research-article

Free access

Testing stateful and dynamic data planes with FlowTest

Authors:

Seyed K. Fayaz,

Vyas SekarAuthors Info & Claims

HotSDN '14: Proceedings of the third workshop on Hot topics in software defined networking

Pages 79 - 84

https://doi.org/10.1145/2620728.2620751

Published: 22 August 2014 Publication History

Abstract

Many recent efforts have leveraged Software-Defined Networking (SDN capabilities to enable new and more efficient ways of testing the correctness of a network's forwarding behaviors. However, realistic network settings induce two additional sources of complexity that fall outside the scope of existing SDN testing frameworks: (1) complex nature of real-world data planes (e.g., stateful firewalls, dynamic behaviors of proxy caches), and (2) complexity of intended network policies (e.g., service chaining). In this paper, we outline FlowTest, a high-level vision for testing such stateful and dynamic network policies. FlowTest systematically explores the state space of the network data plane to verify its behavior w.r.t. policy goals. We show the early promise of our approach and discuss open challenges in realizing this vision in practice.

References

[1]

Bit-Twist. http://bittwist.sourceforge.net/.

[2]

CBMC. http://www.cprover.org/cbmc/.

[3]

Graphplan. http: //www.cs.cmu.edu/~avrim/graphplan.html.

[4]

Prolexic. http://www.prolexic.com/.

[5]

pytbull. http://pytbull.sourceforge.net/.

[6]

T. Ball, N. Bjorner, A. Gember, S. Itzhaky, A. Karbyshev, M. Sagiv, M. Schapira, and A. Valadarskyi. VeriCon: Towards verifying controller programs in software-defined networks. In Proc. PLDI, 2014.

Digital Library

[7]

C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proc. OSDI, 2008.

Digital Library

[8]

M. Canini, D. Venzano, P. Pereíni, D. Kostić, and J. Rexford. A NICE way to test openflow applications. In Proc. NSDI, 2012.

Digital Library

[9]

E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In Computer Aided Verification, volume 1855, pages 154--169. 2000.

Digital Library

[10]

S. K. Fayazbakhsh, L. Chiang, V. Sekar, M. Yu, and J. C. Mogul. Enforcing network-wide policies in the presence of dynamic middlebox actions using FlowTags. In Proc. NSDI, 2014.

Digital Library

[11]

N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J. Rexford, A. Story, and D. Walker. Frenetic: A network programming language. SIGPLAN Not., 46(9):279--291, Sept. 2011.

Digital Library

[12]

A. Gember, A. Krishnamurthy, S. S. John, R. Grandl, X. Gao, A. Anand, T. Benson, V. Sekar, and A. Akella. Stratos: A network-aware orchestration layer for middleboxes in the cloud. CoRR, abs/1305.0209, 2013.

[13]

A. Gember, P. Prabhu, Z. Ghadiyali, and A. Akella. Toward software-defined middlebox networking. In Proc. HotNets-XI, 2012.

Digital Library

[14]

N. Handigol, B. Heller, V. Jeyakumar, D. Mazières, and N. McKeown. I know what your packet did last hop: Using packet histories to troubleshoot network. In Proc. NSDI, 2014.

Digital Library

[15]

M. Honda, Y. Nishida, C. Raiciu, A. Greenhalgh, M. Handley, and H. Tokuda. Is it still possible to extend TCP? In Proc. IMC, 2011.

Digital Library

[16]

J. Jung, V. Paxson, A. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In Proc. IEEE Security and Privacy, 2004.

[17]

P. Kazemian, G. Varghese, and N. McKeown. Header space analysis: static checking for networks. In Proc. NSDI, 2012.

Digital Library

[18]

A. Khurshid, W. Zhou, M. Caesar, and P. B. Godfrey. Veriflow: verifying network-wide invariants in real time. In Proc. NSDI, 2013.

Digital Library

[19]

N. McKeown. Mind the Gap: SIGCOMM'12 Keynote. https://www.youtube.com/watch?v=c9-K5O_qYgA.

[20]

C. Monsanto, J. Reich, N. Foster, J. Rexford, and D. Walker. Composing software-defined networks. In Proc. NSDI, 2013.

Digital Library

[21]

Z. Qazi, C. Tu, L. Chiang, R. Miao, and M. Yu. SIMPLE-fying middlebox policy enforcement using sdn. In Proc. SIGCOMM, 2013.

Digital Library

[22]

P. Quinn et al. Network service chaining problem statement. http://tools.ietf.org/html/draft-quinnnsc-problem-statement-03.

[23]

S. Rajagopalan, D. Williams, H. Jamjoom, and A. Warfield. Split/merge: System support for elastic execution in virtual middleboxes. In Proc. NSDI, 2013.

Digital Library

[24]

S. J. Russell and P. Norvig. Artificial Intelligence: A Modern Approach. Pearson Education, 2003.

Digital Library

[25]

V. Sekar, N. Egi, S. Ratnasamy, M. K. Reiter, and G. Shi. Design and implementation of a consolidated middlebox architecture. In Proc. NSDI, 2012.

Digital Library

[26]

J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar. Making middleboxes someone else's problem: Network processing as a cloud service. In Proc. SIGCOMM, 2012.

Digital Library

[27]

J. Sommers and P. Barford. Self-configuring network traffic generation. In Proc. IMC, 2004.

Digital Library

[28]

M. Woo, S. K. Cha, S. Gottlieb, and D. Brumley. Scheduling black-box mutational fuzzing. In Proc. CCS, 2013.

Digital Library

[29]

H. Zeng, P. Kazemian, G. Varghese, and N. McKeown. Automatic test packet generation. In Proc. CoNEXT, 2012.

Digital Library

[30]

Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad, I. Beschastnikh, and J. Cappos. NetCheck: Network diagnoses from blackbox traces. In Proc. NSDI, 2014.

Digital Library

Cited By

Yao JJing MLin SLi DCao X(2022)Formal Verification and Testing of Data Plane in Software-Defined Networks: A SurveyAdvances in Artificial Intelligence and Security10.1007/978-3-031-06764-8_11(134-144)Online publication date: 8-Jul-2022
https://doi.org/10.1007/978-3-031-06764-8_11
Black CScott-Hayward S(2021)A Survey on the Verification of Adversarial Data Planes in Software-Defined NetworksProceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security10.1145/3445968.3452092(3-10)Online publication date: 28-Apr-2021
https://dl.acm.org/doi/10.1145/3445968.3452092
Shukla AFathalli SZinner THecker ASchmid S(2020)P4Consist: Toward Consistent P4 SDNsIEEE Journal on Selected Areas in Communications10.1109/JSAC.2020.299965338:7(1293-1307)Online publication date: Jul-2020
https://doi.org/10.1109/JSAC.2020.2999653
Show More Cited By

Index Terms

Testing stateful and dynamic data planes with FlowTest
1. Networks
  1. Network services

Recommendations

A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies

While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
Cross-application data provenance and policy enforcement

We present a new technique that can trace data provenance and enforce data access policies across multiple applications and machines. We have developed Garm, a tool that uses binary rewriting to implement this technique on arbitrary binaries. Users can ...
Policy enforcement in traditional non-SDN networks
Abstract
Middleboxes are widely used in modern networks for a variety of network functions in cybersecurity, performance enhancement, and monitoring. Middlebox policy enforcement is however complex and tedious with unreliable manual re-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HotSDN '14: Proceedings of the third workshop on Hot topics in software defined networking

August 2014

252 pages

ISBN:9781450329897

DOI:10.1145/2620728

Program Chairs:
Aditya Akella
University of Wisconsin-Madison, USA
,
Albert Greenberg
Microsoft, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 August 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

SIGCOMM'14

Sponsor:

SIGCOMM

SIGCOMM'14: ACM SIGCOMM 2014 Conference

August 22, 2014

Illinois, Chicago, USA

Acceptance Rates

HotSDN '14 Paper Acceptance Rate 50 of 114 submissions, 44%;

Overall Acceptance Rate 88 of 198 submissions, 44%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
997
Total Downloads

Downloads (Last 12 months)73
Downloads (Last 6 weeks)6

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yao JJing MLin SLi DCao X(2022)Formal Verification and Testing of Data Plane in Software-Defined Networks: A SurveyAdvances in Artificial Intelligence and Security10.1007/978-3-031-06764-8_11(134-144)Online publication date: 8-Jul-2022
https://doi.org/10.1007/978-3-031-06764-8_11
Black CScott-Hayward S(2021)A Survey on the Verification of Adversarial Data Planes in Software-Defined NetworksProceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security10.1145/3445968.3452092(3-10)Online publication date: 28-Apr-2021
https://dl.acm.org/doi/10.1145/3445968.3452092
Shukla AFathalli SZinner THecker ASchmid S(2020)P4Consist: Toward Consistent P4 SDNsIEEE Journal on Selected Areas in Communications10.1109/JSAC.2020.299965338:7(1293-1307)Online publication date: Jul-2020
https://doi.org/10.1109/JSAC.2020.2999653
Lu HSrivastava ASun Y(2019)ShadeNF: Testing Online Network Functions2019 IEEE International Conference on Cloud Engineering (IC2E)10.1109/IC2E.2019.00027(128-138)Online publication date: Jun-2019
https://doi.org/10.1109/IC2E.2019.00027
Yu YLi XLeng XSong LBu KChen YYang JZhang LCheng KXiao X(2019)Fault Management in Software-Defined Networking: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2018.286892221:1(349-392)Online publication date: Sep-2020
https://doi.org/10.1109/COMST.2018.2868922
Li YYin XWang ZYao JShi XWu JZhang HWang Q(2019)A Survey on Network Verification and Testing With Formal Methods: Approaches and ChallengesIEEE Communications Surveys & Tutorials10.1109/COMST.2018.286805021:1(940-969)Online publication date: Sep-2020
https://doi.org/10.1109/COMST.2018.2868050
Rojas EDoriguzzi-Corin RTamurejo SBeato ASchwabe APhemius KGuerrero C(2018)Are We Ready to Drive Software-Defined Networks? A Comprehensive Survey on Management Tools and TechniquesACM Computing Surveys10.1145/316529051:2(1-35)Online publication date: 20-Feb-2018
https://dl.acm.org/doi/10.1145/3165290
Horn AKheradmand APrasad MAkella AHowell J(2017)Delta-netProceedings of the 14th USENIX Conference on Networked Systems Design and Implementation10.5555/3154630.3154689(735-749)Online publication date: 27-Mar-2017
https://dl.acm.org/doi/10.5555/3154630.3154689
Abhashkumar AKang JBanerjee SAkella AZhang YWu W(2017)Supporting Diverse Dynamic Intent-based Policies using JanusProceedings of the 13th International Conference on emerging Networking EXperiments and Technologies10.1145/3143361.3143380(296-309)Online publication date: 28-Nov-2017
https://dl.acm.org/doi/10.1145/3143361.3143380
Schnepf NBadonnel RLahmadi AMerz S(2017)Automated verification of security chains in software-defined networks with synaptic2017 IEEE Conference on Network Softwarization (NetSoft)10.1109/NETSOFT.2017.8004195(1-9)Online publication date: Jul-2017
https://doi.org/10.1109/NETSOFT.2017.8004195
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten