TY - GEN
T1 - Mind the gap
T2 - 12th ACM Conference on Emerging Networking Experiments and Technologies, ACM CoNEXT 2016
AU - Zhang, Peng
AU - Li, Hao
AU - Hu, Chengchen
AU - Hu, Liujia
AU - Xiong, Lei
AU - Wang, Ruilong
AU - Zhang, Yuemei
PY - 2016/12/6
Y1 - 2016/12/6
N2 - How to debug large networks is always a challenging task. Software Defined Network (SDN) offers a centralized con- trol platform where operators can statically verify network policies, instead of checking configuration files device-by- device. While such a static verification is useful, it is still not enough: due to data plane faults, packets may not be forwarded according to control plane policies, resulting in network faults at runtime. To address this issue, we present VeriDP, a tool that can continuously monitor what we call control-data plane consistency, defined as the consistency between control plane policies and data plane forwarding behaviors. We prototype VeriDP with small modifications of both hardware and software SDN switches, and show that it can achieve a verification speed of 3 s per packet, with a false negative rate as low as 0.1%, for the Stanford backbone and Internet2 topologies. In addition, when verification fails, VeriDP can localize faulty switches with a probability as high as 96% for fat tree topologies.
AB - How to debug large networks is always a challenging task. Software Defined Network (SDN) offers a centralized con- trol platform where operators can statically verify network policies, instead of checking configuration files device-by- device. While such a static verification is useful, it is still not enough: due to data plane faults, packets may not be forwarded according to control plane policies, resulting in network faults at runtime. To address this issue, we present VeriDP, a tool that can continuously monitor what we call control-data plane consistency, defined as the consistency between control plane policies and data plane forwarding behaviors. We prototype VeriDP with small modifications of both hardware and software SDN switches, and show that it can achieve a verification speed of 3 s per packet, with a false negative rate as low as 0.1%, for the Stanford backbone and Internet2 topologies. In addition, when verification fails, VeriDP can localize faulty switches with a probability as high as 96% for fat tree topologies.
KW - Consistency
KW - Software defined network
KW - Verification
UR - https://www.scopus.com/pages/publications/85009789166
U2 - 10.1145/2999572.2999605
DO - 10.1145/2999572.2999605
M3 - 会议稿件
AN - SCOPUS:85009789166
T3 - CoNEXT 2016 - Proceedings of the 12th International Conference on Emerging Networking EXperiments and Technologies
SP - 19
EP - 33
BT - CoNEXT 2016 - Proceedings of the 12th International Conference on Emerging Networking EXperiments and Technologies
PB - Association for Computing Machinery, Inc
Y2 - 12 December 2016 through 15 December 2016
ER -