Software-Defined Networking (SDN) is an innovational network architecture which gives network administrators the ability to directly control the whole network by programming on a centralized controller. Due to network complexity, networks are unlikely to be bug-free. The ability to verify data plane properties will make network management easier for network administrators in SDN. In this paper, we present a novel atomic predicates based data plane properties verification method for SDN using Spark which is a big data processing framework. First, we verify packet reachability which is a fundamental data plane property. Then, we verify other data plane properties such as loop-freedom and nonexistence of black holes. In addition, the proposed method can detect a security threat existing in SDN called firewall bypass threat with packet reachability verification. By adopting atomic predicates, we achieve less computational and storage overhead. We implement the methods and study the performance. The results of experiments show that we can efficiently and accurately detect loops, black holes and firewall bypass threats.

中文翻译：

---

使用 Spark 的软件定义网络中基于原子谓词的数据平面属性验证

软件定义网络 (SDN) 是一种创新的网络架构，它使网络管理员能够通过在集中控制器上进行编程来直接控制整个网络。由于网络的复杂性，网络不可能没有错误。验证数据平面属性的能力将使 SDN 中的网络管理员更容易进行网络管理。在本文中，我们使用大数据处理框架 Spark 为 SDN 提出了一种基于原子谓词的新型数据平面属性验证方法。首先，我们验证数据包可达性，这是一个基本的数据平面属性。然后，我们验证其他数据平面属性，例如循环自由和不存在黑洞。此外，所提出的方法可以通过数据包可达性验证来检测SDN中存在的称为防火墙绕过威胁的安全威胁。通过采用原子谓词，我们实现了更少的计算和存储开销。我们实施方法并研究性能。实验结果表明，我们可以高效准确地检测环路、黑洞和防火墙绕过威胁。