research-article

NEAt: Network Error Auto-Correct

Authors:

Matthew CaesarAuthors Info & Claims

SOSR '17: Proceedings of the Symposium on SDN Research

Pages 157 - 163

https://doi.org/10.1145/3050220.3050238

Published: 03 April 2017 Publication History

Abstract

Configuring and maintaining an enterprise network is a challenging and error-prone process. Administrators must often consider security policies from a variety of sources simultaneously, including regulatory requirements, industry standards, and to mitigate attack vectors. Erroneous implementation of a policy, however, can result in costly data breaches and intrusions. Relying on humans to discover and troubleshoot violations is slow and prone to error, considering the speed at which new attack vectors propagate and the increasing network dynamics, partly an effect of SDN. To ensure the network is always in a state consistent with the desired policies, administrators need frameworks to automatically diagnose and repair violations in real-time.

To address this problem, we present NEAt, a system analogous to a smartphone's autocorrect feature that enables on-the-fly repair to policy-violating updates. NEAt modifies the forwarding behavior of updates to automatically repair violations of properties such as reachability, service chaining, and segmentation. NEAt sits between an SDN controller and the forwarding devices, and intercepts updates proposed by SDN applications. If an update violates the policy defined by an administrator, such as reachability or segmentation, NEAt transforms the update into one that complies with the policy. Unlike domain-specific languages or synthesis platforms, NEAt allows enterprise networks to leverage the advanced functionality of SDN applications while simultaneously achieving strong, automated enforcement of general policies.

References

[1]

http://www.infosecurity-magazine.com/opinions/toerr-is-human-to-automate-divine/.

[2]

http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/.

[3]

Gurobi optimization. http://www.gurobi.com/.

[4]

Network virtualization for cloud data centers. http://tinyurl.com/c9jbkuu.

[5]

T. Benson, A. Anand, A. Akella, and M. Zhang. Microte: Fine grained traffic engineering for data centers. In Proceedings of the Seventh Conference on Emerging Networking Experiments and Technologies-periments and Technologiesnference on emerging Networking EXperiments and Technologies (CoNEXT), page 8. ACM, 2011.

Digital Library

[6]

B. Raghavan, M. Casado, T. Koponen, S. Ratnasamy, and a. S. S. A. Ghodsi. Software-defined Internet architecture: Decoupling architecture from infrastructure. In HotNets, 2012.

Digital Library

[7]

N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J. Rexford, A. Story, and D. Walker. Frenetic: A network programming language. In ICFP, 2011.

Digital Library

[8]

B. Heller, S. Seetharaman, P. Mahadevan, Y. Yiakoumis, P. Sharma, S. Banerjee, and N. McKeown. ElasticTree: Saving energy in data center networks. In NSDI, 2010.

Digital Library

[9]

H. Hojjat, P. Reummer, J. McClurgh, P. Cerny, and N. Foster. Optimizing horn solvers for network repair. In FMCAD, 2016.

[10]

C.-Y. Hong, S. Kandula, R. Mahajan, M. Zhang, V. Gill, M. Nanduri, and R. Wattenhofer. Achieving high utilization with software-driven wan. In SIGCOMM, 2013.

Digital Library

[11]

S. Jain, A. Kumar, S. Mandal, J. Ong, L. Poutievski, A. Singh, S. Venkata, J. Wanderer, J. Zhou, M. Zhu, J. Zolla, U. HoÌĹlzle, S. Stuart, and A. Vahdat. B4: Experience with a globally-deployed software defined wan. In SIGCOMM, 2013.

Digital Library

[12]

X. Jin, R. Mahajan, H. H. Liu, R. Gandhi, S. Kandula, M. Zhang, J. Rexford, and R. Wattenhofer. Dynamic scheduling of network updates. In SIGCOMM, 2014.

Digital Library

[13]

A. Khurshid, X. Zou, W. Zhou, M. Caesar, and P. B. Godfrey. VeriFlow: Verifying network-wide invariants in real time. In NSDI, 2013.

Digital Library

[14]

M. Casado, T. Koponen, S. Shenker, and A. Tootoonchian. Fabric: A retrospective on evolving sdn. In HotSDN, 2012.

Digital Library

[15]

T. Nelson, C. Barratt, D. J. Dougherty, K. Fisler, and S. Krishnamurthi. The margrave tool for firewall analysis. In LISA, 2010.

Digital Library

[16]

C. Prakash, J. Lee, Y. Turner, J.-M. Kang, A. Akella, S. Banerjee, C. Clark, Y. Ma, P. Sharma, and Y. Zhang. PGA: Using graphs to express and automatically reconcile network policies. In SIGCOMM, 2015.

Digital Library

[17]

J. Reich, C. Monsanto, N. Foster, J. Rexford, and D. Walker. Modular sdn programming with pyretic. In USENIX;login, 38(5), pages 40--47, October 2013.

[18]

M. Reitblatt, M. Canini, A. Guha, and N. Foster. Fattire: Declarative fault tolerance for software-defined networks. In HotSDN, 2013.

Digital Library

[19]

S. Saha, S. Prabhu, and P. Madhusudan. NetGen: Synthesizing data-plane configurations for network policies. In SOSR, 2015.

Digital Library

[20]

R. Soule, S. Basu, P. J. Marandi, F. Pedone, R. Kleinberg, E. G. Sirer, and N. Foster. Merlin: A language for provisioning network resources. In CoNEXT, 2014.

Digital Library

[21]

A. Voellmy, J. Wang, Y. R. Yang, B. Ford, and P. Hudak. Maple: Simplifying sdn programming using algorithmic policies. In SIGCOMM, 2013.

Digital Library

[22]

W. Zhou, D. Jin, J. Croft, M. Caesar, and P. B. Godfrey. Enforcing customizable consistency properties in software-defined networks. In NSDI, 2015.

Digital Library

Cited By

Yu YLi XLeng XSong LBu KChen YYang JZhang LCheng KXiao X(2019)Fault Management in Software-Defined Networking: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2018.286892221:1(349-392)Online publication date: Sep-2020
https://doi.org/10.1109/COMST.2018.2868922
Woodward JMcFadden ZShiver NBen-hayon AYip JAnthony LMandryk RHancock MPerry MCox A(2018)Using Co-Design to Examine How Children Conceptualize Intelligent InterfacesProceedings of the 2018 CHI Conference on Human Factors in Computing Systems10.1145/3173574.3174149(1-14)Online publication date: 21-Apr-2018
https://dl.acm.org/doi/10.1145/3173574.3174149
Fan ZWu HXu JTang Y(2017)An optimization algorithm for spatial information network self-healing based on software defined network2017 12th International Conference on Computer Science and Education (ICCSE)10.1109/ICCSE.2017.8085519(369-374)Online publication date: Aug-2017
https://doi.org/10.1109/ICCSE.2017.8085519

NEAt: Network Error Auto-Correct
1. Networks
  1. Network services

Recommendations

Automatically correcting networks with NEAt
NSDI'18: Proceedings of the 15th USENIX Conference on Networked Systems Design and Implementation

Configuring and maintaining an enterprise network is a challenging and error-prone process. Administrators often need to consider security policies from a variety of sources such as regulatory requirements, industry standards, and mitigating attack ...
LPM: Layered Policy Management for Software-Defined Networks
DBSec 2014: Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 8566

Software-Defined Networking SDN as an emerging paradigm in networking divides the network architecture into three distinct layers such as application, control, and data layers. The multi-layered network architecture in SDN tremendously helps manage and ...
SDN replaced deployment and real-time QoS provisioning based on network models

From industrial communications to real-time internet applications, end-to-end delay guarantee is one of the most important aspects of quality of service (QoS). As a new networking paradigm, software-defined networking (SDN) exposes an opportunity to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SOSR '17: Proceedings of the Symposium on SDN Research

April 2017

211 pages

ISBN:9781450349475

DOI:10.1145/3050220

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication
ONS: Open Networking Summit

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SOSR '17

Sponsor:

SIGCOMM
ONS

SOSR '17: Symposium on SDN Research

April 3 - 4, 2017

CA, Santa Clara, USA

Acceptance Rates

Overall Acceptance Rate 7 of 43 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
139
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yu YLi XLeng XSong LBu KChen YYang JZhang LCheng KXiao X(2019)Fault Management in Software-Defined Networking: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2018.286892221:1(349-392)Online publication date: Sep-2020
https://doi.org/10.1109/COMST.2018.2868922
Woodward JMcFadden ZShiver NBen-hayon AYip JAnthony LMandryk RHancock MPerry MCox A(2018)Using Co-Design to Examine How Children Conceptualize Intelligent InterfacesProceedings of the 2018 CHI Conference on Human Factors in Computing Systems10.1145/3173574.3174149(1-14)Online publication date: 21-Apr-2018
https://dl.acm.org/doi/10.1145/3173574.3174149
Fan ZWu HXu JTang Y(2017)An optimization algorithm for spatial information network self-healing based on software defined network2017 12th International Conference on Computer Science and Education (ICCSE)10.1109/ICCSE.2017.8085519(369-374)Online publication date: Aug-2017
https://doi.org/10.1109/ICCSE.2017.8085519

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents