Veriflow

24 September 2012

journal article
Published by Association for Computing Machinery (ACM) in ACM SIGCOMM Computer Communication Review

Vol. 42 (4), 467-472
https://doi.org/10.1145/2377677.2377766

Abstract

Networks are complex and prone to bugs. Existing tools that check configuration files and data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time , as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a preliminary design, VeriFlow, which suggests that this goal is achievable. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted. Based on an implementation using a Mininet OpenFlow network and Route Views trace data, we find that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion.

Keywords

This publication has 7 references indexed in Scilit:

Consistent updates for software-defined networks
Published by Association for Computing Machinery (ACM) ,2011
Frenetic
ACM SIGPLAN Notices, 2011
Debugging the data plane with anteater
ACM SIGCOMM Computer Communication Review, 2011
FlowChecker
Published by Association for Computing Machinery (ACM) ,2010
NOX
ACM SIGCOMM Computer Communication Review, 2008
OpenFlow
ACM SIGCOMM Computer Communication Review, 2008
FIREMAN: a toolkit for firewall modeling and analysis
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2006

Cited by 194 articles