Abstract
Internet Service Providers (ISPs) use the Border Gateway Protocol (BGP) to announce and exchange routes for de- livering packets through the internet. ISPs must carefully configure their BGP routers to ensure traffic is routed reli- ably and securely. Correctly configuring BGP routers has proven challenging in practice, and misconfiguration has led to worldwide outages and traffic hijacks. This paper presents Bagpipe, a system that enables ISPs to declaratively express BGP policies and that automatically verifies that router configurations implement such policies. The novel initial network reduction soundly reduces policy verification to a search for counterexamples in a finite space. An SMT-based symbolic execution engine performs this search efficiently. Bagpipe reduces the size of its search space using predicate abstraction and parallelizes its search using symbolic variable hoisting. Bagpipe's policy specification language is expressive: we expressed policies inferred from real AS configurations, policies from the literature, and policies for 10 Juniper TechLibrary configuration scenarios. Bagpipe is efficient: we ran it on three ASes with a total of over 240,000 lines of Cisco and Juniper BGP configuration. Bagpipe is effective: it revealed 19 policy violations without issuing any false positives.
- C. J. Anderson et al. “NetKAT: Semantic Foundations for Networks”. In: POPL. 2014. Google Scholar
Digital Library
- T. Ball et al. “VeriCon: Towards Verifying Controller Programs in Software-defined Networks”. In: PLDI. 2014. Google Scholar
Digital Library
- BelWü. https://www.belwue.de/.Google Scholar
- BGP Feature Guide for the OCX Series. 2015.Google Scholar
- M. Brown. Pakistan hijacks YouTube. http://research. dyn.com/2008/02/pakistan-hijacks-youtube-1/. 2008.Google Scholar
- C. Cadar, D. Dunbar, and D. Engler. “KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs”. In: OSDI. 2008. Google Scholar
Digital Library
- E. Clarke, D. Kroening, and F. Lerda. “A Tool for Checking ANSI-C Programs”. In: TACAS. 2004.Google Scholar
Cross Ref
- J. Cowie. China’s 18-Minute Mystery. http://research. dyn.com/2010/11/chinas-18-minute-mystery/. 2010.Google Scholar
- M. Dobrescu and K. Argyraki. “Software Dataplane Verification”. In: NSDI. 2014. Google Scholar
Digital Library
- J. Dolby, M. Vaziri, and F. Tip. “Finding bugs efficiently with a SAT solver”. In: FSE. 2007. Google Scholar
Digital Library
- N. Feamster and H. Balakrishnan. “Detecting BGP Configuration Faults with Static Analysis”. In: NSDI. 2005. Google Scholar
Digital Library
- A. Fogel et al. “A General Approach to Network Configuration Analysis”. In: NSDI. 2015. Google Scholar
Digital Library
- N. Foster et al. “Frenetic: A Network Programming Language”. In: ICFP. 2011. Google Scholar
Digital Library
- L. Gao and J. Rexford. “Stable Internet Routing Without Global Coordination”. In: SIGMETRICS. 2000. Google Scholar
Digital Library
- S. Goldberg. “Why Is It Taking So Long to Secure Internet Routing?” In: Queue (2014). Google Scholar
Digital Library
- S. Graf and H. Saïdi. “Construction of Abstract State Graphs with PVS”. In: CAV. 1997. Google Scholar
Digital Library
- A. Guha, M. Reitblatt, and N. Foster. “Machine-verified Network Controllers”. In: PLDI. 2013. Google Scholar
Digital Library
- International Telecommunication Union Statistics. 2014.Google Scholar
- Internet2 Configurations. http://vn.grnoc.iu.edu/Internet2/ configs/configs.html.Google Scholar
- Internet2 Fees. http : / / www. internet2. edu / about - us / membership/.Google Scholar
- M. Jose and R. Majumdar. “Bug-Assist: assisting fault localization in ANSI-C programs”. In: CAV. 2011. Google Scholar
Digital Library
- Junos OS: Routing Policies, Firewall Filters, and Traffic Policers Feature Guide for Routing Devices. 2016.Google Scholar
- P. Kazemian, G. Varghese, and N. McKeown. “Header Space Analysis: Static Checking for Networks”. In: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation. 2012. Google Scholar
Digital Library
- A. S. Koksal et al. “Synthesis of Biological Models from Mutation Experiments”. In: POPL. 2013. Google Scholar
Digital Library
- K. R. M. Leino. “Dafny: An Automatic Program Verifier for Functional Correctness”. In: LPAR. 2010. Google Scholar
Digital Library
- K. R. M. Leino. This is Boogie 2. Tech. rep. 2008.Google Scholar
- D. Madory. Chinese Routing Errors Redirect Russian Traffic. http://research.dyn.com/2014/11/chinese-routingerrors-redirect-russian-traffic/. 2014.Google Scholar
- D. McConnell. Chinese company ‘hijacked’ U.S. web traffic. http : / / www. cnn. com / 2010 / US / 11 / 17 / websites. chinese.servers/. 2010.Google Scholar
- D. Meyer, J. Schmitz, and C. Alaettinoglu. Application of Routing Policy Specification Language (RPSL) on the Internet. 1997.Google Scholar
- C. Monsanto et al. “A Compiler and Run-time System for Network Programming Languages”. In: POPL. 2012. Google Scholar
Digital Library
- B. Quoitin and S. Uhlig. “Modeling the Routing of an Autonomous System with C-BGP”. In: IEEE Network (2005). Google Scholar
Digital Library
- Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4). RFC 4271. 2006.Google Scholar
Cross Ref
- L. Schaefer. Deutsche Telekom: ’Internet data made in Germany should stay in Germany’. http://www.dw. com/en/deutsche-telekom-internet-data-made-in-germanyshould-stay-in-germany/a-17165891. 2013.Google Scholar
- Selfnet. https://selfnet.de/.Google Scholar
- D. Slane. 2010 Report to Congress of the U.S.–China Economic and Security Review Commission. 2010.Google Scholar
- A. Solar-Lezama et al. “Combinatorial Sketching for Finite Programs”. In: ASPLOS. 2006. Google Scholar
Digital Library
- P. Suter, A. S. Köksal, and V. Kuncak. “Satisfiability modulo recursive programs”. In: SAS. 2011. Google Scholar
Digital Library
- E. Torlak and R. Bodik. “A Lightweight Symbolic Virtual Machine for Solver-aided Host Languages”. In: PLDI. 2014. Google Scholar
Digital Library
- E. Torlak and R. Bodik. “Growing Solver-aided Languages with Rosette”. In: Onward! 2013. Google Scholar
Digital Library
- D. Turner et al. “California Fault Lines: Understanding the Causes and Impact of Network Failures”. In: SIGCOMM. 2010. Google Scholar
Digital Library
- K. Weitz et al. Bagpipe: Verified BGP Configuration Checking. Tech. rep. 2016.Google Scholar
Index Terms
Scalable verification of border gateway protocol configurations with an SMT solver
Recommendations
Scalable verification of border gateway protocol configurations with an SMT solver
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsInternet Service Providers (ISPs) use the Border Gateway Protocol (BGP) to announce and exchange routes for de- livering packets through the internet. ISPs must carefully configure their BGP routers to ensure traffic is routed reli- ably and securely. ...
Cartesian Core Routing and Cartesian Border Gateway Design
CNSR '06: Proceedings of the 4th Annual Communication Networks and Services Research ConferenceCartesian routing is an alternative to existing routing techniques. Its basic principle is that the network is topologically dependent instead of routing table dependent. Cartesian routing does not use routing tables, so the routing table searching time ...
Network configuration synthesis with abstract topologies
PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe develop Propane/AT, a system to synthesize provably-correct BGP (border gateway protocol) configurations for large, evolving networks from high-level specifications of topology, routing policy, and fault-tolerance requirements. Propane/AT is based ...







Comments