VeriFlow: Verifying Network-Wide Invariants in Real Time
| Title | VeriFlow: Verifying Network-Wide Invariants in Real Time |
| Publication Type | Conference Paper |
| Year of Publication | 2012 |
| Authors | Ahmed Khurshid, University of Illinois at Urbana-Champaign, Wenxuan Zhou, University of Illinois at Urbana-Champaign, Matthew Caesar, University of Illinois at Urbana-Champaign, P. Brighten Godfrey, University of Illinois at Urbana-Champaign |
| Conference Name | First Workshop on Hot Topics in Software Defined Networks (HotSDN 2012) |
| Date Published | 08/2012 |
| Conference Location | Helsinki, Finland |
| Keywords | fowarding debugging, NSA SoS Lablets Materials, OpenFlow, real time, science of security, software-defined networking, Towards a Science of Securing Network Forwarding, UIUC |
| Abstract | Networks are complex and prone to bugs. Existing tools that check configuration files and data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time, as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a preliminary design, VeriFlow, which suggests that this goal is achievable. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted. Based on an implementation using a Mininet OpenFlow network and Route Views trace data, we find that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion. |
| Citation Key | node-32251 |
| Attachment | Size |
|---|---|
| bytes |