veriflow : verifying network-wide invariants in real time
DESCRIPTION
VeriFlow : Verifying Network-Wide Invariants in Real Time. Ahmed Khurshid , Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey University of Illinois Presented by Ofri Ziv November 2013. Outline. Motivation Design Evaluation Example Conclusion. Motivation. Networks are complex - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/1.jpg)
VeriFlow: Verifying Network-Wide
Invariants in Real Time
Ahmed Khurshid, Wenxuan Zhou, Matthew Caesar, P. Brighten GodfreyUniversity of Illinois
Presented by Ofri ZivNovember 2013
![Page 2: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/2.jpg)
Outline• Motivation
• Design
• Evaluation
• Example
• Conclusion
![Page 3: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/3.jpg)
Motivation• Networks are complex• Ensure network’s correctness and security
• SDN increases software complexity• Multiple applications program the physical network simultaneously
• Check network-wide invariants as network evolves
• Prevent bugs as they arise
![Page 4: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/4.jpg)
Bugs Effect• Allow unauthorized packets to enter a secured zone in a network
• Make services and the infrastructure prone to attacks
• Make critical services unavailable
• Affect network performance
![Page 5: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/5.jpg)
Configuration Control-plane Data-plane state
Network behavior
Configuration Verification (Offline)
• Problems:• Prediction is difficult
• Various configuration languages• Dynamic distributed protocols
• Miss control-plane implementation bugs
Input Predict
![Page 6: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/6.jpg)
VeriFlow approach: Data-plane Verification
• Advantages:• Less prediction• Closer to actual network behavior• Unified analysis for multiple control-plane protocols• Catch control-plane implementation bugs
Configuration Control-plane Data-plane state
Network behavior
Input Predict
![Page 7: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/7.jpg)
Challenges• Obtaining real time view of the network• Interpose between controller and network elements• Utilize the centralized data-plane view available in an SDN (Software-Defined
Network)
• Verification speed Monitor all flows
![Page 8: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/8.jpg)
The Tool: VeriFlow• Checks network-wide invariants in real time using data-plane state• Absence of routing loops, black holes, access control violations, etc.
• Functions by• Monitoring dynamic changes in the network• Constructing a model of the network behavior• Using custom algorithms to automatically derive whether the network
contains errors
![Page 9: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/9.jpg)
Controller
New Flow
VeriFlow
VeriFlow Overview
Generate Equivalence
Classes
Generate Forwarding
GraphsRun Queries
Report:- network invariant
violation- Affected set of packets
“Good Rule”
“Bad Rule”
![Page 10: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/10.jpg)
Limit the search space
• Equivalence class: Packets experiencing the same forwarding actions throughout the network
• Fw Rules:
• Eq. classes: 1 2 3 4
Generate Equivalence Classes
Generate Forwarding
Graphs
Run Queries
0.0.0.0/1 64.0.0.0/3
![Page 11: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/11.jpg)
A
Computing Equivalence ClassesA = (Match =0.1, Action, device)B = (Match =0.*, Action, device)
Eq. Classes – {0.0}, {0.1}
01 *
B
0 001 1 1
* * *
![Page 12: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/12.jpg)
Represent Forwarding Rules
• Forwarding graphs:• Nodes representing network devices• Edges representing forwarding rules
• All the information to answer queries
Generate Equivalence Classes
Generate Forwarding
Graphs
Run Queries
Eq. Class 1
Eq. Class 2
![Page 13: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/13.jpg)
Check Invariants
• Queries:• Black holes• Routing loops• VLANs Isolation• Access control policies
Generate Equivalence Classes
Generate Forwarding
Graphs
Run Queries
• Response:• Good Rules Send flow to network
element• Bad Rules Report: invariant violated,
affected set of packets
![Page 14: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/14.jpg)
Evaluation #1 – Microbenchmarking VeriFlow run time• Goal: Observe VeriFlow’s different phases contribution to the overall
run time
• Simulated an IP network• 172 routers
• Replayed BGP traces• 5 million RIB entries• 90K BGP updates
![Page 15: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/15.jpg)
Evaluation #2 – Effect on TCP connection setup latency• Experiment #2 – Impact of VeriFlow on TCP connection setup latency
• Mininet OpenFlow network• 10 switches arranged in chain-like topology • A host connected to every switch
• NOX controller running “learning switch” app
• TCP connections between random pairs of hosts
![Page 16: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/16.jpg)
Future Work• Handling packet transformations
• Deciding when to check (transactions)
• Handling queries other than reachability
• Dealing with multiple controllers
![Page 17: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/17.jpg)
Demo applicationhosts = {<ip: (device, port)>}switches = {(sw1, sw2): port}
def packet_in(pkt, in_port, device):if (GARP == pkt.proto):if (hosts.has_key(pkt.src_ip)):(d,i) = hosts[pkt.src_ip]delete_flow(match=pkt.src_ip, d)hosts[pkt.src_ip] = (device, in_port)install_flow(match=pkt.src_ip, out=in_port, device)
else if (hosts.has_key(pkt.dst_ip)):(d,i) = hosts[pkt.dst_ip]install_flow(match=pkt.dst_ip, out=switches[(device,d)], device)send_packet(pkt, switches[(device,d)], device)
![Page 18: VeriFlow : Verifying Network-Wide Invariants in Real Time](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815ff8550346895dcef70c/html5/thumbnails/18.jpg)
Conclusion• VeriFlow achieves real-time verification:• A layer between SDN controller & network elements• Find faulty flows issued by SDN applications• Verify network-wide invariants as each flow is inserted
• Can prevent a flow from reaching the network