Dynamic Monitoring of Correctness for Stateful Network Behavior

Runtime-checking for correctness properties in stateful software-defined networks

Testing and debugging networks is notoriously difficult. Software-Defined Networks (SDNs) complicate this problem since the network is defined by a program, which may contain third-party or home-grown software. The goal of this project is to facilitate network debugging by exploring runtime checking of correctness properties about stateful network behavior, such as the operation of a stateful firewall or connection tracker. Monitoring stateful properties at runtime intrinsically requires maintaining information about packet history, which presents unique challenges compared to traditional monitoring approaches involving flow statistics or analyzing control traffic. Our present work focuses on identifying requirements for checking stateful properties and exploring platforms for extending switches to support monitoring features.

People

Publications

Switches Are Monitors Too! Stateful Property Monitoring as a Switch Design Criterion Nelson, Tim, DeMarinis, Nicholas, Hoff, Timothy Adam, Fonseca, Rodrigo, and Krishnamurthi, Shriram In Proceedings of the 15th ACM Workshop on Hot Topics in Networks 2016 [Abs] [PDF] [Bibtex]
Testing and debugging networks /in situ/ is notoriously difficult. Many vital correctness properties involve histories over multiple packets (e.g., prior established connections). Checking such properties requires /cross-packet state/, which cannot be fully captured on stateless switch hardware.Recent SDN work is enabling limited switch operations on persistent state. We present runtime checking of cross-packet correctness properties as a unique and instructive use case for developing stateful switch primitives. In this paper, we examine a set of cross-packet properties and distill from them switch features needed to monitor their correctness. We then contrast these against features provided by current approaches to switch state in SDNs and identify semantic gaps with an eye toward informing future switch instruction sets.
```
@inproceedings{nelson2016switches,
  author = {Nelson, Tim and DeMarinis, Nicholas and Hoff, Timothy Adam and Fonseca, Rodrigo and Krishnamurthi, Shriram},
  title = {Switches Are Monitors Too! Stateful Property Monitoring as a Switch Design Criterion},
  year = {2016},
  isbn = {9781450346610},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3005745.3005755},
  doi = {10.1145/3005745.3005755},
  booktitle = {Proceedings of the 15th ACM Workshop on Hot Topics in Networks},
  pages = {99–105},
  numpages = {7},
  location = {Atlanta, GA, USA},
  series = {HotNets '16}
}
```