A network-wide verification system may be adapted with a data plane verification layer positioned between a set of multiple network devices and a controller in network communication with the devices, where the controller is configured to transmit packet-forwarding rules to the devices. The data plane verification layer monitors network rule modifications, such as monitoring modifications initiated by the network devices and/or by the controller, and verifies the validity of invariants of the monitored network according to multiple stored network invariants. The verification may be executed on parts of the network taking actions that are capable of being influenced by a new rule modification. The network invariants include conditions expected to be upheld in valid network operation as related to packet routing and the packet-forwarding rules.
Original languageEnglish (US)
U.S. patent number9225601
StatePublished - Dec 29 2015

