VERMONT: Towards an In-band Telemetry-Based Approach for Live Network Property Verification.

The verification of network properties is often an exhaustive and time-consuming effort. The number of configurations needed to be analyzed by static verification increases as the networks grow larger, and the processing time consumed becomes prohibitive. Equally important, existing approaches fall short of detecting violations in dynamic environments. While the field of static verification has received significant attention in the last few years, few research efforts have been made to verify networks in production time. Capitalizing on the emergence of programmable data planes, in this paper, we propose VERMONT, an In-Band Network Telemetry-Based verification approach that continuously verifies properties as the state of the network changes. The key contribution of our work is an in-network system capable of continuously collecting the metadata from the network to verify properties in real-time. By efficiently retrieving only the necessary information from the network, VERMONT can accurately and quickly reason whether a set of properties is being held or not at a given time within the network. We implemented VERMONT, evaluated its performance using realistic settings, and compared it with a state-of-the-art approach. The results show that the proposed solution is technically feasible and performs at least one order of magnitude faster than a static verification counterpart. We also provide evidence that VERMONT incurs a very low resource usage footprint considering its application in several real-world networks.