In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.
翻译:在现代网络中,包裹的传送往往取决于先前传送的交通的历史。这些网络含有有声势的中继箱,其转发行为取决于可变的内部状态。 防火墙和负载平衡器是典型的有声势的中继箱。 这项工作解决了在与有限状态中继箱的网络中核查安全性质的复杂性, 如隔离等。 不幸的是, 我们显示, 即使没有转发环, 有关这些网络的推理也难以确定, 原因是中继箱之间通过无线定线的频道连接了互动。 因此, 我们抽象地发出频道命令。 这种抽象性能对于安全来说是健全的, 使得问题可以破解。 具体地说, 安全检查在网络中的主机和中继箱数量中成为 EXPSPACE 。 要解决高度复杂的问题, 我们确定两个有用的中继箱子类, 承认比较复杂的。 最简单的类别包括, 例如防火墙和允许多盘时间核查。 第二类包括, 比如, 缓存服务器和学习交换器, 并且使安全问题变得可以完成。 最后, 我们实施一个工具来核查正确性网络。