Visible to the public Biblio

Filters: Author is Argyraki, Katerina  [Clear All Filters]
2018-05-09
Zaostrovnykh, Arseniy, Pirelli, Solal, Pedrosa, Luis, Argyraki, Katerina, Candea, George.  2017.  A Formally Verified NAT. Proceedings of the Conference of the ACM Special Interest Group on Data Communication. :141–154.

We present a Network Address Translator (NAT) written in C and proven to be semantically correct according to RFC 3022, as well as crash-free and memory-safe. There exists a lot of recent work on network verification, but it mostly assumes models of network functions and proves properties specific to network configuration, such as reachability and absence of loops. Our proof applies directly to the C code of a network function, and it demonstrates the absence of implementation bugs. Prior work argued that this is not feasible (i.e., that verifying a real, stateful network function written in C does not scale) but we demonstrate otherwise: NAT is one of the most popular network functions and maintains per-flow state that needs to be properly updated and expired, which is a typical source of verification challenges. We tackle the scalability challenge with a new combination of symbolic execution and proof checking using separation logic; this combination matches well the typical structure of a network function. We then demonstrate that formally proven correctness in this case does not come at the cost of performance. The NAT code, proof toolchain, and proofs are available at [58].

2017-04-24
Fietz, Jonas, Whitlock, Sam, Ioannidis, George, Argyraki, Katerina, Bugnion, Edouard.  2016.  VNToR: Network Virtualization at the Top-of-Rack Switch. Proceedings of the Seventh ACM Symposium on Cloud Computing. :428–441.

Cloud providers typically implement abstractions for network virtualization on the server, within the operating system that hosts the tenant virtual machines or containers. Despite being flexible and convenient, this approach has fundamental problems: incompatibility with bare-metal support, unnecessary performance overhead, and susceptibility to hypervisor breakouts. To solve these, we propose to offload the implementation of network-virtualization abstractions to the top-of-rack switch (ToR). To show that this is feasible and beneficial, we present VNToR, a ToR that takes over the implementation of the security-group abstraction. Our prototype combines commodity switching hardware with a custom software stack and is integrated in OpenStack Neutron. We show that VNToR can store tens of thousands of access rules, adapts to traffic-pattern changes in less than a millisecond, and significantly outperforms the state of the art.