Article

Header space analysis: static checking for networks

Authors:

Peyman Kazemian,

George Varghese,

Nick McKeownAuthors Info & Claims

NSDI'12: Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation

Page 9

Published: 25 April 2012 Publication History

Abstract

Today's networks typically carry or deploy dozens of protocols and mechanisms simultaneously such as MPLS, NAT, ACLs and route redistribution. Even when individual protocols function correctly, failures can arise from the complex interactions of their aggregate, requiring network administrators to be masters of detail. Our goal is to automatically find an important class of failures, regardless of the protocols running, for both operational and experimental networks.

To this end we developed a general and protocol-agnostic framework, called Header Space Analysis (HSA). Our formalism allows us to statically check network specifications and configurations to identify an important class of failures such as Reachability Failures, Forwarding Loops and Traffic Isolation and Leakage problems. In HSA, protocol header fields are not first class entities; instead we look at the entire packet header as a concatenation of bits without any associated meaning. Each packet is a point in the {0,1}^L space where L is the maximum length of a packet header, and networking boxes transform packets from one point in the space to another point or set of points (multicast).

We created a library of tools, called Hassel, to implement our framework, and used it to analyze a variety of networks and protocols. Hassel was used to analyze the Stanford University backbone network, and found all the forwarding loops in less than 10 minutes, and verified reachability constraints between two subnets in 13 seconds. It also found a large and complex loop in an experimental loose source routing protocol in 4 minutes.

References

[1]

P. Kazemian, G. Varghese, N. McKeown, Header Space Analysis, Technical Report, http://stanford.edu/~kazemian/hsa.pdf

[2]

Header Space Library (Hassel) http:/stanford.edu/~kazemian/ hassel.tar.gz

[3]

T. V. Lakshman and D. Stiliadis, High-Speed Policy-based Packet Forwarding Using Efficient Multi-dimensional Range Matching, In SIGCOMM. 1998.

Digital Library

[4]

G. Xie, J. Zhan, D. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford, On Static Reachability Analysis of IP Networks, In INFOCOM. 2005.

[5]

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, OpenFlow: Enabling Innovation in Campus Networks, In ACM SIGCOMM Computer Communication Review, Volume 38, Number 2, 2008.

Digital Library

[6]

R. Sherwood, G. Gibb, K.K Yap, G. Appenzeller, M. Casado, N. McKeown, G. Parulkar, Can the Production Network Be the Test-bed?, In OSDI. 2010.

Digital Library

[7]

R. Draves, C. King, S. Venkatachary, B. Zill, Constructing optimal IP routing tables, In INFOCOM. 1999.

[8]

T. Roscoe, S. Hand, R. Isaacs, R. Mortier, P. Jardetzky Predicate Routing: Enabling Controlled Networking In HotNets. 2002.

[9]

Y. Bartal, A. J. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit, In IEEE Symposium on Security and Privacy. 1999.

[10]

A. Mayer, A. Wool, and E. Ziskind, Fang: A firewall analysis engine, In IEEE Symposium on Security and Privacy. 2000.

Digital Library

[11]

L. Yuan, J. Mai, Z. Su, H. Chen, C-N. Chuah, and P. Mohapatra, FIREMAN: A Toolkit for Firewall Modeling and Analysis, In IEEE Symposium on Security and Privacy. 2006.

Digital Library

[12]

F. Le, G. Xie, D. Pei, J. Wang, and H. Zhang, Shedding Light on the Glue Logic of the Internet Routing Architecture, In SIGCOMM. 2008.

Digital Library

[13]

F. Le, G. Xie, and H. Zhang, Understanding Route Redistribution, In IEEE ICNP. 2007.

[14]

M. Karsten, S. Keshav, S. Prasad, M. Beg An Axiomatic Basis for Communication In SIGCOMM. 2007.

Digital Library

[15]

N. Feamster, H. Balakrishnan, Detecting BGP configuration faults with static analysis, In NSDI. 2005.

Digital Library

[16]

H. Mai, A. Khurshid, R. Agarwal, M. Caesar, P. B. Godfrey, S. T. King, Debugging the data plane with anteater In SIGCOMM. 2011.

Digital Library

[17]

E. M. Clarke, O. Grumberg, D. A. Peled, Model Checking, MIT Press, 1999.

Digital Library

[18]

S. Brown, Z. Vranesic, Fundamentals of Digital Logic with Verilog Design, McGraw-Hill, 2003.

Digital Library

[19]

Global Environment for Network Innovations (GENI), http://www.geni.org

[20]

The Health Insurance Portability and Accountability Act (HIPAA), http://www.hhs.gov/ocr/privacy/

Cited By

Miano SSanaee ARisso FRétvári GAntichi G(2024)Morpheus: A Run Time Compiler and Optimizer for Software Data PlanesIEEE/ACM Transactions on Networking10.1109/TNET.2023.334628632:3(2269-2284)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1109/TNET.2023.3346286
Kim JUjcich BTian DCalandrino JTroncoso C(2023)INTENDERProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620487(4463-4480)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620487
Denis MYao YHatch AZhang QLim CZhang SSugrue KKwok HFernandez MLapukhov PHebbani SNagarajan GBaldonado OGao LZhang YSchulzrinne HKohler EMaltz DMisra V(2023)EBB: Reliable and Evolvable Express Backbone Network in MetaProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604860(346-359)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604860
Show More Cited By

Header space analysis: static checking for networks
1. Networks
  1. Network services

Recommendations

RFC3544: IP Header Compression over PPP
Low‐loss TCP/IP header compression for wireless networks
Abstract
Wireless is becoming a popular way to connect mobile computers to the Internet and other networks. The bandwidth of wireless links will probably always be limited due to properties of the physical medium and regulatory limits on the use of ...
RFC2507: IP Header Compression

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

NSDI'12: Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation

April 2012

30 pages

Program Chairs:
Steven Gribble
University of Washington
,
Dina Katabi
Massachusetts Institute of Technology

Sponsors

VMware
NSF: National Science Foundation
Google Inc.
Infosys
Microsoft Reasearch: Microsoft Reasearch

Publisher

USENIX Association

United States

Publication History

Published: 25 April 2012

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

228
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Miano SSanaee ARisso FRétvári GAntichi G(2024)Morpheus: A Run Time Compiler and Optimizer for Software Data PlanesIEEE/ACM Transactions on Networking10.1109/TNET.2023.334628632:3(2269-2284)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1109/TNET.2023.3346286
Kim JUjcich BTian DCalandrino JTroncoso C(2023)INTENDERProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620487(4463-4480)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620487
Denis MYao YHatch AZhang QLim CZhang SSugrue KKwok HFernandez MLapukhov PHebbani SNagarajan GBaldonado OGao LZhang YSchulzrinne HKohler EMaltz DMisra V(2023)EBB: Reliable and Evolvable Express Backbone Network in MetaProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604860(346-359)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604860
Xiang QHuang CWen RWang YFan XLiu ZKong LDuan DLe FSun WSchulzrinne HKohler EMaltz DMisra V(2023)Beyond a Centralized Verifier: Scaling Data Plane Checking via Distributed, On-Device VerificationProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604843(152-166)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604843
Tang ABeckett RBenaloh SJayaraman KPatil TMillstein TVarghese GSchulzrinne HKohler EMaltz DMisra V(2023)Lightyear: Using Modularity to Scale BGP Control Plane VerificationProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604842(94-107)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604842
Ruffy FLiu JKotikalapudi PHavel VTavante HSherwood RDubina VPeschanenko VSivaraman AFoster NSchulzrinne HKohler EMaltz DMisra V(2023)P4Testgen: An Extensible Test Oracle For P4-16Proceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604834(136-151)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604834
Ge CGe ZLiu XMahimkar AShaqalle YXiang YPathak SCosta XHassanieh HAsadi ACox LPerino DWidmer JGiustiniano D(2023)Chroma: Learning and Using Network Contexts to Reinforce Performance Improving ConfigurationsProceedings of the 29th Annual International Conference on Mobile Computing and Networking10.1145/3570361.3613256(1-16)Online publication date: 2-Oct-2023
https://dl.acm.org/doi/10.1145/3570361.3613256
Xiang QWen RHuang CWang YLe F(2022)Network can check itselfProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564095(85-92)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3563766.3564095
Albab KDiLorenzo JHeule SKheradmand ASmolka SWeitz KTimarzi MGao JYu MKuipers FOrda A(2022)SwitchVProceedings of the ACM SIGCOMM 2022 Conference10.1145/3544216.3544220(365-379)Online publication date: 22-Aug-2022
https://dl.acm.org/doi/10.1145/3544216.3544220
Mahimkar AGe ZLiu XShaqalle YXiang YYates JPathak SReichel RBarakat CPelsser CBenson TChoffnes D(2022)AuroraProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561455(83-97)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561455
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents