ACM Transactions on Computer Systems (TOCS)
Debugging the data plane with anteater
Proceedings of the ACM SIGCOMM 2011 conference
Header space analysis: static checking for networks
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
How hard can it be? designing and implementing a deployable multipath TCP
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Automatic test packet generation
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Real time network policy checking using header space analysis
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Today's networks deploy many stateful procesing boxes ranging from NATs to firewalls and application optimizers: these boxes operate on packet flows, rather than individual packets. As more and more middleboxes are deployed, understanding their composition is becoming increasingly difficult. Static checking of network configurations is a promising approach to help understand whether a network is configured properly, but existing tools are limited as they only support stateless processing. We propose to use symbolic execution---a technique prevalent in compilers---to check network properties more general than basic reachability. The key idea is to track the possible values for specified fields in the packet as it travels through a network. Each middlebox or router will impose constraints on certain fields of the packet via forwarding actions, packet modifications and filtering. The symbolic approach also allows us to model middlebox per-flow state in a scalable way. We have implemented this technique in a tool we call SymNet and conducted preliminary evaluation. Early results show SymNet scales well and models basic stateful middleboxes, opening the possibility of analyzing complex stateful middlebox behaviours.