Transcript Slides

Testing Stateful and Dynamic
Data Planes with FlowTest
Seyed K. Fayaz, Vyas Sekar
Motivating Scenario
1) Keep count of TCP connections per host.
Policy 2) Deep packet inspection if a host has made
too many TCP connection attempts.
Light
IPS
H1
Heavy
IPS
Internet
H2
S1
S2
How to make sure this policy is correctly implemented
in the actual network?
2
Existing solutions don’t suffice
• Assume simple, stateless elements
– E.g., switches and simple ACL devices
• Work with static and context-free policies
– E.g., reachability
– E.g., access control
• Focus on single packet effects
3
Our Approach: FlowTest
• FlowTest’s approach: testing the data plane
• We need:
– A model of the entire data plane
• Including middleboxes
– To generate test scenarios that exercise
• Data plane states
• Policy contexts
– To monitor and validate test results
4
Early Promise
Light
IPS
H1
Internet
S1
count=1
refresh
conn fail
count=2
refresh
Heavy IPS
count≥3
refresh
OK
Alarm
seen bot traffic
conn fail
Light IPS
conn fail
S2
seen non-bot traffic
H2
count=0
Heavy
IPS
Generating test traffic can be formulated using AI planning.
We validated our solution using an SDN prototype.
5
Conclusions
• Real world networks are complex
– Stateful elements
– Dynamic and contextual policies
• We argue for testing data planes that incorporates
data plane models
• Initial promise of FlowTest via FSMs and planning
• Many open challenges
6