Formal Verification of Virtual Network Function Graphs in an SP-DevOps Context

  • Serena Spinoso
  • Matteo VirgilioEmail author
  • Wolfgang John
  • Antonio Manzalini
  • Guido Marchetto
  • Riccardo Sisto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9306)


The role of software and its flexibility is becoming more and more important in todays networks. New emerging paradigms, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), are changing the rules of the game, shifting the focus on dynamicity and programmability. Perfectly aligned with this new spirit, the FP7 UNIFY European project aims at realizing this appealing vision by applying DevOps concepts to telecom operator networks and supporting the idea of fast network reconfiguration. However, the increased range of possibilities offered by the DevOps approach comes at the cost of designing new processes and toolkits to make SDN and NFV a concrete opportunity. In this paper we specifically focus on the verification process as part of the challenging tasks that must be addressed in this scenario and its fundamental role of automatically checking some desired network properties before deploying a particular configuration. Our preliminary results confirm the feasibility of the approach and encourage future efforts in this direction.


DevOps Formal verification Service graphs Network function forwarding graph 


  1. 1.
    de Moura, L., Bjørner, N.S.: Z3: An efficient smt solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  2. 2.
    Jain, R., Paul, S.: Network virtualization and software defined networking for cloud computing: A survey. IEEE Communications Magazine 51(11), November 2013Google Scholar
  3. 3.
    John, W., Meirosu, C.: Unify d4.1: Initial requirements for the sp-devops concept, universal node capabilities and proposed tools (2014).
  4. 4.
    John, W., Pentikousis, K., Agapiou, G., Jacob, E., Kind, M., Manzalini, A., Risso, F., Staessens, D., Steinert, R., Meirosu, C.: Research directions in network service chaining. In: 2013 IEEE SDN for SDN4FNS, November 2013Google Scholar
  5. 5.
    Kazemian, P., Varghese, G., McKeown, N.: Header space analysis: Static checking for networks. In: NSDI 2012. USENIX, San Jose (2012)Google Scholar
  6. 6.
    Khurshid, A., Zou, X., Zhou, W., Caesar, M., Godfrey, P.B.: Veriflow: Verifying network-wide invariants in real time. In: NSDI 2013. USENIX, Lombard (2013)Google Scholar
  7. 7.
    Meirosu, C.: m4.1: Sp-devops concept evolution and initial plans for prototyping (2014).
  8. 8.
    Panda, A., Lahav, O., Argyraki, K.J., Sagiv, M., Shenker, S.: Verifying isolation properties in the presence of middleboxes. CoRR abs/1409.7687 (2014)Google Scholar
  9. 9.
    Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for openflow networks. In: HotSDN 2012. ACM, New York (2012)Google Scholar
  10. 10.
    Sharma, S., Coyne, B.: DevOps For Dummies. Limited IBM Edition’ book, October 2013Google Scholar
  11. 11.
    Son, S., Shin, S., Yegneswaran, V., Porras, P.A., Gu, G.: Model checking invariant security properties in openflow. In: ICC, pp. 1974–1979. IEEE (2013)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Serena Spinoso
    • 1
  • Matteo Virgilio
    • 1
    Email author
  • Wolfgang John
    • 2
  • Antonio Manzalini
    • 3
  • Guido Marchetto
    • 1
  • Riccardo Sisto
    • 1
  1. 1.DAUIN - Politecnico di TorinoTurinItaly
  2. 2.Ericsson ABStockholmSweden
  3. 3.Strategy and Innovation - Future CentreTurinItaly

Personalised recommendations