Rapid and verifiable network configuration repair

a network configuration and repair technology, applied in the field of computer architecture and computer security, can solve the problems of network configuration still largely manual, time-consuming and error-prone process, network outages, etc., and achieve the effect of reducing the difficulty for human reason about distributed network configuration

Active Publication Date: 2021-01-28
RAYTHEON BBN TECH CORP
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Network configuration is still largely a manual, time consuming, and error-prone process.
In fact, even during steady state operations, a many network outages are due to misconfigurations in the network.
The misconfigurations may be due to network complexity.
It is very hard for a human to reason about a distributed network configuration due to the complex composition and interaction of the many control and data plane features and mechanisms involved at different layers.
Additional complexity stems from reasoning about correctness despite failures, since some common outages and configuration backdoors only manifest because of these latent behaviors, such as after a link failure.
The problems of automated verification and repair of distributed network configurations (as opposed to centralized software-defined networks repair) are known to be intractable.
While this approach is promising, it has several limitations.
First, it is slow, and it does not scale to large networks.
Second, the repair does not always produce a correct solution when the intent specifies k-Reachable policies.
Third, a repair model does not support adding new configuration constructs, such as new routing adjacencies or new static routes that did not exist in the original configurations.
Finally, the model has limited expressiveness and cannot support control planes where the route preferences cannot be modeled using global edge weights, as is the case for example with administrative distances, and border gateway patrol (BGP) local preferences.
This is especially true when downtime could lead to loss of business, or even to loss of critical equipment such as with industrial control system networks.
This means either all paths from source to destination are reachable or all of them are blocked.
Embodiments can enforce failure consistency since violating failure consistency is likely due to a misconfiguration.
For example, an ACL on a primary path that is not on a secondary path or vice versa means that the policy will be violated after the primary path fails.
Despite adding new configuration constructs, the repair problem should not be confused with the configuration synthesis problem.
This approach has several limitations.
Encoding the edges for all the tcETGs directly into a constraint solver formulation significantly reduces scalability.
In addition, constraining ACL optimization to edge addition / removal is inconsistent with the optimality objective since the solution ends up with a correct, but unoptimized combination of permits and denies within an ACL.
Second, an important limitation of CPR is that even if the intent specifies a k-Reachable policy for a traffic class, the repair solution does not guarantee this property, unless an additional primary path policy is explicitly defined for the traffic class.
While path-equivalence can be desirable, it is often too strong of a guarantee and is accordingly hard to achieve without a fine-grained model of the control plane, which comes at the cost of scalability.
Fourth, CPR does not support adding new constructs, such as new routing adjacencies and static routes, that did not exist in the original configurations.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rapid and verifiable network configuration repair
  • Rapid and verifiable network configuration repair
  • Rapid and verifiable network configuration repair

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0115 includes a network configuration repair apparatus, the apparatus comprising memory with policies, extended topology graphs (ETGs) including an all ETG (aETG), and destination ETGs (dETGs) for each policy destination in the policies, stored thereon, and processing circuitry configured to add a routing adjacency or route redistribution edge to a router of the aETG to generate an enhanced aETG (eaETG), add, for each dETG of the dETGs, static route edges to the destination of the dETG to generate an enhanced dETG (edETG), determine, for each of the edETGs, all simple paths from all sources to the destination of the edETG, determine an set of paths (pathset) over the determined simple paths that satisfies the policies, and translate the edge additions and / or removals in the eaETG and in the edETGs to one or more of an addition and / or removal of a routing adjacency, routing filter, or static routes based on the determined pathset.

[0116]In Example 2, Example 1 further includes, where...

example 11

[0125 includes a computer-implemented method for network configuration repair, the method comprising adding a routing adjacency or route redistribution edge to a router of an all extended topology graph (ETG) (aETG) to generate an enhanced aETG (eaETG), adding, for each destination ETG (dETG) of dETGs, static route edges to a destination of the dETG to generate an enhanced dETG (edETG), determining, for each of the edETGs, all simple paths from all sources to the destination of the edETG, determining a set of paths (pathset) over the determined simple paths that satisfies the policies, and translating the edge additions and / or removals in the eaETG and in the edETGs to one or more of an addition and / or removal of a routing adjacency, routing filter, or static route based on the determined pathset.

[0126]In Example 12, Example 11 further includes marking as virtual the added routing adjacency or route redistribution edge of the eaETG.

[0127]In Example 13, Example 12 further includes ma...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Discussed herein is technology for verifiable network configuration repair. A method can include adding a routing adjacency or route redistribution edge to a router of an aETG to generate an enhanced aETG (eaETG), adding, for each dETG of dETGs, static route edges to a destination of the dETG to generate an enhanced dETG (edETG), determining, for each of the edETGs, all simple paths from all sources to the destination of the edETG, determining a set of paths (pathset) over the determined simple paths that satisfies the policies, and translating the edge additions and/or removals in the eaETG and in the edETGs to an addition and/or removal of one or more of a routing adjacency, routing filter, or static route based on the determined pathset.

Description

GOVERNMENT RIGHTS[0001]This invention was made with Government support under government contract FA8750-16-C-0176. The Government has certain rights in this invention.TECHNICAL FIELD[0002]Embodiments pertain to computer architecture and computer security. More specifically, some embodiments regard automatic network configuration repair and verification.BACKGROUND[0003]Network configuration is still largely a manual, time consuming, and error-prone process. In fact, even during steady state operations, a many network outages are due to misconfigurations in the network. The misconfigurations may be due to network complexity. It is very hard for a human to reason about a distributed network configuration due to the complex composition and interaction of the many control and data plane features and mechanisms involved at different layers. The composition and interaction may be on tens, hundreds, or even thousands of devices (e.g., from different vendors), not to mention the complex cros...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L12/751H04L12/703H04L45/02H04L45/28
CPCH04L45/02H04L45/28
Inventor KHOURY, JOUDKREMER, MICHAEL BRANDON
Owner RAYTHEON BBN TECH CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap