Network Function Virtualization (NFV) and Software Defined Networking (SDN) are new emerging paradigms that changed the rules of networking, shifting the focus on dynamicity and programmability. In this new scenario, a very important and challenging task is to detect anomalies in the data plane, especially with the aid of suitable automated software tools. In particular, this operation must be performed within quite strict times, due to the high dynamism introduced by virtualization. In this paper, we propose a new network modeling approach that enhances the performance of formal verification of reachability policies, checked by solving a Satisfiability Modulo Theories (SMT) problem. This performance improvement is motivated by the definition of function models that do not work on single packets, but on packet classes. Nonetheless, the modeling approach is comprehensive not only of stateless functions, but also stateful functions such as NATs and firewalls. The implementation of the proposed approach achieves high scalability in complex networked systems consisting of several heterogeneous functions.
Improving the formal verification of reachability policies in virtualized networks / Bringhenti, Daniele; Marchetto, Guido; Sisto, Riccardo; Spinoso, Serena; Valenza, Fulvio; Yusupov, Jalolliddin. - In: IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT. - ISSN 1932-4537. - (In corso di stampa).
|Titolo:||Improving the formal verification of reachability policies in virtualized networks|
|Data di pubblicazione:||Being printed|
|Digital Object Identifier (DOI):||http://dx.doi.org/10.1109/TNSM.2020.3045781|
|Appare nelle tipologie:||1.1 Articolo in rivista|