More Web Proxy on the site http://driver.im/

research-article

Public Access

Hydra: Effective Runtime Network Verification

Authors:

Sundararajan Renganathan,

Pier Luigi Ventre,

Carmelo Cascone,

Nate FosterAuthors Info & Claims

ACM SIGCOMM '23: Proceedings of the ACM SIGCOMM 2023 Conference

Pages 182 - 194

https://doi.org/10.1145/3603269.3604856

Published: 01 September 2023 Publication History

Abstract

It is notoriously difficult to verify that a network is behaving as intended, especially at scale. This paper presents Hydra, a system that uses ideas from runtime verification to check that every packet is correctly processed with respect to a specification in real time. We propose a domain-specific language for writing properties, called Indus, and we develop a compiler that turns properties thus specified into executable P4 code that runs alongside the forwarding code at line rate. To evaluate our approach, we used Indus to model a range of properties, showing that it is expressive enough to capture examples studied in prior work. We also deployed Hydra checkers for validating paths in source routing and for enforcing slice isolation in Aether, an open-source cellular platform. We confirmed a subtle bug in Aether's 5G mobile core that would have been hard to detect using static techniques. We also evaluated the overheads of Hydra on hardware, finding that it does not significantly increase latency and often does not require additional pipeline stages.

References

[1]

Mohammad Al-Fares, Sivasankar Radhakrishnan, Barath Raghavan, Nelson Huang, and Amin Vahdat. Hedera: Dynamic flow scheduling for data center networks. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), page 19, 2010.

[2]

Kinan Dak Albab, Jonathan DiLorenzo, Stefan Heule, Ali Kheradmand, Steffen Smolka, Konstantin Weitz, Muhammad Timarzi, Jiaqi Gao, and Minlan Yu. SwitchV: automated SDN switch validation with P4 models. In ACM Special Interest Group on Data Communication (SIGCOMM), pages 365--379, 2022.

Digital Library

[3]

Mohammad Alizadeh, Tom Edsall, Sarang Dharmapurikar, Ramanan Vaidyanathan, Kevin Chu, Andy Fingerhut, Vinh The Lam, Francis Matus, Rong Pan, Navindra Yadav, and George Varghese. Conga: Distributed congestion-aware load balancing for datacenters. In ACM Special Interest Group on Data Communications (SIGCOMM), page 503--514, 2014.

[4]

Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. NetKAT: Semantic foundations for networks. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 113--126, 2014.

[5]

Manikandan Arumugam, Deepak Bansal, Navdeep Bhatia, James Boerner, Simon Capper, Changhoon Kim, Sarah McClure, Neeraj Motwani, Ranga Narasimhan, Urvish Panchal, Tommaso Pimpo, Ariff Premji, Pranjal Shrivastava, and Rishabh Tewari. Bluebird: High-performance SDN for bare-metal cloud services. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 355--370, 2022.

[6]

Howard Barringer, Allen Goldberg, Klaus Havelund, and Koushik Sen. Rule-based runtime verification. In Verification, Model Checking, and Abstract Interpretation (VMCAI), pages 44--57, 2004.

[7]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. A general approach to network configuration verification. In ACM Special Interest Group on Data Communication (SIGCOMM), page 155--168, 2017.

Digital Library

[8]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. Abstract interpretation of distributed network control planes. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL), 2019.

[9]

Nikolaj Bjørner and Karthick Jayaraman. Checking cloud contracts in Microsoft Azure. In International Conference on Distributed Computing and Internet Technology (ICDCIT), pages 21--32, 2015.

Digital Library

[10]

Marco Canini, Daniele Venzano, Peter Peresini, Dejan Kostic, and Jennifer Rexford. A NICE way to test OpenFlow applications. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 127--140, 2012.

[11]

Feng Chen and Grigore Roşu. Java-MOP: A monitoring oriented programming environment for Java. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), page 546--550, 2005.

Digital Library

[12]

P4 Language Consortium. P4Lang Tutorials, Fetched July 15th, 2023. https://github.com/p4lang/tutorials.

[13]

Giuseppe De Giacomo and Moshe Y. Vardi. Linear temporal logic and linear dynamic logic on finite traces. In International Joint Conference on Artificial Intelligence (IJCAI), page 854--860, 2013.

[14]

Stéphane Demri and Ranko Lazić. LTL with the freeze quantifier and register automata. ACM Transactions on Computational Logic (TOCL), apr 2009.

[15]

Dragos Dumitrescu, Radu Stoenescu, Lorina Negreanu, and Costin Raiciu. bf4: Towards bug-free P4 programs. In ACM Special Interest Group on Data Communication (SIGCOMM), page 571--585, 2020.

Digital Library

[16]

Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, and George Varghese. Efficient network reachability analysis using a succinct control plane representation. In USENIX Conference on Operating Systems Design and Implementation (OSDI), page 217--232, 2016.

[17]

Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. A general approach to network configuration analysis. In USENIX Conference on Networked Systems Design and Implementation (NSDI), page 469--483, 2015.

[18]

Nate Foster, Dexter Kozen, Matthew Milano, Alexandra Silva, and Laure Thompson. A coalgebraic decision procedure for NetKAT. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL), pages 343--355, 2015.

Digital Library

[19]

Open Networking Foundation. Aether: An open source 5G connected edge platform, 2022. https://opennetworking.org/aether/.

[20]

Open Networking Foundation. Software Defined Fabric (SD-Fabric) Release 1.2, Fetched February 15th, 2023. https://docs.sd-fabric.org/master/release/1.2.0.html.

[21]

Lucas Freire, Miguel Neves, Lucas Leal, Kirill Levchenko, Alberto Schaeffer-Filho, and Marinho Barcellos. Uncovering bugs in P4 programs with assertion-based verification. In ACM SIGCOMM Symposium on SDN Research (SOSR), 2018.

Digital Library

[22]

Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. Fast control plane analysis using an abstract representation. In ACM Special Interest Group on Data Communications (SIGCOMM), page 300--313, 2016.

Digital Library

[23]

William Sealey Gosset. The probable error of a mean. Biometrika, pages 1--25, 1908.

[24]

Nikhil Handigol, Brandon Heller, Vimalkumar Jeyakumar, David Mazières, and Nick McKeown. I know what your packet did last hop: Using packet histories to troubleshoot networks. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 71--85, 2014.

[25]

Intel. Intel® Tofino™., Fetched February 10th, 2023. https://www.intel.com/content/www/us/en/products/network-io/programmable-ethernet-switch/tofino-series.html.

[26]

Karthick Jayaraman, Nikolaj Bjørner, Jitu Padhye, Amar Agrawal, Ashish Bhargava, Paul-Andre C Bissonnette, Shane Foster, Andrew Helwer, Mark Kasten, Ivan Lee, Anup Namdhari, Haseeb Niaz, Aniruddha Parkhi, Hanukumar Pinnamraju, Adrian Power, Neha Milind Raje, and Parag Sharma. Validating datacenters at scale. In ACM Special Interest Group on Data Communication (SIGCOMM), page 200--213, 2019.

[27]

Peyman Kazemian, Michael Chang, Hongyi Zeng, George Varghese, Nick McKeown, and Scott Whyte. Real time network policy checking using header space analysis. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), page 99--112, 2013.

[28]

Peyman Kazemian, George Varghese, and Nick McKeown. Header space analysis: Static checking for networks. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 113--126, 2012.

[29]

Anurag Khandelwal, Rachit Agarwal, and Ion Stoica. Confluo: Distributed monitoring and diagnosis stack for high-speed networks. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 421--436, 2019.

[30]

Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. Veriflow: Verifying network-wide invariants in real time. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 15--27, 2013.

[31]

Hyojoon Kim, Xiaoqi Chen, Jack Brassil, and Jennifer Rexford. Experience-driven research on programmable networks. ACM SIGCOMM Computer Communication Review (CCR), 51(1):10--17, January 2021.

[32]

Hyojoon Kim and Arpit Gupta. Ontas: Flexible and scalable online network traffic anonymization system. In ACM SIGCOMM Workshop on Network Meets AI & ML (NetAI), pages 15--21, 2019.

[33]

K Shiv Kumar, K Ranjitha, PS Prashanth, Mina Tahmasbi Arashloo, U Venkanna, and Praveen Tammana. DBVal: Validating P4 data plane runtime behavior. In ACM SIGCOMM Symposium on SDN Research (SOSR), 2021.

Digital Library

[34]

Bob Lantz, Brandon Heller, and Nick McKeown. A network in a laptop: Rapid prototyping for Software-Defined Networks. In ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets), 2010.

Digital Library

[35]

Jed Liu, William Hallahan, Cole Schlesinger, Milad Sharif, Jeongkeun Lee, Robert Soulé, Han Wang, Călin Caşcaval, Nick McKeown, and Nate Foster. P4v: Practical verification for programmable data planes. In ACM Special Interest Group on Data Communication (SIGCOMM), page 490--503, 2018.

Digital Library

[36]

Nuno P. Lopes, Nikolaj Bjørner, Patrice Godefroid, Karthick Jayaraman, and George Varghese. Checking beliefs in dynamic networks. In USENIX Conference on Networked Systems Design and Implementation (NSDI), page 499--512, 2015.

[37]

Robert MacDavid, Carmelo Cascone, Pingping Lin, Badhrinath Padmanabhan, Ajay ThakuR, Larry Peterson, Jennifer Rexford, and Oguz Sunay. A P4-based 5G user plane function. In ACM SIGCOMM Symposium on SDN Research (SOSR), page 162--168, 2021.

Digital Library

[38]

Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. Debugging the data plane with Anteater. In ACM Special Interest Group on Data Communication (SIGCOMM), page 290--301, 2011.

Digital Library

[39]

Justin Meza, Tianyin Xu, Kaushik Veeraraghavan, and Onur Mutlu. A large scale study of data center network reliability. In ACM SIGCOMM Internet Measurement Conference (IMC), page 393--407, 2018.

Digital Library

[40]

Andres Nötzli, Jehandad Khan, Andy Fingerhut, Clark Barrett, and Peter Athanas. P4Pktgen: Automated test case generation for P4 programs. In ACM SIGCOMM Symposium on SDN Research (SOSR), 2018.

[41]

Mark Reitblatt, Nate Foster, Jennifer Rexford, Cole Schlesinger, and David Walker. Abstractions for network update. In ACM Special Interest Group on Data Communications (SIGCOMM), page 323--334, 2012.

Digital Library

[42]

Sundararajan Renganathan, Benny Rubin, Hyojoon Kim, Pier Luigi Ventre, Carmelo Cascone, Daniele Moro, Charles Chan, Nick McKeown, and Nate Foster. Hydra: Effective network verification (full version), September 2023. Available at https://www.cs.cornell.edu/~jnfoster/papers/hydra-tr.pdf.

[43]

Fabian Ruffy, Jed Liu, Prathima Kotikalapudi, Vojtĕch Havel, Hanneli Tavante, Rob Sherwood, Vlad Dubina, Volodymyr Peschanenko, Anirudh Sivaraman, and Nate Foster. P4Testgen: An extensible test oracle for P4. In ACM Special Interest Group on Data Communications (SIGCOMM), 2023. To appear.

[44]

Apoorv Shukla, Seifeddine Fathalli, Thomas Zinner, Artur Hecker, and Stefan Schmid. P4consist: Toward consistent P4 SDNs. IEEE Journal on Selected Areas in Communications (JSAC), 38(7):1293--1307, 2020.

[45]

Radu Stoenescu, Dragos Dumitrescu, Matei Popovici, Lorina Negreanu, and Costin Raiciu. Debugging P4 programs with Vera. In ACM Special Interest Group on Data Communication (SIGCOMM), page 518--532, 2018.

Digital Library

[46]

Praveen Tammana, Rachit Agarwal, and Myungjin Lee. Simplifying datacenter network debugging with Pathdump. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), page 233--248, 2016.

[47]

Praveen Tammana, Rachit Agarwal, and Myungjin Lee. Distributed network monitoring and debugging with SwitchPointer. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 453--456, 2018.

[48]

Bingchuan Tian, Jiaqi Gao, Mengqi Liu, Ennan Zhai, Yanqing Chen, Yu Zhou, Li Dai, Feng Yan, Mengjing Ma, Ming Tang, Jie Lu, Xionglie Wei, Hongqiang Harry Liu, Ming Zhang, Chen Tian, and Minlan Yu. Aquila: A practically usable verification system for production-scale programmable data planes. In ACM Special Interest Group on Data Communications (SIGCOMM), page 17--32, 2021.

[49]

Xin Wu, Daniel Turner, Chao-Chih Chen, David A. Maltz, Xiaowei Yang, Lihua Yuan, and Ming Zhang. Netpilot: Automating datacenter network failure mitigation. ACM SIGCOMM Computer Communication Review (CCR), 42(4):419--430, August 2012.

[50]

Geoffrey G. Xie, Jibin Zhan, David A. Maltz, Hui Zhang, Albert G. Greenberg, Gísli Hjálmtýsson, and Jennifer Rexford. On static reachability analysis of IP networks. In IEEE Conference on Computer Communications (INFOCOM), pages 2170--2183, 2005.

[51]

Hongkun Yang and Simon S Lam. Real-time verification of network properties using atomic predicates. IEEE/ACM Transactions on Networking, 24(2):887--900, 2015.

Digital Library

[52]

Hongkun Yang and Simon S. Lam. Real-time verification of network properties using atomic predicates. IEEE/ACM Transactions on Networking, 24(2):887--900, April 2016.

Digital Library

[53]

Nofel Yaseen, Behnaz Arzani, Ryan Beckett, Selim Ciraci, and Vincent Liu. Aragog: Scalable runtime verification of shardable networked systems. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 701--718, 2020.

[54]

Hongyi Zeng, Peyman Kazemian, George Varghese, and Nick McKeown. Automatic test packet generation. In Emerging Networking EXperiments and Technologies (CoNEXT), page 241--252, 2012.

Digital Library

[55]

Hongyi Zeng, Shidong Zhang, Fei Ye, Vimalkumar Jeyakumar, Mickey Ju, Junda Liu, Nick McKeown, and Amin Vahdat. Libra: Divide and conquer to verify forwarding tables in huge networks. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), page 87--99, 2014.

[56]

Kaiyuan Zhang, Danyang Zhuo, Aditya Akella, Arvind Krishnamurthy, and Xi Wang. Automated verification of customizable middlebox properties with gravel. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 221--239, 2020.

[57]

Peng Zhang, Hao Li, Chengchen Hu, Liujia Hu, Lei Xiong, Ruilong Wang, and Yuemei Zhang. Mind the gap: Monitoring the control-data plane consistency in software defined networks. In Emerging Networking EXperiments and Technologies (CoNEXT), page 19--33, 2016.

Digital Library

Cited By

Weintraub BKim JTao RNita-Rotaru COkhravi HTian DUjcich BLuo BLiao XXu JKirda ELie D(2024)Exploiting Temporal Vulnerabilities for Unauthorized Access in Intent-based NetworkingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670301(3630-3644)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670301
Abdous SDiwangkara SGhorbani S(2024)Tempus: Probabilistic Network Latency VerificationIEEE Access10.1109/ACCESS.2024.349873712(169896-169909)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3498737

Index Terms

Hydra: Effective Runtime Network Verification
1. Networks
  1. Network properties
  2. Network services
    1. In-network processing
    2. Programmable networks
2. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
      1. Domain specific languages

Recommendations

Model-based Runtime Verification Framework

Model-based runtime verification is an extension to the state-of-the-art runtime verification, aimed at checking at runtime the system implementation against the system model (consistency checking) and the system model against the system specification (...
Verifying data- and control-oriented properties combining static and runtime verification: theory and tools

Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code and are used to verify data-oriented properties over all possible executions. The ...
Runtime Verification of Concurrent Haskell Programs

In this article we use model checking techniques to debug Concurrent Haskell programs. LTL formulas specifying assertions or other properties are verified at runtime. If a run which falsifies a formula is detected, the debugger emits a warning and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ACM SIGCOMM '23: Proceedings of the ACM SIGCOMM 2023 Conference

September 2023

1217 pages

ISBN:9798400702365

DOI:10.1145/3603269

Chairs:
Henning Schulzrinne,
Vishal Misra,
Program Chairs:
Eddie Kohler,
David Maltz

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 September 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ACM SIGCOMM '23

Sponsor:

SIGCOMM

ACM SIGCOMM '23: ACM SIGCOMM 2023 Conference

September 10, 2023

NY, New York, USA

Acceptance Rates

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
939
Total Downloads

Downloads (Last 12 months)514
Downloads (Last 6 weeks)62

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Weintraub BKim JTao RNita-Rotaru COkhravi HTian DUjcich BLuo BLiao XXu JKirda ELie D(2024)Exploiting Temporal Vulnerabilities for Unauthorized Access in Intent-based NetworkingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670301(3630-3644)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670301
Abdous SDiwangkara SGhorbani S(2024)Tempus: Probabilistic Network Latency VerificationIEEE Access10.1109/ACCESS.2024.349873712(169896-169909)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3498737

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents