Advertisement

Network-Wide Configuration Synthesis

  • Ahmed El-Hassany
  • Petar Tsankov
  • Laurent Vanbever
  • Martin Vechev
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10427)

Abstract

Computer networks are hard to manage. Given a set of high-level requirements (e.g., reachability, security), operators have to manually figure out the individual configuration of potentially hundreds of devices running complex distributed protocols so that they, collectively, compute a compatible forwarding state. Not surprisingly, operators often make mistakes which lead to downtimes.

To address this problem, we present a novel synthesis approach that automatically computes correct network configurations that comply with the operator’s requirements. We capture the behavior of existing routers along with the distributed protocols they run in stratified Datalog. Our key insight is to reduce the problem of finding correct input configurations to the task of synthesizing inputs for a stratified Datalog program.

To solve this synthesis task, we introduce a new algorithm that synthesizes inputs for stratified Datalog programs. This algorithm is applicable beyond the domain of networks.

We leverage our synthesis algorithm to construct the first network-wide configuration synthesis system, called SyNET, that support multiple interacting routing protocols (OSPF and BGP) and static routes. We show that our system is practical and can infer correct input configurations, in a reasonable amount time, for networks of realistic size (\({>}50\) routers) that forward packets for multiple traffic classes.

References

  1. 1.
    Ryall, J.: Facebook, Tinder, Instagram suffer widespread issues. http://mashable.com/2015/01/27/facebook-tinder-instagram-issues/
  2. 2.
    Juniper Networks. What’s Behind Network Downtime? Proactive Steps to Reduce Human Error and Improve Availability of Networks. Technical report, May 2008Google Scholar
  3. 3.
    BGPmon. Internet prefixes monitoring. http://www.bgpmon.net/blog/
  4. 4.
    Fogel, A., Fung, S., Pedrosa, L., Walraed-Sullivan, M., Govindan, R., Mahajan, R., Millstein, T.: A general approach to network configuration analysis. In: NSDI (2015)Google Scholar
  5. 5.
    Feamster, N., Balakrishnan, H.: Detecting BGP configuration faults with static analysis. In: NSDI (2005)Google Scholar
  6. 6.
    Nelson, T., Barratt, C., Dougherty, D.J., Fisler, K., Krishnamurthi, S.: The margrave tool for firewall analysis. In: LISA (2010)Google Scholar
  7. 7.
    Yuan, L., Chen, H., Mai, J., Chuah, C.-N., Su, Z., Mohapatra, P.: FIREMAN: a toolkit for firewall modeling and analysis. In: S&P (2006)Google Scholar
  8. 8.
    Vanbever, L., Quoitin, B., Bonaventure, O.: A hierarchical model for BGP routing policies. In: ACM SIGCOMM PRESTO (2009)Google Scholar
  9. 9.
    Chen, X., Mao, M., Van der Merwe, J.: PACMAN: a platform for automated and controlled network operations and configuration management. In: CoNEXT (2009)Google Scholar
  10. 10.
    Enck, W., Moyer, T., McDaniel, P., Sen, S., Sebos, P., Spoerel, S., Greenberg, A., Sung, Y.-W.E., Rao, S., Aiello, W.: Configuration management at massive scale: system design and experience. IEEE J. Sel. Areas Commun. (2009)Google Scholar
  11. 11.
    Gottlieb, J., Greenberg, A., Rexford, J., Wang, J.: Automated provisioning of BGP customers. IEEE Netw. 17, 44–55 (2003)CrossRefGoogle Scholar
  12. 12.
    Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., Meyer, D., Bates, T., Karrenberg, D., Terpstra, M.: Routing Policy Specification Language. RFC 2622Google Scholar
  13. 13.
    Bjorklund, M.: YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF). RFC 6020Google Scholar
  14. 14.
    Enns, R., et al.: Network Configuration Protocol (NETCONF). RFC 4741Google Scholar
  15. 15.
    El-Hassany, A., Miserez, J., Bielik, P., Vanbever, L., Vechev, M.: SDNRacer: concurrency analysis for SDNs. In: PLDI (2016)Google Scholar
  16. 16.
    Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J., et al.: A NICE way to test OpenFlow applications. In: NSDI (2012)Google Scholar
  17. 17.
    Scott, C., Wundsam, A., Raghavan, B., Panda, A., Or, A., Lai, J., Huang, E., Liu, Z., El-Hassany, A., Whitlock, S., Acharya, H.B., Zarifis, K., Shenker, S.: Troubleshooting Blackbox SDN control software with minimal causal sequences. In: ACM SIGCOMM (2014)Google Scholar
  18. 18.
    Ball, T., Bjørner, N., Gember, A., Itzhaky, S., Karbyshev, A., Sagiv, M., Schapira, M., Valadarsky, A.: VeriCon: towards verifying controller programs in software-defined networks. In: PLDI (2014)Google Scholar
  19. 19.
    Subramanian, K., D’Antoni, L., Akella, A.: Genesis: synthesizing forwarding tables in multi-tenant networks. In: POPL (2017)Google Scholar
  20. 20.
    Kang, N., Liu, Z., Rexford, J., Walker, D.: Optimizing the “One Big Switch” abstraction in software-defined networks. In: CoNEXT (2013)Google Scholar
  21. 21.
    Benson, T., Akella, A., Maltz, D.A.: Mining policies from enterprise network configuration. In: IMC (2009)Google Scholar
  22. 22.
    Awduche, D., et al.: Overview and Principles of Internet Traffic Engineering. RFC3272Google Scholar
  23. 23.
    Fortz, B., Rexford, J., Thorup, M.: Traffic engineering with traditional IP routing protocols. IEEE Commun. Mag. 40, 118–124 (2002)CrossRefGoogle Scholar
  24. 24.
    Halevy, A.Y., Mumick, I.S., Sagiv, Y., Shmueli, O.: Static analysis in datalog extensions. J. ACM 48, 971–1012 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Mumick, I.S., Shmueli, O.: How expressive is stratified aggregation? Ann. Math. Artif. Intell. 15, 407–435 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    El-Hassany, A., Tsankov, P., Vanbever, L., Vechev, M.T.: Network-wide configuration synthesis. CoRR, abs/1611.02537 (2016). http://arxiv.org/abs/1611.02537
  27. 27.
    Abiteboul, S., Hull, R., Vianu, V. (eds.): Foundations of Databases: The Logical Level (1995)Google Scholar
  28. 28.
    Ullman, J.D.: Principles of Database and Knowledge-Base Systems. Computer Science Press, New York (1989)Google Scholar
  29. 29.
  30. 30.
    Barrett, C., et al.: The SMT-LIB Standard: Version 2.0 (2010)Google Scholar
  31. 31.
    De Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: TACAS (2008)Google Scholar
  32. 32.
    Graphical Network Simulator-3 (GNS3). https://www.gns3.com/
  33. 33.
    Knight, S., Nguyen, H.X., Falkner, N., Bowden, R.A., Roughan, M.: The internet topology zoo. IEEE J. Sel. Areas Commun. 29, 1765–1775 (2011)CrossRefGoogle Scholar
  34. 34.
    Doyle, J., Carroll, J.: Routing TCP/IP, vol. 1. Cisco Press, Indianapolis (2005)Google Scholar
  35. 35.
    Smaragdakis, Y., Bravenboer, M.: Using datalog for fast and easy program analysis. In: de Moor, O., Gottlob, G., Furche, T., Sellers, A. (eds.) Datalog Reloaded. LNCS, vol. 6702, pp. 245–251. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-24206-9_14 CrossRefGoogle Scholar
  36. 36.
    Zhang, X., Mangal, R., Grigore, R., Naik, M., Yang, H.: On abstraction refinement for program analyses in datalog. In: PLDI (2014)Google Scholar
  37. 37.
    Madsen, M., Yee, M.-H., Lhoták, O.: From datalog to flix: a declarative language for fixed points on lattices. In: PLDI (2016)Google Scholar
  38. 38.
    Hoder, K., Bjørner, N., De Moura, L.: \(\mu Z\): an efficient engine for fixed points with constraints. In: CAV (2011)Google Scholar
  39. 39.
    Jackson, E.K., Sztipanovits, J.: Towards a formal foundation for domain specific modeling languages. In: EMSOFT (2006)Google Scholar
  40. 40.
    Jackson, E.K., Schulte, W.: Model generation for horn logic with stratified negation. In: Suzuki, K., Higashino, T., Yasumoto, K., El-Fakih, K. (eds.) FORTE 2008. LNCS, vol. 5048, pp. 1–20. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-68855-6_1 CrossRefGoogle Scholar
  41. 41.
    Jackson, E.K. Kang, E., Dahlweid, M., Seifert, D., Santen, T.: Components, platforms and possibilities: towards generic automation for MDA. In: EMSOFT (2010)Google Scholar
  42. 42.
    Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 26, 82–90 (2013)CrossRefGoogle Scholar
  43. 43.
    Kroening, D., Tautschnig, M.: CBMC – C bounded model checker. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. TACAS 2014, vol. 8413, pp. 389–391. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54862-8_26 CrossRefGoogle Scholar
  44. 44.
    Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24730-2_15 CrossRefGoogle Scholar
  45. 45.
    Solar-Lezama, A., Tancau, L., Bodik, R., Seshia, S., Saraswat, V.: Combinatorial Sketching for Finite Programs. In: ASPLOS (2006)Google Scholar
  46. 46.
    Beckett, R., Mahajan, R., Millstein, T., Padhye, J., Walker, D.: Don’t mind the gap: bridging network-wide objectives and device-level configurations. In: SIGCOMM (2016)Google Scholar
  47. 47.
    Narain, S., Levin, G., Malik, S., Kaul, V.: Declarative infrastructure configuration synthesis and debugging. J. Netw. Syst. Manag. 16, 235–258 (2008)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Ahmed El-Hassany
    • 1
  • Petar Tsankov
    • 1
  • Laurent Vanbever
    • 1
  • Martin Vechev
    • 1
  1. 1.ETH ZürichZürichSwitzerland

Personalised recommendations