Packet flow analysis in IP networks via abstract interpretation

Packet flow analysis in IP networks via abstract interpretation Raghavan Komondoor Indian Institute of Science, Bangalore raghavan@csa.iisc.ernet.in K. Vasanta Lakshmi Indian Institute of Science, Bangalore kvasanta@csa.iisc.ernet.in Deva Seetharam IBM Research India dseetharam@in.ibm.com Sudha Balodia Indian Institute of Science, Bangalore sudha.balodia@gmail.com ABSTRACT Static analysis (aka offline analysis) of a model of an IP network is useful for understanding, debugging, and verify- ing packet flow properties of the network. There have been static analysis approaches proposed in the literature for net- works based on model checking as well as graph reachability. Abstract interpretation is a method that has typically been applied to static analysis of programs. We propose a new, abstract-interpretation based approach for analysis of net- works. We formalize our approach, mention its correctness guarantee, and demonstrate its flexibility in addressing mul- tiple network-analysis problems that have been previously solved via tailor-made approaches. Finally, we investigate applications of our analysis for two novel problems – auto- matically generating test packets, and inferring a high-level policy for the network – which have been addressed in the past only in the restricted single-node setting. 1. INTRODUCTION Analysis of the flow of packets across an IP network is an important problem. It has varied applications, such as iden- tifying anomalies in configuration files in routers [15], testing of router implementations [5], checking whether a network configuration satisfies a high-level policy of a network ad- ministrator by querying properties of the configuration [9, 11], and inferring such a high-level policy automatically from the network configuration [12, 6]. However, such an analysis is challenging, because packet routing in an IP network is a complex activity. Routers intervene between subnets (i.e., fully connected collections of hosts), and perform operations on packets such as filtering, routing to adjacent routers or subnets, and transformation, e.g., for network address trans- lation (NAT). Each operation performed by a router is pred- icated (i.e., guarded) by the current content of the header of the packet, which, due to transformations, changes as the packet flows through the network. There are additional sources of complexity: The set of operations performed by a router is not fixed once for all, but gets modified as the network topology and load characteristics vary during op- eration. Also, the outcome of some of these operations are dependent not just on the content of the packet header, but also on the state of the connection that the packet belongs to. All of this means that it is quite difficult to analyze the flow of packets across the network. The state-of-practice for analyzing reachability is to send test packets in the actual network, using commercially avail- able tools. However, testing does not give complete infor- mation about all possible packet flow outcomes, because it is infeasible to send all possible packets across a network. Several static (or offline) analysis approaches, e.g., [14, 15, 1], have been reported in the literature in order to overcome this disadvantage; these approaches analyze a specification of the network topology and router configurations (i.e., a model of the network), and emit information that over- or under-approximates all possible packet flows in the network. 1.1 Contributions 1) Our primary contribution is an abstract interpreta- tion [4] based analysis for determining packet flow prop- erties in an IP network. To the best of our knowledge ours is the first reported approach for this problem that is based on abstract interpretation, which is a technique that has been typically applied to analysis of properties of programs. Abstract interpretation is a customizable framework, in the sense that it needs to be instantiated with a lattice (i.e., a domain of values to be used in the analysis), and a set of transfer functions operating on this lattice. Therefore, the analysis designer has the flexibility to use different lat- tices of differing precision for the same problem, and prove that each one results in a semantically valid (but poten- tially approximate) analysis wrt the most-precise analysis. We take advantage of this capability by first spelling out a precise instantiation of our analysis, which always termi- nates (because of bounded packet sizes), but which may be expensive. Subsequently, we illustrate how to trade-offthis precision for scalability, while ensuring that the flow infor- mation we compute is an over-approximation of the precise flows. Previous static analysis approaches for network anal- ysis are hard-wired, and do not readily admit such trade-offs arXiv:1111.6808v1 [cs.NI] 29 Nov 2011 within their overall approach. 2) We show that abstract interpretation is a flexible frame- work, capable of determining varying information about packet flows in a network

This content is AI-processed based on open access ArXiv data.