , 2019, NetPL@SIGCOMM.

[20]  M. Abadi,et al.  Naiad: a timely dataflow system , 2013, SOSP.

[21]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[22]  Ming Zhang,et al.  Accuracy, Scalability, Coverage: A Practical Configuration Verifier on a Global WAN , 2020, SIGCOMM.

[23]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[24]  Nikolaj Bjørner,et al.  Validating datacenters at scale , 2019, SIGCOMM.

[25]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[26]  Ben Y. Zhao,et al.  Safely and automatically updating in-network ACL configurations with intent language , 2019, SIGCOMM.

[27]  Xiujun Li,et al.  Management Plane Analytics , 2015, Internet Measurement Conference.

[28]  Ratul Mahajan,et al.  Efficient Verification of Network Fault Tolerance via Counterexample-Guided Refinement , 2019, CAV.

[29]  Emir Pasalic,et al.  Design and Implementation of the LogicBlox System , 2015, SIGMOD Conference.

[30]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[31]  Aditya Akella,et al.  Tiramisu: Fast and General Network Verification , 2019, ArXiv.

[32]  Brighten Godfrey,et al.  Plankton: Scalable network configuration verification through model checking , 2019, NSDI.

[33]  David A. Maltz,et al.  Unraveling the Complexity of Network Management , 2009, NSDI.

[34]  Gordon T. Wilfong,et al.  An analysis of BGP convergence properties , 1999, SIGCOMM '99.

[35]  Lei Zhou,et al.  Automatic Life Cycle Management of Network Configurations , 2018, SelfDN@SIGCOMM.

[36]  Gordon T. Wilfong,et al.  The stable paths problem and interdomain routing , 2002, TNET.

[37]  Andrey Rybalchenko,et al.  Fast BGP Simulation of Large Datacenters , 2019, VMCAI.

[38]  Hongkun Yang,et al.  Real-time verification of network properties using Atomic Predicates , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[39]  David Plonka,et al.  An Analysis of Network Configuration Artifacts , 2009, LISA.

[40]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[41]  Michael Isard,et al.  Differential Dataflow , 2013, CIDR.