skip to main content
research-article
Open Access
Artifacts Evaluated & Functional / v1.1

ProbNV: probabilistic verification of network control planes

Published:19 August 2021Publication History
Skip Abstract Section

Abstract

ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet scalable enough to handle challenging properties, such as probabilistic all-failures analysis of medium-sized networks with 100-200 devices. When there are a small, bounded number of failures, networks with up to 500 devices may be verified in seconds. ProbNV operates by translating raw CISCO configurations into a probabilistic and functional programming language designed for network verification. This language comes equipped with a novel type system that characterizes the sort of representation to be used for each data structure: concrete for the usual representation of values; symbolic for a BDD-based representation of sets of values; and multi-value for an MTBDD-based representation of values that depend upon symbolics. Careful use of these varying representations speeds execution of symbolic simulation of network models. The MTBDD-based representations are also used to calculate probabilistic properties of network models once symbolic simulation is complete. We implement the language and evaluate its performance on benchmarks constructed from real network topologies and synthesized routing policies.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

Video presentation for ICFP 2021 paper "ProbNV: Probabilistic Verification of Network Control Planes".

3473595.mp4

Presentation Videos

References

  1. Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. 1999. A Core Calculus of Dependency. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’99). Association for Computing Machinery, New York, NY, USA. 147–160. isbn:1581130953 https://doi.org/10.1145/292540.292555 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Anubhavnidhi Abhashkumar, Aaron Gember-Jacobson, and Aditya Akella. 2020. Tiramisu: Fast multilayer network verification. In 17th $USENIX$ Symposium on Networked Systems Design and Implementation ($NSDI$ 20). 201–219.Google ScholarGoogle Scholar
  3. Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. 2008. A Scalable, Commodity Data Center Network Architecture. In Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication (SIGCOMM ’08). Association for Computing Machinery, New York, NY, USA. 63–74. isbn:9781605581750 https://doi.org/10.1145/1402958.1402967 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic Foundations for Networks. SIGPLAN Not., 49, 1 (2014), January, 113–126. issn:0362-1340 https://doi.org/10.1145/2578855.2535862 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Iris Bahar, Erica A. Frohm, Charles M. Gaona, Gary D. Hachtel, Enrico Macii, Abelardo Pardo, and Fabio Somenzi. 1993. Algebraic Decision Diagrams and Their Applications. In Proceedings of the 1993 IEEE/ACM International Conference on Computer-Aided Design (ICCAD ’93). IEEE Computer Society Press, Washington, DC, USA. 188–191. isbn:0818644907Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2017. A General Approach to Network Configuration Verification. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication (SIGCOMM ’17). Association for Computing Machinery, New York, NY, USA. 155–168. isbn:9781450346535 https://doi.org/10.1145/3098822.3098834 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2018. Control Plane Compression. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM ’18). Association for Computing Machinery, New York, NY, USA. 476–489. isbn:9781450355674 https://doi.org/10.1145/3230543.3230583 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2019. Abstract Interpretation of Distributed Network Control Planes. Proc. ACM Program. Lang., 4, POPL (2019), Article 42, December, 27 pages. https://doi.org/10.1145/3371110 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Ryan Beckett and Ratul Mahajan. 2020. A General Framework for Compositional Network Modeling. In Proceedings of the 19th ACM Workshop on Hot Topics in Networks (HotNets ’20). Association for Computing Machinery, New York, NY, USA. 8–15. isbn:9781450381451 https://doi.org/10.1145/3422604.3425930 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Ryan Beckett, Ratul Mahajan, Todd Millstein, Jitendra Padhye, and David Walker. 2019. Don’t Mind the Gap: Bridging Network-Wide Objectives and Device-Level Configurations: Brief Reflections on Abstractions for Network Programming. SIGCOMM Comput. Commun. Rev., 49, 5 (2019), November, 104–106. issn:0146-4833 https://doi.org/10.1145/3371934.3371965 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Beate Bollig and Ingo Wegener. 1996. Improving the variable ordering of OBDDs is NP-complete. IEEE Transactions on computers, 45, 9 (1996), 993–1002.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Randal E. Bryant. 1986. Graph-Based Algorithms for Boolean Function Manipulation. IEEE Trans. Computers, 35, 8 (1986), 677–691.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Arun Chaganty, Aditya Nori, and Sriram Rajamani. 2013. Efficiently sampling probabilistic programs via program analysis. In Artificial Intelligence and Statistics. 153–160.Google ScholarGoogle Scholar
  14. Guillaume Claret, Sriram K. Rajamani, Aditya V. Nori, Andrew D. Gordon, and Johannes Borgström. 2013. Bayesian Inference Using Data Flow Analysis. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2013). Association for Computing Machinery, New York, NY, USA. 92–102. isbn:9781450322379 https://doi.org/10.1145/2491411.2491423 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Edmund M Clarke, Masahiro Fujita, and Xudong Zhao. 1996. Multi-terminal binary decision diagrams and hybrid decision diagrams. In Representations of discrete functions. Springer, 93–108. https://doi.org/10.1007/978-1-4613-1385-4_4 Google ScholarGoogle ScholarCross RefCross Ref
  16. Luca De Alfaro, Marta Kwiatkowska, Gethin Norman, David Parker, and Roberto Segala. 2000. Symbolic model checking of probabilistic processes using MTBDDs and the Kronecker representation. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 395–410.Google ScholarGoogle ScholarCross RefCross Ref
  17. Christian Dehnert, Sebastian Junges, Joost-Pieter Katoen, and Matthias Volk. 2017. A storm is coming: A modern probabilistic model checker. In International Conference on Computer Aided Verification. 592–600. https://doi.org/10.1007/978-3-319-63390-9_31 Google ScholarGoogle ScholarCross RefCross Ref
  18. Dmitry Duplyakin, Robert Ricci, Aleksander Maricq, Gary Wong, Jonathon Duerig, Eric Eide, Leigh Stoller, Mike Hibler, David Johnson, Kirk Webb, Aditya Akella, Kuangching Wang, Glenn Ricart, Larry Landweber, Chip Elliott, Michael Zink, Emmanuel Cecchet, Snigdhaswin Kar, and Prabodh Mishra. 2019. The Design and Operation of CloudLab. In Proceedings of the USENIX Annual Technical Conference (ATC). 1–14. https://www.flux.utah.edu/paper/duplyakin-atc19Google ScholarGoogle Scholar
  19. Ahmed El-Hassany, Petar Tsankov, Laurent Vanbever, and Martin Vechev. 2018. Netcomplete: Practical Network-Wide Configuration Synthesis with Autocompletion. In Proceedings of the 15th USENIX Conference on Networked Systems Design and Implementation (NSDI’18). USENIX Association, USA. 579–594. isbn:9781931971430Google ScholarGoogle Scholar
  20. Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. A General Approach to Network Configuration Analysis. In Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation (NSDI’15). USENIX Association, USA. 469–483. isbn:9781931971218Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Nate Foster, Dexter Kozen, Konstantinos Mamouras, Mark Reitblatt, and Alexandra Silva. 2016. Probabilistic NetKAT. In European Symposium on Programming. 282–309. https://doi.org/10.1007/978-3-662-49498-1_12 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Timon Gehr, Sasa Misailovic, Petar Tsankov, Laurent Vanbever, Pascal Wiesmann, and Martin Vechev. 2018. Bayonet: Probabilistic Inference for Networks. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2018). Association for Computing Machinery, New York, NY, USA. 586–602. isbn:9781450356985 https://doi.org/10.1145/3192366.3192400 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Timon Gehr, Sasa Misailovic, and Martin Vechev. 2016. Psi: Exact symbolic inference for probabilistic programs. In International Conference on Computer Aided Verification. 62–83.Google ScholarGoogle ScholarCross RefCross Ref
  24. Jaco Geldenhuys, Matthew B. Dwyer, and Willem Visser. 2012. Probabilistic Symbolic Execution. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012). Association for Computing Machinery, New York, NY, USA. 166–176. isbn:9781450314541 https://doi.org/10.1145/2338965.2336773 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In Proceedings of the 2016 ACM SIGCOMM Conference (SIGCOMM ’16). Association for Computing Machinery, New York, NY, USA. 300–313. isbn:9781450341936 https://doi.org/10.1145/2934872.2934876 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Nick Giannarakis, Ryan Beckett, Ratul Mahajan, and David Walker. 2019. Efficient verification of network fault tolerance via counterexample-guided refinement. In International Conference on Computer Aided Verification. 305–323. https://doi.org/10.1007/978-3-030-25543-5_18 Google ScholarGoogle ScholarCross RefCross Ref
  27. Nick Giannarakis, Devon Loehr, Ryan Beckett, and David Walker. 2020. NV: An Intermediate Language for Verification of Network Control Planes. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2020). Association for Computing Machinery, New York, NY, USA. 958–973. isbn:9781450376136 https://doi.org/10.1145/3385412.3386019 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Nikolaos Giannarakis, Alexandra Silva, and David Walker. 2021. Appendix to ProbNV: Probabilistic Verification of Network Control Planes.Google ScholarGoogle Scholar
  29. Joanne Godfrey. 2016. The Summer of Network Misconfigurations. https://blog.algosec.com/2016/08/business-outages-caused-misconfigurations-headline-news-summer.htmlGoogle ScholarGoogle Scholar
  30. Noah Goodman, Vikash Mansinghka, Daniel M Roy, Keith Bonawitz, and Joshua B Tenenbaum. 2012. Church: a language for generative models. arXiv preprint arXiv:1206.3255.Google ScholarGoogle Scholar
  31. John Graham-Cumming. 2020. Cloudflare outage on July 17, 2020. https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/Google ScholarGoogle Scholar
  32. Steven Holtzen, Guy Van den Broeck, and Todd Millstein. 2020. Scaling Exact Inference for Discrete Probabilistic Programs. Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 140, November, 31 pages. https://doi.org/10.1145/3428208 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12). USENIX Association, San Jose, CA. 113–126. isbn:978-931971-92-8 https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/kazemianGoogle ScholarGoogle Scholar
  34. Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. 2013. VeriFlow: Verifying Network-Wide Invariants in Real Time. In 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13). USENIX Association, Lombard, IL. 15–27. isbn:978-1-931971-00-3 https://www.usenix.org/conference/nsdi13/technical-sessions/presentation/khurshidGoogle ScholarGoogle Scholar
  35. Simon Knight, Hung X Nguyen, Nickolas Falkner, Rhys Bowden, and Matthew Roughan. 2011. The internet topology zoo. IEEE Journal on Selected Areas in Communications, 29, 9 (2011), 1765–1775.Google ScholarGoogle ScholarCross RefCross Ref
  36. Marta Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In International conference on computer aided verification. 585–591. https://doi.org/10.1007/978-3-642-22110-1_47 Google ScholarGoogle ScholarCross RefCross Ref
  37. Nuno P. Lopes, Nikolaj Bjørner, Patrice Godefroid, Karthick Jayaraman, and George Varghese. 2015. Checking Beliefs in Dynamic Networks. In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). USENIX Association, Oakland, CA. 499–512. isbn:978-1-931971-218 https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/lopesGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  38. Nuno P Lopes and Andrey Rybalchenko. 2019. Fast BGP Simulation of Large Datacenters. In International Conference on Verification, Model Checking, and Abstract Interpretation. 386–408. https://doi.org/10.1007/978-3-030-11245-5_18 Google ScholarGoogle ScholarCross RefCross Ref
  39. Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. 2011. Debugging the Data Plane with Anteater. In Proceedings of the ACM SIGCOMM 2011 Conference (SIGCOMM ’11). Association for Computing Machinery, New York, NY, USA. 290–301. isbn:9781450307970 https://doi.org/10.1145/2018436.2018470 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Vikash K. Mansinghka, Ulrich Schaechtle, Shivam Handa, Alexey Radul, Yutian Chen, and Martin Rinard. 2018. Probabilistic Programming with Programmable Inference. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2018). Association for Computing Machinery, New York, NY, USA. 603–616. isbn:9781450356985 https://doi.org/10.1145/3192366.3192409 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Kieren McCarthy. 2019. BGP super-blunder: How Verizon today sparked a ’cascading catastrophic failure’ that knackered Cloudflare, Amazon, etc. https://www.theregister.co.uk/2019/06/24/verizon_bgp_misconfiguration_cloudflare/Google ScholarGoogle Scholar
  42. Gordon D. Plotkin, Nikolaj Bjørner, Nuno P. Lopes, Andrey Rybalchenko, and George Varghese. 2016. Scaling Network Verification Using Symmetry and Surgery. SIGPLAN Not., 51, 1 (2016), January, 69–83. issn:0362-1340 https://doi.org/10.1145/2914770.2837657 Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. François Pottier and Vincent Simonet. 2003. Information Flow Inference for ML. ACM Trans. Program. Lang. Syst., 25, 1, 117–158. issn:0164-0925 https://doi.org/10.1145/596980.596983 Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Adrian Sampson, Pavel Panchekha, Todd Mytkowicz, Kathryn S. McKinley, Dan Grossman, and Luis Ceze. 2014. Expressing and Verifying Probabilistic Assertions. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’14). Association for Computing Machinery, New York, NY, USA. 112–122. isbn:9781450327848 https://doi.org/10.1145/2594291.2594294 Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Simon Sharwood. 2016. Google cloud wobbles as workers patch wrong routers. http://www.theregister.co.uk/2016/03/01/google_cloud_wobbles_as_workers_patch_wrong_routers/Google ScholarGoogle Scholar
  46. Steffen Smolka, Praveen Kumar, David M. Kahn, Nate Foster, Justin Hsu, Dexter Kozen, and Alexandra Silva. 2019. Scalable Verification of Probabilistic Networks. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2019). Association for Computing Machinery, New York, NY, USA. 190–203. isbn:9781450367127 https://doi.org/10.1145/3314221.3314639 Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Fabio Somenzi. 1997. CUDD: CU decision diagram package. http://vlsi.colorado.edu/\~fabio/CUDD/.Google ScholarGoogle Scholar
  48. Samuel Steffen, Timon Gehr, Petar Tsankov, Laurent Vanbever, and Martin Vechev. 2020. Probabilistic Verification of Network Configurations. In Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication. 750–764.Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Yevgenly Sverdlik. 2012. Microsoft: misconfigured network device led to Azure outage. http://www.datacenterdynamics.com/content-tracks/servers-storage/microsoft-misconfigured-network-device-led-to-azure-outage/68312.fullarticleGoogle ScholarGoogle Scholar
  50. Emina Torlak and Rastislav Bodik. 2013. Growing Solver-Aided Languages with Rosette. In Proceedings of the 2013 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward! 2013). Association for Computing Machinery, New York, NY, USA. 135–152. isbn:9781450324724 https://doi.org/10.1145/2509578.2509586 Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Hongkun Yang and Simon S. Lam. 2016. Real-Time Verification of Network Properties Using Atomic Predicates. IEEE/ACM Trans. Netw., 24, 2 (2016), April, 887–900. issn:1063-6692 https://doi.org/10.1109/TNET.2015.2398197 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. ProbNV: probabilistic verification of network control planes

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!