Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Measuring ISP topologies with rocketfuel
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Predicate routing: enabling controlled networking
ACM SIGCOMM Computer Communication Review
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Locating internet routing instabilities
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Modeling and Verification of IPSec and VPN Security Policies
ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
The role of PASTA in network measurement
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Finding a needle in a haystack: pinpointing significant BGP routing changes in an IP network
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network-wide prediction of BGP routes
IEEE/ACM Transactions on Networking (TON)
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
D3S: debugging deployed distributed systems
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Towards optimal sampling for flow size estimation
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Boolector: An Efficient SMT Solver for Bit-Vectors and Arrays
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Unraveling the complexity of network management
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
SherLog: error diagnosis by connecting clues from run-time logs
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Towards understanding bugs in open source router software
ACM SIGCOMM Computer Communication Review
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Friday: global comprehension for distributed replay
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Header space analysis: static checking for networks
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
A NICE way to test openflow applications
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
VeriFlow: verifying network-wide invariants in real time
Proceedings of the first workshop on Hot topics in software defined networks
Where is the debugger for my software-defined network?
Proceedings of the first workshop on Hot topics in software defined networks
Splendid isolation: a slice abstraction for software-defined networks
Proceedings of the first workshop on Hot topics in software defined networks
Veriflow: verifying network-wide invariants in real time
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
Automatic test packet generation
Proceedings of the 8th international conference on Emerging networking experiments and technologies
A SOFT way for openflow switch interoperability testing
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Verification of computer switching networks: an overview
ATVA'12 Proceedings of the 10th international conference on Automated Technology for Verification and Analysis
Machine-verified network controllers
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
VeriFlow: verifying network-wide invariants in real time
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Real time network policy checking using header space analysis
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
zUpdate: updating data center networks with zero loss
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Leveraging SDN layering to systematically troubleshoot networks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
A balance of power: expressive, analyzable controller programming
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Towards an efficient verification approach on network configuration
Proceedings of the 8th International Conference on Network and Service Management
Demystifying the dark side of the middle: a field study of middlebox failures in datacenters
Proceedings of the 2013 conference on Internet measurement conference
Virtual network diagnosis as a service
Proceedings of the 4th annual Symposium on Cloud Computing
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Answering why-not queries in software-defined networks with negative provenance
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
SymNet: static checking for stateful networks
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
NetKAT: semantic foundations for networks
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
I know what your packet did last hop: using packet histories to troubleshoot networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Libra: divide and conquer to verify forwarding tables in huge networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Tierless programming and reasoning for software-defined networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Diagnosing problems in networks is a time-consuming and error-prone process. Existing tools to assist operators primarily focus on analyzing control plane configuration. Configuration analysis is limited in that it cannot find bugs in router software, and is harder to generalize across protocols since it must model complex configuration languages and dynamic protocol behavior. This paper studies an alternate approach: diagnosing problems through static analysis of the data plane. This approach can catch bugs that are invisible at the level of configuration files, and simplifies unified analysis of a network across many protocols and implementations. We present Anteater, a tool for checking invariants in the data plane. Anteater translates high-level network invariants into boolean satisfiability problems (SAT), checks them against network state using a SAT solver, and reports counterexamples if violations have been found. Applied to a large university network, Anteater revealed 23 bugs, including forwarding loops and stale ACL rules, with only five false positives. Nine of these faults are being fixed by campus network operators.