• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>2014 First International Science and Technology Conference (Modern Networking Technologies) >VERMONT - A toolset for checking SDN packet forwarding policies on-line
【24h】

VERMONT - A toolset for checking SDN packet forwarding policies on-line

机译:VERMONT-在线检查SDN数据包转发策略的工具集

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In this paper we present a VERifying MONiTor (VERMONT) which is a software toolset for checking the consistency of network configurations with formally specified invariants of Packet Forwarding Policies (PFP). Correct and safe management of networks is a very hard task. Every time the current load of flow tables should satisfy certain requirements. Some packets have to reach their destination, whereas some other packets have to be dropped. Certain switches are forbidden for some packets, whereas some other switches have to be obligatorily traversed. Loops are not allowed. These and some other requirements constitute a PFP. One of the aims of network engineering is to provide such a loading of switches with forwarding rules as to guarantee compliance with the PFP. VERMONT provides some automation to the solution of this task. VERMONT can be installed in line with the control plane. It observes state changes of a network by intercepting messages sent by switches to the controller and command sent by the controller to switches. It builds an adequate formal model of a whole network and checks every event, such as installation, deletion, or modification of rules, port and switch up and down events, against a set formal requirements of PFP. Before a network update command is sent to a switch VERMONT anticipates the result of its execution and checks whether a new state of network satisfies all requirements of PFP. If this is the case then the command is delivered to the corresponding switch. Upon detecting a violation of PFP VERMONT blocks the change, alerts a network administrator, and gives some additional information to elucidate a possible source of an error. VERMONT has a wide area of applications. It can be attached to a SDN controller just to check basic safety properties (the absence of loops, black-holes, etc) of the network managed by the controller. VERMONT may be also cooperated with software units (like FlowVisor) that aggregate several controllers. In this - ase VERMONT checks the compatibility of PFPs implemented by these controllers. This toolset can be used as a fully automatic safeguard for every software application which implements certain PFP on a SDN controller.
机译:在本文中,我们提出了一个VERMONING MONiTor(VERMONT),这是一个软件工具集,用于检查网络配置与数据包转发策略(PFP)的形式指定不变性的一致性。正确和安全地管理网络是一项非常艰巨的任务。每次流表的当前负载应满足某些要求。一些数据包必须到达其目的地,而其他一些数据包必须被丢弃。某些数据包禁止使用某些交换机,而必须强制遍历某些其他交换机。不允许循环。这些要求和其他要求构成了PFP。网络工程的目的之一是向交换机提供这种带有转发规则的负载,以确保符合PFP。 VERMONT为该任务的解决方案提供了一些自动化。 VERMONT可以根据控制平面安装。它通过拦截交换机发送到控制器的消息和控制器发送到交换机的命令来观察网络的状态变化。它建立了整个网络的适当形式模型,并根据PFP的既定形式要求检查每个事件,例如安装,删除或修改规则,端口以及上,下切换事件。在将网络更新命令发送到交换机之前,VERMONT会预测其执行结果,并检查网络的新状态是否满足PFP的所有要求。在这种情况下,命令将传递到相应的交换机。在检测到违反PFP的情况下,VERMONT会阻止更改,并向网络管理员发出警报,并提供一些其他信息来阐明错误的可能来源。 VERMONT具有广泛的应用领域。可以将其附加到SDN控制器上,只是检查该控制器管理的网络的基本安全属性(无环路,黑洞等)。 VERMONT还可以与聚合多个控制器的软件单元(例如FlowVisor)合作。在这种情况下,VERMONT检查由这些控制器实现的PFP的兼容性。该工具集可用作在SDN控制器上实现某些PFP的每个软件应用程序的全自动保护措施。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号