A general approach to network configuration verification
Author(s): Beckett, Ryan; Gupta, Aarti; Mahajan, Ratul; Walker, David
DownloadTo refer to this page use:
http://arks.princeton.edu/ark:/88435/pr1x34mr95Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Beckett, Ryan | - |
| dc.contributor.author | Gupta, Aarti | - |
| dc.contributor.author | Mahajan, Ratul | - |
| dc.contributor.author | Walker, David | - |
| dc.date.accessioned | 2023-12-28T16:07:03Z | - |
| dc.date.available | 2023-12-28T16:07:03Z | - |
| dc.date.issued | 2017-08 | en_US |
| dc.identifier.citation | Beckett, Ryan, Gupta, Aarti, Mahajan, Ratul and Walker, David. A General Approach to Network Configuration Verification. Proceedings of the Conference of the ACM Special Interest Group on Data Communication (2017): 155–168. https://doi.org/10.1145/3098822.3098834 | en_US |
| dc.identifier.uri | https://www.batfish.org/minesweeper/resources/Minesweeper.pdf | - |
| dc.identifier.uri | http://arks.princeton.edu/ark:/88435/pr1x34mr95 | - |
| dc.description.abstract | We present Minesweeper, a tool to verify that a network satisfies a wide range of intended properties such as reachability or isolation among nodes, waypointing, black holes, bounded path length, load-balancing, functional equivalence of two routers, and fault-tolerance. Minesweeper translates network configuration files into a logical formula that captures the stable states to which the network forwarding will converge as a result of interactions between routing protocols such as OSPF, BGP and static routes. It then combines the formula with constraints that describe the intended property. If the combined formula is satisfiable, there exists a stable state of the network in which the property does not hold. Otherwise, no stable state (if any) violates the property. We used Minesweeper to check four properties of 152 real networks from a large cloud provider. We found 120 violations, some of which are potentially serious security vulnerabilities. We also evaluated Minesweeper on synthetic benchmarks, and found that it can verify rich properties for networks with hundreds of routers in under five minutes. This performance is due to a suite of model-slicing and hoisting optimizations that we developed, which reduce runtime by over 460x for large networks. | en_US |
| dc.format.extent | 155 - 168 | en_US |
| dc.language.iso | en_US | en_US |
| dc.relation.ispartof | Proceedings of the Conference of the ACM Special Interest Group on Data Communication | en_US |
| dc.relation.ispartofseries | SIGCOMM '17; | - |
| dc.rights | Author's manuscript | en_US |
| dc.title | A general approach to network configuration verification | en_US |
| dc.type | Conference Article | en_US |
| dc.identifier.doi | 10.1145/3098822.3098834 | - |
| pu.type.symplectic | http://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceeding | en_US |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| GeneralApproachNetworkConfigVerification.pdf | 728.17 kB | Adobe PDF | View/Download |
Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.