Formal Checkings in Networks

29
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown

Transcript of Formal Checkings in Networks

Page 1: Formal Checkings in Networks

Formal checkings in networks

James Hongyi Zengwith Peyman Kazemian,

George Varghese, Nick McKeown

Page 2: Formal Checkings in Networks

Software Defined Network (SDN)

Global Network View

Network Virtualization

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

Abstract Network View

ControlPrograms

ControlPrograms

ControlPrograms

PacketForwarding

Network OS

1. <Match, Action>2. <Match, Action>3. <Match, Action>4. <Match, Action>5. <Match, Action> 6. …7. …

1 2

31. <Match,

Action>2. <Match,

Action>3. <Match,

Action>4. <Match,

Action>5. <Match,

Action> 6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

Page 3: Formal Checkings in Networks

“S” for Software

1.Static Checking (“compile time”)“Is my configuration correct?”

2.Dynamic checking (“run time”)“Is my data plane behaving correctly?”

Policy/Control SW

Configuration

Data plane

Page 4: Formal Checkings in Networks

With SDN we will:1.Formally verify that our networks are behaving correctly.

2.Identify faults, then systematically track down their root cause.

Page 5: Formal Checkings in Networks

1. Static checkingIs my configuration correct?

Page 6: Formal Checkings in Networks

MotivationsIn today’s networks, simple questions are hard to answer:

– Can host A talk to host B?– What are all the packet headers from A that can reach B?

– Are there any loops in the network?

– Is Group X provably isolated from Group Y?

– What happens if I remove a line in the config file?

Page 7: Formal Checkings in Networks

Software Defined Network (SDN)

Global Network View

Network Virtualization

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

Abstract Network View

ControlPrograms

ControlPrograms

ControlPrograms

PacketForwarding

Network OS1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

Static Checker1. <Match,

Action>2. <Match,

Action>3. <Match,

Action>4. <Match,

Action>5. <Match,

Action> 6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

“A can talk to B”

“Guests can’t reach

PatientRecords”

Policy

Page 8: Formal Checkings in Networks

How it worksHeader Space Analysis

Page 9: Formal Checkings in Networks

Header Space Analysis

1 2 3 4

1

23

4

Port ID

A B

Page 10: Formal Checkings in Networks

Header Space Analysis

1 2 3 4

1

23

4

Port ID

A B

Page 11: Formal Checkings in Networks

Can A talk to B?

1 2 3 4

1

23

4

Port ID

A B

Page 12: Formal Checkings in Networks

Header Space AnalysisConsequences1. Finds all packets from A that can

reach B2. Find loops, regardless of

protocol or layer3. Can prove that two groups are

isolated4. Protocol Independent

Proves if network adheres to policyWorks on existing networks and SDNs

Page 13: Formal Checkings in Networks

Stanford Backbone1) DST IP: 172.26.66.96/28,

VLAN: 330

2) DST IP: 171.64.2.128/27, VLAN: 206

3) DST IP: 172.20.10.64/27, VLAN: 10

4) DST IP: 172.24.2.128/27, VLAN: 206

5) DST IP: 172.26.4.80/29, VLAN: 206

6) DST IP: 172.26.4.88/29, VLAN: 208

7) IP Protocol: TCP DST IP: 171.64.2.24 SRC IP: 172.28.148.27 VLAN: 206...40) IP Protocol: UDP UDP DST Port: 514

750,000 IP forwarding rules.1,500 ACL rules.100 VLANs.

B

A

Page 14: Formal Checkings in Networks

ToolHassel1. Reads Cisco IOS Configuration 2. Checks reachability, loops and

isolation3. 10 mins for Stanford Backbone to

check loops4. Easily made parallel: 1 sec is

feasible

Hassel is available for free, for you to runhttps://bitbucket.org/peymank/hassel-public/

https://bitbucket.org/peymank/hassel-public/
https://bitbucket.org/peymank/hassel-public/
Page 15: Formal Checkings in Networks

2. Dynamic CheckingIs my data plane behaving correctly?

Page 16: Formal Checkings in Networks

MotivationsConfigurations might correctly reflect the policy, but…hardware might not follow configurations

1. Hardware errors (e.g. memory or ASIC errors)2. Link failure3. Congestion4. Table overflow5. Intermittent problems

Such errors cannot be detected by static checking.

Need a independent checker to test the data plane

Page 17: Formal Checkings in Networks

Software Defined Network (SDN)

Global Network View

Network Virtualization

PacketForwarding

PacketForwarding

PacketForwarding

Abstract Network View

ControlPrograms

ControlPrograms

ControlPrograms

PacketForwarding

Network OS

A BPacket

Forwarding

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

1. <Match, Action>

2. <Match, Action>

3. <Match, Action>

4. <Match, Action>

5. <Match, Action>

6. …7. …

Page 18: Formal Checkings in Networks

Testing the network1.Monitor the network by sending test

packets2.Locate the faults with test results

Not a new idea…– Network admins already use ping/traceroute to test the network•Ad-hoc test case generation•Coarse granularity / Low coverage•Lacks fault localization

Page 19: Formal Checkings in Networks

1. Test every rule in every table? 2. Isolate any fault?

What is the minimum number of test packets to

Page 20: Formal Checkings in Networks

Test Packets

Page 21: Formal Checkings in Networks

Fault Localization

Page 22: Formal Checkings in Networks

How it worksAutomatic Test Packet Generation

Page 23: Formal Checkings in Networks

Automatic Test Packet Generation

Test Packets

A B

Page 24: Formal Checkings in Networks

How many packets needed?

Stanford Backbone– 16 routers– 4,000 packets (vs. 750,000 rules)

Internet2– 9 routers– 30,000 packets (vs. 100,000 IPv4 rules)

Testing 10x per second, requires <1% of link-rate

Page 25: Formal Checkings in Networks

Fault Localization• Given: a set of pass/fail results

• Output: the minimum set of (potential) faulty rules

Demo

Page 26: Formal Checkings in Networks

What’s next•Automatic performance testing

ExampleApplication mapped to a congested router

queueAutomatic Test Packet Generation will– Identify the queue– Determine which headers (applications)

incur poor performance

Page 27: Formal Checkings in Networks

“S” for software

1.Static Checking (“compile time”)“Is my configuration correct?”

2.Dynamic checking (“run time”)“Is my data plane behaving correctly?”

Policy/Control SW

Configuration

Data plane

Page 28: Formal Checkings in Networks

With SDN we will:1.Formally verify that our networks are behaving correctly.

2.Identify faults, then systematically track down their root cause.

Page 29: Formal Checkings in Networks

Will you?


Informal and Formal Organization in New Institutional Economics

Informal and Formal Organization in New Institutional Economics

Effectiveness LIDERANÇA FORMAL

Effectiveness LIDERANÇA FORMAL

Informal Exchange Networks in Formal Systems: A Theoretical Model

Informal Exchange Networks in Formal Systems: A Theoretical Model

Learning in later life: Participation in formal, non-formal and informal activities in a nationally representative Spanish sample

Learning in later life: Participation in formal, non-formal and informal activities in a nationally representative Spanish sample

Guidelines for Formal Domain Modeling in Event-B

Guidelines for Formal Domain Modeling in Event-B

Electronics prototypes in development of formal thoughts ...

Electronics prototypes in development of formal thoughts ...

Incorporating Animation in Stepwise Development of Formal Specification

Incorporating Animation in Stepwise Development of Formal Specification

Formal and Informal Regionalism

Formal and Informal Regionalism

Gender Pay Gap in the Formal Sector: 2006 – 2013

Gender Pay Gap in the Formal Sector: 2006 – 2013

From formal logic to formal ontology: The new dual paradigm ...

From formal logic to formal ontology: The new dual paradigm ...

Comparing formal theories of context in AI

Comparing formal theories of context in AI

Formal Verification of Arithmetic Masking in Hardware and ...

Formal Verification of Arithmetic Masking in Hardware and ...

Formal Analysis of Key Integrity in PKCS#11

Formal Analysis of Key Integrity in PKCS#11

Serious Games in Formal Education: Discussing Some Critical Aspects

Serious Games in Formal Education: Discussing Some Critical Aspects

Formal and Informal Social Protection in Africa

Formal and Informal Social Protection in Africa

Non-Formal Education - Coe

Non-Formal Education - Coe

Formal problems in semitic phonology and morphology - MPG ...

Formal problems in semitic phonology and morphology - MPG ...

Q164/2022 - FORMAL QUOTATIONS

Q164/2022 - FORMAL QUOTATIONS

Integrating European Citizenship in Non-Formal Education

Integrating European Citizenship in Non-Formal Education

Educacion ambiental formal y no formal

Educacion ambiental formal y no formal