research-article

Public Access

A General Approach to Network Configuration Verification

Authors:

David WalkerAuthors Info & Claims

SIGCOMM '17: Proceedings of the Conference of the ACM Special Interest Group on Data Communication

Pages 155 - 168

https://doi.org/10.1145/3098822.3098834

Published: 07 August 2017 Publication History

Abstract

We present Minesweeper, a tool to verify that a network satisfies a wide range of intended properties such as reachability or isolation among nodes, waypointing, black holes, bounded path length, load-balancing, functional equivalence of two routers, and fault-tolerance. Minesweeper translates network configuration files into a logical formula that captures the stable states to which the network forwarding will converge as a result of interactions between routing protocols such as OSPF, BGP and static routes. It then combines the formula with constraints that describe the intended property. If the combined formula is satisfiable, there exists a stable state of the network in which the property does not hold. Otherwise, no stable state (if any) violates the property. We used Minesweeper to check four properties of 152 real networks from a large cloud provider. We found 120 violations, some of which are potentially serious security vulnerabilities. We also evaluated Minesweeper on synthetic benchmarks, and found that it can verify rich properties for networks with hundreds of routers in under five minutes. This performance is due to a suite of model-slicing and hoisting optimizations that we developed, which reduce runtime by over 460x for large networks.

Supplementary Material

WEBM File (ageneralapproachtonetworkconfigurationverification.webm)

Download
78.32 MB

References

[1]

M. Anderson. Time warner cable says outages largely resolved. http://www.seattletimes.com/business/time-warner-cable-says-outages-largely-resolved, 2014.

[2]

L. Bauer, S. Garriss, and M. K. Reiter. Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Information and System Security, 14(1), 2011.

Digital Library

[3]

R. Beckett. Minesweeper source code. https://batfish.github.io/minesweeper, 2017.

[4]

R. Beckett, R. Mahajan, T. Millstein, J. Padhye, and D. Walker. Don't mind the gap: Bridging network-wide objectives and device-level configurations. In SIGCOMM, 2016.

Digital Library

[5]

News and press | BGPMon. http://www.bgpmon.net/news-and-events/.

[6]

A. Biere, A. Cimatti, E. Clarke, and Y. Zhu. Symbolic model checking without BDDs. In TACAS, 1999.

[7]

E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Programming Languages and Systems, 8(2), 1986.

Digital Library

[8]

L. De Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008.

Digital Library

[9]

L. De Moura and N. Bjørner. Satisfiability modulo theories: Introduction and applications. Commun. ACM, 54(9), 2011.

Digital Library

[10]

A. El-Hassany, P. Tsankov, L. Vanbever, and M. Vechev. Network-wide configuration synthesis. In CAV, 2017.

[11]

S. K. Fayaz, T. Sharma, A. Fogel, R. Mahajan, T. Millstein, V. Sekar, and G. Varghese. Efficient network reachability analysis using a succinct control plane representation. In OSDI, 2016.

Digital Library

[12]

N. Feamster and H. Balakrishnan. Detecting BGP configuration faults with static analysis. In NSDI, 2005.

Digital Library

[13]

A. Fogel, S. Fung, L. Pedrosa, M. Walraed-Sullivan, R. Govindan, R. Mahajan, and T. Millstein. A general approach to network configuration analysis. In NSDI, 2015.

Digital Library

[14]

A. Gember-Jacobson, R. Viswanathan, A. Akella, and R. Mahajan. Fast control plane analysis using an abstract representation. In SIGCOMM, 2016.

Digital Library

[15]

A. Gember-Jacobson, W. Wu, X. Li, A. Akella, and R. Mahajan. Management plane analytics. In Internet Measurement Conference (IMC), 2015.

Digital Library

[16]

T. G. Griffin, F. B. Shepherd, and G. Wilfong. The stable paths problem and interdomain routing. IEEE/ACM Trans. Networking, 10(2), 2002.

Digital Library

[17]

A. Horn, A. Kheradmand, and M. Prasad. Delta-net: Real-time network verification using atoms. In NSDI, 2017.

Digital Library

[18]

P. Kazemian, G. Varghese, and N. McKeown. Header space analysis: Static checking for networks. In NSDI, 2012.

Digital Library

[19]

A. Khurshid, X. Zou, W. Zhou, M. Caesar, and P. B. Godfrey. Veriflow: Verifying network-wide invariants in real time. In NSDI, 2013.

Digital Library

[20]

D. Kline. Network downtime results in job, revenue loss. http://www.avaya.com/en/about-avaya/newsroom/news-releases/2014/pr-140305/, 2014.

[21]

N. P. Lopes, N. Bjørner, P. Godefroid, K. Jayaraman, and G. Varghese. Checking beliefs in dynamic networks. In NSDI, 2015.

Digital Library

[22]

H. Mai, A. Khurshid, R. Agarwal, M. Caesar, P. B. Godfrey, and S. T. King. Debugging the data plane with anteater. In SIGCOMM, 2011.

Digital Library

[23]

S. Malik and L. Zhang. Boolean satisfiability from theoretical hardness to practical success. Commun. ACM, 52(8), 2009.

Digital Library

[24]

S. Narain, G. Levin, S. Malik, and V. Kaul. Declarative infrastructure configuration synthesis and debugging. Journal of Network Systems Management, 16(3), 2008.

Digital Library

[25]

S. Narain, R. Talpade, and G. Levin. Guide to Reliable Internet Services and Applications, chapter Network Configuration Validation. Springer, 2010.

[26]

J. Networks. As the value of enterprise networks escalates, so does the need for configuration management. https://www-935.ibm.com/services/au/gts/pdf/200249.pdf, 2008.

[27]

G. D. Plotkin, N. Bjørner, N. P. Lopes, A. Rybalchenko, and G. Varghese. Scaling network verification using symmetry and surgery. In POPL, 2016.

Digital Library

[28]

B. Quoitin and S. Uhlig. Modeling the routing of an autonomous system with C-BGP. IEEE Network, 19(6), 2005.

Digital Library

[29]

S. Sharwood. Google cloud wobbles as workers patch wrong routers. http://www.theregister.co.uk/2016/03/01/google_cloud_wobbles_as_workers_patch_wrong_routers/, 2016.

[30]

A. P. Sistla and E. M. Clarke. The complexity of propositional linear temporal logics. J. ACM, 32(3), 1985.

Digital Library

[31]

R. Stoenescu, M. Popovici, L. Negreanu, and C. Raiciu. Symnet: Scalable symbolic execution for modern networks. In SIGCOMM, 2016.

Digital Library

[32]

Y. Sverdlik. Microsoft: misconfigured network device led to azure outage. http://www.datacenterdynamics.com/content-tracks/servers-storage/microsoft-misconfigured-network-device-led-to-azure-outage/68312.fullarticle, 2012.

[33]

A. Wang, L. Jia, W. Zhou, Y. Ren, B. T. Loo, J. Rexford, V. Nigam, A. Scedrov, and C. L. Talcott. FSR: Formal analysis and implementation toolkit for safe inter-domain routing. IEEE/ACM Trans. Networking, 20(6), 2012.

Digital Library

[34]

K. Weitz, D. Woos, E. Torlak, M. D. Ernst, A. Krishnamurthy, and Z. Tatlock. Formal semantics and automated verification for the border gateway protocol. In NetPL, 2016.

[35]

S. Zhang and S. Malik. SAT based verification of network data planes. In Automated Technology for Verification and Analysis (ATVA), 2013.

Cited By

Liu BLim GBeckett RGodfrey PBagchi SZhang Y(2024)KiviProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692024(509-527)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692024
Pereira FRamos FPedrosa LVanbever LZhang I(2024)Automatic parallelization of software network functionsProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691910(1531-1550)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691910
Li RYe FYuan YYang RTian BGuo TWu HZhu XGuan ZMa QZeng XXu CCai DZhai EVanbever LZhang I(2024)Reasoning about network traffic load property at production scaleProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691884(1063-1081)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691884
Show More Cited By

Index Terms

A General Approach to Network Configuration Verification
1. Networks
  1. Network properties
    1. Network reliability

Recommendations

Incremental Network Configuration Verification
HotNets '20: Proceedings of the 19th ACM Workshop on Hot Topics in Networks

Network configurations are constantly changing, and each change poses a risk of catastrophic network outages. Consequently, the networking community has put significant effort into developing and optimizing configuration verifiers. However, we observe ...
Toward Privacy-Preserving Interdomain Configuration Verification via Multi-Party Computation
APNet '23: Proceedings of the 7th Asia-Pacific Workshop on Networking

Interdomain network configuration errors can lead to disastrous financial and social consequences. Although substantial progress has been made in using formal methods to verify whether network configurations conform to certain properties, current tools ...
ProbNV: probabilistic verification of network control planes

ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '17: Proceedings of the Conference of the ACM Special Interest Group on Data Communication

August 2017

515 pages

ISBN:9781450346535

DOI:10.1145/3098822

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 August 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

SIGCOMM '17

Sponsor:

SIGCOMM

SIGCOMM '17: ACM SIGCOMM 2017 Conference

August 21 - 25, 2017

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

168
Total Citations
View Citations
4,416
Total Downloads

Downloads (Last 12 months)832
Downloads (Last 6 weeks)94

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu BLim GBeckett RGodfrey PBagchi SZhang Y(2024)KiviProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692024(509-527)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692024
Pereira FRamos FPedrosa LVanbever LZhang I(2024)Automatic parallelization of software network functionsProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691910(1531-1550)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691910
Li RYe FYuan YYang RTian BGuo TWu HZhu XGuan ZMa QZeng XXu CCai DZhai EVanbever LZhang I(2024)Reasoning about network traffic load property at production scaleProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691884(1063-1081)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691884
Singha RMondal RBeckett RKakarla SMillstein TVarghese GVanbever LZhang I(2024)MESSIProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691881(1009-1023)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691881
Zhao CGuo YWang JQi QZhuang ZSun HGuo LXie YLiao JVanbever LZhang I(2024)EPVerifierProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691879(979-992)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691879
Zhao YYang BTeng FNiu XHu NTian B(2024)A Review of Intelligent Configuration and Its Security for Complex NetworksChinese Journal of Electronics10.23919/cje.2023.00.00133:4(920-947)Online publication date: Jul-2024
https://doi.org/10.23919/cje.2023.00.001
Dozier KBeltran JBerg KMatousek HSalamatian LKatz-Bassett ERubenstein D(2024)Toward Applying Quantum Computing to Network VerificationProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696891(221-228)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696891
Nazari AZhang YRaghothaman MChen H(2024)Localized Explanations for Automatically Synthesized Network ConfigurationsProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696888(52-59)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696888
Karimi PPirelli SKakarla SBeckett RSegarra SLi BNamyar PArzani B(2024)Towards Safer Heuristics With XPlainProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696884(68-76)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696884
Qiu YKon PBeckett RChen AWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)Unearthing Semantic Checks for Cloud Infrastructure-as-Code ProgramsProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695974(574-589)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695974
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten