Verifiable Policy-Defined Networking Using Metagraphs

Reliable network-policy specification requires abstractions that can naturally model policies together with rigorous formal foundations to reason about these policies. Current specifications satisfy one of these requirements or the other, but not both. A Metagraph is a generalized graph-theoretic structure that overcomes this limitation. They are a natural way of expressing high-level end-to-end network policies. The rich formal foundations provided by metagraph algebra help analyze important network-policy properties such as reachability, redundancy and consistency. These features make metagraphs a clear choice for modeling and reasoning about policies in Formally-Verifiable Policy-Defined Networking (FV-PDN): a network-programming paradigm which has verifiability built-in. In this article, we demonstrate the use of metagraphs in policy specification by modeling and analyzing real policies from a large university network. We show their benefit in FV-PDN by developing a prototype solution which automatically refines metagraph-based high-level policies to device configurations and deploys them to an SDN-based emulated network.