Modular Data Plane Verification for Compositional Networks

Modular Data Plane Verification for Compositional Networks

Modern networks are increasingly using layering and bridging to form a compositional architecture. Layering protocols like VXLAN create multiple overlay networks on top of a single underlay network infrastructure. This makes network configurations even more complex, and error-prone. To check the cor...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The proceedings of the ACM on networking 2023-11, Vol.1 (CoNEXT3), p.1-22, Article 23
Hauptverfasser: Liu, Xu, Zhang, Peng, Li, Hao, Sun, Wenbing
Format: Artikel
Sprache:eng
Schlagworte:
Network properties
Network reliability
Networks
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 22
container_issue CoNEXT3
container_start_page 1
container_title The proceedings of the ACM on networking
container_volume 1
creator Liu, Xu
Zhang, Peng
Li, Hao
Sun, Wenbing
description Modern networks are increasingly using layering and bridging to form a compositional architecture. Layering protocols like VXLAN create multiple overlay networks on top of a single underlay network infrastructure. This makes network configurations even more complex, and error-prone. To check the correctness of such compositional networks, one needs to model the dependency across multiple layers (underlay and overlay) and multiple domains (different VPNs/VPCs). Existing verifiers, which are optimized to scale in single-layer single-domain networks, exhibit scalability limitations when applied to compositional networks. This paper proposes MNV, a modular network verifier that scales to large compositional networks. At its core is a new verification method termed decompose-merge reasoning, which decomposes the network into self-contained modules, verifies each module independently, and merges the verification results. Our experiments show that for a typical data center network virtualized with VXLAN, to check reachability for more than 100 million pairs of subnets, MNV is at least 100x faster than state-of-the-art tools.
doi_str_mv 10.1145/3629145
format Article
fullrecord <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3629145</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3629145</sourcerecordid><originalsourceid>FETCH-LOGICAL-a895-65fa0434a2d5ded205d0609b3e52428e4e08eb7638d47643444dbb4b675f48d13</originalsourceid><addsrcrecordid>eNpNj8tLxDAYxIMouKyLd0-5eap-eTbxJvUJ6-OweC1fmwSq7WZJKuJ_b5ddxdPMMD8GhpBTBheMSXUpNLeTHpAZN0IWSoE9_OePySLndwDgVgtmYUaunqL77DHRGxyRvva49vTNpy50LY5dXNMQE63isIm522bs6bMfv2L6yCfkKGCf_WKvc7K6u11VD8Xy5f6xul4WaKwqtAoIUkjkTjnvOCgHGmwjvOKSGy89GN-UWhgnSz2BUrqmkY0uVZDGMTEn57vZNsWckw_1JnUDpu-aQb09Xe9PT-TZjsR2-IN-yx-y20_L</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Modular Data Plane Verification for Compositional Networks</title><source>ACM Digital Library Complete</source><creator>Liu, Xu ; Zhang, Peng ; Li, Hao ; Sun, Wenbing</creator><creatorcontrib>Liu, Xu ; Zhang, Peng ; Li, Hao ; Sun, Wenbing</creatorcontrib><description>Modern networks are increasingly using layering and bridging to form a compositional architecture. Layering protocols like VXLAN create multiple overlay networks on top of a single underlay network infrastructure. This makes network configurations even more complex, and error-prone. To check the correctness of such compositional networks, one needs to model the dependency across multiple layers (underlay and overlay) and multiple domains (different VPNs/VPCs). Existing verifiers, which are optimized to scale in single-layer single-domain networks, exhibit scalability limitations when applied to compositional networks. This paper proposes MNV, a modular network verifier that scales to large compositional networks. At its core is a new verification method termed decompose-merge reasoning, which decomposes the network into self-contained modules, verifies each module independently, and merges the verification results. Our experiments show that for a typical data center network virtualized with VXLAN, to check reachability for more than 100 million pairs of subnets, MNV is at least 100x faster than state-of-the-art tools.</description><identifier>ISSN: 2834-5509</identifier><identifier>EISSN: 2834-5509</identifier><identifier>DOI: 10.1145/3629145</identifier><language>eng</language><publisher>New York, NY, USA: ACM</publisher><subject>Network properties ; Network reliability ; Networks</subject><ispartof>The proceedings of the ACM on networking, 2023-11, Vol.1 (CoNEXT3), p.1-22, Article 23</ispartof><rights>ACM</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-a895-65fa0434a2d5ded205d0609b3e52428e4e08eb7638d47643444dbb4b675f48d13</citedby><cites>FETCH-LOGICAL-a895-65fa0434a2d5ded205d0609b3e52428e4e08eb7638d47643444dbb4b675f48d13</cites><orcidid>0000-0001-7721-2675 ; 0000-0001-8776-6911 ; 0009-0005-2471-191X ; 0009-0002-1190-9829</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://dl.acm.org/doi/pdf/10.1145/3629145$$EPDF$$P50$$Gacm$$H</linktopdf><link.rule.ids>314,780,784,2282,27924,27925,40196,76228</link.rule.ids></links><search><creatorcontrib>Liu, Xu</creatorcontrib><creatorcontrib>Zhang, Peng</creatorcontrib><creatorcontrib>Li, Hao</creatorcontrib><creatorcontrib>Sun, Wenbing</creatorcontrib><title>Modular Data Plane Verification for Compositional Networks</title><title>The proceedings of the ACM on networking</title><addtitle>ACM PACMNET</addtitle><description>Modern networks are increasingly using layering and bridging to form a compositional architecture. Layering protocols like VXLAN create multiple overlay networks on top of a single underlay network infrastructure. This makes network configurations even more complex, and error-prone. To check the correctness of such compositional networks, one needs to model the dependency across multiple layers (underlay and overlay) and multiple domains (different VPNs/VPCs). Existing verifiers, which are optimized to scale in single-layer single-domain networks, exhibit scalability limitations when applied to compositional networks. This paper proposes MNV, a modular network verifier that scales to large compositional networks. At its core is a new verification method termed decompose-merge reasoning, which decomposes the network into self-contained modules, verifies each module independently, and merges the verification results. Our experiments show that for a typical data center network virtualized with VXLAN, to check reachability for more than 100 million pairs of subnets, MNV is at least 100x faster than state-of-the-art tools.</description><subject>Network properties</subject><subject>Network reliability</subject><subject>Networks</subject><issn>2834-5509</issn><issn>2834-5509</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNpNj8tLxDAYxIMouKyLd0-5eap-eTbxJvUJ6-OweC1fmwSq7WZJKuJ_b5ddxdPMMD8GhpBTBheMSXUpNLeTHpAZN0IWSoE9_OePySLndwDgVgtmYUaunqL77DHRGxyRvva49vTNpy50LY5dXNMQE63isIm522bs6bMfv2L6yCfkKGCf_WKvc7K6u11VD8Xy5f6xul4WaKwqtAoIUkjkTjnvOCgHGmwjvOKSGy89GN-UWhgnSz2BUrqmkY0uVZDGMTEn57vZNsWckw_1JnUDpu-aQb09Xe9PT-TZjsR2-IN-yx-y20_L</recordid><startdate>20231128</startdate><enddate>20231128</enddate><creator>Liu, Xu</creator><creator>Zhang, Peng</creator><creator>Li, Hao</creator><creator>Sun, Wenbing</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0001-7721-2675</orcidid><orcidid>https://orcid.org/0000-0001-8776-6911</orcidid><orcidid>https://orcid.org/0009-0005-2471-191X</orcidid><orcidid>https://orcid.org/0009-0002-1190-9829</orcidid></search><sort><creationdate>20231128</creationdate><title>Modular Data Plane Verification for Compositional Networks</title><author>Liu, Xu ; Zhang, Peng ; Li, Hao ; Sun, Wenbing</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a895-65fa0434a2d5ded205d0609b3e52428e4e08eb7638d47643444dbb4b675f48d13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Network properties</topic><topic>Network reliability</topic><topic>Networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Liu, Xu</creatorcontrib><creatorcontrib>Zhang, Peng</creatorcontrib><creatorcontrib>Li, Hao</creatorcontrib><creatorcontrib>Sun, Wenbing</creatorcontrib><collection>CrossRef</collection><jtitle>The proceedings of the ACM on networking</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Liu, Xu</au><au>Zhang, Peng</au><au>Li, Hao</au><au>Sun, Wenbing</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Modular Data Plane Verification for Compositional Networks</atitle><jtitle>The proceedings of the ACM on networking</jtitle><stitle>ACM PACMNET</stitle><date>2023-11-28</date><risdate>2023</risdate><volume>1</volume><issue>CoNEXT3</issue><spage>1</spage><epage>22</epage><pages>1-22</pages><artnum>23</artnum><issn>2834-5509</issn><eissn>2834-5509</eissn><abstract>Modern networks are increasingly using layering and bridging to form a compositional architecture. Layering protocols like VXLAN create multiple overlay networks on top of a single underlay network infrastructure. This makes network configurations even more complex, and error-prone. To check the correctness of such compositional networks, one needs to model the dependency across multiple layers (underlay and overlay) and multiple domains (different VPNs/VPCs). Existing verifiers, which are optimized to scale in single-layer single-domain networks, exhibit scalability limitations when applied to compositional networks. This paper proposes MNV, a modular network verifier that scales to large compositional networks. At its core is a new verification method termed decompose-merge reasoning, which decomposes the network into self-contained modules, verifies each module independently, and merges the verification results. Our experiments show that for a typical data center network virtualized with VXLAN, to check reachability for more than 100 million pairs of subnets, MNV is at least 100x faster than state-of-the-art tools.</abstract><cop>New York, NY, USA</cop><pub>ACM</pub><doi>10.1145/3629145</doi><tpages>22</tpages><orcidid>https://orcid.org/0000-0001-7721-2675</orcidid><orcidid>https://orcid.org/0000-0001-8776-6911</orcidid><orcidid>https://orcid.org/0009-0005-2471-191X</orcidid><orcidid>https://orcid.org/0009-0002-1190-9829</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 2834-5509
ispartof The proceedings of the ACM on networking, 2023-11, Vol.1 (CoNEXT3), p.1-22, Article 23
issn 2834-5509
2834-5509
language eng
recordid cdi_crossref_primary_10_1145_3629145
source ACM Digital Library Complete
subjects Network properties
Network reliability
Networks
title Modular Data Plane Verification for Compositional Networks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-07T07%3A58%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Modular%20Data%20Plane%20Verification%20for%20Compositional%20Networks&rft.jtitle=The%20proceedings%20of%20the%20ACM%20on%20networking&rft.au=Liu,%20Xu&rft.date=2023-11-28&rft.volume=1&rft.issue=CoNEXT3&rft.spage=1&rft.epage=22&rft.pages=1-22&rft.artnum=23&rft.issn=2834-5509&rft.eissn=2834-5509&rft_id=info:doi/10.1145/3629145&rft_dat=%3Cacm_cross%3E3629145%3C/acm_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true