Post on 07-Jul-2020
Tiramisu: Fast Multilayer Network Verification
Anubhavnidhi “Archie” Abhashkumar*, Aaron Gember Jacobson#,and Aditya Akella*
1
*University of Wisconsin-Madison, # Colgate University
Distributed Control Planes
2
D C
BZ
Y
E
Policies
Y à Z
Configuration Exampleinterface GigabitEthernet0/1
ip address 1.0.1.1 255.255.0.0ip ospf cost 1
router ospf 10 network 3.0.1.2 0.0.255.255 area 0
Distributed Control Planes
3
D C
BZ
Y
E
Policies
Y à Z
Distributed Control Planes
4
D C
BZ
Y
E
Policies
Y à Z
Distributed Control Planes
5
D C
BZ
Y
E
Policies
Y à Z
OSPFOSPF
OSPFOSPF 1
1
1
Distributed Control Planes
6
D C
BZ
Y
E
Policies
Y à Z
OSPFOSPF
OSPFOSPF 1
1
Z1
Router Configurations are Complex
7
interface GigabitEthernet0/1ip address 1.0.1.1 255.255.0.0ip ospf cost 1!interface GigabitEthernet0/2ip address 10.11.11.1 255.255.0.0!router bgp 300neighbor 2.2.2.2 route-map COMM out!route-map COMM permit 10 set community 1:1 additiveset local-preference 150!router ospf 10 network 3.0.1.2 0.0.255.255 area 0
• Multiple routing protocols• BGP• OSPF• …
Router Configurations are Complex
8
interface GigabitEthernet0/1ip address 1.0.1.1 255.255.0.0ip ospf cost 1!interface GigabitEthernet0/2ip address 10.11.11.1 255.255.0.0!router bgp 300neighbor 2.2.2.2 route-map COMM out!route-map COMM permit 10 set community 1:1 additiveset local-preference 150!router ospf 10 network 3.0.1.2 0.0.255.255 area 0
• Multiple routing protocols• BGP• OSPF• …
• Multiple routing metrics• ospf cost• local preference• …
Router Configurations are Complex
9
interface GigabitEthernet0/1ip address 1.0.1.1 255.255.0.0ip ospf cost 1!interface GigabitEthernet0/2ip address 10.11.11.1 255.255.0.0!router bgp 300neighbor 2.2.2.2 route-map COMM out!route-map COMM permit 10 set community 1:1 additiveset local-preference 150!router ospf 10 network 3.0.1.2 0.0.255.255 area 0
• Multiple routing protocols• BGP• OSPF• …
• Multiple routing metrics• ospf cost• local preference• …
• Multiple filters• Community• …
Configuration Complexity Make Errors Common
10
Configuration Complexity Make Errors Common
11
Policy violations manifest under failures
Configuration Complexity Make Errors Common
12
Verification tools can proactively check for failures
Multiple Network Verification tools
13Performance
Cove
rage
Bagpipe(OOPSLA’16)
Plankton (NSDI’20)
Minesweeper (SIGCOMM ’17)
ERA (OSDI’16)
Batfish (NSDI’15)
ARC (SIGCOMM’16)
P-REX (CONEXT’18)
Multiple Network Verification tools
14Performance
Cove
rage
Bagpipe(OOPSLA’16)
Plankton (NSDI’20)
Minesweeper (SIGCOMM ’17)
ERA (OSDI’16)
Batfish (NSDI’15)
ARC (SIGCOMM’16)
P-REX (CONEXT’18)
Goal: A verification tool that has good coverage and good performance
Tiramisu (NSDI’20)
Multiple Network Verification tools
15Performance
Cove
rage
Bagpipe(OOPSLA’16)
Plankton (NSDI’20)
Minesweeper (SIGCOMM ’17)
ERA (OSDI’16)
Batfish (NSDI’15)
ARC (SIGCOMM’16)
P-REX (CONEXT’18)
Goal: A verification tool that has good coverage and good performance
Tiramisu (NSDI’20)
Performance VS Coverage• ARC (SIGCOMM’16)• Graph algorithms
Network configurations
22
4
1
06
Weighted Graphs
16
Performance VS Coverage• ARC (SIGCOMM’16)• Graph algorithms
Network configurations
22
4
1
06
Weighted Graphs
17
• Minesweeper (SIGCOMM’17)• Symbolic encoding
Network configurations
Routing Algorithms
Policies
SMT Constraints
Z3 solver
Cross Layer Dependency
18
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Cross Layer Dependency
19
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
IBGP uses OSPF computed route to reach next hop router
Cross Layer Dependency
20
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER D
Cross Layer Dependency
21
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER D
C à E
Cross Layer Dependency
22
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER D
C à E
Cross Layer Dependency
23
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER D
C à E
Cross Layer Dependency: iBGP - OSPF
Cross Layer Dependency
24
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER D
C à E
Cross Layer Dependency
25
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER D
C à E
Cross Layer Dependency
26
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER D
Cross Layer Dependency
27
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER DDst NextHop
E B
B D
D D
Cross Layer Dependency
28
BE
CiBGP
iBGP
eBGP eBGP
1
D
iBGP
OSPF
OSPFOSPF
1
5
YZ
Dst NextHop
E B
B B
D D
Dst NextHop
E E
C C
D D
Dst NextHop
B B
C C
ROUTER C
ROUTER B
ROUTER DDst NextHop
E B
B D
D DE
ARC and Minesweeper
29
• ARC (SIGCOMM’16)
Ebgp Bbgp
Bospf
Cospf Cospf
• Insufficient feature coverage• No IBGP, local preference,
community, ….
ARC and Minesweeper• Minesweeper (SIGCOMM’17)
30
• ARC (SIGCOMM’16)
Ebgp Bbgp
Bospf
Cospf Cospf…….192.0.0.0 ≤ out.prefix out.prefix ≤ 192.1.0.0out.valid ⇒ truebest.valid ⇒ out.lp = 120best.valid ⇒ out.ad = 20…….
…….192.0.0.0 ≤ out.prefix out.prefix ≤ 192.1.0.0out.valid ⇒ truebest.valid ⇒ out.lp = 120best.valid ⇒ out.ad = 20…….
…….192.0.0.0 ≤ out.prefix out.prefix ≤ 192.1.0.0out.valid ⇒ truebest.valid ⇒ out.lp = 120best.valid ⇒ out.ad = 20…….
• Insufficient feature coverage• No IBGP, local preference,
community, ….
• Poor performance• replicate model for iBGP
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHMS
31
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHMS
32
Model VerificationARC Graph Graph
Minesweeper SMT SMT
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHMS
33
Model VerificationARC Graph Graph
Minesweeper SMT SMT
low coverage
high coverage low performance
high performance
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHMS
34
Model VerificationARC Graph Graph
Minesweeper SMT SMT
low coverage
high coverage low performance
high performance
Insight 1: Decouple network encoding from verification algorithm
InsightsConfigurations
NETWORK MODEL
35
Multilayer graph with vector of edge weights
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
36
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
37
B
C
1
D
OSPF
OSPFOSPF
1
5
S1Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
38
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
Policy 1: Which path is preferred?C→B << C→D→B
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
39
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
Policy 1: Which path is preferred?C→B << C→D→B
C→B : ospf cost = 1C→D→B : ospf cost = 6
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
40
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
Policy 1: Which path is preferred?C→B << C→D→B
PATHENUMERATION C→B : ospf cost = 1
C→D→B : ospf cost = 6
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
41
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
PATHENUMERATION
Policy 2: Can C reach B with 1 link failure?
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
42
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
PATHENUMERATION
Policy 2: Can C reach B with 1 link failure?
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
43
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
PATHENUMERATION
Policy 2: Can C reach B with 1 link failure?
Min-cut = 2
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
44
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
PATHENUMERATION
Policy 2: Can C reach B with 1 link failure?
QUANTITATIVE GRAPH
PROPERTY Min-cut = 2
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N….
45
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
PATHENUMERATION
QUANTITATIVE GRAPH
PROPERTY
Policy 3: Is C always unreachable/blocked from B?
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N
46
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
PATHENUMERATION
QUANTITATIVE GRAPH
PROPERTY
Policy 3: Is C always unreachable/blocked from B?
PATHEXISTENCE
(CONNECTIVITY)
Multilayer graph with vector of edge weights
Categories policies based on fidelity
InsightsConfigurations
NETWORK MODEL
VERIFICATIONALGORITHM-1
VERIFICATIONALGORITHM-2
VERIFICATIONALGORITHM-N
47
B
C
1
D
OSPF
OSPFOSPF
1
5
S1
PATHENUMERATION
QUANTITATIVE GRAPH
PROPERTY
PATHEXISTENCE
(CONNECTIVITY)
B
low performancehigh fidelity
high performancelow fidelity
Multilayer graph with vector of edge weights
Categories policies based on fidelity
Insight 2: Different properties require different levels of fidelity modeling of the control plane. Use property-specific algorithm for performance benefits
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
ConfigurationsGraph Model
48
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
Configurations
PATHENUMERATION
Graph Model
Algorithms
49
TPVP
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
Configurations
PATHENUMERATION
NUMERIC GRAPH PROPERTY
Graph Model
Algorithms
50
ILPTPVP
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
Configurations
TDFS
PATHENUMERATION
NUMERIC GRAPH PROPERTY
PATHEXISTENCE
Graph Model
Algorithms
51
ILPTPVP
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
ConfigurationsGraph Model
52
Traffic Propagation Graph (TPG)
53
BE
CiBGP
iBGPeBGP eBGP
1
DiBGP
OSPF
OSPFOSPF1
5
YZ
Traffic Propagation Graph (TPG)
54
• Vertices: RIB of a routing processes and ingress/egress point of a switch/router
Bvlan:BC:in
Z
Bvlan:BD:inEvlan:BE:in
Bospf Cospf Dospf
Ebgp Bbgp Cbgp Dbgp
Y
Evlan:BE:out Bvlan:BD:out
Bvlan:BE:in Cvlan:BC:in
Cvlan:BC:out
Cvlan:CD:in
Cvlan:CD:out
Dvlan:CD:in
Dvlan:CD:out
Dvlan:BD:in
Bvlan:BC:out Dvlan:BD:outBvlan:BE:out
BE
CiBGP
iBGPeBGP eBGP
1
DiBGP
OSPF
OSPFOSPF1
5
YZ
Traffic Propagation Graph (TPG)
55
• Vertices: RIB of a routing processes and ingress/egress point of a switch/router• Edges: establish route dependency and traffic flow
Bvlan:BC:in
Z
Bvlan:BD:inEvlan:BE:in
Bospf Cospf Dospf
Ebgp Bbgp Cbgp Dbgp
Y
Evlan:BE:out Bvlan:BD:out
Bvlan:BE:in Cvlan:BC:in
Cvlan:BC:out
Cvlan:CD:in
Cvlan:CD:out
Dvlan:CD:in
Dvlan:CD:out
Dvlan:BD:in
Bvlan:BC:out Dvlan:BD:outBvlan:BE:out
BE
CiBGP
iBGPeBGP eBGP
1
DiBGP
OSPF
OSPFOSPF1
5
YZ
Traffic Propagation Graph (TPG)
56
• Vertices: RIB of a routing processes and ingress/egress point of a switch/router• Edges: establish route dependency and traffic flow
Bvlan:BC:in
Z
Bvlan:BD:inEvlan:BE:in
Bospf Cospf Dospf
Ebgp Bbgp Cbgp Dbgp
Y
Evlan:BE:out Bvlan:BD:out
Bvlan:BE:in Cvlan:BC:in
Cvlan:BC:out
Cvlan:CD:in
Cvlan:CD:out
Dvlan:CD:in
Dvlan:CD:out
Dvlan:BD:in
Bvlan:BC:out Dvlan:BD:outBvlan:BE:out
BE
CiBGP
iBGPeBGP eBGP
1
DiBGP
OSPF
OSPFOSPF1
5
YZ
Traffic Propagation Graph (TPG)
57
• Vertices: RIB of a routing processes and ingress/egress point of a switch/router• Edges: establish route dependency and traffic flow• Vector of edge weights: multiple route metrics
Bvlan:BC:in
Z
Bvlan:BD:inEvlan:BE:in
Bospf Cospf Dospf
Ebgp Bbgp Cbgp Dbgp
Y
Evlan:BE:out Bvlan:BD:out
Bvlan:BE:in Cvlan:BC:in
Cvlan:BC:out
Cvlan:CD:in
Cvlan:CD:out
Dvlan:CD:in
Dvlan:CD:out
Dvlan:BD:in
Bvlan:BC:out
<ospf:1> <ospf:1>
<len:0><len:0>
<ospf:5>
<len:0><len:1>
<ospf:5> <ospf:1>Dvlan:BD:outBvlan:BE:out
BE
CiBGP
iBGPeBGP eBGP
1
DiBGP
OSPF
OSPFOSPF1
5
YZ
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
Configurations
PATHENUMERATION
Graph Model
Algorithms
58
TPVP
TPVP - Tiramisu Path Vector Protocol• Griffin et al. (TON’2002) and Sobrinho (TON’2005) models stable paths
problem as Simple Path Vector Protocol (SPVP) and routing algebra• TPVP is derived from SPVP and is modeled on routing algebra
• ⊕ operator to model path cost computation• ⪯ operator to model preference relation and path selection
59
TPVP - Tiramisu Path Vector Protocol• Griffin et al. (TON’2002) and Sobrinho (TON’2005) models stable paths
problem as Simple Path Vector Protocol (SPVP) and routing algebra• TPVP is derived from SPVP and is modeled on routing algebra
• ⊕ operator to model path cost computation• ⪯ operator to model preference relation and path selection
60
Cospf<ospf:1>
<ospf:1><len:0>Cbgp
{} {}
TPVP - Tiramisu Path Vector Protocol• Griffin et al. (TON’2002) and Sobrinho (TON’2005) models stable paths
problem as Simple Path Vector Protocol (SPVP) and routing algebra• TPVP is derived from SPVP and is modeled on routing algebra
• ⊕ operator to model path cost computation• ⪯ operator to model preference relation and path selection
61
Cospf<ospf:1>
<ospf:1><len:0>Cbgp
{ospf:5} Node ⊕ ⪯
Cospf {ospf:1} ⊕ospf {ospf:5}= {ospf:6}
{ospf:6} ⪯ ospf {}
{ospf:6} {}
TPVP - Tiramisu Path Vector Protocol• Griffin et al. (TON’2002) and Sobrinho (TON’2005) models stable paths
problem as Simple Path Vector Protocol (SPVP) and routing algebra• TPVP is derived from SPVP and is modeled on routing algebra
• ⊕ operator to model path cost computation• ⪯ operator to model preference relation and path selection
62
Cospf<ospf:1>
<ospf:1><len:0>Cbgp
{ospf:1}
Node ⊕ ⪯
Cospf {ospf:1} ⊕ospf {ospf:1} = {ospf:2}
{ospf:2} ⪯ ospf {ospf:6}
{ospf:2} {}
TPVP - Tiramisu Path Vector Protocol• Griffin et al. (TON’2002) and Sobrinho (TON’2005) models stable paths
problem as Simple Path Vector Protocol (SPVP) and routing algebra• TPVP is derived from SPVP and is modeled on routing algebra
• ⊕ operator to model path cost computation• ⪯ operator to model preference relation and path selection
63
Cospf<ospf:1>
<ospf:1><len:0>Cbgp {ospf:2}
{ospf:2} {len:0, ospf:2}
Node ⊕ ⪯
Cbgp {len:0} ⊕bgp {ospf:1}= {len:0, ospf: 2}
{len:0, ospf:2} ⪯ bgp {}
TPVP - Tiramisu Path Vector Protocol• Griffin et al. (TON’2002) and Sobrinho (TON’2005) models stable paths
problem as Simple Path Vector Protocol (SPVP) and routing algebra• TPVP is derived from SPVP and is modeled on routing algebra
• ⊕ operator to model path cost computation• ⪯ operator to model preference relation and path selection
64
Cospf<ospf:1>
<ospf:1><len:0>Cbgp
{ospf:2} {len:0, ospf:2}
{ospf:5} Node ⊕ ⪯
Cospf {ospf:1} ⊕ospf {ospf:5}= {ospf: 6}
{ospf:6} ⪯ ospf {ospf:2}
TPVP - Tiramisu Path Vector Protocol
65
B
C
1
D
OSPF
OSPFOSPF
4
1
S1
TPVP - Tiramisu Path Vector Protocol
66
B
C
1
D
OSPF
OSPFOSPF
4
1
S1
P1: C→D→B : ospf cost = 2P2: C→B : ospf cost = 4
TPVP - Tiramisu Path Vector Protocol
67
B
C
1
D
OSPF
OSPFOSPF
4
1
S1
P1: C→D→B : ospf cost = 2P2: C→B : ospf cost = 4
TPVP - Tiramisu Path Vector Protocol
68
B
C
1
D
OSPF
OSPFOSPF
4
1
S1
P1: C→D→B : ospf cost = 2P2: C→B : ospf cost = 4
TPVP - Tiramisu Path Vector Protocol
69
B
C
1
D
OSPF
OSPFOSPF
4
1
S1
P1: C→D→B : ospf cost = 2P2: C→B : ospf cost = 4
TPVP - Tiramisu Path Vector Protocol• To verify path preference (P1 << P2), Tiramisu multiple instances of TPVP for
different failure scenarios• Runs TPVP three times
70
B
C
1
D
OSPF
OSPFOSPF
4
1
S1
P1: C→D→B : ospf cost = 2P2: C→B : ospf cost = 4
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
Configurations
NUMERIC GRAPH PROPERTY
Graph Model
Algorithms
71
ILP
ILPs - Integer Linear Programs
• Traffic flows in the direction opposite to route advertisement
72
B
CD
eBGP
eBGPeBGPS1
<at:c1>
<bt:c1>
ILPs - Integer Linear Programs
• Traffic flows in the direction opposite to route advertisement• Only depends on quantitative path property and not exact path
73
min cut is 1
B
CD
eBGP
eBGPeBGPS1
<at:c1>
<bt:c1>B
B
ILPs - Integer Linear Programs
• Traffic flows in the direction opposite to route advertisement• Only depends on quantitative path property and not exact path• ILP constraints model reachability• Tag/Community
74
min cut is 1
B
CD
eBGP
eBGPeBGPS1
<at:c1>
<bt:c1>B
B
ILPs - Integer Linear Programs
• Traffic flows in the direction opposite to route advertisement• Only depends on quantitative path property and not exact path• ILP constraints model reachability• Tag/Community
• Objective models the graph property75
B
CD
eBGP
eBGPeBGPS1
<at:c1>
<bt:c1>B
B
Reachability < K failures = Minimize link failuresLongest path = Maximize path length
ILPs - Integer Linear Programs
• Traffic flows in the direction opposite to route advertisement• Only depends on quantitative path property and not exact path• ILP constraints model reachability• Tag/Community
• Objective models the graph property• More details about the ILP and its corner cases are in the paper 76
B
CD
eBGP
eBGPeBGPS1
<at:c1>
<bt:c1>B
B
Reachability < K failures = Minimize link failuresLongest path = Maximize path length
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
Configurations
TDFS
PATHEXISTENCE
Graph Model
Algorithms
77
TDFS – Tiramisu Depth First Search
78
B
CD
eBGP
eBGPeBGPS1
<bt:c1>
<at:c1>
• Can’t use vanilla graph algorithms to model tags
TDFS – Tiramisu Depth First Search
79
B
CD
eBGP
eBGPeBGPS1
<bt:c1>
<at:c1>
• Can’t use vanilla graph algorithms to model tags• Conditions• Block path: tag-blocking node à tag-adding node
TDFS – Tiramisu Depth First Search
80
B
CD
eBGP
eBGPeBGPS1
<bt:c1><rt:c1>
<at:c1>
• Can’t use vanilla graph algorithms to model tags• Conditions• Block path: tag-blocking node à tag-adding node• Allow path: tag-blocking node à tag-removing node à tag-adding node
TDFS – Tiramisu Depth First Search
81
B
CD
eBGP
eBGPeBGPS1
<bt:c1><rt:c1>
<at:c1>Verify if src and dst are always unreachable
• Can’t use vanilla graph algorithms to model tags• Conditions• Block path: tag-blocking node à tag-adding node• Allow path: tag-blocking node à tag-removing node à tag-adding node
Tiramisu Overview
Traffic Propagation Graph (TPG)
Routing Adjacencies Graph (RAG)
Configurations
TDFS
PATHENUMERATION
NUMERIC GRAPH PROPERTY
PATHEXISTENCE
Graph Model
Algorithms
82
ILPTPVP
Evaluation• Networks used • Real networks: 4 universities and 34 datacenters
• Evaluation• Tiramisu verification performance• Comparison with other state-of-the-art
83
Policy Name Algorithm
block Always blocked TDFS
bound Always bounded length ILP
pref Path preference TPVP
Evaluation – Tiramisu’s Performance
84
• bound is slowest because it uses ILP
0
20
40
60
80
Uni1 (9) Uni2 (24) Uni3 (26) Uni4 (35)Ti
me
(ms)
University
pref bound block
Evaluation – Tiramisu’s Performance
85
• bound is slowest because it uses ILP• block is fastest because it uses TDFS
0
20
40
60
80
Uni1 (9) Uni2 (24) Uni3 (26) Uni4 (35)Ti
me
(ms)
University
pref bound block
Evaluation – Tiramisu’s Performance
86
• bound is slowest because it uses ILP• block is fastest because it uses TDFS• pref is slower than block as TPVP is more complex
0
20
40
60
80
Uni1 (9) Uni2 (24) Uni3 (26) Uni4 (35)Ti
me
(ms)
University
pref bound block
Evaluation – Tiramisu’s Performance
87
• bound is slowest because it uses ILP• block is fastest because it uses TDFS• pref is slower than block as TPVP is more complex• For large networks, pref is as long as bound• Large networks à More candidate and longer paths à More calls to TPVP
0
20
40
60
80
Uni1 (9) Uni2 (24) Uni3 (26) Uni4 (35)Ti
me
(ms)
University
pref bound block
Evaluation: Tiramisu vs. Minesweeper (No failures)
88
• block has the most speedup
0
10
20
30
40
0 5 10 15 20 25
Spee
dup
Network Size
pref
0
10
20
30
0 10 20 30
Spee
dup
Network Size
bound
0
50
100
150
0 10 20 30
Spee
dup
Network Size
block
Evaluation: Tiramisu vs. Minesweeper (No failures)
89
• block has the most speedup• pref has the least speedup (especially for large networks)• Large networks à more and longer candidate paths à more calls to TPVP
0
10
20
30
40
0 5 10 15 20 25
Spee
dup
Network Size
pref
0
10
20
30
0 10 20 30
Spee
dup
Network Size
bound
0
50
100
150
0 10 20 30
Spee
dup
Network Size
block
90
Evaluation: Tiramisu vs. Minesweeper (All failures)
• Same trend but significantly better speed up• Minesweeper uses same encoding for all policies• Tiramisu uses property specific algorithms
020406080
100
0 5 10 15 20 25
Spee
dup
Network Size
pref
0
20
40
60
0 10 20 30
Spee
dup
Network Size
bound
0
200
400
600
800
0 10 20 30
Spee
dup
Network Size
block
Summary• Tiramisu decouples encoding of the network from verification algorithms• Tiramisu uses a multilayer graph control plane model• Tiramisu uses• TPVP to enumerate paths• ILP to measure quantitative graph property• TDFS to check path existence
• Tiramisu achieves good performance without losing too much coverage• No external advertisements
91