Title :
Towards an efficient verification approach on network configuration
Author :
Elbadawi, Khalid ; Tang, Yongning ; Yu, James
Author_Institution :
Sch. of Comput., DePaul Univ., Chicago, IL, USA
Abstract :
This paper presents our new design and implementation of a configuration verification system called ConfVS. With the increasing complexity of network configuration, verifying network behavior has become a highly time-consuming and error-prone process. Much research effort has been made to tackle this challenge. In this paper, we propose a formalization scheme based on binary decision diagram to model the entire network behavior specified by diverse configuration requirements (e.g., security policies, routing policies, and address translation rules), and design a set of algorithms to efficiently verify the compliance of network behavior to the requirements. Our experiments show that ConfVS can validate thousands of network devices configured by millions rules with ten times improved efficiency when compared to several well-known existing solutions.
Keywords :
binary decision diagrams; telecommunication network management; telecommunication network routing; telecommunication security; ConfVS; address translation rules; binary decision diagram; configuration verification system; network configuration; routing policies; security policies; Boolean functions; Computational modeling; Data structures; IP networks; Network topology; Routing; Security;
Conference_Titel :
Network and service management (cnsm), 2012 8th international conference and 2012 workshop on systems virtualiztion management (svm)
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4673-3134-0
Electronic_ISBN :
978-3-901882-48-7
