Reachability Analysis for AWS-Based Networks

Backes, John; Bayless, Sam; Cook, Byron; Dodge, Catherine; Gacek, Andrew; Hu, Alan J.; Kahsai, Temesghen; Kocik, Bill; Kotelnikov, Evgenii; Kukovec, Jure; McLaughlin, Sean; Reed, Jason; Rungta, Neha; Sizemore, John; Stalzer, Mark A.; Srinivasan, Preethi; Subotić, Pavle; Varming, Carsten; Whaley, Blake

doi:10.1007/978-3-030-25543-5_14

Cited by 43 publications

(25 citation statements)

References 17 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Model-based tools [2,5,6,13,16] statically analyze reachability between a specified source and destination in a network or routing device. Rather than transmitting live packets, these tools use formal methods such as constraint solvers to rigorously identify feasible paths.…”

Section: Related Workmentioning

confidence: 99%

“…VPC Reachability Analyzer uses the Tiros [2] formal model of AWS VPC networking semantics to identify whether a destination is reachable from a source in a given VPC configuration. If the destination is reachable, then Tiros identifies a feasible path from the source to the destination, where a path is a sequence of network components associated with incoming and/or outgoing packet header assignments (protocol, addresses, ports).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Debugging Network Reachability with Blocked Paths

Bayless

Backes

DaCosta

et al. 2021

Computer Aided Verification

View full text Add to dashboard Cite

In this industrial case study we describe a new network troubleshooting analysis used by VPC Reachability Analyzer, an SMT-based network reachability analysis and debugging tool. Our troubleshooting analysis uses a formal model of AWS Virtual Private Cloud (VPC) semantics to identify whether a destination is reachable from a source in a given VPC configuration. In the case where there is no feasible path, our analysis derives a blocked path: an infeasible but otherwise complete path that would be feasible if a corresponding set of VPC configuration settings were adjusted.Our blocked path analysis differs from other academic and commercial offerings that either rely on packet probing (e.g., tcptrace) or provide only partial paths terminating at the first component that rejects the packet. By providing a complete (but infeasible) path from the source to destination, we identify for a user all the configuration settings they will need to alter to admit that path (instead of requiring them to repeatedly re-run the analysis after making partial changes). This allows users to refine their query so that the blocked path is aligned with their intended network behavior before making any changes to their VPC configuration.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Debugging Network Reachability with Blocked Paths

Bayless

Backes

DaCosta

et al. 2021

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…Over the course of 4 years developing code‐level proofs in Amazon Web Services (AWS), 2‐5 we have developed a proof methodology that allows us to produce proofs with reasonable and predictable effort. For example, using these techniques, one full‐time verification engineer and two interns were able to specify and verify 171 entry points over nine key modules in the AWS C Commonlibrary over a period of 24 weeks (see Section 3.3 for a more detailed description of this library).…”

Section: Introductionmentioning

confidence: 99%

Code‐level model checking in the software development workflow at Amazon Web Services

et al. 2021

Self Cite

View full text Add to dashboard Cite

This article describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services (AWS). Lessons learned are drawn from proving properties of numerous C‐based systems, for example, custom hypervisors, encryption code, boot loaders, and an IoT operating system. Using our methodology, we find that we can prove the correctness of industrial low‐level C‐based systems with reasonable effort and predictability. Furthermore, AWS developers are increasingly writing their own formal specifications. As part of this effort, we have developed a CI system that allows integration of the proofs into standard development workflows and extended the proof tools to provide better feedback to users. All proofs discussed in this article are publicly available on GitHub.

show abstract

“…This development is also not limited to academia. Large cloud providers, such as Alibaba [36], Amazon [2], and Microsoft [20], are developing and deploying network verification systems. However, as shown in Figure 1, each such tool today is a monolith, with its own model of the target functionality and its own analysis engine.…”

Section: Introductionmentioning

confidence: 99%

A General Framework for Compositional Network Modeling

Beckett

Mahajan

2020

Proceedings of the 19th ACM Workshop on Hot Topics in Networks

View full text Add to dashboard Cite

We advocate for an approach to network modeling and analysis based on a common intermediate language. Unlike today, where each tool builds a custom model and analysis engine for its target network functionality, we argue that network functionality should be expressed in a common language. This approach makes it easier to expand formal analysis to new functionality and analyze interactions between dependent functionalities (e.g., routing and packet filtering). We demonstrate the feasibility of this approach by developing an intermediate language called Zen and three different analyses for programs in that language. For representative data plane and control plane functionalities, we find that Zen reduces the modeling effort by an order of magnitude, while providing analysis performance that matches custom tools. CCS CONCEPTS • Networks → Network reliability; • Theory of computation → Program verification; • Software and its engineering → Model checking; Functional languages.

show abstract

Reachability Analysis for AWS-Based Networks

Cited by 43 publications

References 17 publications

Debugging Network Reachability with Blocked Paths

Debugging Network Reachability with Blocked Paths

Code‐level model checking in the software development workflow at Amazon Web Services

A General Framework for Compositional Network Modeling

Contact Info

Product

Resources

About