Proposal of an Automatic Verification Method for Network Configuration Model by Static Analysis

Abstract: In the network design phase, designers typically assess the validity of the network configuration on paper. However, the interactions between devices based on network protocols can be complex, making this assessment challenging. Meanwhile, testing with actual devices incurs significant costs and effort for procurement and preparation. Traditional methods, however, have limitations in identifying configuration values that cause policy violations and verifying syntactically incomplete device configuration files. In this paper, we propose a method to automatically verify the consistency of a model representing the network configuration (Network Configuration Model) by static analysis. The proposed method performs verification based on the network configuration model to detect policy violations and points out configuration values that cause these violations. Additionally, to facilitate the designers' review of each network device's configuration, the model is converted into a format that mimics the output of actual devices, which designers are likely familiar with. As a case study, we applied the proposed method to the network configuration of Shinshu University, a large-scale campus network, by intentionally introducing configuration errors and applying the method. We further evaluated whether it could output device states equivalent to those of actual devices.