Automatically verifying reachability and well-formedness in P4 Networks
نویسندگان
چکیده
P4 allows a new level of dynamism for routers beyond OpenFlow 1.4 by allowing headers and tables to be modified by software in the field. Without care, P4 can unleash a new wave of software bugs. Existing tools (e.g., VeriFlow, NetPlumber, Hassel, NoD) cannot model changes to forwarding behaviors without reprogramming tool internals or having users manually add new forwarding models. Further, a P4 network can introduce a new class of bugs (not tested for by existing tools) wherein the P4 network creates malformed packets. To attack these two problems, we provide an operational semantics for P4 constructs and use it to compile P4 to Datalog so that the verification model can be automatically updated as the network changes. We demonstrate this vision by compiling the mTag example in the P4 specification (and a new sTag security example) on a sample network and by automatically detecting forwarding bugs. Efficiently verifying (across all table entries and packet headers) that a P4 network only delivers well-formed packets takes a few seconds.
منابع مشابه
Verifying Networks of Timed Processes
Over the last years there has been an increasing research eeort directed towards the automatic veriication of innnite state systems, such as timed automata, hybrid automata, data-independent systems, rela-tional automata, Petri nets, and lossy channel systems. We present a method for deciding reachability properties of networks of timed processes. Such a network consists of an arbitrary set of ...
متن کاملVeriication of Innnite-state Systems by Combining Abstraction and Reachability Analysis ?
We address the problem of verifying systems operating on diierent types of variables ranging over innnite domains. We consider in particular systems modeled by means of extended automata communicating through unbounded fo channels. We develop a general methodology for analyzing such systems based on combining automatic generation of abstract models (not necessarily nite-state) with symbolic rea...
متن کاملReachability Monitoring and Verification in Enterprise Networks
Enforcing correct reachability is crucial for an enterprise network to achieve access control, privacy, security and so on. Many sophisticated mechanisms such as router ACLs and firewalls have been developed to enforce the desired reachability. In addition, many other factors such as network dynamics can also impact the network reachability. Thus it is challenging to configure the reachability ...
متن کاملRegisterwait Faultservice Ready Idle ? Req ! Alarm ! Done ? Ack ? Alarm ! Ack ? Done ! Req
Brand and Zaaropulo BZ83] introduced the model of communicating nite-state machines to represent a distributed system connected with FIFO channels. Several diierent communication protocols can be speciied with this simple model. In this paper we address the problem of automatically validating protocols by verifying properties such as well-formedness and absence of deadlock. Our method is based ...
متن کاملPacket flow analysis in IP networks via abstract interpretation
Static analysis (aka offline analysis) of a model of an IP network is useful for understanding, debugging, and verifying packet flow properties of the network. There have been static analysis approaches proposed in the literature for networks based on model checking as well as graph reachability. Abstract interpretation is a method that has typically been applied to static analysis of programs....
متن کامل