The recent advances in network management automation and Software-DefinedNetworking (SDN) are easing network policy management tasks. At the same time,these new technologies create a new mode of failure in the management cycleitself. Network policies are presented in an abstract model at a centralizedcontroller and deployed as low-level rules across network devices. Thus, anysoftware and hardware element in that cycle can be a potential cause ofunderlying network problems. In this paper, we present and solve a networkpolicy fault localization problem that arises in operating policy managementframeworks for a production network. We formulate our problem via risk modelingand propose a greedy algorithm that quickly localizes faulty policy objects inthe network policy. We then design and develop SCOUT---a fully-automated systemthat produces faulty policy objects and further pinpoints physical-levelfailures which made the objects faulty. Evaluation results using a real testbedand extensive simulations demonstrate that SCOUT detects faulty objects withsmall false positives and false negatives.
展开▼
