Lecture 8 Network Verification¶
- Network outages (停电 / 宕机) are common
- Most network outages and performance issues result from misconfiguration
- Most are Human Factors
Software Defined Network (SDN)¶
- Simplify the management and controlling of Networks
- Bug: Controller / Applications
- Some local problems may influence "total" Networks
Data Plane Verification¶
- Physical / Virtual Network (data / config table ......)
- Take a snapshot of the network
- Network Model
What to Verify¶
- Pairwise Reachability(可达性)
- Loop Freedom(环路检测)
- Blackhole Freedom(数据包陷进黑洞)
- Traffic Isolation(流量隔离性)
Header Space Analysis¶
- Model a packet (header) as a point in \(\{0,1\}^L\) space, i.e., the header space
- Flat space, Protocol oblivious
- Wildcard Expression(通配符表达式) (e.g., IP prefix) -> hyper cubes
- Model all networking boxes as transformers of header space
- Output = \(f (Match, Action)\)
- Transfer Function: \(T: (h,p) => \{(h_1, p_1),...,(h_n, p_n)\}\)
Theorems¶
- Composition Theorem
- Network Behavior = Composition of transfer functions
- e.g., \(T_3(T_2(T_1(h,p)))\)
- Inversion Theorem
- given header h at destination p, we can invert to find (h’,p’): headers sent at source s’ to produce (h,p)
HSA Algebra¶
Bit by bit intersect using intersection (路口) table:
Case 1: Computing Reachability¶
Case 2: Checking Isolation¶
Problems with HSA¶
- Only check a snapchat of network configuration
- Networks are dynamically changing
- What if a new rule is inserted?
- checking the entire network’s state every time a new flow is wasteful and slow
What's VeriFlow?¶
Verifying Network Wide Invariants in Real Time
Controller set new rule:
- Generate Equivalence Classes
- Generate Forwarding Graphs
- Run Queries
Challenging: Huge space of headers, impossible to enumerate
Step1: Generate Equivalence Classes¶
- Equivalence Class(等价类)
- packets experiencing the same forwarding actions throughout the network
- 一个等价类,不管大小多少,其内部的转发行为是一模一样的
- Data Structure for EC computation
- multidimensional Prefix Tree ( Trie-Tree )
- each branch in a node is "0/1/*", we don't care "wildcard"
- (device, rule) pairs
- the tree represents the "total" Network
- C在AB的右侧,因为C的"匹配域"更长,说明"*"的含量更高,因此偏右!
- A / B / C 可能并不是一个交换机上的规则
Step2: Generate Forwarding Graphs¶
- Generate a forwarding graph for each EC
- Define how packets within that EC will be forwarded through the network
- Node: device, edge: forwarding rule
- The graph will be "one-direction" between two nodes
- Each node represents one EC
- Let the EC traverse the Trie for the second time
Step3: Run Queries (Verifying)¶
Check whether the forwarding graph of each EC satisfies
- Reachability
- Loop-freedom
- Blackhole-freedom
Analysis: Inefficiency of VeriFlow¶
- High -> Low Priority
- Matching
上面可以很清晰地看出一个问题:在不同的等价类中,路径有很多重叠部分
Delta-net¶
Rather than re-computing forwarding graphs, it incrementally maintains a single edge-labelled graph! represents all packet flows.
操作原理及其示范:
- 在上面的优先级更高
- alpha2,3,4 从 r1 边 移动到 r4 边
- 表示转发行为的变化(Graph Transformation)
Details: encode destination IP with ranges, binary search tree for rule insertion
Limitations
- Only considers a single dimention, i.e., destination IP
- Only works for IP ranges, e.g., IP prefixes
- The # of atoms os not minimum