Abstract
Software-defined network (SDN) separates the control plane and the data plane, which provides the programmability of the network and is widely deployed in data center networks. As the foundation of SDN, the data plane needs to be fully verified and tested to ensure its correctness and reliability. At present, formal verification and testing methods have been applied to SDN networks. The goals of verification and testing are to find the design defects and the implementation errors of the data plane, respectively. In this paper, we conduct a survey of the state-of-art methods and tools of formal verification and formal testing for SDN data plane. According to support for online verification, the related works of formal verification for the data plane fall into static verification and real-time verification. According to the requirement of source code, the existing works of formal testing for the data plane fall into white-box testing and black-box testing. Based on the state-of-art approaches of verification and testing, we also discuss the research trends of verification and testing for SDN data plane, such as artificial intelligence (AI)-based model construct and property definition, and scalable support for the stateful data plane.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmad, S., Jamil, F., Ali, A., Khan, E., Ibrahim, M., Whangbo, T.K.: Effectively handling network congestion and load balancing in software-defined networking. CMC-Comput. Mater. Continua 70(1), 1363–1379 (2022)
Al-Shaer, E., Al-Haj, S.: Flowchecker: Configuration analysis and verification of federated openflow infrastructures. In: Proceedings of the 3rd ACM workshop on Assurable and usable security configuration. pp. 37–44 (2010)
Alhaidari, F., et al.: Intelligent software-defined network for cognitive routing optimization using deep extreme learning machine approach (2021)
Ali, J., Roh, B.h.: Quality of service improvement with optimal software-defined networking controller and control plane clustering. CMC-Comput. Mater. Continua 67(1), 849–875 (2021)
Altukhov, V., Podymov, V., Zakharov, V., Chemeritskiy, E.: Vermont-a toolset for checking SDN packet forwarding policies on-line. In: 2014 International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), pp. 1–6. IEEE (2014)
Babbar, H., Rani, S., Masud, M., Verma, S., Anand, D., Jhanjhi, N.: Load balancing algorithm for migrating switches in software-defined vehicular networks. Comput. Mater. Continue 67(1), 1301–1316 (2021)
Belgaum, M.R., Ali, F., Alansari, Z., Musa, S., Alam, M.M., Mazliham, M.: Artificial intelligence based reliable load balancing framework in software-defined networks. CMC-Comput. Mater. Continua 70(1), 251–266 (2022)
Bu, K., Wen, X., Yang, B., Chen, Y., Li, L.E., Chen, X.: Is every flow on the right track?: Inspect SDN forwarding with rulescope. In: IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications, pp. 1–9. IEEE (2016)
Fang, Y., Lu, Y.: Checking intra-switch conflicts of rules during preprocessing of network verification in SDN. IEEE Commun. Lett. 23(9), 1547–1550 (2019)
Fang, Y., Lu, Y.: Real-time verification of network properties based on header space. IEEE Access 8, 36789–36806 (2020)
Fayaz, S.K., Sekar, V.: Testing stateful and dynamic data planes with flowtest. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 79–84 (2014)
Fayaz, S.K., Yu, T., Tobioka, Y., Chaki, S., Sekar, V.: \(\{\)BUZZ\(\}\): Testing context-dependent policies in stateful networks. In: 13th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 2016), pp. 275–289 (2016)
Horn, A., Kheradmand, A., Prasad, M.: Delta-net: real-time network verification using atoms. In: 14th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 17), pp. 735–749 (2017)
Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., Whyte, S.: Real time network policy checking using header space analysis. In: 10th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 2013), pp. 99–111 (2013)
Kazemian, P., Varghese, G., McKeown, N.: Header space analysis: static checking for networks. In: 9th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 12), pp. 113–126 (2012)
Khurshid, A., Zou, X., Zhou, W., Caesar, M., Godfrey, P.B.: VeriFlow: verifying network-wide invariants in real time. In: 10th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 2013), pp. 15–27 (2013)
Mai, H., Khurshid, A., Agarwal, R., Caesar, M., Godfrey, P.B., King, S.T.: Debugging the data plane with anteater. ACM SIGCOMM Comput. Commun. Rev. 41(4), 290–301 (2011)
Perešíni, P., Kuzniar, M., Kostić, D.: Rule-level data plane monitoring with monocle. ACM SIGCOMM Comput. Commun. Rev. 45(4), 595–596 (2015)
Ruchansky, N., Proserpio, D.: A (not) nice way to verify the openflow switch specification: formal modelling of the openflow switch using alloy. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, pp. 527–528 (2013)
Son, S., Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Model checking invariant security properties in openflow. In: 2013 IEEE International Conference on Communications (ICC), pp. 1974–1979. IEEE (2013)
Yang, H., Lam, S.S.: Scalable verification of networks with packet transformers using atomic predicates. IEEE/ACM Trans. Network. 25(5), 2900–2915 (2017)
Yao, J., Wang, Z., Yin, X., Shiyz, X., Wu, J.: Formal modeling and systematic black-box testing of SDN data plane. In: 2014 IEEE 22nd International Conference on Network Protocols, pp. 179–190. IEEE (2014)
Zeng, H., Kazemian, P., Varghese, G., McKeown, N.: Automatic test packet generation. In: Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, pp. 241–252 (2012)
Zhang, P., Zhang, C., Hu, C.: Fast data plane testing for software-defined networks with rulechecker. IEEE/ACM Trans. Network. 27(1), 173–186 (2018)
Zhang, S., Malik, S.: SAT based verification of network data planes. In: Van Hung, D., Ogawa, M. (eds.) ATVA 2013. LNCS, vol. 8172, pp. 496–505. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02444-8_43
Zhang, Y., Li, J., Kimura, S., Zhao, W., Das, S.K.: Atomic predicates-based data plane properties verification in software defined networking using spark. IEEE J. Sel. Areas Commun. 38(7), 1308–1321 (2020)
Zhao, Y., Zhang, P., Wang, Y., Jin, Y.: Troubleshooting data plane with rule verification in software-defined networks. IEEE Trans. Netw. Serv. Manag. 15(1), 232–244 (2017)
Acknowledgement
This work was supported by the Hainan Provincial Natural Science Foundation of China (620RC562, 2019RC096, 620RC560), the Scientific Research Setup Fund of Hainan University (KYQD(ZR)1877), the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation (QCXM201910), and the National Natural Science Foundation of China (61802092, 62162021).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Yao, J., Jing, M., Lin, S., Li, D., Cao, X. (2022). Formal Verification and Testing of Data Plane in Software-Defined Networks: A Survey. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Advances in Artificial Intelligence and Security. ICAIS 2022. Communications in Computer and Information Science, vol 1588. Springer, Cham. https://doi.org/10.1007/978-3-031-06764-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-06764-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06763-1
Online ISBN: 978-3-031-06764-8
eBook Packages: Computer ScienceComputer Science (R0)