Fast Control Plane Analysis Using an Abstract Representation

AaronGember-Jacobson,RaajayViswanathan,AdityaAkella,RatulMahajan

1

ConfiguraAonerrorsarecommon

•  MulAplerouAngprotocols•  RouAngprocessprioriAes•  Routeexchange•  TrafficSelecAvity

–  RouteFilters–  ACLs

2

Humanerrorsareunavoidable

ErrorsleadtopolicyviolaAons

3

NetworkverificaAonisimportant

ViolaAonPolicy

SomeviolaAonsonlyoccurunderfailures

4

RC RB

RA

OSPF1

1

3

SRC

DST

NetworkverificaAonunderarbitraryfailuresisrequired

State-of-the-artverificaAonwithfailures•  Analyzecurrentdataplane[HSANSDI’13,VeriFlowNSDI’13]

–  Cannotverifypoliciesacrossfailures

5

ForwardingTable

ForwardingTable

ForwardingTable

ForwardingTable’

ForwardingTable’

ForwardingTable’

ForwardingTable’’

ForwardingTable’’

ForwardingTable’’

ForwardingTable’’’

ForwardingTable’’’

ForwardingTable’’’

•  Simulatelowlevelprotocolmessages[Ba[ishNSDI’15]•  Generatedataplanesforeachfailurecase

–  Timeconsuming

6

HowdowespeedupnetworkverificaAonunderfailures?

NetworkverificaAon

underfailures

GraphAnalysis

NetworkverificaAonunderfailuresusinggraphalgorithms

7

NetworkconfiguraAons

•  Graphsencodethenetwork’sforwardingbehaviorunderallpossiblefailurescenarios

•  VerificaAonreducestocheckingsimplegraph-levelproperAesàpolynomial:me

•  CollecAonofdigraphsàARC:AbstractRepresentaAonforControlplanes

22

4

1.2

10

0

6

CollecAonofweighteddigraphs

…...

Outline

•  MoAvaAon•  Requirements&ChallengesforARCcreaAon•  OurapproachforconstrucAngARCs•  NetworkverificaAonusingARCs•  EvaluaAon

8

Requirement:Encodingforwardingbehaviorsunderallfailures

•  Graphcontainsallpossiblepathsintheactualnetwork

•  ActualpathunderparAcularfailurescenarioisobtainablethroughgraphtraversal

9

22

4

1.2

10

0

6

6

2

10

ARCconstrucAon:Firststeps

•  NetworktopologyisessenAallyagraph

•  RouAngprotocolsdoleastcostforwarding–  OSPF:Djikstra’sAlgorithm

usingOSPFweights–  BGP:MinAShops

•  RouteredistribuAon•  RouAngcostvaries/protocol•  AdministraAveDistance•  Trafficclassfilters•  RouAnggranulariAes•  …

10

ShortestpathSRC

DST

NeedsophisAcatedapproachestodeterminegraphstructureandedgeweights

Opportuni:es Challenges

11

1

1

1110

10

10

10

20 20

OSPF BGP

SRC DST

A D

EB

C20

10

10

ARCConstrucAon:GraphStructure

•  OnedirectedgraphperSrc-Dstsubnetpair•  Ver:ces:hosts,rouAngprocesses•  Edges:flowofdataenabledbyexchangeofrouAnginformaAon

11

SRC:S

DST:T

A.1I

A.1O B.1I

B.1O Z.1I

Z.1O

Z.3I

Z.3O

Y.3O

Y.3I

X.3I

X.3OZ

B

X

BGP1

OSPF3

T

S

Y 1

2

A

3

Inter-device:adver:sements

Intra:Routeredistribu:on

Intra:withindeviceforwarding

2

Z.5O

ARCconstrucAon:Edgeweights

•  ForsinglerouAnginstance,use:•  OSFPlinkweights•  BGPhopcounts

•  MulApleprocesses:AD?RedistribuAon?•  Normalizeweightsacross

instances

•  Novelalgorithmforscalingweights

12

SRC:S

DST:T

A.1I

A.1O B.1I

B.1O Z.1I

Z.1O

Z.3I

Z.3O

Y.3O

Y.3I

X.3I

X.3O

1

1

1

1

0 0 0

0 0 0

2

2

3

3

1

0.4 0.6

0.4 0.6

ShortestpathinARC==actualpath

PolicyverificaAonusingARCs

13

Isapolicyviolatedin

thenetwork?::

DoesthegraphsaAsfysomeproperty?

Whatgraphalgorithmstouse?

Verifyalwaysblockedpolicy

14

CI

CO

DO

DI

DST SRC

IscommunicaAonbetweenSRCandDSTnotallowedunderanyfailurescenario?

::DoesthereexistapathfromSRCtoDSTinthecorrespondingARC?

Connectedcomponents

SRC

DST

3

1

1

D

CB

Verify‘k-’reachabilitypolicy

15Max-flow=3

DO

DI

EO

EI

FO

FI

GO

GI

CO

CI

BO

BIDST

SRC

OSPF ∞ 1

IsDSTalwaysreachablefromSRCwith‘<k’failures?

Arethere’k’edge-disjointpathsfromSRCtoDST?

Max-flowalgorithmonARC

::

SRCDST

D

CB

F G

3edge-disjointpaths

E

Verifypathequivalency

•  Re-scalingalgorithmscanresultindifferentweights•  Reduceweightstocanonicalformandcompare

16

?

u2

u1u3

u1

u5

u4u8

u7

u6

u9

u10

w2

w1

w3w1

w5

w4w8

w7

w6

w9

w10

Isatrafficclassforwardedinthesamemanner,beforeandaneraconfiguraAonchange?

AreARCsthesame?::

AddiAonalproperAeswecanverify

•  Alwaysisolated:Trafficofdifferenttenantsarealwaysisolated

•  Alwaystraversewaypoints:Trafficbetweenhostsalwaystraversewaypoints

17

EvaluaAon

•  ARCconstrucAonperformance•  ARCverificaAonperformance•  ARCfidelity

18

NetworkconfiguraAons

•  ConfiguraAonsfrom314datacenternetworksoperatedbyalargeonlineserviceprovider

19

TimetogenerateARC

20

Fast(<10seconds)evenforlargenetworks

TimetobuildARC

s(second

s)

Networks(sortedbysize)

ParseconfiguraAonsBuildARCfromscratch

TimetoverifyARC

21

Alwaysblocked(connectedcomponents)

Alwaysreachablewith<kfailures

(maxflow)

Equivalentpaths(converttocanonicalweightsandcompare)

<500ms Upto100s<1sec

•  VerificaAonpertrafficclassisparallelizable

ComparisonwithBa[ish

22

AlwaysblockedusingARC

AlwaysblockedusingBaCish

<500ms Upto694days!

3-5ordersofmagnitudespeedup

ARCfidelity

23

•  Foranygivenfailurescenario,isARCshortestpath==actualnetworkpath?

•  FormallyproveARCfidelityfornetworkswith:– RouAngprotocols:OSPF,RIP,BGP– RouteredistribuAonisacyclic– RouteselecAonpreferencefollowaglobalorder

96%ofnetworkssaAsfytheseproperAes

ARCfidelity

24

•  Forremainingnetworks– WecansAllgeneratethegraphstructure– Cannotgenerateedgeweights– Verify“alwaysblocked”,“k-reachability”

96% 4%

AllproperAescanbeverified

Cannotverifypathequivalence

Summary•  NetworkverificaAonunder

failurescanbeformulatedasgraphanalysis

•  PresentedanabstractrepresentaAon,ARC

•  CanconstructhighfidelityARCsfor96%ofnetworks

•  O(103)-O(105)speedupinverificaAon

25

hDps://bitbucket.org/uw-madison-networking-research/arc

26