TY - GEN
T1 - VeriFlow
T2 - 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013
AU - Khurshid, Ahmed
AU - Zou, Xuan
AU - Zhou, Wenxuan
AU - Caesar, Matthew
AU - Brighten Godfrey, P.
N1 - Publisher Copyright:
© Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013. All rights reserved.
PY - 2013
Y1 - 2013
N2 - Networks are complex and prone to bugs. Existing tools that check network configuration files and the data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time, as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a design, VeriFlow, which achieves this goal. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted, modified or deleted. VeriFlow supports analysis over multiple header fields, and an API for checking custom invariants. Based on a prototype implementation integrated with the NOX OpenFlow controller, and driven by a Mininet OpenFlow network and Route Views trace data, we find that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion or deletion.
AB - Networks are complex and prone to bugs. Existing tools that check network configuration files and the data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time, as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a design, VeriFlow, which achieves this goal. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted, modified or deleted. VeriFlow supports analysis over multiple header fields, and an API for checking custom invariants. Based on a prototype implementation integrated with the NOX OpenFlow controller, and driven by a Mininet OpenFlow network and Route Views trace data, we find that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion or deletion.
UR - http://www.scopus.com/inward/record.url?scp=85076705859&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076705859&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85076705859
T3 - Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013
SP - 15
EP - 27
BT - Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013
PB - USENIX Association
Y2 - 2 April 2013 through 5 April 2013
ER -