Research On Network Configuration Correctness Checking And Diagnosis

In recent years,with the rapid development of the Internet,the network control plane has become increasingly complex.The checking and diagnosis of the network control plane are also facing more severe challenges.In the centralized control plane,for Software Defined Network(SDN),there may be potential interference between multiple network configurations,which leads to the network failures.In addition,once a reachability failure occurs on the network,it is extremely difficult to locate the root cause of the failure.In the distributed control plane,configuring the network is extremely complex and errorprone.Frequent configuration updates increase the risk of network failure.However,it is very difficult to check whether the network configuration is correct and locate the network configuration errors.This thesis has conducted in-depth research on network configuration checking and diagnosis.The main contributions of this thesis are as follows:(1)An automated detection framework for the interference in multiple network configurations in SDN is presented.It leverages scalable symbolic execution to systematically identify the inputs and the corresponding output Open Flow messages in each individual configuration program.Based on the conflict detection algorithm,it crosschecks all distinct output messages of multiple configuration programs to identify direct interferences and indirect interferences.The above framework is applied on a variety of SDN configuration programs from multiple controllers.The evaluation shows that it can detect both new and known interferences in multiple SDN configuration programs.(2)An approach to identify the actual root causes for reachability failure in SDN network is presented.Based on the failure event and the system logs,it automatically finds a reference event.It then builds a positive network provenance graph with the reference event,and a negative network provenance graph with the failure event.With the positive network provenance graph and negative network provenance graph,it analyzes the causal connections to determine the vertex for the root cause.The approach is applied on the scenarios from existing papers and studies of common errors,and the results show it can output the root cause of the failures.(3)A framework for performing network configuration update checking is presented.It outputs verification queries for only the endpoints whose forwarding behavior has changed under the updated network configuration.Based on the network forwarding model,it infers the potential impacted traffic and eliminates endpoints whose forwarding behavior is equivalent in both the original network configuration and the updated configuration.The framework is applied to a series of benchmark network configurations.The results show that it can determine impacted queries efficiently and speed up the configuration verification process.(4)An approach for localizing router configuration errors is presented.It checks whether the updated configuration satisfies the user's update intents and unaffected intents.If there is any intent violation,it localizes configuration errors.The information before the update is used as reference information for differential analysis.Based on the network simulation results,it first tracks the causal connections between network forwarding configuration segment and packets forwarding path.If there is no forwarding configuration error,it tracks the causal connections between routing configuration segment and packets forwarding path.The approach is applied on a series of network configuration update scenarios and the results show that it can locate the configuration errors.