High-speed policy-based packet forwarding using efficient multi-dimensional range matching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Model checking
Fundamentals of Digital Logic with VERILOG Design
Fundamentals of Digital Logic with VERILOG Design
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
An axiomatic basis for communication
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
Shedding light on the glue logic of the internet routing architecture
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Can the production network be the testbed?
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Debugging the data plane with anteater
Proceedings of the ACM SIGCOMM 2011 conference
Abstractions for network update
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
VeriFlow: verifying network-wide invariants in real time
Proceedings of the first workshop on Hot topics in software defined networks
Where is the debugger for my software-defined network?
Proceedings of the first workshop on Hot topics in software defined networks
A safe, efficient update protocol for openflow networks
Proceedings of the first workshop on Hot topics in software defined networks
Splendid isolation: a slice abstraction for software-defined networks
Proceedings of the first workshop on Hot topics in software defined networks
A security enforcement kernel for OpenFlow networks
Proceedings of the first workshop on Hot topics in software defined networks
Abstractions for network update
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
Veriflow: verifying network-wide invariants in real time
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
Automatic test packet generation
Proceedings of the 8th international conference on Emerging networking experiments and technologies
A SOFT way for openflow switch interoperability testing
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Verification of computer switching networks: an overview
ATVA'12 Proceedings of the 10th international conference on Automated Technology for Verification and Analysis
Machine-verified network controllers
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
VeriFlow: verifying network-wide invariants in real time
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Real time network policy checking using header space analysis
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
zUpdate: updating data center networks with zero loss
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
SIMPLE-fying middlebox policy enforcement using SDN
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Incremental consistent updates
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
HotSwap: correct and efficient controller upgrades for software-defined networks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Leveraging SDN layering to systematically troubleshoot networks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Fast, accurate simulation for SDN prototyping
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
OF.CPP: consistent packet processing for openflow
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
A correct, zero-overhead protocol for network updates
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Demystifying the dark side of the middle: a field study of middlebox failures in datacenters
Proceedings of the 2013 conference on Internet measurement conference
Virtual network diagnosis as a service
Proceedings of the 4th annual Symposium on Cloud Computing
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Answering why-not queries in software-defined networks with negative provenance
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
SymNet: static checking for stateful networks
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
NetKAT: semantic foundations for networks
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
I know what your packet did last hop: using packet histories to troubleshoot networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Libra: divide and conquer to verify forwarding tables in huge networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Tierless programming and reasoning for software-defined networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Enforcing network-wide policies in the presence of dynamic middlebox actions using flowtags
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Today's networks typically carry or deploy dozens of protocols and mechanisms simultaneously such as MPLS, NAT, ACLs and route redistribution. Even when individual protocols function correctly, failures can arise from the complex interactions of their aggregate, requiring network administrators to be masters of detail. Our goal is to automatically find an important class of failures, regardless of the protocols running, for both operational and experimental networks. To this end we developed a general and protocol-agnostic framework, called Header Space Analysis (HSA). Our formalism allows us to statically check network specifications and configurations to identify an important class of failures such as Reachability Failures, Forwarding Loops and Traffic Isolation and Leakage problems. In HSA, protocol header fields are not first class entities; instead we look at the entire packet header as a concatenation of bits without any associated meaning. Each packet is a point in the {0,1}L space where L is the maximum length of a packet header, and networking boxes transform packets from one point in the space to another point or set of points (multicast). We created a library of tools, called Hassel, to implement our framework, and used it to analyze a variety of networks and protocols. Hassel was used to analyze the Stanford University backbone network, and found all the forwarding loops in less than 10 minutes, and verified reachability constraints between two subnets in 13 seconds. It also found a large and complex loop in an experimental loose source routing protocol in 4 minutes.