Network Function Virtualization (NFV) and Software Defined Networking (SDN) are new emerging paradigms that changed the rules of networking, shifting the focus on dynamicity and programmability. In this new scenario, a very important and challenging task is to detect anomalies in the data plane, especially with the aid of suitable automated software tools. In particular, this operation must be performed within quite strict times, due to the high dynamism introduced by virtualization. In this article, we propose a new network modeling approach that enhances the performance of formal verification of reachability policies, checked by solving a Satisfiability Modulo Theories (SMT) problem. This performance improvement is motivated by the definition of function models that do not work on single packets, but on packet classes. Nonetheless, the modeling approach is comprehensive not only of stateless functions, but also stateful functions such as NATs and firewalls. The implementation of the proposed approach achieves high scalability in complex networked systems consisting of several heterogeneous functions.

中文翻译：

---

改进虚拟网络中可达性策略的形式验证

网络功能虚拟化（NFV）和软件定义网络（SDN）是新兴的范式，它改变了网络规则，将重点转移到了动态性和可编程性上。在这种新情况下，一项非常重要且具有挑战性的任务是检测数据平面中的异常，尤其是借助合适的自动化软件工具。特别是由于虚拟化带来的高动态性，必须在相当严格的时间内执行此操作。在本文中，我们提出了一种新的网络建模方法，该方法可增强可到达性策略的形式验证的性能，通过解决可满足性模理论（SMT）问题进行检查。此功能的改进是由对单个数据包不起作用，但对数据包类起作用的功能模型的定义引起的。尽管如此，建模方法不仅针对无状态功能，而且还针对诸如NAT和防火墙之类的有状态功能，是全面的。所提出的方法的实现在由多个异构功能组成的复杂网络系统中实现了高可伸缩性。