Veriflow
- 24 September 2012
- journal article
- Published by Association for Computing Machinery (ACM) in ACM SIGCOMM Computer Communication Review
- Vol. 42 (4), 467-472
- https://doi.org/10.1145/2377677.2377766
Abstract
Networks are complex and prone to bugs. Existing tools that check configuration files and data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time , as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a preliminary design, VeriFlow, which suggests that this goal is achievable. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted. Based on an implementation using a Mininet OpenFlow network and Route Views trace data, we find that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion.Keywords
This publication has 7 references indexed in Scilit:
- Consistent updates for software-defined networksPublished by Association for Computing Machinery (ACM) ,2011
- FreneticACM SIGPLAN Notices, 2011
- Debugging the data plane with anteaterACM SIGCOMM Computer Communication Review, 2011
- FlowCheckerPublished by Association for Computing Machinery (ACM) ,2010
- NOXACM SIGCOMM Computer Communication Review, 2008
- OpenFlowACM SIGCOMM Computer Communication Review, 2008
- FIREMAN: a toolkit for firewall modeling and analysisPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006