Zhuoruo Zhang,Jilin Hu,Chenyang Yu,Rui Chang,Yongwang Zhao

DOI: https://doi.org/10.1109/icws60048.2023.00022

2023-01-01

Abstract:Virtual Private Cloud (VPC) has become a widely used cloud computing service, serving as a foundational web infrastructure for many organizations. Nevertheless, the growing problem of reachability issues poses significant threats to the security and reliability of VPC networks, potentially resulting in critical security concerns such as data breaches and service outages. Although there has been substantial progress in recent reachability analysis, existing methods lack validation of correctness. Moreover, current analyses are tailored for One-to-One reachability where both the source and the destination are fixed, and fail to efficiently answer One-to-Multi reachability queries, which involve computing all reachable destinations for a given source node. To address the above challenges, we propose VeriReach, the first formally verified algorithm that provides comprehensive and efficient reachability analysis in large-scale VPC networks. The reachability analysis result of VeriReach is proved to be equivalent to the original reachability semantics of the VPC networks, ensuring its correctness (i.e., soundness and completeness). The fine-grained formalization of VeriReach and its fully mechanized correctness proofs are carried out in Isabelle/HOL theorem prover with 282 lemmas/theorems and $\sim 4,900{\mathrm{LoC}}$. We further implement VeriReach in C++ and the evaluations indicate that VeriReach is more efficient and scalable than MonoSAT, the state-of-the-art SMT solver, when applied to large-scale VPC networks for reachability analysis.

Yongning Tang,Guang Cheng,Zhiwei Xu,Feng Chen

DOI: https://doi.org/10.1109/aina.2016.54

2016-01-01

Abstract:Fault localization is a core element in SDN network management. Many SDN fault reasoning and verification techniques assist operators focus on either analyzing the control plane configuration or checking the data plane network behavior. These solutions are limited in that they cannot correlate network symptoms between the control and the data planes, and are harder to generalize across protocols since they have to model complex configuration languages and dynamic protocol behavior. This paper proposes a new approach called Service Oriented Verification Integrated Reasoning (SOVIR) to tackle SDN fault reasoning. In the SOVIR system, a network user can request one or multiple network services via a high level Service Provisioning Language (SPL). SOVIR automatically parses each provisioned service and presents it as a logical Service View, which consists of a pair of logical end nodes, a service specification, and a list of required network functions (e.g., load balancer). After provisioned in an SDN network, SOVIR queries the controller about the network topology and flow rules from all SDN switches. Based on the flow rules and the configuration of end nodes and network function nodes, SOVIR maps the Service View to an Implementation View, in which all the logical components in the Service View are mapped to the actual system components along with the actual network topology. SOVIR uses an extended Symptom-Fault-Verification model to incorporate various verification techniques systematically into fault reasoning process to localize the faults in SDN. SOVIR has been evaluated in a simulation environment for its accuracy and efficiency. The evaluation shows that with SOVIR, both performance and accuracy of fault reasoning in the simulated SDN networks can be greatly improved by taking properly selected verification tools on specific network entities.

Bo Ji,Jinfang Zhou,Liping Qian,Kangsheng Chen

DOI: https://doi.org/10.1049/cp:20061561

2006-01-01

Abstract:The goal of Linux Virtual Server (LVS) is to provide a basic framework to build highly available and scalable network services such as Radius authentication and accounting in our implementation. Scalability is achieved by transparently inserting or removing a node in the cluster, and high availability is supported by detecting node or daemon failures and reconfiguring the system appropriately. This article, rather than proposing a new cluster technique, illustrates the basic concept of LVS, an implementation of LVS-based highly-available Radius server, and the performance testing and analysis of the whole system by a testing software named testrad developed by us. Through the benchmarks, we can conclude that the performance of the system can linearly increase along with the increasing number of the real servers before the director gets fully-loaded. Thus, it can provide high availability and scalability for network services.

Yahui Li,Zhiliang Wang,Xia Yin,Xingang Shi,Jianping Wu,Fangdan Ye,Jiangyuan Yao,Han Zhang

DOI: https://doi.org/10.1016/j.comnet.2020.107326

IF: 5.493

2020-01-01

Computer Networks

Abstract:Configuring a network is always difficult and error-prone because of low-level configuration languages and complex routing mechanisms. Most network outages occur when network the configuration is updated. Thus, it is important to proactively verify network configurations. Unfortunately, there are two practical obstacles that inhibit the performance of existing configuration verification tools: (i) Lack of knowledge. Network users often do not know which input verification queries need to be verified. (ii) Limited scalability. Even the state-of-the-art tool (i.e., Minesweeper [1]) takes approximately 500 seconds to complete a single reachability query for a network with tens of routers. Considering the total number of queries that must be verified, real networks often make such techniques impractical. In this paper, we propose NUV, a framework for performing network configuration update verification. NUV outputs verification queries for only the endpoints whose forwarding behavior has changed under the updated network configuration. Based on the network forwarding model, NUV infers the potential traffic impact and eliminates endpoints whose forwarding behavior is equivalent in both the original network configuration and the updated configuration. The NUV outputs can be used as input to a rich collection of existing configuration verification tools. Evaluations on a series of benchmark networks show that NUV can solve the lack of knowledge problem, and it enables query verification to execute at speeds orders of magnitude faster than existing tools; thus, it also improves verification scalability.

Wenfei Wu,Guohui Wang,Aditya Akella,Anees Shaikh

DOI: https://doi.org/10.1145/2523616.2523621

2013-01-01

Abstract:Today's cloud network platforms allow tenants to construct sophisticated virtual network topologies among their VMs on a shared physical network infrastructure. However, these platforms provide little support for tenants to diagnose problems in their virtual networks. Network virtualization hides the underlying infrastructure from tenants as well as prevents deploying existing network diagnosis tools. This paper makes a case for providing virtual network diagnosis as a service in the cloud. We identify a set of technical challenges in providing such a service and propose a Virtual Network Diagnosis (VND) framework. VND exposes abstract configuration and query interfaces for cloud tenants to troubleshoot their virtual networks. It controls software switches to collect flow traces, distributes traces storage, and executes distributed queries for different tenants for network diagnosis. It reduces the data collection and processing overhead by performing local flow capture and on-demand query execution. Our experiments validate VND's functionality and shows its feasibility in terms of quick service response and acceptable overhead; our simulation proves the VND architecture scales to the size of a real data center network.

Xiaoli Zhang,Qi Li,Jianping Wu,Jiahai Yang

DOI: https://doi.org/10.1109/tnet.2020.3028846

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:With the advent of network function virtualization (NFV), outsourcing network functions (NFs) to the cloud is becoming increasingly popular for enterprises since it brings significant benefits for NF deployment and maintenance, such as improved scalability and reduced overhead. However, NF outsourcing limits the control of customer enterprises over NF deployment and management, consequently raising serious security concerns. Enterprises cannot ensure whether their outsourced NFs and associated service function chains (SFCs) are correctly enforced according to their specifications. In this paper, we propose vSFC, an SFC verification scheme that allows an enterprise to accurately verify the correctness of SFC enforcement in real time. Specifically, it can detect a wide range of SFC violations including forwarding path incompliance, packet dropping, and flow dropping attacks. Meanwhile, it is generic and agile, which can be applied to arbitrary cloud architectures without requiring any modification to NFs. To demonstrate the feasibility and performance of vSFC, we implement a vSFC prototype on top of Linux kernel-based virtual machines (KVM) and conduct extensive experiments with real traffic. The experimental results show that vSFC can accurately detect SFC violations with negligible overhead.

Abhiram Singh,Sidharth Sharma,Ashwin Gumaste

2024-09-22

Abstract:We present Vercel, a network verification and automatic fault rectification tool that is based on a computationally tractable, algorithmically expressive, and mathematically aesthetic domain of linear algebra. Vercel works on abstracting out packet headers into standard basis vectors that are used to create a port-specific forwarding matrix $\mathcal{A}$, representing a set of packet headers/prefixes that a router forwards along a port. By equating this matrix $\mathcal{A}$ and a vector $b$ (that represents the set of all headers under consideration), we are able to apply \textit{least squares} (which produces a column rank agnostic solution) to compute which headers are reachable at the destination. Reachability now simply means evaluating if vector $b$ is in the column space of $\mathcal{A}$, which can efficiently be computed using least squares. Further, the use of vector representation and least squares opens new possibilities for understanding network behavior. For example, we are able to map rules, routing policies, what-if scenarios to the fundamental linear algebraic form, $\mathcal{A}x=b$, as well as determine how to configure forwarding tables appropriately. We show Vercel is faster than the state-of-art such as NetPlumber, Veriflow, APKeep, AP Verifier, when measured over diverse datasets. Vercel is almost as fast as Deltanet, when rules are verified in batches and provides better scalability, expressiveness and memory efficiency. A key highlight of Vercel is that while evaluating for reachability, the tool can incorporate intents, and transform these into auto-configurable table entries, implying a recommendation/correction system.

Networking and Internet Architecture

Shunbin Dong,Yumin Xie,Jin Zhao,Kun Qi

DOI: https://doi.org/10.1109/icdcs60910.2024.00050

2024-01-01

Abstract:Network policy plays a crucial role in cloud-native networking, especially in multi-tenant scenarios. It provides precise control over connectivity by specifying source and destination endpoints, traffic types, and other criteria to allow or deny traffic. However, manual configuration of these policies introduces the risk of errors, leading to isolation violations or network service unavailability. Therefore, network policy verification is essential for maintaining security and quality of service in cloud-native networking. Currently, a naive approach involves individually checking each policy within the cluster, which can take over 100s for verification in a cluster size of over 100k. Existing verification frameworks, like Kano and Verikube, improve performance by leveraging pre-filtering and Satisfiability Modulo Theories (SMT) solvers, achieving a 3.12x to 12.99x performance boost over the naive baseline. However, as network policy changes rapidly within 100ms in real cloud-native networks, both frameworks need over 10s to perform verification for cluster sizes over 100k, which is far from satisfying. To overcome these issues, we propose and implement a novel network policy verification framework NPV, which utilizes the policy-label pre-filter process with bitwise compression. We further enhance the policy verification algorithm with a policy-namespace divide-and-conquer strategy to improve the data-level parallelism. We implement NPV on commodity servers and evaluate its performance using real network policy datasets. Our experiments indicate that, compared with the state-of-the-art methods, NPV can achieve up to 139.00x to 651.06x improvement in verification time compared to Kano and Verikube, with 65% less memory usage.

Michel Gokan Khan,Saeed Bastani,Javid Taheri,Andreas Kassler,Shuiguang Deng

DOI: https://doi.org/10.1109/CloudNet.2018.8549333

2018-01-01

Abstract:Network Function Virtualization (NFV) focuses on decoupling network functions from proprietary hardware (i.e., middleboxes) by leveraging virtualization technology. Combining it with Software Defined Networking (SDN) enables us to chain network services much easier and faster. The main idea of using these technologies is to consolidate several Virtual Network Functions (VNFs) into a fewer number of commodity servers to reduce costs, increase VNFs fluidity and improve resource efficiency. However, the resource allocation and placement of VNFs in the network is a multifaceted decision problem that depends on many factors, including VNFs resource demand characteristics, arrival rate, configuration of underlying infrastructure, available resources and agreed Quality of Services (QoS) in Service Level Agreements (SLAs). This paper presents a bottom-up open-source NFV analysis platform (NFV-Inspector) to (1) systematically profile and classify VNFs based on resource capacities, traffic demand rate, underlying system properties, placement of VNFs in the network, etc. and (2) extract/calculate the correlation among the QoS metrics and resource utilization of VNFs. We evaluated our approach using an emulated virtual Evolved Packet Core platform (Open5GCore) to showcase how complex relation among various NFV service chains can be systematically profiled and analyzed.

Yifan Li,Jake Jia,Xiaohe Hu,Jun Li

DOI: https://doi.org/10.1145/3341561.3349591

2019-01-01

Abstract:In cloud datacenters, network configuration changes frequently, thus fast control plane verification is demanded to validate the changes before deployed. However, existing control plane verification tools are all based on static analysis of network configuration, so that the configuration need to be reverified completely when edited. Inspired by the real time data plane verification, we propose an incremental control plane verification. Its implementation based on an existing work demonstrated supeior performance.

Chengkun Wei,Xing Li,Ye Yang,Xiaochong Jiang,Tianyu Xu,Bowen Yang,Taotao Wu,Chao Xu,Yilong Lv,Haifeng Gao,Zhentao Zhang,Zikang Chen,Zeke Wang,Zihui Zhang,Shunmin Zhu,Wenzhi Chen

DOI: https://doi.org/10.1145/3603269.3604859

2023-01-01

Abstract:Cloud computing has witnessed tremendous growth, prompting enterprises to migrate to the cloud for reliable and on-demand computing. Within a single Virtual Private Cloud (VPC), the number of instances (such as VMs, bare metals, and containers) has reached millions, posing challenges related to supporting millions of instances with network location decoupling from the underlying hardware, high elastic performance, and high reliability. However, academic studies have primarily focused on specific issues like high-speed data plane and virtualized routing infrastructure, while existing industrial network technologies fail to adequately address these challenges. In this paper, we report on the design and experience of Achelous , Alibaba Cloud's network virtualization platform. Achelous consists of three key designs to enhance hyperscale VPC: ( i ) a novel hierarchical programming architecture based on the collaborative design of both data plane and control plane; ( ii ) elastic performance strategy and distributed ECMP schemes for seamless scale-up and scale-out, respectively; ( iii ) health check scheme and transparent VM live migration mechanisms that ensure stateful flow continuity during the failover. The evaluation results demonstrate that, Achelous scales to over 1, 500, 000 of VMs with elastic network capacity in a single VPC, and reduces 25× programming time, with 99% updating can be completed within 1 second. For failover, it condenses 22.5× downtime during VM live migration, and ensures 99.99% of applications do not experience stall. More importantly, the experience from three years of operation proves the Achelous 's serviceability, and versatility independent of any specific hardware platforms.

Xiaoli Zhang,Cong Wang,Qi Li,Jianping Wu

DOI: https://doi.org/10.1109/MNET.001.1800330

IF: 10.294

2020-01-01

IEEE Network

Abstract:Guaranteeing that large scale networks are always operated as policy goals dictate is critical for network availability, security, and performance. The problem is challenging, as it should not only assure the correctness of policy configurations across various network devices, but also guarantee the faithfulness of policy enforcement on actual packet forwarding behaviors. In this article, we provide a systematic overview of the direction of network verification, which covers both verification of network configurations and assurance of device actual behaviors. In particular, we summarize state-of-the-art designs with focuses from early stateless data planes with switches/routers to more recent stateful ones containing middleboxes. After analyzing and comparing these works, we also specify future directions in the verification of stateful networks.

Zhifeng Zhao,Feng Hong,Rongpeng Li

DOI: https://doi.org/10.1109/ACCESS.2017.2762362

IF: 3.9

2017-01-01

IEEE Access

Abstract:Nowadays, cloud computing networks significantly benefit the deployment of new services and have become one infrastructure provider in the digital society. The virtual extensible local area network (VxLAN), which belongs to the network schemes to overlay Layer 2 over Layer 3, is one of the most popular methods to realize cloud computing networks. Though VxLAN partially overcomes the capacity limitation of its predecessor virtual local area network, it still faces several challenges like annoying signaling overhead during the multicast period and interrupted communication with a migrating virtual machine (VM). In this paper, we propose a new software defined network (SDN) based VxLAN network architecture. Based on this architecture, we address how we can deploy an intelligent center to enhance the multicast capability and facilitate the VM migration. Besides, we discuss the means to update the global information and guarantee the communication continuum. Finally, we use Mininet to emulate this SDN based VxLAN architecture and demonstrate effective load balancing results. In a word, this proposed architecture could provide a blueprint for future cloud computing networks.

Xing Fang,Feiyan Ding,Bang Huang,Ziyi Wang,Gao Han,Rulan Yang,Lizhao You,Qiao Xiang,Linghe Kong,Yutong Liu,Jiwu Shu

DOI: https://doi.org/10.1109/infocom52122.2024.10621215

2024-01-01

Abstract:Satisfiability Modulo Theories (SMT) based network configuration verification tools are powerful tools in preventing network configuration errors. However, their fundamental limitation is efficiency, because they rely on generic SMT solvers to solve SMT problems, which are in general NP-complete. In this paper, we show that by leveraging network domain knowledge, we can substantially accelerate SMT-based network configuration verification. Our key insights are: given a network configuration verification formula, network domain knowledge can (1) guide the search of solutions to the formula by avoiding unnecessary search spaces; and (2) help simplify the formula, reducing the problem scale. We leverage these insights to design a new SMT- based network configuration verification tool called NetSMT. Extensive evaluation using real-world topologies and synthetic network configurations shows that NetSMT achieves orders of magnitude improvements compared to state-of-the-art methods.

Chongrong Fang,Haoyu Liu,Mao Miao,Jie Ye,Lei Wang,Wansheng Zhang,Daxiang Kang,Biao Lyu,Shunmin Zhu,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/tnet.2021.3137557

2022-01-01

IEEE/ACM Transactions on Networking

Abstract:Persistent packet loss in the cloud-scale overlay network severely compromises tenant experiences. Cloud providers are keen to diagnose such problems efficiently. However, existing work is either designed for the physical network or insufficient to present the concrete reason of packet loss. We propose to record and analyze the on-site forwarding condition of packets during packet-level tracing. The cloud-scale overlay network presents great challenges to achieve this goal with its high network complexity, multi-tenant nature, and diversity of root causes. To address these challenges, we present VTrace, an automatic diagnostic system for persistent packet loss over the cloud-scale overlay network. Utilizing the ''fast path-slow path'' structure of virtual forwarding devices (VFDs), e.g., vSwitches, VTrace installs several ''coloring-matching-logging'' rules in VFDs to selectively track the target packets and inspect them in depth. The detailed forwarding situation at each hop is logged and then assembled to perform analysis with an efficient path reconstruction scheme. Experiments are conducted to demonstrate VTrace's low overhead and quick response. Besides, based on the idea ''coloring-matching-counting'', VTrace can be easily extended to VTrace-stats to identify the culprit device for transient packet loss. We share experiences of how VTrace and VTrace-stats efficiently work after deploying them in Alibaba Cloud for years.

Yahui Li,Han Zhang,Jilong Wang,Xingang Shi,Xia Yin,Zhiliang Wang,Jiankun Hu,Congcong Miao,Jianping Wu

DOI: https://doi.org/10.1109/tifs.2024.3409935

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Network managers configure networks to enforce various high-level policies, and to respond to the wide range of network events (e.g., attacks, intrusions, malicious route announcements from neighbors) that may occur. It is incredibly difficult to specify these high-level policies in terms of distributed low-level configuration. These high-level policies hold only if the distributed configurations are well equipped to react to unsafe and unreliable environments (e.g., malicious route announcements, unsafe components and devices). Therefore, it is important to proactively verify whether network policies hold across continually changing environments in terms of current network configurations. State-of-the-art policy verification techniques are limited because they can check only the Boolean policies (e.g., forwarding reachability, waypoint or blackhole-freeness). However, many policy violations express themselves in quantitative ways (e.g., a link becomes overloaded). In this paper, we propose quantitative network verification (QNV) analyzing the quantitative policies of networks across unsafe and unreliable environments. QNV translates network configurations into a symbolic simulation model that captures the stable states to which the network forwarding will converge as a result of interactions between routing protocols. It then generates a logical formula matrix that describes network forwarding in the event of failures and verifies quantitative policies based on the formula matrix. We implement QNV and evaluate it on realistic and synthetic configurations. Our evaluation shows that QNV can precisely verify quantitative policies in only a few minutes, even in large networks.

Xiaojun Shang,Zhenhua Li,Yuanyuan Yang

DOI: https://doi.org/10.1109/mass.2018.00022

2018-01-01

Abstract:The recent development of network function virtualization decouples network functions from dedicated hardware. Thus, virtual network functions (VNFs) can be distributed onto shared and virtualized platforms held by multiple data centers in various network locations. The architecture of the distributed VNFs interconnected by virtual links is denoted as the Service Function Chain (SFC). SFC has the potential to significantly reduce the opening and operating cost of the network services while improving the flexibility. However, the availability of SFC on chained up data centers is always inferior to that of network functions running on a single data center because the failure in any data center on the chain may affect its availability. To improve the availabilities of SFCs, in this paper we propose a local rerouting strategy to bypass the failed data centers on SFCs using locally rerouted paths (LRPs). Furthermore, we formulate an optimization model to minimize the maximum load on links while deploying SFCs and LRPs into the network. Thus, we reduce the potential risk of congested links caused by the local rerouting strategy. We then propose a randomized rounding approximation algorithm to solve the optimization problem, preserving the competitive ratio of O(logn) for the model. We also propose a fast heuristic algorithm to improve the efficiency. Our extensive simulation results show that the proposed algorithms can provide highly available SFCs with more balanced link load.

Ding Jingyu,Le Jiajin,Jin Yaohui

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.08.062

2011-01-01

Abstract:With the continuous development and perfection of enterprise IT infrastructures,data center consolidation and virtual private cloud are increasingly attracting enterprises' attention.In the paper,the architecture to realize enterprise virtual private cloud(VPC) based on virtual private network is proposed,whose implementation destination and approaches are discussed.The design principle for implementing VPN based on virtual private LAN service(VPLS) is expounded emphatically.At last the elaborated VPC architecture is validated by deploying it in the data center of Shanghai Yantang Group.

Hoang-Dung Tran,Xiaodong Yang,Diego Manzanas Lopez,Patrick Musau,Luan Viet Nguyen,Weiming Xiang,Stanley Bak,Taylor T. Johnson

DOI: https://doi.org/10.48550/arXiv.2004.05519

2020-04-12

Systems and Control

Abstract:This paper presents the Neural Network Verification (NNV) software tool, a set-based verification framework for deep neural networks (DNNs) and learning-enabled cyber-physical systems (CPS). The crux of NNV is a collection of reachability algorithms that make use of a variety of set representations, such as polyhedra, star sets, zonotopes, and abstract-domain representations. NNV supports both exact (sound and complete) and over-approximate (sound) reachability algorithms for verifying safety and robustness properties of feed-forward neural networks (FFNNs) with various activation functions. For learning-enabled CPS, such as closed-loop control systems incorporating neural networks, NNV provides exact and over-approximate reachability analysis schemes for linear plant models and FFNN controllers with piecewise-linear activation functions, such as ReLUs. For similar neural network control systems (NNCS) that instead have nonlinear plant models, NNV supports over-approximate analysis by combining the star set analysis used for FFNN controllers with zonotope-based analysis for nonlinear plant dynamics building on CORA. We evaluate NNV using two real-world case studies: the first is safety verification of ACAS Xu networks and the second deals with the safety verification of a deep learning-based adaptive cruise control system.

Chongrong Fang,Haoyu Liu,Mao Miao,Jie Ye,Lei Wang,Wansheng Zhang,Daxiang Kang,Biao Lyv,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1145/3387514.3405851

2020-01-01

Abstract:Persistent packet loss in the cloud-scale overlay network severely compromises tenant experiences. Cloud providers are keen to automatically and quickly determine the root cause of such problems. However, existing work is either designed for the physical network or insufficient to present the concrete reason of packet loss. In this paper, we propose to record and analyze the on-site forwarding condition of packets during packet-level tracing. The cloud-scale overlay network presents great challenges to achieve this goal with its high network complexity, multi-tenant nature, and diversity of root causes. To address these challenges, we present VTrace, an automatic diagnostic system for persistent packet loss over the cloud-scale overlay network. Utilizing the "fast path-slow path" structure of virtual forwarding devices (VFDs), e.g., vSwitches, VTrace installs several "coloring, matching and logging" rules in VFDs to selectively track the packets of interest and inspect them in depth. The detailed forwarding situation at each hop is logged and then assembled to perform analysis with an efficient path reconstruction scheme. Experiments are conducted to demonstrate VTrace's low overhead and quick responsiveness. We share experiences of how VTrace efficiently resolves persistent packet loss issues after deploying it in Alibaba Cloud for over 20 months.