# Consistent SDNs through Network State Fuzzing

**Authors:** Apoorv Shukla, Said Jawad Saidi, Stefan Schmid, Marco Canini, Thomas, Zinner, Anja Feldmann

arXiv: 1904.08977 · 2020-12-08

## TL;DR

This paper introduces PAZZ, a system that uses active network state fuzzing combined with production traffic to detect and localize data plane inconsistencies in SDNs efficiently, improving over existing methods.

## Contribution

The paper presents PAZZ, a novel active probe-based network state fuzzing approach for comprehensive consistency checking in SDNs, addressing limitations of passive methods.

## Key findings

- PAZZ detects data plane faults with minimal resources.
- PAZZ outperforms baseline approaches in fault localization.
- PAZZ is effective on various network topologies.

## Abstract

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Unfortunately, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to periodically test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly while outperforming baseline approaches.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1904.08977/full.md

## Figures

36 figures with captions in the complete paper: https://tomesphere.com/paper/1904.08977/full.md

## References

63 references — full list in the complete paper: https://tomesphere.com/paper/1904.08977/full.md

---
Source: https://tomesphere.com/paper/1904.08977