An Efficient Framework for Data-Plane Verification With Geometric Windowing Queries

Modern networks have complex configurations to provide advanced functions. Network softwarization, a promising new movement in the networking community, could make networks more complexly configured due to the nature of software. Since these complexities make the networks error-prone, network verification is attracting attention as a key technology to detect inconsistencies between a configuration and an operational policy. Existing verifiers are, unfortunately, either inefficient or incomplete (operational policies are not rigorously checked). This paper presents a novel framework of data-plane verification. So as to efficiently manage the large search space defined by packet headers, our framework formalizes the consistency check by applying simple set operations defined in a small quotient space of packet header. This paper also reveals that the two spaces can be connected via the windowing query in computational geometry. Two windowing algorithms are proposed and backed by solid theoretical analyses. Experiments on real network datasets show that our framework with the windowing algorithms is surprisingly fast; when verifying policy compliance in a real network with thousands of switches, our framework reduces the verification time of all-pairs reachability from ten hours to ten minutes.