Stick to the script: Monitoring the policy compliance of SDN data plane

Peng Zhang; Hao Li; Chengchen Hu; Liujia Hu; Lei Xiong

doi:10.1145/2881025.2881038

Stick to the script: Monitoring the policy compliance of SDN data plane

Peng Zhang
, Hao Li
, Chengchen Hu
, Liujia Hu
, Lei Xiong

Faculty of Electronic and Information Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

Software defined networks provide new opportunities for automating the process of network debugging. Many tools have been developed to verify the correctness of network configurations on the control plane. However, due to software bugs and hardware faults of switches, the correctness of control plane may not readily translate into that of data plane. To bridge this gap, we present VeriDP, which can monitor "whether actual forwarding behaviors are complying with network configurations". Given that policies are well-configured, operators can leverage VeriDP to monitor the correctness of the network data plane. In a nutshell, VeriDP lets switches tag packets that they forward, and report tags together with headers to the verification server before the packets leave the network. The verification server pre-computes all header-to-tag mappings based on the configuration, and checks whether the reported tags agree with the mappings. We prototype VeriDP with both software and hardware OpenFlow switches, and use emulation to show that VeriDP can detect common data plane fault including black holes and access violations, with a minimal impact on the data plane.

Original language	English
Title of host publication	ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems
Publisher	Association for Computing Machinery, Inc
Pages	81-86
Number of pages	6
ISBN (Electronic)	9781450341837
DOIs	https://doi.org/10.1145/2881025.2881038
State	Published - 17 Mar 2016
Event	12th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2016 - Santa Clara, United States Duration: 17 Mar 2016 → 18 Mar 2016

Publication series

Name	ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems

Conference

Conference	12th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2016
Country/Territory	United States
City	Santa Clara
Period	17/03/16 → 18/03/16

Access to Document

10.1145/2881025.2881038

Cite this

Zhang, P., Li, H., Hu, C., Hu, L., & Xiong, L. (2016). Stick to the script: Monitoring the policy compliance of SDN data plane. In ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems (pp. 81-86). (ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems). Association for Computing Machinery, Inc. https://doi.org/10.1145/2881025.2881038

Zhang, Peng ; Li, Hao ; Hu, Chengchen et al. / Stick to the script : Monitoring the policy compliance of SDN data plane. ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems. Association for Computing Machinery, Inc, 2016. pp. 81-86 (ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems).

@inproceedings{60f36af09442479b9f6e6d45972383a4,

title = "Stick to the script: Monitoring the policy compliance of SDN data plane",

abstract = "Software defined networks provide new opportunities for automating the process of network debugging. Many tools have been developed to verify the correctness of network configurations on the control plane. However, due to software bugs and hardware faults of switches, the correctness of control plane may not readily translate into that of data plane. To bridge this gap, we present VeriDP, which can monitor {"}whether actual forwarding behaviors are complying with network configurations{"}. Given that policies are well-configured, operators can leverage VeriDP to monitor the correctness of the network data plane. In a nutshell, VeriDP lets switches tag packets that they forward, and report tags together with headers to the verification server before the packets leave the network. The verification server pre-computes all header-to-tag mappings based on the configuration, and checks whether the reported tags agree with the mappings. We prototype VeriDP with both software and hardware OpenFlow switches, and use emulation to show that VeriDP can detect common data plane fault including black holes and access violations, with a minimal impact on the data plane.",

author = "Peng Zhang and Hao Li and Chengchen Hu and Liujia Hu and Lei Xiong",

note = "Publisher Copyright: {\textcopyright} 2016 ACM.; 12th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2016 ; Conference date: 17-03-2016 Through 18-03-2016",

year = "2016",

month = mar,

day = "17",

doi = "10.1145/2881025.2881038",

language = "英语",

series = "ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems",

publisher = "Association for Computing Machinery, Inc",

pages = "81--86",

booktitle = "ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems",

}

Zhang, P, Li, H, Hu, C, Hu, L & Xiong, L 2016, Stick to the script: Monitoring the policy compliance of SDN data plane. in ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems. ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems, Association for Computing Machinery, Inc, pp. 81-86, 12th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2016, Santa Clara, United States, 17/03/16. https://doi.org/10.1145/2881025.2881038

Stick to the script: Monitoring the policy compliance of SDN data plane. / Zhang, Peng; Li, Hao; Hu, Chengchen et al.
ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems. Association for Computing Machinery, Inc, 2016. p. 81-86 (ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Stick to the script

T2 - 12th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2016

AU - Zhang, Peng

AU - Li, Hao

AU - Hu, Chengchen

AU - Hu, Liujia

AU - Xiong, Lei

PY - 2016/3/17

Y1 - 2016/3/17

N2 - Software defined networks provide new opportunities for automating the process of network debugging. Many tools have been developed to verify the correctness of network configurations on the control plane. However, due to software bugs and hardware faults of switches, the correctness of control plane may not readily translate into that of data plane. To bridge this gap, we present VeriDP, which can monitor "whether actual forwarding behaviors are complying with network configurations". Given that policies are well-configured, operators can leverage VeriDP to monitor the correctness of the network data plane. In a nutshell, VeriDP lets switches tag packets that they forward, and report tags together with headers to the verification server before the packets leave the network. The verification server pre-computes all header-to-tag mappings based on the configuration, and checks whether the reported tags agree with the mappings. We prototype VeriDP with both software and hardware OpenFlow switches, and use emulation to show that VeriDP can detect common data plane fault including black holes and access violations, with a minimal impact on the data plane.

AB - Software defined networks provide new opportunities for automating the process of network debugging. Many tools have been developed to verify the correctness of network configurations on the control plane. However, due to software bugs and hardware faults of switches, the correctness of control plane may not readily translate into that of data plane. To bridge this gap, we present VeriDP, which can monitor "whether actual forwarding behaviors are complying with network configurations". Given that policies are well-configured, operators can leverage VeriDP to monitor the correctness of the network data plane. In a nutshell, VeriDP lets switches tag packets that they forward, and report tags together with headers to the verification server before the packets leave the network. The verification server pre-computes all header-to-tag mappings based on the configuration, and checks whether the reported tags agree with the mappings. We prototype VeriDP with both software and hardware OpenFlow switches, and use emulation to show that VeriDP can detect common data plane fault including black holes and access violations, with a minimal impact on the data plane.

UR - https://www.scopus.com/pages/publications/84971430864

U2 - 10.1145/2881025.2881038

DO - 10.1145/2881025.2881038

M3 - 会议稿件

AN - SCOPUS:84971430864

T3 - ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems

SP - 81

EP - 86

BT - ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems

PB - Association for Computing Machinery, Inc

Y2 - 17 March 2016 through 18 March 2016

ER -

Zhang P, Li H, Hu C, Hu L, Xiong L. Stick to the script: Monitoring the policy compliance of SDN data plane. In ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems. Association for Computing Machinery, Inc. 2016. p. 81-86. (ANCS 2016 - Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems). doi: 10.1145/2881025.2881038

Stick to the script: Monitoring the policy compliance of SDN data plane

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this