TY - GEN
T1 - Debugging the data plane with Anteater
AU - Mai, Haohui
AU - Khurshid, Ahmed
AU - Agarwal, Rachit
AU - Caesar, Matthew
AU - Godfrey, P. Brighten
AU - King, Samuel T.
PY - 2011
Y1 - 2011
N2 - Diagnosing problems in networks is a time-consuming and error-prone process. Existing tools to assist operators primarily focus on analyzing control plane configuration. Configuration analysis is limited in that it cannot find bugs in router software, and is harder to generalize across protocols since it must model complex configuration languages and dynamic protocol behavior. This paper studies an alternate approach: diagnosing problems through static analysis of the data plane. This approach can catch bugs that are invisible at the level of configuration files, and simplifies unified analysis of a network across many protocols and implementations. We present Anteater, a tool for checking invariants in the data plane. Anteater translates high-level network invariants into instances of boolean satisfiability problems (SAT), checks them against network state using a SAT solver, and reports counterexamples if violations have been found. Applied to a large university network, Anteater revealed 23 bugs, including forwarding loops and stale ACL rules, with only five false positives. Nine of these faults are being fixed by campus network operators.
AB - Diagnosing problems in networks is a time-consuming and error-prone process. Existing tools to assist operators primarily focus on analyzing control plane configuration. Configuration analysis is limited in that it cannot find bugs in router software, and is harder to generalize across protocols since it must model complex configuration languages and dynamic protocol behavior. This paper studies an alternate approach: diagnosing problems through static analysis of the data plane. This approach can catch bugs that are invisible at the level of configuration files, and simplifies unified analysis of a network across many protocols and implementations. We present Anteater, a tool for checking invariants in the data plane. Anteater translates high-level network invariants into instances of boolean satisfiability problems (SAT), checks them against network state using a SAT solver, and reports counterexamples if violations have been found. Applied to a large university network, Anteater revealed 23 bugs, including forwarding loops and stale ACL rules, with only five false positives. Nine of these faults are being fixed by campus network operators.
KW - Boolean satisfiability
KW - Data plane analysis
KW - Network troubleshooting
UR - http://www.scopus.com/inward/record.url?scp=80053150074&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80053150074&partnerID=8YFLogxK
U2 - 10.1145/2018436.2018470
DO - 10.1145/2018436.2018470
M3 - Conference contribution
AN - SCOPUS:80053150074
SN - 9781450307970
T3 - Proceedings of the ACM SIGCOMM 2011 Conference, SIGCOMM'11
SP - 290
EP - 301
BT - Proceedings of the ACM SIGCOMM 2011 Conference, SIGCOMM'11
T2 - ACM SIGCOMM 2011 Conference, SIGCOMM'11
Y2 - 15 August 2011 through 19 August 2011
ER -