Kirigami, the Verifiable Art of Network Cutting

We introduce a modular verification approach to network control plane verification, where we cut a network into smaller fragments to improve the scalability of SMT solving. Users provide an annotated cut which describes how to generate these fragments from the monolithic network, and we verify each fragment independently, using the annotations to define assumptions and guarantees over fragments akin to assume-guarantee reasoning. We prove this modular network verification procedure is sound and complete with respect to verification over the monolithic network. We implement this procedure as Kirigami, an extension of NV - a network verification language and tool - and evaluate it on industrial topologies with synthesized policies. We observe a 2-8x improvement in end-to-end NV verification time, with SMT solve time improving by up to 6 orders of magnitude.