/config2spec

Mining Network Specifications from Network Configurations

Primary LanguagePython

Config2Spec: Mining Network Specifications from Network Configurations

This repository contains the code of the Config2Spec project: A system to automatically learn a network's specification from its configuration.

Config2Spec has been published at USENIX NSDI'20.

The system relies on Batfish and Minesweeper.

Installation Guide

  1. Clone this repository

  2. Build Batfish and Minesweeper Follow the steps described here

  3. Create a virtualenv with all requirements

    $ virtualenv -p python3 c2s_env
$ source c2s_env/bin/activate
$ pip install -r requirements.txt

  4. Install Config2Spec

    $ pip install -e .

Run Config2Spec

A set of configurations of a network is called scenario. We provide a few sample scenarios in this repository. With the exception of Internet2, the configs have been synthesized using NetComplete.

If you want to analyze your own configuration, just follow the same structure: Create a new directory for the scenario and within that create a directory called configs that contains all the configuration files to be analyzed. Also, make sure that the configuration files have a .cfg file ending.

The run_c2s.py script contains the full pipeline as described in the paper.

You can run it the following way:

$ python run_c2s.py <scenario path> <backend path> <temp batfish path> -mf <max failures>

Note: The specification is stored in a CSV file under the scenario path. All policies which Config2Spec encountered are part of this file. To only consider the policies that are part of the specification, filter the policies based on the column "Status": All policies that have the status PolicyStatus.HOLDS are part of the specification.

Arguments

  • scenario path - The path to the directory containing the scenario (e.g., /home/user/config2spec/scenarios/bics/ospf).

  • backend path - The path to the .jar of the Batfish backend (e.g., /home/user/batfish/projects/backend/target/backend-bundle-0.36.0.jar).

  • temp batfish path - The path to an directory where batfish can store some temporary data.

  • max failures - An int specifying the maximum number of failures the specification should include (e.g., for up to 1 failure set -mf 1).

Example

$ python run_c2s.py scenarios/bics/ospf ~/batfish-73946b2f1bdea5f1146e4db4f2586e071da752df/projects/backend/target/backend-bundle-0.36.0.jar ~/tmp -mf 1