A general approach to network configuration analysis
作者: Meg Walraed-Sullivan , Todd Millstein , Ramesh Govindan , Ratul Mahajan , Ari Fogel
DOI:
关键词:
摘要: We present an approach to detect network configuration errors, which combines the benefits of two prior approaches. Like techniques that analyze files, our can find errors proactively, before is applied, and answer "what if" questions. data-plane snapshots, check a broad range forwarding properties produce actual packets violate checked properties. accomplish this combination by faithfully deriving then analyzing data plane would emerge from configuration. Our derivation fully declarative, employing set logical relations represent control plane, their relationship. Operators query these understand identified provenance. use large university networks with qualitatively different routing designs many misconfigurations in each. have confirmed majority as fixed configurations accordingly.
acm.org 参考文章(29)
Kathi Fisler, Daniel J. Dougherty, Shriram Krishnamurthi, Timothy Nelson, Christopher Barratt, The margrave tool for firewall analysis usenix large installation systems administration conference. pp. 1- 8 ,(2010)
Nick McKeown, George Varghese, Peyman Kazemian, Scott Whyte, Hongyi Zeng, Michael Chang, Real time network policy checking using header space analysis networked systems design and implementation. pp. 99- 112 ,(2013)
Andy Chou, Dawson R. Engler, David Yu Chen, Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code. symposium on operating systems principles. pp. 57- 72 ,(2001)
Nick McKeown, Amin Vahdat, Vimalkumar Jeyakumar, Fei Ye, Junda Liu, Shidong Zhang, Mickey Ju, Hongyi Zeng, Libra: divide and conquer to verify forwarding tables in huge networks networked systems design and implementation. pp. 87- 99 ,(2014) , 10.5555/2616448.2616457
Andrew D. Ferguson, Shriram Krishnamurthi, Tim Nelson, Michael J. G. Scheer, Tierless programming and reasoning for software-defined networks networked systems design and implementation. pp. 519- 531 ,(2014) , 10.5555/2616448.2616496
E. Rosen, A. Viswanathan, R. Callon, Multiprotocol Label Switching Architecture RFC. ,vol. 3031, pp. 1- 61 ,(2001)
Ahme Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey, VeriFlow: verifying network-wide invariants in real time networked systems design and implementation. pp. 15- 28 ,(2013)
David Maltz, Theophilus Benson, Aditya Akella, Unraveling the complexity of network management networked systems design and implementation. pp. 335- 348 ,(2009)
Nick McKeown, George Varghese, Peyman Kazemian, Header space analysis: static checking for networks networked systems design and implementation. pp. 9- 9 ,(2012)
Nick Feamster, Hari Balakrishnan, Detecting BGP configuration faults with static analysis networked systems design and implementation. pp. 43- 56 ,(2005) , 10.5555/1251203.1251207