Stateful property monitoring in SDNs
My current research work involves monitoring data-plane properties in software defined networks to facilitate debugging. Specifically, we are interested in using switches to verify correctness properties about the network by monitoring packets in the data plane. We are most interested in monitoring stateful properties, which present unique challenges compared to other works.
- Tim Nelson, Nicholas DeMarinis, Timothy Adam Hoff, Rodrigo Fonseca, Shriram Krishnamurthi. Switches are Monitors Too! Stateful Property Monitoring as a Switch Design Criterion. ACM Workshop on Hot Topics in Software Defined Networking (HotNets), Nov 2016.
Recent SDN work is enabling limited switch operations on persistent state. We present runtime checking of cross-packet correctness properties as a unique and instructive use case for developing stateful switch primitives. In this paper, we examine a set of cross-packet properties and distill from them switch features needed to monitor their correctness. We then contrast these against features provided by current approaches to switch state in SDNs and identify semantic gaps with an eye toward informing future switch instruction sets.
- Tim Nelson, Nicholas DeMarinis, Timothy Adam Hoff, Rodrigo Fonseca, Shriram Krishnamurthi. Compiling Stateful Network Properties for Runtime Verification. ArXiv ePrint, July 2016.
We present a network monitoring system that avoids these problems. Because traces of network events correspond well to temporal logic, we use a subset of Metric First-Order Temporal Logic as the query language. These queries are compiled down to execute completely on the network switches. This vastly reduces network load, improves the precision of queries, and decreases detection latency. We show the practical feasibility of our work by extending a widely-used software switch and deploying it on networks. Our work also suggests improvements to network instruction sets to better support temporal monitoring.