Collaborative Verification of Forward and Reverse Reachability in the Internet Data Plane

To debug reach ability problems, a network operator often asks operators of other networks for help by telephone or email. We present a new protocol, COVE, for automating the exchange of data plane reach ability information between networks in a business relationship. A network deploys COVE in a host (its local verifier) which can construct both forward and reverse reach ability trees in the Internet data plane for the network´s provider/customer cone. Each edge in a tree is annotated by a set of packets that can traverse the edge. COVE was designed with partial deployment in mind. Reachable networks that do not deploy COVE are leaf nodes in reach ability trees. Partial trees are useful. We constructed an Internet dataset of 2, 649 ASes and performed experiments in which up to 170 workstations ran COVE as local verifiers to construct forward and reverse provider (also customer) trees for ASes. The results of these experiments demonstrate scalability of COVE to very large ASes in the Internet. We illustrate applications of COVE to solve the following network management problems: evaluating inbound load balancing policies, what-if analysis before adding a new provider, finding additional paths, configuring default routes as backup, black hole detection, and persistent forwarding loop detection.