How network verification differs from monitoring, and what it’s good for

In a previous post I discussed network verification, a new area of technology that applies what is known as formal verification – mathematical analysis of a complex system to determine rigorously if it meets the end-to-end goal – to network infrastructure.

But what is such verification good for and how is it different from today’s common practice, whereby nearly every organization monitors its network, typically by sampling ongoing flows, events or logs. Isn’t that enough to catch problems as the organization deploys changes?

Monitoring samples the past; verification predicts the future

In fact, verification is quite different from monitoring in powerful ways. To understand verification, it is helpful to contrast it with the traffic-monitoring technology that we all know.

  • Monitoring observes low-level events; verification understands the high-level goal. Monitoring solutions do not generally understand the network-wide goal of the business. They gather observations of what has happened, but that is not the same as understanding what should The idea of verification is to ensure an ultimate goal – the intent of the network designer – is being met. One can declare a high-level intent such as “My hospitals should be able to reach all critical services along multiple paths,” store it in a central repository of record and verify the intent continuously as thousands of changes are made to the network across time. This ability to meet an ultimate goal is why verification has become a key part of intent-based networking.
  • Monitoring watches what happened; verification predicts what could happen. Because monitoring watches recent or historical traffic, it is fundamentally reactive, only seeing problems as or after users are experiencing them (or after attackers have exploited vulnerabilities!). Verification solutions do not need to look at a single packet flowing through the network, and do not inject probe traffic into the network. Instead, they analyze network state, such as configurations, forwarding tables, access-control lists and more, to figure out how traffic could flow through the network. As a result, operators can verify if the network will behave as intended.
  • Monitoring samples a few packets; verification explores all possible behaviors. Monitoring cannot give complete assurance that intent is met under all circumstances; it can only say, “I do not see a problem right now, but who knows what will happen when the next packet arrives.” Verification effectively explores what could happen to all possible packets, injected everywhere in the network. Such exploration results in an enormous number of possibilities, and analyzing them requires use of new algorithmic technology – inspired by the field of formal verification – that has recently been applied to network infrastructure.

Using verification to spot problems proactively

Let’s see how the differences above come together in a useful way for users of verification technology.

Leave a Reply

Your email address will not be published. Required fields are marked *