research-article

NV: an intermediate language for verification of network control planes

Authors:

Nick Giannarakis,

David WalkerAuthors Info & Claims

PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 958 - 973

https://doi.org/10.1145/3385412.3386019

Published: 11 June 2020 Publication History

Abstract

Network misconfiguration has caused a raft of high-profile outages over the past decade, spurring researchers to develop a variety of network analysis and verification tools. Unfortunately, developing and maintaining such tools is an enormous challenge due to the complexity of network configuration languages. Inspired by work on intermediate languages for verification such as Boogie and Why3, we develop NV, an intermediate language for verification of network control planes. NV carefully walks the line between expressiveness and tractability, making it possible to build models for a practical subset of real protocols and their configurations, and also facilitate rapid development of tools that outperform state-of-the-art simulators (seconds vs minutes) and verifiers (often 10x faster). Furthermore, we show that it is possible to develop novel analyses just by writing new NV programs. In particular, we implement a new fault-tolerance analysis that scales to far larger networks than existing tools.

References

[1]

Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. 2008.

[2]

A Scalable, Commodity Data Center Network Architecture. In SIGCOMM.

[3]

Luca de Alfaro, Marta Z. Kwiatkowska, Gethin Norman, David Parker, and Roberto Segala. 2000. Symbolic Model Checking of Probabilistic Processes Using MTBDDs and the Kronecker Representation. In Proceedings of the 6th International Conference on Tools and Algorithms for Construction and Analysis of Systems: Held As Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000 (TACAS ’00). 395–410.

[4]

Kalev Alpernas, Roman Manevich, Aurojit Panda, Mooly Sagiv, Scott Shenker, Sharon Shoham, and Yaron Velner. 2018.

[5]

Abstract Interpretation of Stateful Networks. In International Symposium on Static Analysis (Lecture Notes in Computer Science), Andreas Podelski (Ed.), Vol. 11002. Springer, 86–106.

[6]

Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic Foundations for Networks. In POPL.

[7]

Mina Arashloo, Yaron Koral, Michael Greenberg, Jennifer Rexford, and David Walker. 2016. SNAP: Stateful Network-Wide Abstractions for Packet Processing. In ACM SIGCOMM.

Digital Library

[8]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2017.

[9]

A General Approach to Network Configuration Verification. In SIGCOMM.

[10]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2018.

[11]

Control Plane Compression (SIGCOMM ’18). 476–489.

[12]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2020.

[13]

Abstract interpretation of distributed network control planes. In Proceedings of the ACM on Programming Languages, Vol. 4. Article 42.

[14]

Ryan Beckett, Ratul Mahajan, Todd Millstein, Jitendra Padhye, and David Walker. 2016.

[15]

Don’T Mind the Gap: Bridging Network-wide Objectives and Device-level Configurations. In SIGCOMM.

[16]

Cisco. 2019.

[17]

Cisco IOS Master Command List, All Releases. https: //www.cisco.com/c/en/us/td/docs/ios-xml/ios/mcl/allreleasemcl/allbook.html.

[18]

Edmund M Clarke, Masahiro Fujita, and Xudong Zhao. 1996. Multiterminal binary decision diagrams and hybrid decision diagrams. In Representations of discrete functions. Springer, 93–108.

[19]

Matthew L. Daggitt, Alexander J. T. Gurney, and Timothy G. Griffin. 2018. Asynchronous Convergence of Policy-rich Distributed Bellmanford Routing Protocols. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 103–116.

[20]

Ahmed El-Hassany, Petar Tsankov, Laurent Vanbever, and Martin Vechev. 2018. NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion. In USENIX NSDI’18. Renton, WA, USA.

[21]

Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, and George Varghese. 2016. Efficient Network Reachability Analysis using a Succinct Control Plane Representation. In OSDI.

[22]

Nick Feamster and Hari Balakrishnan. 2005. Detecting BGP Configuration Faults with Static Analysis. In NSDI.

[23]

Jean-Christophe Filliâtre. 2003. Why: a multi-language multi-prover verification tool. (2003).

[24]

Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. A General Approach to Network Configuration Analysis. In NSDI.

[25]

Nate Foster, Dexter Kozen, Konstantinos Mamouras, Mark Reitblatt, and Alexandra Silva. 2016. Probabilistic netkat. In European Symposium on Programming. Springer, 282–309.

Digital Library

[26]

Timon Gehr, Sasa Misailovic, Petar Tsankov, Laurent Vanbever, Pascal Wiesmann, and Martin Vechev. 2018. Bayonet: probabilistic inference for networks. ACM SIGPLAN Notices 53, 4 (2018), 586–602.

Digital Library

[27]

Aaron Gember-Jacobson, Aditya Akella, Ratul Mahajan, and Hongqiang Harry Liu. 2017.

[28]

Automatically repairing network control planes using an abstract representation. In Proceedings of the 26th Symposium on Operating Systems Principles. ACM, 359–373.

[29]

Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In SIGCOMM.

[30]

Nick Giannarakis, Ryan Beckett, Ratul Mahajan, and David Walker. 2019.

[31]

Efficient verification of network fault tolerance via counterexample-guided refinement. In International Conference on Computer Aided Verification. Springer, 305–323.

[32]

Joanne Godfrey. 2016.

[33]

The Summer of Network Misconfigurations. https://blog.algosec.com/2016/08/business-outages-causedmisconfigurations-headline-news-summer.html.

[34]

Timothy G. Griffin, F. Bruce Shepherd, and Gordon Wilfong. 2002.

[35]

The Stable Paths Problem and Interdomain Routing. IEEE/ACM Trans. Networking 10, 2 (2002).

[36]

Timothy G. Griffin and Joäo Luís Sobrinho. 2005.

[37]

Metarouting. In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM ’05). 1–12.

[38]

Peyman Kazemian, George Varghese, and Nick McKeown. 2012.

[39]

Header Space Analysis: Static Checking for Networks. In NSDI.

[40]

Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. 2013. VeriFlow: Verifying Network-Wide Invariants in Real Time. In NSDI.

[41]

Simon Knight, Hung X Nguyen, Nickolas Falkner, Rhys Bowden, and Matthew Roughan. 2011. The internet topology zoo. IEEE Journal on Selected Areas in Communications 29, 9 (2011), 1765–1775.

[42]

P. Lapukhov, A. Premji, and J. Mitchell. 2015. Use of BGP for routing in large-scale data centers. Internet draft.

[43]

K Rustan M Leino. 2008. This is boogie 2. manuscript KRML 178, 131 (2008), 9.

[44]

Nuno P. Lopes, Nikolaj Bjørner, Patrice Godefroid, Karthick Jayaraman, and George Varghese. 2015. Checking Beliefs in Dynamic Networks. In NSDI.

[45]

Nuno P Lopes and Andrey Rybalchenko. 2019. Fast BGP Simulation of Large Datacenters. In International Conference on Verification, Model Checking, and Abstract Interpretation. Springer, 386–408.

[46]

Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. 2011. Debugging the Data Plane with Anteater. In SIGCOMM.

[47]

Hugo Martin and Samantha Masunaga. 2015.

[48]

United Airlines blames grounding of hundreds of flights on computer glitch. https://www.latimes.com/business/la-fi-united-flights-grounded- 20150708-story.html.

[49]

Kieren McCarthy. 2019.

[50]

BGP super-blunder: How Verizon today sparked a ’cascading catastrophic failure’ that knackered Cloudflare, Amazon, etc. https://www.theregister.co.uk/2019/06/24/verizon_bgp_ misconfiguration_cloudflare/.

[51]

Jedidiah McClurg, Hossein Hojjat, Nate Foster, and Pavol Čern ` y. 2016.

[52]

Event-driven network programming. ACM SIGPLAN Notices 51, 6 (2016), 369–385.

[53]

Ben Mutzabaugh. 2016.

[54]

Unions want Southwest CEO removed after IT outage. https://www.usatoday.com/story/travel/flights/ todayinthesky/2016/08/01/unions-want-southwest-ceo-removedafter-outage/87926582/.

[55]

Option to select BGP path ranking criteria [n.d.]. Option to select BGP path ranking criteria. https://github.com/batfish/batfish/pull/2076.

[56]

Aurojit Panda, Ori Lahav, Katerina J. Argyraki, Mooly Sagiv, and Scott Shenker. 2017. Verifying Reachability in Networks with Mutable Datapaths. In USENIX Symposium on Networked Systems Design and Implementation, Aditya Akella and Jon Howell (Eds.). USENIX Association, 699–718. PLDI ’20, June 15–20, 2020, London, UK Nick Giannarakis, Devon Loehr, Ryan Beckett, and David Walker

[57]

B. Quoitin and S. Uhlig. 2005. Modeling the Routing of an Autonomous System with C-BGP. Netwrk. Mag. of Global Internetwkg. 19, 6 (November 2005), 12–19.

Digital Library

[58]

Simon Sharwood. 2016.

[59]

Google cloud wobbles as workers patch wrong routers. http://www.theregister.co.uk/2016/03/01/google_ cloud_wobbles_as_workers_patch_wrong_routers/.

[60]

Jonathan Shieber. 2019. Facebook blames a server configuration change for yesterday’s outage. https://techcrunch.com/2019/03/14/facebookblames-a-misconfigured-server-for-yesterdays-outage/.

[61]

Stephen F Siegel, Manchun Zheng, Ziqing Luo, Timothy K Zirkel, Andre V Marianiello, John G Edenhofner, Matthew B Dwyer, and Michael S Rogers. 2015. CIVL: the concurrency intermediate verification language. In SC’15: Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis. IEEE, 1–12.

Digital Library

[62]

Steffen Smolka, Praveen Kumar, David M Kahn, Nate Foster, Justin Hsu, Dexter Kozen, and Alexandra Silva. 2019. Scalable verification of probabilistic networks. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 190– 203.

Digital Library

[63]

João Luís Sobrinho. 2005. An Algebraic Theory of Dynamic Network Routing. IEEE/ACM Trans. Netw. 13, 5 (October 2005), 1160–1173.

Digital Library

[64]

Yevgenly Sverdlik. 2012.

[65]

Microsoft: misconfigured network device led to Azure outage. http://www.datacenterdynamics.com/contenttracks/servers-storage/microsoft-misconfigured-network-deviceled-to-azure-outage/68312.fullarticle.

[66]

Emina Torlak and Rastislav Bodik. 2013. Growing solver-aided languages with rosette. In Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software. ACM, 135–152.

Digital Library

[67]

Yaron Velner, Kalev Alpernas, Aurojit Panda, Alexander Rabinovich, Mooly Sagiv, Scott Shenker, and Sharon Shoham. 2016. Some Complexity Results for Stateful Network Verification. In Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science), Marsha Chechik and Jean-François Raskin (Eds.), Vol. 9636.

[68]

Springer, 811–830.

[69]

Konstantin Weitz, Doug Woos, Emina Torlak, Michael D. Ernst, Arvind Krishnamurthy, and Zachary Tatlock. 2016.

Cited By

Li RYuan YYe FLiu MYang RYu YGuo TMa QZeng XXu CCai DZhai ESekar VYu MSeneviratne AVeitch D(2024)A General and Efficient Approach to Verifying Traffic Load Properties under Arbitrary k FailuresProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672246(228-243)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672246
Larisch JThijm TAhmad SWu PArnfeld TFayed MSekar VYu MSeneviratne AVeitch D(2024)Topaz: Declarative and Verifiable Authoritative DNS at CDN-ScaleProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672240(891-903)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672240
Wang DZhang PGember-Jacobson ASekar VYu MSeneviratne AVeitch D(2024)Expresso: Comprehensively Reasoning About External Routes Using Symbolic SimulationProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672220(197-212)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672220
Show More Cited By

Index Terms

NV: an intermediate language for verification of network control planes
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification
2. Theory of computation
  1. Logic
    1. Automated reasoning
    2. Verification by model checking

Recommendations

ProbNV: probabilistic verification of network control planes

ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet ...
A General Approach to Network Configuration Verification
SIGCOMM '17: Proceedings of the Conference of the ACM Special Interest Group on Data Communication

We present Minesweeper, a tool to verify that a network satisfies a wide range of intended properties such as reachability or isolation among nodes, waypointing, black holes, bounded path length, load-balancing, functional equivalence of two routers, ...
Incremental Network Configuration Verification
HotNets '20: Proceedings of the 19th ACM Workshop on Hot Topics in Networks

Network configurations are constantly changing, and each change poses a risk of catastrophic network outages. Consequently, the networking community has put significant effort into developing and optimizing configuration verifiers. However, we observe ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2020

1174 pages

ISBN:9781450376136

DOI:10.1145/3385412

General Chair:
Alastair F. Donaldson
Imperial College London, UK
,
Program Chair:
Emina Torlak
University of Washington, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Conference

PLDI '20

Sponsor:

SIGPLAN

PLDI '20: 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation

June 15 - 20, 2020

London, UK

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
293
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)5

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li RYuan YYe FLiu MYang RYu YGuo TMa QZeng XXu CCai DZhai ESekar VYu MSeneviratne AVeitch D(2024)A General and Efficient Approach to Verifying Traffic Load Properties under Arbitrary k FailuresProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672246(228-243)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672246
Larisch JThijm TAhmad SWu PArnfeld TFayed MSekar VYu MSeneviratne AVeitch D(2024)Topaz: Declarative and Verifiable Authoritative DNS at CDN-ScaleProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672240(891-903)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672240
Wang DZhang PGember-Jacobson ASekar VYu MSeneviratne AVeitch D(2024)Expresso: Comprehensively Reasoning About External Routes Using Symbolic SimulationProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672220(197-212)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672220
Thijm TBeckett RGupta AWalker D(2024)Kirigami, the Verifiable Art of Network CuttingIEEE/ACM Transactions on Networking10.1109/TNET.2024.336037132:3(2447-2462)Online publication date: Jun-2024
https://doi.org/10.1109/TNET.2024.3360371
Fang XDing FHuang BWang ZHan GYang RYou LXiang QKong LLiu YShu J(2024)Network Can Help Check Itself: Accelerating SMT-based Network Configuration Verification Using Network Domain KnowledgeIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621215(2119-2128)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621215
Jacob RVanbever L(2023)The Internet of Tomorrow Must Sleep More and Grow OldACM SIGEnergy Energy Informatics Review10.1145/3630614.36306203:3(27-32)Online publication date: 1-Oct-2023
https://dl.acm.org/doi/10.1145/3630614.3630620
Schneider TSchmid RVissicchio SVanbever LSchulzrinne HKohler EMaltz DMisra V(2023)Taming the transient while reconfiguring BGPProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604855(77-93)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604855
Alberdingk Thijm TBeckett RGupta AWalker D(2023)Modular Control Plane Verification via Temporal InvariantsProceedings of the ACM on Programming Languages10.1145/35912227:PLDI(50-75)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591222
Liu RLi FGao CJi CWang X(2023)NetDiceSyn: Multi-Property Probabilistic Verification of Network Configurations2023 IEEE/ACM 31st International Symposium on Quality of Service (IWQoS)10.1109/IWQoS57198.2023.10188763(1-10)Online publication date: 19-Jun-2023
https://doi.org/10.1109/IWQoS57198.2023.10188763
Zhang PWang DGember-Jacobson AKuipers FOrda A(2022)Symbolic router executionProceedings of the ACM SIGCOMM 2022 Conference10.1145/3544216.3544264(336-349)Online publication date: 22-Aug-2022
https://dl.acm.org/doi/10.1145/3544216.3544264
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents