文档名:可扩展的网络验证技术研究现状与发展趋势
摘要:互联网作为国家信息基础设施的重要组成部分,已经在各个领域发挥着巨大的作用.随着其规模不断扩大和应用持续深入,我们也面临着意图不一致的网络行为可能导致的灾难性危害.为了确保互联网的正常运行和网络行为的一致性,我们迫切需要可部署的网络验证技术,以确保网络运行时的行为与网络运维人员的意图一致.当前已经有许多关于网络验证技术的研究,这些研究帮助用户实现自动检测网络错误,并进一步分析错误产生的原因.然而,为了满足互联网规模不断扩大的需求,可扩展性问题成为在互联网部署网络验证技术的一项重要挑战.即如何在满足时间和空间复杂度约束的前提下,快速发现并排查网络策略的错误,真正将网络验证技术应用于实际,成为一个研究热点.本文从数据面验证和控制面验证两个方面出发,深入研究和总结了现有的网络验证研究工作,并探索了基于时空优化的可扩展性技术,对这些方案的特点进行了系统性分析.最后,本文总结和展望了网络验证可扩展技术的未来研究趋势,为该领域的研究人员提供一定的参考.
Abstract:TheInternet,asacriticalcomponentofanation'sinformationinfrastructure,hasplayedasignificantroleinvariousdomains.However,asitsscalecontinuestoexpandanditsapplicationsdeepen,wealsofacethepotentialcata-strophicconsequencesofinconsistentnetworkbehaviors.ToensurethenormaloperationoftheInternetandtheconsisten-cyofnetworkbehaviors,thereisanurgentneedfordeployablenetworkverificationtechnologiesthatalignnetworkopera-tionswiththeintentionsofnetworkoperators.Extensiveresearchhasbeenconductedonnetworkverificationtechnologies,assistingusersinautomatingthedetectionofnetworkerrorsandanalyzingtheirrootcauses.However,tomeettheincreas-ingdemandsoftheexpandingInternet,scalabilityhasbecomeacrucialchallengeindeployingnetworkverificationtechnol-ogies.Specifically,howtoquicklyidentifyanddiagnoseerrorsinnetworkpolicies,whilesatisfyingtimeandspacecom-plexityconstraints,hasbecomearesearchhotspotineffectivelyapplyingnetworkverificationtechnologiesinpractice.Toaddressthisproblem,thispaperdelvesintoandsummarizescutting-edgeresearchonthetemporalandspatialscalabilityofnetworkverification.Itbeginsbyintroducingthebackgroundknowledgerelatedtonetworkverificationandthendescribesthecurrentissuesandchallengesfacedinnetworkverification.Focusingonthecoreissueofscalability,thepaperthor-oughlyanalyzesexistingworkinachievingscalableverificationfromboththedataplaneandcontrolplaneperspectives.Itprovidesasystematicanalysisofthecharacteristicsoftheseapproaches,showcasingthedistinctionsandconnectionsamongrelatedstudies.Accordingtotheexistingresearches,wefindthat:(1)Thescalabilityofdataplaneverificationispri-marilyconstrainedbyheaderspaceandforwardingmatchingrules,whilethescalabilityofcontrolplaneverificationismainlylimitedbythecomplexityofmultipleprotocolsandpolicies.(2)Althoughbothdataplaneandcontrolplanere-searchemploysimilarscalableverificationtechniques,theyaddressdifferentbutinterconnectedtargets.Forexample,incre-mentalcomputationinthedataplaneprimarilyfocusesonupdatingpacketequivalenceclasses,whileincrementalcomputa-tioninthecontrolplaneprimarilydealswithnetworkmodelsaffectedbyconfigurationchanges.Whenapplyingnetworkslicingtechniques,bothdataplaneandcontrolplaneindependentlyvalidatethenetworkbydividingitintomultipleseg-ments.(3)Comparedtospatialscalability,currentresearchplacesgreateremphasisontemporalscalability,wherereducingverificationtimeoverheadappearstobetheprimarypursuitofverificationtools.(4)Previousresearchpredominantlyad-optedacentralizedverificationapproach,whichinvolvedcollectingcontrolplaneordataplaneinformationandthenper-formingcentralizedanalysisandverification.However,therehasbeenarecenttrendtowardsdistributedverification,suchasCoralandTulkunincontrolplaneverification.Lastly,basedonthecurrentresearchlandscape,thepaperconcludesbysummarizingandforecastingtheresearchtrendsinscalablenetworkverificationtechnologies,offeringvaluableinsightsforresearchersinthisfield.Inconclusion,thispaperpresentsacomprehensivereviewandoutlookonthetopicofscalabilityinnetworkverification.ItemphasizestheimportanceofaligningnetworkbehaviorswiththeintentionsofnetworkoperatorstoensurethereliableandconsistentoperationoftheInternet.Byaddressingthechallengesofscalability,researcherscanadvancethedevelopmentofnetworkverificationtechnologiesthatcaneffectivelyverifylarge-scalenetworkswithintheconstraintsoftimeandspacecomplexity.Ultimately,thiscontributestoenhancingthereliabilityandsecurityoftheInter-netasacriticalinformationinfrastructure.
作者:黄翰林 徐恪 李琦 李彤 付松涛 高翔宇[5]Author:HUANGHan-lin XUKe LIQi LITong FUSong-tao GAOXiang-yu[5]
作者单位:清华大学计算机科学与技术系,北京100084清华大学计算机科学与技术系,北京100084;北京信息科学与技术国家研究中心,北京100084;中关村实验室,北京100094北京信息科学与技术国家研究中心,北京100084;中关村实验室,北京100094;清华大学网络科学与网络空间研究院,北京100084数据工程与知识工程教育部重点实验室(中国人民大学),北京100872清华大学网络科学与网络空间研究院,北京100084
刊名:电子学报 ISTICEIPKU
Journal:ActaElectronicaSinica
年,卷(期):2024, 52(4)
分类号:TP393
关键词:网络验证 可扩展性 网络配置 时空优化 数据面验证 控制面验证
Keywords:networkverification scalability networkconfiguration time-spaceoptimization dataplaneverifica-tion controlplaneverification
机标分类号:F276.3TG409P632
在线出版日期:2024年6月26日
基金项目:可扩展的网络验证技术:研究现状与发展趋势[
期刊论文] 电子学报--2024, 52(4)黄翰林 徐恪 李琦 李彤 付松涛 高翔宇互联网作为国家信息基础设施的重要组成部分,已经在各个领域发挥着巨大的作用.随着其规模不断扩大和应用持续深入,我们也面临着意图不一致的网络行为可能导致的灾难性危害.为了确保互联网的正常运行和网络行为的一致性,...参考文献和引证文献
参考文献
引证文献
本文读者也读过
相似文献
相关博文
可扩展的网络验证技术:研究现状与发展趋势 Scalable Network Verification Technologies:State of the Art and Future
可扩展的网络验证技术:研究现状与发展趋势.pdf
- 文件大小:
- 15.35 MB
- 下载次数:
- 60
-
高速下载
|
|
