Abstract: An example method of packet forwarding for a packet set in a network device includes: selecting a first bit pattern of multiple adjacent bits from a bit string that represents an input packet set; selecting a second bit pattern of multiple adjacent bits from a first node of a data structure that implements a prefix-compressed decision diagram representing a first class of packets; performing a comparison of the first bit pattern to the second bit pattern; generating an output packet set, which is a subset of the input packet set, in response to the first bit pattern matching the second bit pattern; and applying a network forwarding action to the output packet set, the network forwarding action associated with the prefix-compressed decision diagram and dictating packet forwarding behavior of the network device with respect to the output packet set.

Abstract: A method may include obtaining packet handling rules from network nodes in a network. The method also includes, using the rules, generating a transitive reduction of a partially ordered set of elements, where the elements correspond to match conditions in the rules, each match condition representing a set of packets identified by packet headers. The method may also include generating packet equivalence classes (PECs) by removing children elements from a parent element in the transitive reduction, where each PEC covers disjoint sets of packets, and each PEC is identified by fields in the packet headers including source address, destination address, and protocol of packets. The PECs may represent a group of packets treated in a same manner in the network. The method may also include generating a graph representation of the network nodes utilizing the PECs, and, using the graph representation, verifying properties of operation of the network.

Abstract: A network analysis method may include identifying a data plane for routing traffic through a network that includes one or more forwarding tables for each switch of a plurality of switches in the data plane. The method may also include generating an edge-labeled graph, wherein each edge of the edge-labeled graph is associated with one or more atoms to represent an Internet Protocol (IP) prefix of a forwarding rule of the data plane. Further, the method may include initializing a network summary of the network as a transitive closure of the edge-labeled graph. In addition, the method may include updating the edge-labeled graph to generate an updated edge-labeled graph in response to a modification of a forwarding table of the one or more forwarding tables. Moreover, the method may include determining a transitive closure of the updated edge-labeled graph, and updating the network summary based on the network summary and the transitive closure of the updated edge-labeled graph.

Abstract: A network analysis method may include identifying a data plane for routing traffic through a network that includes one or more forwarding tables for each switch of a plurality of switches in the data plane. The method may also include generating an edge-labeled graph, wherein each edge of the edge-labeled graph is associated with one or more atoms to represent an Internet Protocol (IP) prefix of a forwarding rule of the data plane. Further, the method may include initializing a network summary of the network as a transitive closure of the edge-labeled graph. In addition, the method may include updating the edge-labeled graph to generate an updated edge-labeled graph in response to a modification of a forwarding table of the one or more forwarding tables. Moreover, the method may include determining a transitive closure of the updated edge-labeled graph, and updating the network summary based on the network summary and the transitive closure of the updated edge-labeled graph.

Abstract: A network verification method may include identifying a data plane for routing traffic through a network that includes one or more forwarding tables for each switch of a plurality of switches in the data plane. The method may also include obtaining a forwarding behavior representation of the data plane based on the forwarding tables, and obtaining a forwarding rule from the one or more forwarding tables. The method may additionally include transforming the forwarding behavior representation based on the forwarding rule. The method may also include pruning meta-information about the forwarding rule that is redundant to forwarding behavior, and comparing the forwarding behavior representation of the data plane to one or more network properties of expected behavior of the data plane to detect one or more errors in the data plane as variations from the expected behavior.

Abstract: A method may include obtaining packet handling rules from network nodes in a network. The method also includes, using the rules, generating a transitive reduction of a partially ordered set of elements, where the elements correspond to match conditions in the rules, each match condition representing a set of packets identified by packet headers. The method may also include generating packet equivalence classes (PECs) by removing children elements from a parent element in the transitive reduction, where each PEC covers disjoint sets of packets, and each PEC is identified by fields in the packet headers including source address, destination address, and protocol of packets. The PECs may represent a group of packets treated in a same manner in the network. The method may also include generating a graph representation of the network nodes utilizing the PECs, and, using the graph representation, verifying properties of operation of the network.

Abstract: A network verification method may include identifying a data plane for routing traffic through a network that includes one or more forwarding tables for each switch of a plurality of switches in the data plane. The method may also include obtaining a forwarding behavior representation of the data plane based on the forwarding tables, and obtaining a forwarding rule from the one or more forwarding tables. The method may additionally include transforming the forwarding behavior representation based on the forwarding rule. The method may also include pruning meta-information about the forwarding rule that is redundant to forwarding behavior, and comparing the forwarding behavior representation of the data plane to one or more network properties of expected behavior of the data plane to detect one or more errors in the data plane as variations from the expected behavior.

Abstract: A network verification method may include identifying a data plane including one or more forwarding tables for each switch of a plurality of switches in the data plane. The method may also include generating a forwarding behavior representation of the data plane to represent Boolean combinations of forwarding rules of the one or more forwarding tables of the data plane. Further, the method may include comparing the forwarding behavior representation of the data plane to one or more network properties to detect one or more errors in the data plane.

Abstract: A network verification method may include identifying a data plane including one or more forwarding tables for each switch of a plurality of switches in the data plane. The method may also include generating a forwarding behavior representation of the data plane to represent Boolean combinations of forwarding rules of the one or more forwarding tables of the data plane. Further, the method may include comparing the forwarding behavior representation of the data plane to one or more network properties to detect one or more errors in the data plane.