David Walker's research while affiliated with Princeton University and other places

Publications (15)

Conference Paper
We develop an algorithm capable of compressing large networks into smaller ones with similar control plane behavior: For every stable routing solution in the large, original network, there exists a corresponding solution in the compressed network, and vice versa. Our compression algorithm preserves a wide variety of network properties including rea...
Preprint
We develop an algorithm capable of compressing large networks into a smaller ones with similar control plane behavior: For every stable routing solution in the large, original network, there exists a corresponding solution in the compressed network, and vice versa. Our compression algorithm preserves a wide variety of network properties including r...
Conference Paper
We present Minesweeper, a tool to verify that a network satisfies a wide range of intended properties such as reachability or isolation among nodes, waypointing, black holes, bounded path length, load-balancing, functional equivalence of two routers, and fault-tolerance. Minesweeper translates network configuration files into a logical formula that...
Conference Paper
We develop Propane/AT, a system to synthesize provably-correct BGP (border gateway protocol) configurations for large, evolving networks from high-level specifications of topology, routing policy, and fault-tolerance requirements. Propane/AT is based on new abstractions for capturing parameterized network topologies and their evolution, and algorit...
Article
We develop Propane/AT, a system to synthesize provably-correct BGP (border gateway protocol) configurations for large, evolving networks from high-level specifications of topology, routing policy, and fault-tolerance requirements. Propane/AT is based on new abstractions for capturing parameterized network topologies and their evolution, and algorit...
Conference Paper
We describe Propane, a system that consists of a language for specifying the end-to-end routing policy for a network and a compiler for implementing the policy by generating a collection of device configurations for the BGP routing protocol that run on unmodified vendor hardware. Propane allows operators to describe their policy through high-level...
Conference Paper
We develop Propane, a language and compiler to help network operators with a challenging, error-prone task—bridging the gap between network-wide routing objectives and low-level configurations of devices that run complex, distributed protocols. The language allows operators to specify their objectives naturally, using high-level constraints on both...
Conference Paper
Early programming languages for software-defined networking (SDN) were built on top of the simple match-action paradigm offered by OpenFlow 1.0. However, emerging hardware and software switches offer much more sophisticated support for persistent state in the data plane, without involving a central controller. Nevertheless, managing stateful, distr...
Article
Over the past 5-10 years, the rise of software-defined networking (SDN) has inspired a wide range of new systems, libraries, hypervisors and languages for programming, monitoring, and debugging network behavior. Oftentimes, these systems are disjoint—one language for programming and another for verification, and yet another for run-time monitoring...
Conference Paper
Over the past 5-10 years, the rise of software-defined networking (SDN) has inspired a wide range of new systems, libraries, hypervisors and languages for programming, monitoring, and debugging network behavior. Oftentimes, these systems are disjoint—one language for programming and another for verification, and yet another for run-time monitoring...
Article
Full-text available
Early programming languages for Software-Defined Networking (SDN) were built on top of the simple match-action paradigm offered by OpenFlow 1.0. However, emerging switches and middleboxes offer much more sophisticated support for persistent state in the data plane, without involving a central controller. In this paper, we introduce high-level progr...
Article
Full-text available
OpenFlow is a vendor-agnostic API for controlling hardware and software switches. In its current form, OpenFlow is specific to particular protocols, making it hard to add new protocol headers. It is also tied to a specific processing paradigm. In this paper we make a strawman proposal for how OpenFlow should evolve in the future, starting with the...
Article
Modern computer networks perform a bewildering array of tasks, from routing and traffic monitoring, to access control and server load balancing. However, managing these networks is unnecessarily complicated and error-prone, due to a heterogeneous mix of devices (e.g., routers, switches, firewalls, and middleboxes) with closed and proprietary config...
Conference Paper
Full-text available
This paper introduces YARRA, a conservative extension to C to protect applications from non-control data attacks. YARRA programmers specify their data integrity requirements by declaring critical data types and ascribing these critical types to important data structures. YARRA guarantees that such critical data is only written through pointers with...
Article
Full-text available
Motivation Type systems are a natural discipline for ensuring that programs maintain certain runtime invariants. Of course, language designers cannot anticipate all the invariants that programmers will want to enforce. Therefore, it is desirable to allow programmers to specify and statically check invariants of interest for their applica-tions. Res...

Citations

... The number of non-best routes in this set determines the precision of the abstraction; our least precise abstraction corresponds to picking any available route. We formalize these abstractions using the Stable Routing Problem (SRP) model [14,15], which can model a wide variety of distributed routing protocols. Although some other efforts [55,50] have also proposed to abstract the decision process in BGP (details in §7), we elucidate and study the general principle, prove it sound, and reveal a range of precision-cost tradeoffs. ...
... Wired Network Synthesis. Finally, prior work has explored synthesis of network topologies and routing configurations [7,39]. Our problem is qualitatively different in that it includes coverage requirements and visibility constraints. ...
... There has been much recent progress in control plane verification. For small-sized networks, fully symbolic SMT-based verifiers [14,55,28] usually work well and support a broad range of properties. For medium-to-large networks, SMT-based verifiers have not been shown to scale well. ...
... Numerous configuration synthesis solutions are capable of precisely generating a logical model from given input configurations, reproducing their characteristics and interactions [12,13]. These efforts enable the efficient reproduction of low-level configuration characteristics in higher-level platform-independent representations such as abstract topologies [13], abstract models [12], or a tabular representation [8]. ...
... On the other hand there have been studies [11][12][13][14][15] concerning the development of general-purpose programming abstractions for network applications, none of which considered having replicated states in the data plane. In particular, in [11][12][13] the authors tried to address the issues of defining a general enough programming language for network applications. ...
... Example 2 (Motivating example with path-sensitivity). Figure 1b shows another BGP network (based on an example from Propane [17]), with seven routers and destination R 1 . We would like to verify that R 7 can reach the destination. ...
... The processing delay between the SDN controller and switches and the control channel bottleneck [16,17] may reduce the scalability, reliability, and security of 5G NS. Several advanced interface protocols for the SDN controller and switches have been proposed to provide enhanced state forwarding rules and enable data plane switches to obtain persistent state information, such as OpenState [18], programming protocol-independent packet processors (P4) [19], protocol-oblivious forwarding [20], stateful data plane architecture [21], and stateful network-wide abstractions for packet processing [22]. Among these, P4 is a protocol-independent, high-level programming language that enables programmers to modify how SDN switches process data packets. ...
... For de Giacaomo and Vardi, LTL f is useful for AI planning applications [6,5,7,9]. The second author first encountered finite temporal logics when designing Temporal NetKAT [3]. NetKAT is a specification language for network configurations [1] based on Kleene algebra with tests [10]. ...
... These policies often change in computer networks as per the demands of hosts or changes in network topology to allow or deny specific communication [40]. The SDN programming languages (for example, Pyretic [41], Frenetic [42], and Maple [43]) help to specify ACL policies as per the application environment via parallel and sequential composition operators for efficient implementation of policies. Whenever a host initiates a communication process, the forwarding device (switch) checks flow rules for that communication in its flow table. ...