Abstract
ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet scalable enough to handle challenging properties, such as probabilistic all-failures analysis of medium-sized networks with 100-200 devices. When there are a small, bounded number of failures, networks with up to 500 devices may be verified in seconds. ProbNV operates by translating raw CISCO configurations into a probabilistic and functional programming language designed for network verification. This language comes equipped with a novel type system that characterizes the sort of representation to be used for each data structure: concrete for the usual representation of values; symbolic for a BDD-based representation of sets of values; and multi-value for an MTBDD-based representation of values that depend upon symbolics. Careful use of these varying representations speeds execution of symbolic simulation of network models. The MTBDD-based representations are also used to calculate probabilistic properties of network models once symbolic simulation is complete. We implement the language and evaluate its performance on benchmarks constructed from real network topologies and synthesized routing policies.
Supplemental Material
- Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. 1999. A Core Calculus of Dependency. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’99). Association for Computing Machinery, New York, NY, USA. 147–160. isbn:1581130953 https://doi.org/10.1145/292540.292555 Google Scholar
Digital Library
- Anubhavnidhi Abhashkumar, Aaron Gember-Jacobson, and Aditya Akella. 2020. Tiramisu: Fast multilayer network verification. In 17th $USENIX$ Symposium on Networked Systems Design and Implementation ($NSDI$ 20). 201–219.Google Scholar
- Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. 2008. A Scalable, Commodity Data Center Network Architecture. In Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication (SIGCOMM ’08). Association for Computing Machinery, New York, NY, USA. 63–74. isbn:9781605581750 https://doi.org/10.1145/1402958.1402967 Google Scholar
Digital Library
- Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic Foundations for Networks. SIGPLAN Not., 49, 1 (2014), January, 113–126. issn:0362-1340 https://doi.org/10.1145/2578855.2535862 Google Scholar
Digital Library
- R. Iris Bahar, Erica A. Frohm, Charles M. Gaona, Gary D. Hachtel, Enrico Macii, Abelardo Pardo, and Fabio Somenzi. 1993. Algebraic Decision Diagrams and Their Applications. In Proceedings of the 1993 IEEE/ACM International Conference on Computer-Aided Design (ICCAD ’93). IEEE Computer Society Press, Washington, DC, USA. 188–191. isbn:0818644907Google Scholar
Digital Library
- Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2017. A General Approach to Network Configuration Verification. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication (SIGCOMM ’17). Association for Computing Machinery, New York, NY, USA. 155–168. isbn:9781450346535 https://doi.org/10.1145/3098822.3098834 Google Scholar
Digital Library
- Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2018. Control Plane Compression. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM ’18). Association for Computing Machinery, New York, NY, USA. 476–489. isbn:9781450355674 https://doi.org/10.1145/3230543.3230583 Google Scholar
Digital Library
- Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2019. Abstract Interpretation of Distributed Network Control Planes. Proc. ACM Program. Lang., 4, POPL (2019), Article 42, December, 27 pages. https://doi.org/10.1145/3371110 Google Scholar
Digital Library
- Ryan Beckett and Ratul Mahajan. 2020. A General Framework for Compositional Network Modeling. In Proceedings of the 19th ACM Workshop on Hot Topics in Networks (HotNets ’20). Association for Computing Machinery, New York, NY, USA. 8–15. isbn:9781450381451 https://doi.org/10.1145/3422604.3425930 Google Scholar
Digital Library
- Ryan Beckett, Ratul Mahajan, Todd Millstein, Jitendra Padhye, and David Walker. 2019. Don’t Mind the Gap: Bridging Network-Wide Objectives and Device-Level Configurations: Brief Reflections on Abstractions for Network Programming. SIGCOMM Comput. Commun. Rev., 49, 5 (2019), November, 104–106. issn:0146-4833 https://doi.org/10.1145/3371934.3371965 Google Scholar
Digital Library
- Beate Bollig and Ingo Wegener. 1996. Improving the variable ordering of OBDDs is NP-complete. IEEE Transactions on computers, 45, 9 (1996), 993–1002.Google Scholar
Digital Library
- Randal E. Bryant. 1986. Graph-Based Algorithms for Boolean Function Manipulation. IEEE Trans. Computers, 35, 8 (1986), 677–691.Google Scholar
Digital Library
- Arun Chaganty, Aditya Nori, and Sriram Rajamani. 2013. Efficiently sampling probabilistic programs via program analysis. In Artificial Intelligence and Statistics. 153–160.Google Scholar
- Guillaume Claret, Sriram K. Rajamani, Aditya V. Nori, Andrew D. Gordon, and Johannes Borgström. 2013. Bayesian Inference Using Data Flow Analysis. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2013). Association for Computing Machinery, New York, NY, USA. 92–102. isbn:9781450322379 https://doi.org/10.1145/2491411.2491423 Google Scholar
Digital Library
- Edmund M Clarke, Masahiro Fujita, and Xudong Zhao. 1996. Multi-terminal binary decision diagrams and hybrid decision diagrams. In Representations of discrete functions. Springer, 93–108. https://doi.org/10.1007/978-1-4613-1385-4_4 Google Scholar
Cross Ref
- Luca De Alfaro, Marta Kwiatkowska, Gethin Norman, David Parker, and Roberto Segala. 2000. Symbolic model checking of probabilistic processes using MTBDDs and the Kronecker representation. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 395–410.Google Scholar
Cross Ref
- Christian Dehnert, Sebastian Junges, Joost-Pieter Katoen, and Matthias Volk. 2017. A storm is coming: A modern probabilistic model checker. In International Conference on Computer Aided Verification. 592–600. https://doi.org/10.1007/978-3-319-63390-9_31 Google Scholar
Cross Ref
- Dmitry Duplyakin, Robert Ricci, Aleksander Maricq, Gary Wong, Jonathon Duerig, Eric Eide, Leigh Stoller, Mike Hibler, David Johnson, Kirk Webb, Aditya Akella, Kuangching Wang, Glenn Ricart, Larry Landweber, Chip Elliott, Michael Zink, Emmanuel Cecchet, Snigdhaswin Kar, and Prabodh Mishra. 2019. The Design and Operation of CloudLab. In Proceedings of the USENIX Annual Technical Conference (ATC). 1–14. https://www.flux.utah.edu/paper/duplyakin-atc19Google Scholar
- Ahmed El-Hassany, Petar Tsankov, Laurent Vanbever, and Martin Vechev. 2018. Netcomplete: Practical Network-Wide Configuration Synthesis with Autocompletion. In Proceedings of the 15th USENIX Conference on Networked Systems Design and Implementation (NSDI’18). USENIX Association, USA. 579–594. isbn:9781931971430Google Scholar
- Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. A General Approach to Network Configuration Analysis. In Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation (NSDI’15). USENIX Association, USA. 469–483. isbn:9781931971218Google Scholar
Digital Library
- Nate Foster, Dexter Kozen, Konstantinos Mamouras, Mark Reitblatt, and Alexandra Silva. 2016. Probabilistic NetKAT. In European Symposium on Programming. 282–309. https://doi.org/10.1007/978-3-662-49498-1_12 Google Scholar
Digital Library
- Timon Gehr, Sasa Misailovic, Petar Tsankov, Laurent Vanbever, Pascal Wiesmann, and Martin Vechev. 2018. Bayonet: Probabilistic Inference for Networks. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2018). Association for Computing Machinery, New York, NY, USA. 586–602. isbn:9781450356985 https://doi.org/10.1145/3192366.3192400 Google Scholar
Digital Library
- Timon Gehr, Sasa Misailovic, and Martin Vechev. 2016. Psi: Exact symbolic inference for probabilistic programs. In International Conference on Computer Aided Verification. 62–83.Google Scholar
Cross Ref
- Jaco Geldenhuys, Matthew B. Dwyer, and Willem Visser. 2012. Probabilistic Symbolic Execution. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012). Association for Computing Machinery, New York, NY, USA. 166–176. isbn:9781450314541 https://doi.org/10.1145/2338965.2336773 Google Scholar
Digital Library
- Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In Proceedings of the 2016 ACM SIGCOMM Conference (SIGCOMM ’16). Association for Computing Machinery, New York, NY, USA. 300–313. isbn:9781450341936 https://doi.org/10.1145/2934872.2934876 Google Scholar
Digital Library
- Nick Giannarakis, Ryan Beckett, Ratul Mahajan, and David Walker. 2019. Efficient verification of network fault tolerance via counterexample-guided refinement. In International Conference on Computer Aided Verification. 305–323. https://doi.org/10.1007/978-3-030-25543-5_18 Google Scholar
Cross Ref
- Nick Giannarakis, Devon Loehr, Ryan Beckett, and David Walker. 2020. NV: An Intermediate Language for Verification of Network Control Planes. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2020). Association for Computing Machinery, New York, NY, USA. 958–973. isbn:9781450376136 https://doi.org/10.1145/3385412.3386019 Google Scholar
Digital Library
- Nikolaos Giannarakis, Alexandra Silva, and David Walker. 2021. Appendix to ProbNV: Probabilistic Verification of Network Control Planes.Google Scholar
- Joanne Godfrey. 2016. The Summer of Network Misconfigurations. https://blog.algosec.com/2016/08/business-outages-caused-misconfigurations-headline-news-summer.htmlGoogle Scholar
- Noah Goodman, Vikash Mansinghka, Daniel M Roy, Keith Bonawitz, and Joshua B Tenenbaum. 2012. Church: a language for generative models. arXiv preprint arXiv:1206.3255.Google Scholar
- John Graham-Cumming. 2020. Cloudflare outage on July 17, 2020. https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/Google Scholar
- Steven Holtzen, Guy Van den Broeck, and Todd Millstein. 2020. Scaling Exact Inference for Discrete Probabilistic Programs. Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 140, November, 31 pages. https://doi.org/10.1145/3428208 Google Scholar
Digital Library
- Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12). USENIX Association, San Jose, CA. 113–126. isbn:978-931971-92-8 https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/kazemianGoogle Scholar
- Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. 2013. VeriFlow: Verifying Network-Wide Invariants in Real Time. In 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13). USENIX Association, Lombard, IL. 15–27. isbn:978-1-931971-00-3 https://www.usenix.org/conference/nsdi13/technical-sessions/presentation/khurshidGoogle Scholar
- Simon Knight, Hung X Nguyen, Nickolas Falkner, Rhys Bowden, and Matthew Roughan. 2011. The internet topology zoo. IEEE Journal on Selected Areas in Communications, 29, 9 (2011), 1765–1775.Google Scholar
Cross Ref
- Marta Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In International conference on computer aided verification. 585–591. https://doi.org/10.1007/978-3-642-22110-1_47 Google Scholar
Cross Ref
- Nuno P. Lopes, Nikolaj Bjørner, Patrice Godefroid, Karthick Jayaraman, and George Varghese. 2015. Checking Beliefs in Dynamic Networks. In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). USENIX Association, Oakland, CA. 499–512. isbn:978-1-931971-218 https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/lopesGoogle Scholar
Digital Library
- Nuno P Lopes and Andrey Rybalchenko. 2019. Fast BGP Simulation of Large Datacenters. In International Conference on Verification, Model Checking, and Abstract Interpretation. 386–408. https://doi.org/10.1007/978-3-030-11245-5_18 Google Scholar
Cross Ref
- Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. 2011. Debugging the Data Plane with Anteater. In Proceedings of the ACM SIGCOMM 2011 Conference (SIGCOMM ’11). Association for Computing Machinery, New York, NY, USA. 290–301. isbn:9781450307970 https://doi.org/10.1145/2018436.2018470 Google Scholar
Digital Library
- Vikash K. Mansinghka, Ulrich Schaechtle, Shivam Handa, Alexey Radul, Yutian Chen, and Martin Rinard. 2018. Probabilistic Programming with Programmable Inference. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2018). Association for Computing Machinery, New York, NY, USA. 603–616. isbn:9781450356985 https://doi.org/10.1145/3192366.3192409 Google Scholar
Digital Library
- Kieren McCarthy. 2019. BGP super-blunder: How Verizon today sparked a ’cascading catastrophic failure’ that knackered Cloudflare, Amazon, etc. https://www.theregister.co.uk/2019/06/24/verizon_bgp_misconfiguration_cloudflare/Google Scholar
- Gordon D. Plotkin, Nikolaj Bjørner, Nuno P. Lopes, Andrey Rybalchenko, and George Varghese. 2016. Scaling Network Verification Using Symmetry and Surgery. SIGPLAN Not., 51, 1 (2016), January, 69–83. issn:0362-1340 https://doi.org/10.1145/2914770.2837657 Google Scholar
Digital Library
- François Pottier and Vincent Simonet. 2003. Information Flow Inference for ML. ACM Trans. Program. Lang. Syst., 25, 1, 117–158. issn:0164-0925 https://doi.org/10.1145/596980.596983 Google Scholar
Digital Library
- Adrian Sampson, Pavel Panchekha, Todd Mytkowicz, Kathryn S. McKinley, Dan Grossman, and Luis Ceze. 2014. Expressing and Verifying Probabilistic Assertions. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’14). Association for Computing Machinery, New York, NY, USA. 112–122. isbn:9781450327848 https://doi.org/10.1145/2594291.2594294 Google Scholar
Digital Library
- Simon Sharwood. 2016. Google cloud wobbles as workers patch wrong routers. http://www.theregister.co.uk/2016/03/01/google_cloud_wobbles_as_workers_patch_wrong_routers/Google Scholar
- Steffen Smolka, Praveen Kumar, David M. Kahn, Nate Foster, Justin Hsu, Dexter Kozen, and Alexandra Silva. 2019. Scalable Verification of Probabilistic Networks. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2019). Association for Computing Machinery, New York, NY, USA. 190–203. isbn:9781450367127 https://doi.org/10.1145/3314221.3314639 Google Scholar
Digital Library
- Fabio Somenzi. 1997. CUDD: CU decision diagram package. http://vlsi.colorado.edu/\~fabio/CUDD/.Google Scholar
- Samuel Steffen, Timon Gehr, Petar Tsankov, Laurent Vanbever, and Martin Vechev. 2020. Probabilistic Verification of Network Configurations. In Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication. 750–764.Google Scholar
Digital Library
- Yevgenly Sverdlik. 2012. Microsoft: misconfigured network device led to Azure outage. http://www.datacenterdynamics.com/content-tracks/servers-storage/microsoft-misconfigured-network-device-led-to-azure-outage/68312.fullarticleGoogle Scholar
- Emina Torlak and Rastislav Bodik. 2013. Growing Solver-Aided Languages with Rosette. In Proceedings of the 2013 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward! 2013). Association for Computing Machinery, New York, NY, USA. 135–152. isbn:9781450324724 https://doi.org/10.1145/2509578.2509586 Google Scholar
Digital Library
- Hongkun Yang and Simon S. Lam. 2016. Real-Time Verification of Network Properties Using Atomic Predicates. IEEE/ACM Trans. Netw., 24, 2 (2016), April, 887–900. issn:1063-6692 https://doi.org/10.1109/TNET.2015.2398197 Google Scholar
Digital Library
Index Terms
ProbNV: probabilistic verification of network control planes
Recommendations
Abstract interpretation of distributed network control planes
The control plane of most computer networks runs distributed routing protocols that determine if and how traffic is forwarded. Errors in the configuration of network control planes frequently knock down critical online services, leading to economic ...
NV: an intermediate language for verification of network control planes
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and ImplementationNetwork misconfiguration has caused a raft of high-profile outages over the past decade, spurring researchers to develop a variety of network analysis and verification tools. Unfortunately, developing and maintaining such tools is an enormous challenge ...
A General Approach to Network Configuration Verification
SIGCOMM '17: Proceedings of the Conference of the ACM Special Interest Group on Data CommunicationWe present Minesweeper, a tool to verify that a network satisfies a wide range of intended properties such as reachability or isolation among nodes, waypointing, black holes, bounded path length, load-balancing, functional equivalence of two routers, ...






Comments