DFL: Secure and Practical Fault Localization for Datacenter Networks

Datacenter networking has gained increasing popularity in the past few years. While researchers paid considerable efforts to enhance the performance and scalability of datacenter networks, achieving reliable data delivery in these emerging networks with misbehaving routers and switches received far less attention. Unfortunately, documented incidents of router compromise underscore that the capability to identify adversarial routers and switches is an imperative and practical need rather than merely a theoretical exercise. To this end, data-plane fault localization (FL) aims to identify faulty links and is an effective means of achieving high network availability. However, existing secure FL protocols assume that the source node knows the entire outgoing path that delivers the source node´s packets and that the path is static and long-lived. These assumptions are invalidated by the dynamic traffic patterns and agile load balancing commonly seen in modern datacenter networks. We propose the first secure FL protocol, DFL, with no requirements on path durability or the source node knowing the outgoing paths. Through a core technique we named delayed function disclosure, DFL incurs little communication overhead and a small, constant router state independent of the network size or the number of flows traversing a router.