Tiramisu: Fast and General Network Verification

Today's distributed network control planes support multiple routing protocols, filtering mechanisms, and route selection policies. These protocols operate at different layers, e.g. BGP operates at the EGP layer, OSPF at the IGP layer, and VLANs at layer 2. The behavior of a network's control plane depends on how these protocols interact with each other. This makes network configurations highly complex and error-prone. State-of-the-art control plane verifiers are either too slow, or do not model certain features of the network. In this paper, we propose a new multilayer hedge graph abstraction, Tiramisu, that supports fast verification of the control plane. Tiramisu uses a combination of graph traversal algorithms and ILPs (Integer Linear Programs) to check different network policies. We use Tiramisu to verify policies of various real-world and synthetic configurations. Our experiments show that Tiramisu can verify any policy in < 0.08 s in small networks (~35 devices) and < 0.12 s in large networks (~160 devices), and it is 10-600X faster than state-of-the-art without losing generality.

[1]  Gordon T. Wilfong,et al.  The stable paths problem and interdomain routing , 2002, TNET.

[2]  George Varghese,et al.  Efficient Network Reachability Analysis Using a Succinct Control Plane Representation , 2016, OSDI.

[3]  David R. Karger,et al.  On approximating the longest path in a graph , 1997, Algorithmica.

[4]  Michael D. Ernst,et al.  Scalable verification of border gateway protocol configurations with an SMT solver , 2016, OOPSLA.

[5]  Samuel T. King,et al.  Debugging the data plane with anteater , 2011, SIGCOMM 2011.

[6]  Steve Uhlig,et al.  Modeling the routing of an autonomous system with C-BGP , 2005, IEEE Network.

[7]  David R. Karger,et al.  Random Contractions and Sampling for Hypergraph and Hedge Connectivity , 2017, SODA.

[8]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[9]  Laurent Vanbever,et al.  NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion , 2018, NSDI.

[10]  Albert G. Greenberg,et al.  On static reachability analysis of IP networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[11]  Matthew Roughan,et al.  The Internet Topology Zoo , 2011, IEEE Journal on Selected Areas in Communications.

[12]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[13]  Ramesh Govindan,et al.  A General Approach to Network Configuration Analysis , 2015, NSDI.

[14]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[15]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[16]  Carolyn L. Talcott,et al.  FSR: formal analysis and implementation toolkit for safe interdomain routing , 2012, TNET.

[17]  J. Y. Yen,et al.  Finding the K Shortest Loopless Paths in a Network , 2007 .