Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verifying Stability of Network Protocols

Published byBrook Gilbert Modified over 6 years ago

Similar presentations

Presentation on theme: "Verifying Stability of Network Protocols"— Presentation transcript:

1 Verifying Stability of Network Protocols
Karthikeyan Bhargavan Carl A. Gunter Davor Obradovic University of Pennsylvania

2 Attributes of Network Protocols
Often multi-party Routing Group membership Reservations Stability and fault tolerance Failed routers, networks, interfaces, hosts Interoperability Multiple implementations must cooperate

3 Verification At what level? Example Theory Standard Implementation
Distributed asynchronous Bellman-Ford Algorithm RFC 1058, Routing Information Protocol (RIP) BSD RIP, PLANet RIP, XNS RIP

4 Theory vs. Practice for RIP
Graph model Theory: graph Practice: bipartite graph with diameter less than 16 State Theory: keep values for all neighbors Practice: keep only the best value

5 Theory vs. Practice, continued
Time Theory: actual times are irrelevant Practice: actual times are important Algorithm Theory: uniform and simple assumptions Practice: split horizons, poison reverse, triggered updates Theorem Theory: true and inspirational Practice: mathematically unproved

6 Our General Goal Develop an approach to decreasing the gaps between these artifacts Create methodology Develop tool support Experiment with interesting cases

7 Methodology Respect current practices Track “product cycle” timetables
Reference implementations RFC’s Track “product cycle” timetables Fast for endpoints (http) Slow within the network (RSVP, Multicast) Faster with active networks Compromise appropriately Key properties (like stability) Practical correspondences Appropriate automation Integration with testing and simulation

8 Tool Support: Layered Approach
Standard informal general description HOL description high-level specification, abstraction properties SPIN model low-level specification, counterexamples PE/Slice of Implementation concrete, non-modular, real-time

9 Experimentation with Tool Support
Mocha (Village Telephone System) Maude (Flow-Based Adaptive Routing: FBAR) Code analysis for RIP Tempo C-Mix Code Surfer

10 Experiments Current Future RIP
Confidentiality and Integrity for Flow-Based Adaptive Routing (FBAR) Future Authenticated RIP Minimum delay routing

11 Bellman Ford Equations
There is a unique solution to the following pair of equations. This solution is the set of correct distances to a given “destination” node. D(I) = 1 + min { D(J) | J is a neighbor of I} where I is not the destination. D(Destination) = 0. Theorem: in N iterations of the first equation the values are all correct within N of the destination.

12 Synchronous Bellman-Ford
1 1 2

13 Asynchronous Version 1 1 2 2 3 3 4

14 Sandwich Proof From Bertsekas and Gallager.
Correctness theorem proved by sandwich technique.

15 Lower Sandwich Boundary
1 1 2 Destination

16 Radius Proof (Our Approach)
Definition of K Stability: the distance estimates and directions are correctly calculated within a radius of K of the destination, and all distance estimates outside of this radius are > K. Theorem (Soundness): K stability is invariant under advertisements. Theorem (Progress): if advertisements are fair, the state will become K stable.

17 Radius Proof Corollary
Corollary: If K stability holds, and a value more than distance K from the destination is increased, then no value or direction within a radius of K will be affected.

18 Automation of Verification
Standard-level specification in HOL. Verification of Soundness and abstraction principles in HOL. Verification of Progress uses SPIN on Promela program, generating about 7000 states. Connection between SPIN and HOL currently informal, but we have an embedding of Promela in HOL.

19 Code Level Verification
Networking software is mainly written in C. Bell Labs work on “alpha form” C code could aid automated translation into Promela. Existing programs are non-modular. Approach this problem with specialization and slicing. (Joint effort with Luke Hornof.)

20 Conclusions Better correspondence between the “paper” theory and the standard is possible. Automation can provide informative alternative lemmas. Better correspondence between the standard and its implementations may be aided by progress in model checking.

Download ppt "Verifying Stability of Network Protocols"

Similar presentations

RIP V2 CCNP S1(5), Chapter 4.

RIP V2 CCNP S1(5), Chapter 4.
Chapter 4 Distributed Bellman-Ford Routing

Chapter 4 Distributed Bellman-Ford Routing
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Courtesy: Nick McKeown, Stanford

Courtesy: Nick McKeown, Stanford
EIGRP routing protocol Omer ben-shalom 024200164 Omer Ben-Shalom: Must show how EIGRP is dealing with count to infinity problem Omer Ben-Shalom: Must.

EIGRP routing protocol Omer ben-shalom Omer Ben-Shalom: Must show how EIGRP is dealing with count to infinity problem Omer Ben-Shalom: Must.
Routing So how does the network layer do its business?

Routing So how does the network layer do its business?
CS294, YelickSelf Stabilizing, p1 CS 294-8 Self-Stabilizing Systems

CS294, YelickSelf Stabilizing, p1 CS Self-Stabilizing Systems
Network Layer Design Isues Store-and-Forward Packet Switching Services Provided to the Transport Layer The service should be independent of the router.

Network Layer Design Isues Store-and-Forward Packet Switching Services Provided to the Transport Layer The service should be independent of the router.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.

Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.
EE 685 presentation Optimization Flow Control, I: Basic Algorithm and Convergence By Steven Low and David Lapsley Asynchronous Distributed Algorithm Proof.

EE 685 presentation Optimization Flow Control, I: Basic Algorithm and Convergence By Steven Low and David Lapsley Asynchronous Distributed Algorithm Proof.
Relating Artifacts for Networking Software Carl A. Gunter Verinet Project University of Pennsylvania.

Relating Artifacts for Networking Software Carl A. Gunter Verinet Project University of Pennsylvania.
CSE 461: Distance Vector Routing. Next Topic  Focus  How do we calculate routes for packets?  Routing is a network layer function  Routing Algorithms.

CSE 461: Distance Vector Routing. Next Topic  Focus  How do we calculate routes for packets?  Routing is a network layer function  Routing Algorithms.
Berkeley slides were used for this tutorial1 Internet Networking Spring 2006 Tutorial 2 DUAL Algorithm.

Berkeley slides were used for this tutorial1 Internet Networking Spring 2006 Tutorial 2 DUAL Algorithm.
1 Distance Vector Routing Protocols Dr. Rocky K. C. Chang 14 November 2006.

1 Distance Vector Routing Protocols Dr. Rocky K. C. Chang 14 November 2006.
Distributed Asynchronous Bellman-Ford Algorithm

Distributed Asynchronous Bellman-Ford Algorithm
1 Chapter 22 Network layer Delivery, Forwarding and Routing (part2)

1 Chapter 22 Network layer Delivery, Forwarding and Routing (part2)
Routing protocols Basic Routing Routing Information Protocol (RIP) Open Shortest Path First (OSPF)

Routing protocols Basic Routing Routing Information Protocol (RIP) Open Shortest Path First (OSPF)
RIP2 (Routing Information Protocol) Team Agile. Routing Protocols Link State – OSPF – ISIS Distance vector – RIP (version 1 and 2) – IGRP (Cisco Proprietary)

RIP2 (Routing Information Protocol) Team Agile. Routing Protocols Link State – OSPF – ISIS Distance vector – RIP (version 1 and 2) – IGRP (Cisco Proprietary)
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Chapter 5 Network Layer.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Chapter 5 Network Layer.

Similar presentations

Ads by Google