VeriFlow: Verifying Network-Wide Invariants in Real Time: Ugur Kaynar (NRG Seminar)

11:00 am on Monday, November 18, 2013
12:00 pm on Monday, November 18, 2013
MCS 148
Abstract: This presentation covers the paper "VeriFlow: Verifying Network-Wide Invariants in Real Time" [1]. The paper addresses the problem of checking network-wide invariants, allowing detection and prevention of bugs in the network data plane of software defined networks. The key novelty is that VeriFlow allows this verification to be carried out in real time. Paper Abstract: Networks are complex and prone to bugs. Existing tools that check network configuration files and the data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time, as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a design, VeriFlow, which achieves this goal. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted, modified or deleted. VeriFlow supports analysis over multiple header fields, and an API for checking custom invariants. Based on a prototype implementation integrated with the NOX OpenFlow controller, and driven by a Mininet OpenFlow network and Route Views trace data, we find that Veri-Flow can perform rigorous checking within hundreds of microseconds per rule insertion or deletion [1] - "VeriFlow: Verifying Network-Wide Invariants in Real Time" Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey University of Illinois at Urbana-Champaign. 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’13)