TY - GEN
T1 - Differential Network Analysis
AU - Zhang, Peng
AU - Gember-Jacobson, Aaron
AU - Zuo, Yueshang
AU - Huang, Yuhao
AU - Liu, Xu
AU - Li, Hao
N1 - Publisher Copyright:
© 2022 by The USENIX Association. All Rights Reserved.
PY - 2022
Y1 - 2022
N2 - Networks are constantly changing. To avoid outages, operators need to know whether prospective changes in a network's control plane will cause undesired changes in end-to-end forwarding behavior. For example, which pairs of end hosts are reachable before a configuration change but unreachable after the change? Control plane verifiers are ill-suited for answering such questions because they operate on a single snapshot to check its “compliance” with “explicitly specified” properties, instead of quantifying the “differences” in “affected” end-to-end forwarding behaviors. We argue for a new control plane analysis paradigm that makes differences first class citizens. Differential Network Analysis (DNA) takes control plane changes, incrementally computes control and data plane state, and outputs consequent differences in end-to-end behavior. We break the computation into three stages-control plane simulation, data plane modeling, and property checking-and leverage differential dataflow programming frameworks, incremental data plane verification, and customized graph algorithms, respectively, to make each stage incremental. Evaluations using both real and synthetic control plane changes demonstrate that DNA can compute the resulting differences in reachability in a few seconds-up to 3 orders of magnitude faster than state-of-the-art control plane verifiers.
AB - Networks are constantly changing. To avoid outages, operators need to know whether prospective changes in a network's control plane will cause undesired changes in end-to-end forwarding behavior. For example, which pairs of end hosts are reachable before a configuration change but unreachable after the change? Control plane verifiers are ill-suited for answering such questions because they operate on a single snapshot to check its “compliance” with “explicitly specified” properties, instead of quantifying the “differences” in “affected” end-to-end forwarding behaviors. We argue for a new control plane analysis paradigm that makes differences first class citizens. Differential Network Analysis (DNA) takes control plane changes, incrementally computes control and data plane state, and outputs consequent differences in end-to-end behavior. We break the computation into three stages-control plane simulation, data plane modeling, and property checking-and leverage differential dataflow programming frameworks, incremental data plane verification, and customized graph algorithms, respectively, to make each stage incremental. Evaluations using both real and synthetic control plane changes demonstrate that DNA can compute the resulting differences in reachability in a few seconds-up to 3 orders of magnitude faster than state-of-the-art control plane verifiers.
UR - https://www.scopus.com/pages/publications/85129473775
M3 - 会议稿件
AN - SCOPUS:85129473775
T3 - Proceedings of the 19th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2022
SP - 601
EP - 615
BT - Proceedings of the 19th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2022
PB - USENIX Association
T2 - 19th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2022
Y2 - 4 April 2022 through 6 April 2022
ER -