RUN-TIME VERIFICATION OF MIDDLEBOX ROUTING AND TRAFFIC PROCESSING
First Claim
1. In a computing environment, a method, comprising, sending probe traffic to a middlebox in a network, and monitoring middlebox output to determine whether the middlebox is operating correctly according to a specified set of rules with respect to performing routing or traffic processing, or both routing and traffic processing.
3 Assignments
0 Petitions
Accused Products
Abstract
The subject disclosure is directed towards verifying correct middlebox operation/behavior, including while the middlebox is running in a network. Probe traffic is sent to a middlebox, with the middlebox output monitored to determine whether the middlebox correctly processed the traffic. For example, the verification may be directed towards evaluating that only legitimate traffic is passed, and that the legitimate traffic is correctly routed. Also described is the use of a summary data structure to track traffic flows, and the detection of routing loops.
110 Citations
20 Claims
- 1. In a computing environment, a method, comprising, sending probe traffic to a middlebox in a network, and monitoring middlebox output to determine whether the middlebox is operating correctly according to a specified set of rules with respect to performing routing or traffic processing, or both routing and traffic processing.
- 13. In a computing environment, a system comprising, a plurality of vantage points, each vantage point comprising a source of probe traffic coupled to a middlebox and configured to send the probe traffic to the middlebox, a monitoring mechanism configured to receive output from the middlebox, and logic configured to analyze the middlebox output to evaluate the middlebox behavior based upon the probe traffic and the middlebox output.
-
20. One or more computer-readable storage media having computer-executable instructions, which when executed perform steps, comprising, performing runtime verification of a middlebox, including logging traffic flow data output from a middlebox interface via a data structure that represents information corresponding to each flow, and analyzing the information in the data structure, including to determine according to policy data whether only legitimate traffic is passed and that the legitimate traffic is forwarded to correct endpoints by correlating what middlebox interface is carrying what traffic flows and checking that the legitimate traffic is reaching the intended destination.
Specification