ACORN: Network Control Plane Abstraction using Route Nondeterminism

06/05/2022
by   Divya Raghunathan, et al.
0

Networks are hard to configure correctly, and misconfigurations occur frequently, leading to outages or security breaches. Formal verification techniques have been applied to guarantee the correctness of network configurations, thereby improving network reliability. This work addresses verification of distributed network control planes, with two distinct contributions to improve the scalability of formal verification. Our first contribution is a hierarchy of abstractions of varying precision which introduce nondeterminism into the route selection procedure that routers use to select the best available route. We prove the soundness of these abstractions and show their benefits. Our second contribution is a novel SMT encoding which uses symbolic graphs to encode all possible stable routing trees that are compliant with the given network control plane configurations. We have implemented our abstractions and SMT encodings in a prototype tool called ACORN. Our evaluations show that our abstractions can provide significant relative speedups (up to 323x) in performance, and ACORN can scale up to ≈37,000 routers (organized in FatTree topologies, with synthesized shortest-path routing and valley-free policies) for verifying reachability. This far exceeds the performance of existing tools for control plane verification.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/12/2022

Kirigami, the Verifiable Art of Network Cutting

We introduce a modular verification approach to network control plane ve...
research
06/05/2019

Tiramisu: Fast and General Network Verification

Today's distributed network control planes support multiple routing prot...
research
05/22/2020

Carbide: Highly Reliable Networks Through Real-Time Multiple Control Plane Composition

Achieving highly reliable networks is essential for network operators to...
research
12/05/2017

Counter Simulations via Higher Order Quantifier Elimination: a preliminary report

Quite often, verification tasks for distributed systems are accomplished...
research
06/22/2018

Control Plane Compression

We develop an algorithm capable of compressing large networks into a sma...
research
04/21/2022

Modular Control Plane Verification via Temporal Invariants

Satisfiability Modulo Theory (SMT)-based tools for network control plane...
research
01/21/2020

Performance-Driven Internet Path Selection

Internet routing can often be sub-optimal, with the chosen routes provid...

Please sign up or login with your details

Forgot password? Click here to reset