电子学报2024,Vol.52Issue(4):1083-1102,20.DOI:10.12263/DZXB.20230682
可扩展的网络验证技术:研究现状与发展趋势
Scalable Network Verification Technologies:State of the Art and Future
摘要
Abstract
The Internet,as a critical component of a nation's information infrastructure,has played a significant role in various domains.However,as its scale continues to expand and its applications deepen,we also face the potential cata-strophic consequences of inconsistent network behaviors.To ensure the normal operation of the Internet and the consisten-cy of network behaviors,there is an urgent need for deployable network verification technologies that align network opera-tions with the intentions of network operators.Extensive research has been conducted on network verification technologies,assisting users in automating the detection of network errors and analyzing their root causes.However,to meet the increas-ing demands of the expanding Internet,scalability has become a crucial challenge in deploying network verification technol-ogies.Specifically,how to quickly identify and diagnose errors in network policies,while satisfying time and space com-plexity constraints,has become a research hotspot in effectively applying network verification technologies in practice.To address this problem,this paper delves into and summarizes cutting-edge research on the temporal and spatial scalability of network verification.It begins by introducing the background knowledge related to network verification and then describes the current issues and challenges faced in network verification.Focusing on the core issue of scalability,the paper thor-oughly analyzes existing work in achieving scalable verification from both the data plane and control plane perspectives.It provides a systematic analysis of the characteristics of these approaches,showcasing the distinctions and connections among related studies.According to the existing researches,we find that:(1)The scalability of data plane verification is pri-marily constrained by header space and forwarding matching rules,while the scalability of control plane verification is mainly limited by the complexity of multiple protocols and policies.(2)Although both data plane and control plane re-search employ similar scalable verification techniques,they address different but interconnected targets.For example,incre-mental computation in the data plane primarily focuses on updating packet equivalence classes,while incremental computa-tion in the control plane primarily deals with network models affected by configuration changes.When applying network slicing techniques,both data plane and control plane independently validate the network by dividing it into multiple seg-ments.(3)Compared to spatial scalability,current research places greater emphasis on temporal scalability,where reducing verification time overhead appears to be the primary pursuit of verification tools.(4)Previous research predominantly ad-opted a centralized verification approach,which involved collecting control plane or data plane information and then per-forming centralized analysis and verification.However,there has been a recent trend towards distributed verification,such as Coral and Tulkun in control plane verification.Lastly,based on the current research landscape,the paper concludes by summarizing and forecasting the research trends in scalable network verification technologies,offering valuable insights for researchers in this field.In conclusion,this paper presents a comprehensive review and outlook on the topic of scalability in network verification.It emphasizes the importance of aligning network behaviors with the intentions of network operators to ensure the reliable and consistent operation of the Internet.By addressing the challenges of scalability,researchers can advance the development of network verification technologies that can effectively verify large-scale networks within the constraints of time and space complexity.Ultimately,this contributes to enhancing the reliability and security of the Inter-net as a critical information infrastructure.关键词
网络验证/可扩展性/网络配置/时空优化/数据面验证/控制面验证Key words
network verification/scalability/network configuration/time-space optimization/data plane verifica-tion/control plane verification分类
信息技术与安全科学引用本文复制引用
黄翰林,徐恪,李琦,李彤,付松涛,高翔宇..可扩展的网络验证技术:研究现状与发展趋势[J].电子学报,2024,52(4):1083-1102,20.基金项目
国家重点研发计划(No.2022YFB3102300,No.2022YFB3102301) (No.2022YFB3102300,No.2022YFB3102301)
国家自然科学基金(No.61932016,No.62132011,No.62202473,No.U22B2031,No.61825204) (No.61932016,No.62132011,No.62202473,No.U22B2031,No.61825204)
北京高校卓越青年科学家计划(No.BJJWZYJH01201910003011) National Key Research and Development Program of China(No.2022YFB3102300,No.2022YFB3102301) (No.BJJWZYJH01201910003011)
National Natural Science Foundation of China(No.61932016,No.62132011,No.62202473,No.U22B2031,No.61825204) (No.61932016,No.62132011,No.62202473,No.U22B2031,No.61825204)
Beijing Outstanding Young Scientist Program(No.BJJWZYJH01201910003011) (No.BJJWZYJH01201910003011)
