Automatic Synthesis of NF Models by Program Analysis

Network functions (NFs), like firewall, NAT, IDS, have been widely deployed in today’s modern networks. However, currently there is no standard specification or modeling language that can accurately describe the complexity and diversity of different NFs. Recently there have been research efforts to propose NF models. However, they are often generated manually and thus error-prone. This paper proposes a method to automatically synthesize NF models via program analysis. We develop a tool called NFactor, which conducts code refactoring and program slicing on NF source code, in order to generate its forwarding model. We demonstrate its usefulness on two NFs and evaluate its correctness. A few applications of NFactor are described, including network verification.

[1]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[2]  Andrew Warfield,et al.  Split/Merge: System Support for Elastic Execution in Virtual Middleboxes , 2013, NSDI.

[3]  Aditya Akella,et al.  Paving the Way for NFV: Simplifying Middlebox Modifications Using StateAlyzr , 2016, NSDI.

[4]  Costin Raiciu,et al.  SymNet: Scalable symbolic execution for modern networks , 2016, SIGCOMM.

[5]  Katerina J. Argyraki,et al.  Verifying Isolation Properties in the Presence of Middleboxes , 2014, ArXiv.

[6]  Giuseppe Bianchi,et al.  OpenState: programming platform-independent stateful openflow applications inside the switch , 2014, CCRV.

[7]  Ying Zhang,et al.  SFC-Checker: Checking the correct forwarding behavior of Service Function chaining , 2016, 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[8]  Ion Stoica,et al.  Modeling middleboxes , 2008, IEEE Network.

[9]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[10]  Chen Sun,et al.  SFA: Stateful Forwarding Abstraction in SDN Data Plane , 2014, ONS.

[11]  Chen Sun,et al.  SDPA: Enhancing Stateful Forwarding for Software-Defined Networking , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[12]  Joseph Robert Horgan,et al.  Dynamic program slicing , 1990, PLDI '90.

[13]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[14]  George Candea,et al.  S2E: a platform for in-vivo multi-path analysis of software systems , 2011, ASPLOS XVI.

[15]  Katerina J. Argyraki,et al.  New Directions for Network Verification , 2015, SNAPL.

[16]  Olivier Bonaventure,et al.  Revealing middlebox interference with tracebox , 2013, Internet Measurement Conference.

[17]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[18]  Katerina J. Argyraki,et al.  Software dataplane verification , 2014, NSDI.

[19]  David Walker,et al.  Modular SDN Programming with Pyretic , 2013, login Usenix Mag..

[20]  Aditya Akella,et al.  OpenNF , 2014, SIGCOMM.

[21]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[22]  Tianlong Yu,et al.  BUZZ: Testing Context-Dependent Policies in Stateful Networks , 2016, NSDI.

[23]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[24]  Marcel Dischinger,et al.  Glasnost: Enabling End Users to Detect Traffic Differentiation , 2010, NSDI.

[25]  Vikram S. Adve,et al.  Using likely invariants for automated software fault localization , 2013, ASPLOS '13.

[26]  Ying Zhang,et al.  PGA: Using Graphs to Express and Automatically Reconcile Network Policies , 2015, Comput. Commun. Rev..

[27]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[28]  Ramesh Govindan,et al.  Flow-level state transition as a new switch primitive for SDN , 2014, HotSDN.