Relational Network Verification
Authors: 
Xieyang Xu, Yifei Yuan, Zachary Kincaid, Arvind Krishnamurthy, Ratul Mahajan, David Walker, Ennan ZhaiAuthors Info & Claims
Pages 213 - 227
Abstract
Relational network verification is a new approach for validating network changes. In contrast to traditional network verification, which analyzes specifications for a single network snapshot, it analyzes specifications that capture similarities and differences between two network snapshots (e.g., pre- and post-change snapshots). Relational specifications are compact and precise because they focus on the flows and paths that change between snapshots and then simply mandate that all other network behaviors "stay the same", without enumerating them. To achieve similar guarantees, single-snapshot specifications would need to enumerate all flow and path behaviors that are not expected to change in order to enable checking that nothing has accidentally changed. Such specifications are proportional to network size, which makes them impractical to generate for many real-world networks.
We demonstrate the value of relational reasoning by developing Rela, a high-level relational specification language and verification tool for network changes. Rela compiles input specifications and network snapshot representations to finite state automata, and it then verifies compliance by checking automaton equivalence. Our experiments using data from a global backbone with over 103 routers find that Rela specifications need fewer than 10 terms for 93% of the complex, high-risk changes. Rela validates 80% of the changes within 20 minutes.
References
[1]
Anubhavnidhi Abhashkumar, Aaron Gember-Jacobson, and Aditya Akella. 2020. Tiramisu: Fast Multilayer Network Verification. In Proceedings of NSDI 20. USENIX Association, 201--219.
[2]
Cyril Allauzen, Michael Riley, Johan Schalkwyk, Wojciech Skut, and Mehryar Mohri. 2007. OpenFst: A General and Efficient Weighted Finite-State Transducer Library: (Extended Abstract of an Invited Talk). In Implementation and Application of Automata: 12th International Conference, CIAA 2007, Praque, Czech Republic, July 16--18, 2007, Revised Selected Papers 12. Springer, 11--23.
[3]
Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic Foundations for Networks. In Proceedings of POPL '14. ACM, 113--126.
[4]
Mae Anderson. 2014. Time Warner Cable Says Outages Largely Resolved. http://www.seattletimes.com/business/time-warner-cable-says-outages-largely-resolved. (2014). Retrieved June 23, 2021 from http://www.seattletimes.com/business/time-warner-cable-says-outages-largely-resolved
[5]
John Backes, Sam Bayless, Byron Cook, Catherine Dodge, Andrew Gacek, Alan J Hu, Temesghen Kahsai, Bill Kocik, Evgenii Kotelnikov, Jure Kukovec, et al. 2019. Reachability analysis for AWS-based networks. In International Conference on Computer Aided Verification. Springer, 231--241.
[6]
Gilles Barthe. 2020. An introduction to relational program verification. (2020). Retrieved Feb 2, 2024 from https://software.imdea.org/~gbarthe/__introrelver.pdf
[7]
Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2011. Relational Verification Using Product Programs. In FM 2011: Formal Methods, Michael Butler and Wolfram Schulte (Eds.).
[8]
batfish-differential 2022. Differential Questions. (2022). Retrieved Feb 2, 2024 from https://batfish.readthedocs.io/en/latest/notebooks/differentialQuestions.html
[9]
Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2017. A General Approach to Network Configuration Verification. In Proceedings of SIGCOMM '17. ACM, 155--168.
[10]
Ryan Beckett and Ratul Mahajan. 2020. Capturing the state of research on network verification. (2020). Retrieved Feb 2, 2024 from https://netverify.fun/2-current-state-of-research/
[11]
Anonymized benchmarking data. [n. d.]. ([n. d.]). Retrieved June 8, 2024 from https://github.com/alibaba/rela/tree/main/dataset
[12]
Nick Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In POPL.
[13]
Matt Brown, Ari Fogel, Daniel Halperin, Victor Heorhiadi, Ratul Mahajan, and Todd Millstein. 2023. Lessons from the Evolution of the Batfish Configuration Analysis Tool. In Proceedings of SIGCOMM '23. ACM, 122--135.
[14]
Jia Chen, Jiayi Wei, Yu Feng, Osbert Bastani, and Isil Dillig. 2019. Relational verification using reinforcement learning. In OOPSLA.
[15]
Rela Source Code. 2024. (2024). Retrieved June 3, 2024 from https://github.com/alibaba/rela
[16]
C. C. Elgot and J. E. Mezei. 1965. On relations defined by generalized finite automata. IBM J. Res. Dev. 9, 1 (jan 1965), 47--68.
[17]
Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, and George Varghese. 2016. Efficient Network Reachability Analysis Using a Succinct Control Plane Representation. In Proceedings of (OSDI 16. USENIX Association, 217--232.
[18]
Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. A General Approach to Network Configuration Analysis. In Proceedings of NSDI 15. USENIX Association, 469--483.
[19]
Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In Proceedings of SIGCOMM '16. ACM, 300--313.
[20]
John E. Hopcroft, Rajeev Motwani, and Jeffrey D. Ullman. 2006. Introduction to Automata Theory, Languages, and Computation (3rd Edition). Addison-Wesley Longman Publishing Co., Inc., USA.
[21]
Karthick Jayaraman, Nikolaj Bjørner, Jitu Padhye, Amar Agrawal, Ashish Bhargava, Paul-Andre C Bissonnette, Shane Foster, Andrew Helwer, Mark Kasten, Ivan Lee, Anup Namdhari, Haseeb Niaz, Aniruddha Parkhi, Hanukumar Pinnamraju, Adrian Power, Neha Milind Raje, and Parag Sharma. 2019. Validating Datacenters at Scale. In Proceedings of SIGCOMM '19. ACM, 200--213.
[22]
Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In Proceedings of NSDI 12. USENIX Association, 113--126.
[23]
Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P Brighten Godfrey. 2013. Veriflow: Verifying network-wide invariants in real time. In Proceedings of NSDI 13. USENIX Association, 15--27.
[24]
Krister Lindén, Miikka Silfverberg, and Tommi Pirinen. 2009. Hfst tools for morphology-an efficient open-source package for construction of morphological analyzers. In State of the Art in Computational Morphology: Workshop on Systems and Frameworks for Computational Morphology, SFCM 2009, Zurich, Switzerland, September 4, 2009. Proceedings. Springer, 28--47.
[25]
Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. 2011. Debugging the Data Plane with Anteater. In Proceedings of SIGCOMM '11. ACM, 290--301.
[26]
Santhosh Prabhu, Kuan Yen Chou, Ali Kheradmand, Brighten Godfrey, and Matthew Caesar. 2020. Plankton: Scalable network configuration verification through model checking. In Proceedings of NSDI 20. USENIX Association, 953--967.
[27]
Steve Ragan. 2016. BGP errors are to blame for Monday's Twitter outage, not DDoS attacks. (2016). Retrieved June 23, 2021 from https://www.csoonline.com/article/3138934/security/bgp-errors-are-to-blame-for-monday-s-twitter-outage-not-ddos-attacks.html
[28]
Deon Roberts. 2018. It's been a week and customers are still mad at BB&T. (2018). Retrieved June 23, 2021 from https://www.charlotteobserver.com/news/business/banking/article202616124.html
[29]
Mike Robuck. 2020. Due to a router misconfiguration, Cloudflare suffers short outage on Friday. (2020). Retrieved Feb 23, 2022 from https://www.fiercetelecom.com/telecom/due-to-a-router-misconfiguration-cloudflare-suffers-short-outage-friday
[30]
Yu-Wei Eric Sung, Xiaozheng Tie, Starsky H.Y. Wong, and Hongyi Zeng. 2016. Robotron: Top-down Network Management at Facebook Scale. In Proceedings of SIGCOMM '16. ACM, 426--439.
[31]
Yevgeniy Sverdlik. 2014. Microsoft Says Config Change Caused Azure Outage. (2014). Retrieved Feb 23, 2022 from https://www.datacenterknowledge.com/archives/2014/11/20/microsoft-says-config-change-caused-azure-outage
[32]
Yevgeniy Sverdlik. 2017. United Says IT Outage Resolved, Dozen Flights Canceled Monday. (2017). Retrieved June 23, 2021 from https://www.datacenterknowledge.com/archives/2017/01/23/united-says-it-outage-resolved-dozen-flights-canceled-monday
[33]
Cisco Systems. 2021. Overview of Netflow. (2021). Retrieved Feb 2, 2024 from https://www.cisco.com/c/dam/en/us/td/docs/routers/asr920/configuration/guide/netmgmt/fnf-xe-3e-asr920-book.html
[34]
Ken Thompson. 1968. Programming Techniques: Regular expression search algorithm. Commun. ACM 11, 6 (jun 1968), 419--422.
[35]
Zach Whittaker. 2020. T-Mobile hit by phone calling, text message outage. (2020). Retrieved June 23, 2021 from https://techcrunch.com/2020/06/15/t-mobile-calling-outage/
[36]
Hongkun Yang and Simon S. Lam. 2016. Real-time Verification of Network Properties Using Atomic Predicates. IEEE/ACM Trans. Netw. 24, 2 (April 2016), 887--900.
[37]
Fangdan Ye, Da Yu, Ennan Zhai, Hongqiang Harry Liu, Bingchuan Tian, Qiaobo Ye, Chunsheng Wang, Xin Wu, Tianchen Guo, Cheng Jin, Duncheng She, Qing Ma, Biao Cheng, Hui Xu, Ming Zhang, Zhiliang Wang, and Rodrigo Fonseca. 2020. Accuracy, Scalability, Coverage: A Practical Configuration Verifier on a Global WAN. In Proceedings of SIGCOMM '20. ACM, 599--614.
[38]
Hongyi Zeng, Shidong Zhang, Fei Ye, Vimalkumar Jeyakumar, Mickey Ju, Junda Liu, Nick McKeown, and Amin Vahdat. 2014. Libra: Divide and Conquer to Verify Forwarding Tables in Huge Networks. In Proceedings of NSDI 14. USENIX Association, 87--99.
[39]
Peng Zhang, Aaron Gember-Jacobson, Yueshang Zuo, Yuhao Huang, Xu Liu, and Hao Li. 2022. Differential network analysis. In Proceedings of NSDI 22. USENIX Association, 601--615.
Recommendations
Relational reasoning via SMT solving
FM'11: Proceedings of the 17th international conference on Formal methodsThis paper explores the idea of using a SAT Modulo Theories (SMT) solver for proving properties of relational specifications. The goal is to automatically establish or refute consistency of a set of constraints expressed in a first-order relational ...
Scaling network verification using symmetry and surgery
POPL '16On the surface, large data centers with about 100,000 stations and nearly a million routing rules are complex and hard to verify. However, these networks are highly regular by design; for example they employ fat tree topologies with backup routers ...
Alchemy: transmuting base alloy specifications into implementations
SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineeringAlloy specifications are used to define lightweight models of systems. We present Alchemy, which compiles Alloy specifications into implementations that execute against persistent databases. Alchemy translates a subset of Alloy predicates into ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2024
1033 pages
ISBN:9798400706141
DOI:10.1145/3651890
- Co-chairs:
- Aruna Seneviratne,
- Darryl Veitch,
- Program Co-chairs:
- Vyas Sekar,
- Minlan Yu
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 August 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
ACM SIGCOMM '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 462 of 3,389 submissions, 14%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 388Total Downloads
- Downloads (Last 12 months)388
- Downloads (Last 6 weeks)142
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in