FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
FlowChecker: configuration analysis and verification of federated openflow infrastructures
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Can the production network be the testbed?
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Debugging the data plane with anteater
Proceedings of the ACM SIGCOMM 2011 conference
Frenetic: a network programming language
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Consistent updates for software-defined networks: change you can believe in!
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Header space analysis: static checking for networks
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
A NICE way to test openflow applications
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
A security enforcement kernel for OpenFlow networks
Proceedings of the first workshop on Hot topics in software defined networks
The power of software-defined networking: line-rate content-based routing using OpenFlow
Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing
VeriFlow: verifying network-wide invariants in real time
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
zUpdate: updating data center networks with zero loss
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Tutorial: event-based systems meet software-defined networking
Proceedings of the 7th ACM international conference on Distributed event-based systems
Towards secure and dependable software-defined networks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Fast, accurate simulation for SDN prototyping
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Virtual network diagnosis as a service
Proceedings of the 4th annual Symposium on Cloud Computing
I know what your packet did last hop: using packet histories to troubleshoot networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
NetVM: high performance and flexible networking using virtualization on commodity platforms
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Tierless programming and reasoning for software-defined networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Networks are complex and prone to bugs. Existing tools that check configuration files and data-plane state operate offline at timescales of seconds to hours, and cannot detect or prevent bugs as they arise. Is it possible to check network-wide invariants in real time, as the network state evolves? The key challenge here is to achieve extremely low latency during the checks so that network performance is not affected. In this paper, we present a preliminary design, VeriFlow, which suggests that this goal is achievable. VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted. Based on an implementation using a Mininet OpenFlow network and Route Views trace data, we find that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion.