In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.

中文翻译：

---

状态网络验证的一些复杂性结果

在现代网络中，数据包的转发通常取决于先前传输的流量的历史记录。此类网络包含有状态的中间件，其转发行为取决于可变的内部状态。防火墙和负载均衡器是有状态中间件的典型例子。这项工作解决了在具有有限状态中间盒的网络中验证安全属性（例如隔离）的复杂性。不幸的是，我们表明即使没有转发循环，由于由无界有序通道连接的中间盒之间的交互，对此类网络的推理也是不可判定的。因此，我们抽象出通道排序。这种抽象对于安全来说是合理的，并使问题具有可判定性。具体来说，安全检查在网络中的主机和中间盒的数量上变得 EXPSPACE-complete。为了解决高复杂性，我们确定了有限状态中间盒的两个有用的子类，它们具有更好的复杂性。最简单的类别包括例如防火墙并允许多项式时间验证。第二类包括例如缓存服务器和学习交换机，并使安全问题 coNP-complete。最后，我们实现了一个工具来验证有状态网络的正确性。