Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
Practical declarative network management
Proceedings of the 1st ACM workshop on Research on enterprise networking
OFRewind: enabling record and replay troubleshooting for networks
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Debugging the data plane with anteater
Proceedings of the ACM SIGCOMM 2011 conference
Frenetic: a network programming language
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Header space analysis: static checking for networks
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
A NICE way to test openflow applications
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Abstractions for network update
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Where is the debugger for my software-defined network?
Proceedings of the first workshop on Hot topics in software defined networks
Automatic test packet generation
Proceedings of the 8th international conference on Emerging networking experiments and technologies
VeriFlow: verifying network-wide invariants in real time
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
VeriFlow: verifying network-wide invariants in real time
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
zUpdate: updating data center networks with zero loss
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
FatTire: declarative fault tolerance for software-defined networks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Incremental consistent updates
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Leveraging SDN layering to systematically troubleshoot networks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
On bringing private traffic into public SDN testbeds
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Tiny packet programs for low-latency network control and monitoring
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
SymNet: static checking for stateful networks
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
I know what your packet did last hop: using packet histories to troubleshoot networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Libra: divide and conquer to verify forwarding tables in huge networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Network state may change rapidly in response to customer demands, load conditions or configuration changes. But the network must also ensure correctness conditions such as isolating tenants from each other and from critical services. Existing policy checkers cannot verify compliance in real time because of the need to collect "state" from the entire network and the time it takes to analyze this state. SDNs provide an opportunity in this respect as they provide a logically centralized view from which every proposed change can be checked for compliance with policy. But there remains the need for a fast compliance checker. Our paper introduces a real time policy checking tool called NetPlumber based on Header Space Analysis (HSA) [8]. Unlike HSA, however, NetPlumber incrementally checks for compliance of state changes, using a novel set of conceptual tools that maintain a dependency graph between rules. While NetPlumber is a natural fit for SDNs, its abstract intermediate form is conceptually applicable to conventional networks as well. We have tested NetPlumber on Google's SDN, the Stanford backbone and Internet 2. With NetPlumber, checking the compliance of a typical rule update against a single policy on these networks takes 50-500µs on average.