Visible to the public VeriFlow: Verifying Network-Wide Invariants in Real TimeConflict Detection Enabled

TitleVeriFlow: Verifying Network-Wide Invariants in Real Time
Publication TypeConference Paper
Year of Publication2012
AuthorsAhmed Khurshid, University of Illinois at Urbana-Champaign, Wenxuan Zhou, University of Illinois at Urbana-Champaign, Matthew Caesar, University of Illinois at Urbana-Champaign, P. Brighten Godfrey, University of Illinois at Urbana-Champaign
Conference NameFirst Workshop on Hot Topics in Software Defined Networks (HotSDN 2012)
Date Published08/2012
Conference LocationHelsinki, Finland
Keywordsfowarding debugging, NSA SoS Lablets Materials, OpenFlow, real time, science of security, software-defined networking, Towards a Science of Securing Network Forwarding, UIUC
Abstract

Networks are complex and prone to bugs. Existing tools that check configuration files and data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time, as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a preliminary design, VeriFlow, which suggests that this goal is achievable. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted. Based on an implementation using a Mininet OpenFlow network and Route Views trace data, we find that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion.

Citation Keynode-32251

Other available formats:

VeriFlow Verifying Network-Wide Invariants in Real Time