Advertisement

ddNF: An Efficient Data Structure for Header Spaces

  • Nikolaj BjørnerEmail author
  • Garvit Juniwal
  • Ratul Mahajan
  • Sanjit A. Seshia
  • George Varghese
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10028)

Abstract

Network Verification is emerging as a critical enabler to manage large complex networks. In order to scale to data-center networks found in Microsoft Azure we developed a new data structure called ddNF, disjoint difference Normal Form, that serves as an efficient container for a small set of equivalence classes over header spaces. Our experiments show that ddNFs outperform representations proposed in previous work, in particular representations based on BDDs, and is especially suited for incremental verification. The advantage is observed empirically; in the worst case ddNFs are exponentially inferior than using BDDs to represent equivalence classes. We analyze main characteristics of ddNFs to explain the advantages we are observing.

Keywords

Boolean Function Output Port Head Space Head Space Analysis Virtual Machine Migration 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Al-Shaer, E., Al-Haj, S.: FlowChecker: configuration analysis and verification of federated OpenFlow infrastructures. In: SafeConfig (2010)Google Scholar
  2. 2.
    Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., Walker, D.: P4: programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev. 44(3), 87–95 (2014)CrossRefGoogle Scholar
  3. 3.
    Bosshart, P., Gibb, G., Kim, H.-S., Varghese, G., McKeown, N., Izzard, M., Mujica, F., Horowitz, M.: Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN. In: SIGCOMM (2013)Google Scholar
  4. 4.
    Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986)CrossRefzbMATHGoogle Scholar
  5. 5.
    Greenberg, A., Hamilton, J., Maltz, D.A., Patel, P.: The cost of a cloud: research problems in data center networks. SIGCOMM Comput. Commun. Rev. 39(1), 68–73 (2008)CrossRefGoogle Scholar
  6. 6.
    Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., Whyte, S.: Real time network policy checking using header space analysis. In: NSDI (2013)Google Scholar
  7. 7.
    Kazemian, P., Varghese, G., McKeown, N.: Header space analysis: static checking for networks. In: NSDI, pp. 113–126 (2012)Google Scholar
  8. 8.
    Khurshid, A., Zou, X., Zhou, W., Caesar, M., Godfrey, P.B.: Veriflow: verifying network-wide invariants in real time. In: NSDI (2013)Google Scholar
  9. 9.
    Lopes, N., Bjørner, N., Godefroid, P., Jayaraman, K., Varghese, G.: Checking beliefs in dynamic networks. In: NSDI (2015)Google Scholar
  10. 10.
    Mai, H., Khurshid, A., Agarwal, R., Caesar, M., Godfrey, P.B., King, S.T.: Debugging the data plane with anteater. In: SIGCOMM (2011)Google Scholar
  11. 11.
    McKeown, N.: Mind the gap. In: SIGCOMM (2012). http://youtu.be/Ho239zpKMwQ
  12. 12.
    Nelson, T., Barratt, C., Dougherty, D.J., Fisler, K., Krishnamurthi, S.: The margrave tool for firewall analysis. In: LISA (2010)Google Scholar
  13. 13.
    Pathak, A., Zhang, M., Hu, Y.C., Mahajan, R., Maltz, D.: Latency inflation in MPLS-based traffic engineering. In: Internet Measurement Conference (IMC) (2011)Google Scholar
  14. 14.
    Plotkin, G.D., Bjørner, N., Lopes, N.P., Rybalchenko, A., Varghese, G.: Scaling network verification using symmetry and surgery. In: Bodík, R., Majumdar R. (eds.) Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20–22, 2016, pp. 69–83. ACM (2016)Google Scholar
  15. 15.
  16. 16.
    Xie, G.G., Zhan, J., Maltz, D.A., Zhang, H., Greenberg, A.G., Hjálmtýsson, G., Rexford, J.: On static reachability analysis of IP networks. In: INFOCOM (2005)Google Scholar
  17. 17.
    Yang, H., Lam, S.S.: Real-time verification of network properties using atomic predicates. In: ICNP, pp. 1–11 (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Nikolaj Bjørner
    • 1
    Email author
  • Garvit Juniwal
    • 2
  • Ratul Mahajan
    • 1
  • Sanjit A. Seshia
    • 2
  • George Varghese
    • 3
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.University of CaliforniaBerkeleyUSA
  3. 3.University of CaliforniaLos AngelesUSA

Personalised recommendations