Towards an efficient verification approach on network configuration

Author

Elbadawi, Khalid ; Tang, Yongning ; Yu, James

Author_Institution

Sch. of Comput., DePaul Univ., Chicago, IL, USA

fYear

2012

fDate

22-26 Oct. 2012

Firstpage

247

Lastpage

251

Abstract

This paper presents our new design and implementation of a configuration verification system called ConfVS. With the increasing complexity of network configuration, verifying network behavior has become a highly time-consuming and error-prone process. Much research effort has been made to tackle this challenge. In this paper, we propose a formalization scheme based on binary decision diagram to model the entire network behavior specified by diverse configuration requirements (e.g., security policies, routing policies, and address translation rules), and design a set of algorithms to efficiently verify the compliance of network behavior to the requirements. Our experiments show that ConfVS can validate thousands of network devices configured by millions rules with ten times improved efficiency when compared to several well-known existing solutions.

Keywords

binary decision diagrams; telecommunication network management; telecommunication network routing; telecommunication security; ConfVS; address translation rules; binary decision diagram; configuration verification system; network configuration; routing policies; security policies; Boolean functions; Computational modeling; Data structures; IP networks; Network topology; Routing; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and service management (cnsm), 2012 8th international conference and 2012 workshop on systems virtualiztion management (svm)

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4673-3134-0

Electronic_ISBN

978-3-901882-48-7

Type

conf

Filename

6380024