research-article

Open access

Abstract interpretation of distributed network control planes

Authors:

David WalkerAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 4, Issue POPL

Article No.: 42, Pages 1 - 27

https://doi.org/10.1145/3371110

Published: 20 December 2019 Publication History

Abstract

The control plane of most computer networks runs distributed routing protocols that determine if and how traffic is forwarded. Errors in the configuration of network control planes frequently knock down critical online services, leading to economic damage for service providers and significant hardship for users. Validation via ahead-of-time simulation can help find configuration errors but such techniques are expensive or even intractable for large industrial networks. We explore the use of abstract interpretation to address this fundamental scaling challenge and find that the right abstractions can reduce the asymptotic complexity of network simulation. Based on this observation, we build a tool called ShapeShifter for reachability analysis. On a suite of 127 production networks from a large cloud provider, ShapeShifter provides an asymptotic improvement in runtime and memory over the state-of-the-art simulator. These gains come with a minimal loss in precision. Our abstract analysis accurately predicts reachability for all destinations for 95% of the networks and for most destinations for the remaining 5%. We also find that abstract interpretation of network control planes not only speeds up existing analyses but also facilitates new kinds of analyses. We illustrate this advantage through a new destination "hijacking" analysis for the border gateway protocol (BGP), the globally-deployed routing protocol.

Supplementary Material

WEBM File (a42-beckett.webm)

Download
89.12 MB

References

[1]

Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. 2008. A Scalable, Commodity Data Center Network Architecture. In SIGCOMM.

[2]

Kalev Alpernas, Roman Manevich, Aurojit Panda, Mooly Sagiv, Scott Shenker, Sharon Shoham, and Yaron Velner. 2018. Abstract Interpretation of Stateful Networks. In Static Analysis Symposium.

[3]

Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic Foundations for Networks. In POPL.

[4]

Thomas Ball, Rupak Majumdar, Todd D. Millstein, and Sriram K. Rajamani. 2001. Automatic Predicate Abstraction of C Programs. In PLDI. 203–213.

[5]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2017. A General Approach to Network Configuration Verification. In SIGCOMM.

[6]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2018. Control Plane Compression. In SIGCOMM. 476–489.

[7]

Bruno Blanchet, Patrick Cousot, Radhia Cousot, Jérôme Feret, Laurent Mauborgne, Antoine Miné, David Monniaux, and Xavier Rival. 2003. A static analyzer for large safety-critical software. In PLDI. 196–207.

[8]

Randal E. Bryant. 1986. Graph-Based Algorithms for Boolean Function Manipulation. IEEE Trans. Computers 35, 8 (1986), 677–691.

Digital Library

[9]

Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2000. Counterexample-Guided Abstraction Refinement. In Computer Aided Verification, 12th International Conference, CAV, Proceedings. 154–169.

[10]

Clos Network 2019. Clos network. https://en .wikipedia.org/wiki/Clos n etwork .

[11]

Patrick Cousot and Radhia Cousot. 1976. Static determination of dynamic properties of programs. In Proceedings of the 2nd International Symposium on Programming, Paris, France. Dunod, 106–130.

[12]

Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Conference Record of the Fourth ACM Symposium on Principles of Programming Languages. 238–252.

Digital Library

[13]

Patrick Cousot and Nicolas Halbwachs. 1978. Automatic Discovery of Linear Restraints Among Variables of a Program. In POPL. 84–96.

[14]

Matthew L. Daggitt, Alexander J. T. Gurney, and Timothy G. Griffin. 2018a. Asynchronous Convergence of Policy-rich Distributed Bellman-ford Routing Protocols. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 103–116.

[15]

Matthew L. Daggitt, Alexander J. T. Gurney, and Timothy G. Griffin. 2018b. Asynchronous Convergence of Policy-rich Distributed Bellman-ford Routing Protocols. In SIGCOMM. 103–116.

[16]

Xenofontas A. Dimitropoulos and George F. Riley. 2006. Efficient Large-scale BGP Simulations. Comput. Netw. 50, 12 (August 2006), 2013–2027.

Digital Library

[17]

A. Fabrikant, U. Syed, and J. Rexford. 2011. There’s something about MRAI: Timing diversity can exponentially worsen BGP convergence. In INFOCOM. 2975–2983.

[18]

Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, and George Varghese. 2016. Efficient Network Reachability Analysis using a Succinct Control Plane Representation. In OSDI.

[19]

Nick Feamster. 2005. Proactive Techniques for Correct and Predictable Internet Routing. Ph.D. Dissertation. Massachusetts Institute of Technology.

[20]

Gilberto Filé and Francesco Ranzato. 1999. The powerset operator on abstract interpretations. Theoretical Computer Science 222, 1 (1999), 77 – 111.

Digital Library

[21]

Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. A General Approach to Network Configuration Analysis. In NSDI.

[22]

Nate Foster, Dexter Kozen, Konstantinos Mamouras, Mark Reitblatt, and Alexandra Silva. 2016. Probabilistic NetKAT. In Proceedings of the 25th European Symposium on Programming Languages and Systems - Volume 9632. 282–309.

[23]

Lixin Gao and Jennifer Rexford. 2000. Stable Internet Routing Without Global Coordination. In SIGMETRICS.

[24]

Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In SIGCOMM.

[25]

Nick Giannarakis, Ryan Beckett, Ratul Mahajan, and David Walker. 2019. Efficient Verification of Network Fault Tolerance via Counterexample-Guided Refinement. 305–323.

[26]

Timothy G. Griffin, F. Bruce Shepherd, and Gordon Wilfong. 2002. The Stable Paths Problem and Interdomain Routing. IEEE/ACM Trans. Networking 10, 2 (2002).

Digital Library

[27]

Timothy G. Griffin and Joäo Luís Sobrinho. 2005. Metarouting. In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 1–12.

[28]

Peyman Kazemian, Michael Chang, Hongyi Zeng, George Varghese, Nick McKeown, and Scott Whyte. 2013. Real Time Network Policy Checking Using Header Space Analysis. In NSDI. 99–112.

[29]

Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In NSDI.

[30]

Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. 2013. VeriFlow: Verifying NetworkWide Invariants in Real Time. In NSDI.

[31]

Matthew L. Daggitt and Timothy Griffin. 2018. Rate of Convergence of Increasing Path-Vector Routing Protocols. In ICNP. 335–345.

[32]

P. Lapukhov, A. Premji, and J. Mitchell. 2015. Use of BGP for routing in large-scale data centers. Internet draft.

[33]

Olle Liljenzin. 2013. Confluently Persistent Sets and Maps. CoRR abs/1301.3388 (2013).

[34]

Nuno Lopes, Nikolaj Bjorner, Patrice Godefroid, Karthick Jayaraman, and George Varghese. 2015. Checking Beliefs in Dynamic Networks. In NSDI.

[35]

Nuno P. Lopes and Andrey Rybalchenko. 2019. Fast BGP Simulation of Large Datacenters. In Proc. of the 20th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI).

[36]

Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. 2011. Debugging the Data Plane with Anteater. In SIGCOMM.

[37]

Antoine Miné. 2001. The Octagon Abstract Domain. In Proceedings of the Eighth Working Conference on Reverse Engineering, (WCRE). 310–319.

[38]

Raphaël Monat and Antoine Miné. 2017. Precise Thread-Modular Abstract Interpretation of Concurrent Programs Using Relational Interference Abstractions. In Verification, Model Checking, and Abstract Interpretation, Ahmed Bouajjani and David Monniaux (Eds.). Springer International Publishing, 386–404.

[39]

Sanjay Narain, Dana Chee, Brian Coan, Ben Falchuk, Samuel Gordon, Jaewon Kang, Jonathan Kirsch, Aditya Naidu, Kaustubh Sinkar, and Simon Tsang. 2016. A Science of Network Configuration. Journal of Cyber Security and Information Systems 1, 4 (2016).

[40]

Gordon D. Plotkin, Nikolaj Bjørner, Nuno P. Lopes, Andrey Rybalchenko, and George Varghese. 2016. Scaling Network Verification Using Symmetry and Surgery. In POPL.

[41]

Santhosh Prabhu, Ali Kheradmand, Brighten Godfrey, and Matthew Caesar. 2017. Predicting Network Futures with Plankton. In Proceedings of the First Asia-Pacific Workshop on Networking (APNet’17). 92–98.

Digital Library

[42]

Redistributing Routing Protocols 2012. Redistributing Routing Protocols. https://www .cisco.com/c/en/us/support/docs/ip/ enhanced- interior- gateway- routing- protocol- eigrp/8606- redist .html .

[43]

D Roberts. 2018. It’s been a week and customers are still mad at BB&T. https://www .charlotteobserver.com/news/business/ banking/article202616124 .html .

[44]

Simon Sharwood. 2016. Google cloud wobbles as workers patch wrong routers. http://www .theregister.co.uk/2016/03/01/ google c loud w obbles a s w orkers p atc w rong r outers/ .

[45]

João Luís Sobrinho. 2005. An Algebraic Theory of Dynamic Network Routing. IEEE/ACM Trans. Netw. 13, 5 (October 2005), 1160–1173.

Digital Library

[46]

Yevgenly Sverdlik. 2012. Microsoft: misconfigured network device led to Azure outage. http:// www .datacenterdynamics.com/content-tracks/servers-storage/microsoft-misconfigured-network-device-ledto- azure- outage/68312 .fullarticle .

[47]

Y Sverdlik. 2017. United Says IT Outage Resolved, Dozen Flights Canceled Monday. https://www .datacenterknowledge.com/ archives/2017/01/23/united- says- it- outage- resolved- dozen- flights- canceled- monday .

[48]

Dylan Tweney. 2013. 5-minute outage costs Google $545,000 in revenue. https://venturebeat .com/2013/08/16/3-minuteoutage- costs- google- 545000- in- revenue/ .

[49]

Kannan Varadhan, Ramesh Govindan, and Deborah Estrin. 1996. Persistent route oscillations in inter-domain routing. Technical Report. Computer Networks.

[50]

Anduo Wang, Limin Jia, Wenchao Zhou, Yiqing Ren, Boon Thau Loo, Jennifer Rexford, Vivek Nigam, Andre Scedrov, and Carolyn L. Talcott. 2012. FSR: Formal Analysis and Implementation Toolkit for Safe Inter-domain Routing. IEEE/ACM Trans. Networking 20, 6 (2012).

Digital Library

[51]

Konstantin Weitz, Doug Woos, Emina Torlak, Michael D. Ernst, Arvind Krishnamurthy, and Zachary Tatlock. 2016. Formal Semantics and Automated Verification for the Border Gateway Protocol. In NetPL.

Cited By

Moeller MJacobs JBelanger ODarais DSchlesinger CSmolka SFoster NSilva A(2024)KATch: A Fast Symbolic Verifier for NetKATProceedings of the ACM on Programming Languages10.1145/36564548:PLDI(1905-1928)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656454
Kakarla SYan FBeckett R(2024)Diffy: Data-Driven Bug Finding for ConfigurationsProceedings of the ACM on Programming Languages10.1145/36563858:PLDI(199-222)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656385
Wang CScazzariello MFarshin AFerlin SKostić DChiesa M(2024)NetConfEval: Can LLMs Facilitate Network Configuration?Proceedings of the ACM on Networking10.1145/36562962:CoNEXT2(1-25)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3656296
Show More Cited By

Index Terms

Abstract interpretation of distributed network control planes
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Automated static analysis
        Software verification
    2. Software system structures
      1. Abstraction, modeling and modularity

Recommendations

ProbNV: probabilistic verification of network control planes

ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet ...
Programming Distributed Control Planes: Invited Demo: Demo
SOSR '17: Proceedings of the Symposium on SDN Research

We describe Propane, a system that consists of a language for specifying the end-to-end routing policy for a network and a compiler for implementing the policy by generating a collection of device configurations for the BGP routing protocol that run on ...
NV: an intermediate language for verification of network control planes
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

Network misconfiguration has caused a raft of high-profile outages over the past decade, spurring researchers to develop a variety of network analysis and verification tools. Unfortunately, developing and maintaining such tools is an enormous challenge ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 4, Issue POPL

January 2020

1984 pages

EISSN:2475-1421

DOI:10.1145/3377388

Issue’s Table of Contents

Copyright © 2019 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 December 2019

Published in PACMPL Volume 4, Issue POPL

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
1,578
Total Downloads

Downloads (Last 12 months)241
Downloads (Last 6 weeks)37

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Moeller MJacobs JBelanger ODarais DSchlesinger CSmolka SFoster NSilva A(2024)KATch: A Fast Symbolic Verifier for NetKATProceedings of the ACM on Programming Languages10.1145/36564548:PLDI(1905-1928)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656454
Kakarla SYan FBeckett R(2024)Diffy: Data-Driven Bug Finding for ConfigurationsProceedings of the ACM on Programming Languages10.1145/36563858:PLDI(199-222)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656385
Wang CScazzariello MFarshin AFerlin SKostić DChiesa M(2024)NetConfEval: Can LLMs Facilitate Network Configuration?Proceedings of the ACM on Networking10.1145/36562962:CoNEXT2(1-25)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3656296
Li FLi MPu YZhang YWang XCao J(2024)XNV: Explainable Network VerificationIEEE/ACM Transactions on Networking10.1109/TNET.2024.345612432:6(5097-5111)Online publication date: Dec-2024
https://doi.org/10.1109/TNET.2024.3456124
Thijm TBeckett RGupta AWalker D(2024)Kirigami, the Verifiable Art of Network CuttingIEEE/ACM Transactions on Networking10.1109/TNET.2024.336037132:3(2447-2462)Online publication date: Jun-2024
https://doi.org/10.1109/TNET.2024.3360371
Prekas STrakadas PKarkazis P(2024)Path Enumeration Solution for Evaluating Reliability, Based on the Path Algebra FrameworkJournal of Network and Systems Management10.1007/s10922-024-09854-432:4Online publication date: 10-Aug-2024
https://dl.acm.org/doi/10.1007/s10922-024-09854-4
Cai JYang GLiu JXie Y(2023)FastCAT: A framework for fast routing table calculation incorporating multiple protocolsMathematical Biosciences and Engineering10.3934/mbe.202373720:9(16528-16550)Online publication date: 2023
https://doi.org/10.3934/mbe.2023737
Krichen M(2023)Formal Methods and Validation Techniques for Ensuring Automotive Systems SecurityInformation10.3390/info1412066614:12(666)Online publication date: 18-Dec-2023
https://doi.org/10.3390/info14120666
Tang ABeckett RBenaloh SJayaraman KPatil TMillstein TVarghese GSchulzrinne HKohler EMaltz DMisra V(2023)Lightyear: Using Modularity to Scale BGP Control Plane VerificationProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604842(94-107)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604842
Alberdingk Thijm TBeckett RGupta AWalker D(2023)Modular Control Plane Verification via Temporal InvariantsProceedings of the ACM on Programming Languages10.1145/35912227:PLDI(50-75)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591222
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents