Network Configuration Checking And Forwarding Verification Based On Heterogeneous Operational Data

With the booming development of computer network application technology,reliable and stable network infrastructure has become an indispensable condition to support social and economic development.Application services require network infrastructure to respond quickly to business changes while ensuring the correctness of the changes and avoiding network changes that produce effects other than those intended or even network paralysis.To cope with the problem of lagging network management and reliance on manual work,a large number of network validation studies have emerged in recent years,which utilize formal methods to address the problem of validating the correctness of network configurations.However,in the current heterogeneous network environment of multi-vendor devices,the data management of network operation and maintenance is quite complex,and the management methods of NETCONF/YANG proposed by IETF and CLI command line coexist.And the existing network validation schemes cannot carry out validation work in the heterogeneous network environment.Secondly,the existing verification tools need to manually describe the verification objectives according to a customized language,which makes network verification still rely on managers’ knowledge of network planning.The main scenarios for carrying out network verification,such as network configuration checking and forwarding verification,lack effective network specification descriptions.Facing the real network migration scenario,this thesis proposes a heterogeneous operation and maintenance data parsing framework supporting YANG model for the heterogeneous operation and maintenance data parsing problem in network validation.On this basis,we design a method to automatically mine and analyze network forwarding policies,and then carry out network configuration checking,and network forwarding validation in migration scenarios.The main research work of this thesis is as follows:(1)To address the problem of multi-vendor heterogeneous operation and maintenance data in network validation,we propose to use network domain knowledge graph based on YANG model to complete automatic parsing and adaptation of YANG model heterogeneous operation and maintenance data.That avoids the defects of relying on CLI command line text parser,development of vendor-related device model,and the need to manually write network environment information in the mainstream Batfish method.Finally,the method improves the efficiency of the network verification.(2)To automatically mine the policy descriptions from the network environment information that can be used for network verification,based on the Config2 Spec network forwarding policy mining framework,the policy representation of network forwarding behavior is extended to support more comprehensive network device functions for controlling node forwarding,including the FIB(Forward Information Base)table,the Access Control Table(ACL: Access Control List),etc.The method facilitates the generation of effective policies to support network validation and subsequent problem analysis.In addition,the mechanism of control plane verification in Config2 Spec is improved to optimize the performance of policy mining under complex failures models.(3)Based on the mined network forwarding policies,research on network configuration checking and forwarding verification methods is carried out.First,by calculating the differences in forwarding behaviors of network devices described by policies in the same area,we proactively check the configuration vulnerabilities of network devices.By using fault model design,potential network configuration problems are discovered.Second,to address the forwarding verification problem in network migration scenarios,qualitative and quantitative verification methods of network forwarding behavior after migration are proposed to improve the effectiveness and reliability of network migration.In summary,this study provides low-cost and operable technical solutions for network verification problems in real scenarios such as network migration.And the proposed automated method for mining and analyzing network forwarding policies can significantly reduce the labor cost of network management and improve the application value of network verification tools.