Journal of Network and Systems Management

, Volume 25, Issue 1, pp 180–209 | Cite as

A Declarative Approach to Network Device Configuration Correctness

  • Éric Lunaud Ngoupé
  • Clément Parisot
  • Sylvan Stoesel
  • Petko Valtchev
  • Roger Villemaire
  • Omar Cherkaoui
  • Pierre Boucher
  • Sylvain Hallé


Configuration Logic (CL) is a formal language that allows a network engineer to express constraints in terms of the actual parameters found in the configuration of network devices. We present an efficient algorithm that can automatically check a pool of devices for conformance to a set of CL constraints; moreover, this algorithm can point to the part of the configuration responsible for the error when a constraint is violated. Contrary to other validation approaches that require dumping the configuration of the whole network to a central location in order to be verified, we also present an algorithm that analyzes the correct formulas and greatly helps reduce the amount of data that need to be transferred to that central location, pushing as much of the evaluation of the formula locally on each device. The procedure is also backwards-compatible, in such a way that a device that does not (or only partially) supports a local evaluation may simply return a subset or all of its configuration. These capabilities have been integrated into a network management tool called ValidMaker.


Management Fault detection Logical constraints 



The authors would like to acknowledge the work of Éric Wenaas on an early version of ValidMaker. The authors acknowledge the financial support of the Natural Sciences and Engineering Research Council of Canada and Ericsson Canada.


  1. 1.
    Strassner, J.: Bridge to IP Profitability (2002). Accessed 27 May 2016
  2. 2.
    Feamster, N., Balakrishnan, H.: Detecting BGP configuration faults with static analysis. In: 2nd Symposium on Networked Systems Design and Implementation (NSDI), (Boston, MA), pp. 43–56 (2005)Google Scholar
  3. 3.
    Wool, A.: A quantitative study of firewall configuration errors. IEEE Comput. 6, 62–67 (2004)CrossRefGoogle Scholar
  4. 4.
    Burgess, M., Couch, A.: Modeling next generation configuration management tools. In: LISA, pp. 131–147. USENIX (2006)Google Scholar
  5. 5.
    Hallé, S., Ngoupe, E.L., Nijdam, G., Cherkaoui, O., Valtchev, P., Villemaire, R.: Validmaker: a tool for managing device configurations using logical constraints. In: NOMS [35], pp. 1111–1118Google Scholar
  6. 6.
    802.11Q: Virtual bridged local area networks standard (2003).
  7. 7.
  8. 8.
    Villemaire, R., Hallé, S., Cherkaoui, O.: Configuration Logic: a multi-site modal logic. In: TIME, pp. 131–137. IEEE Computer Society (2005)Google Scholar
  9. 9.
    Delaet, T., Joosen, W.: A language for high-level configuration management. In: 21st Large Installation System Administration Conference, pp. 131–137. Usenix Association (2007)Google Scholar
  10. 10.
    Fedor, M., Schoffstall, M.L., Davin, J.: An architecture for describing SNMP management frameworks (RFC 1157) (1990)Google Scholar
  11. 11.
    Enns, R., Bjorklund, M., Schoenwaelder, J., Bierman, A.: Network Configuration Protocol (NETCONF) (RFC 6241) (2011)Google Scholar
  12. 12.
    Bjorklund, M.: A Data Modeling Language for the Network Configuration Protocol (NETCONF). (RFC 6020) (2010)Google Scholar
  13. 13.
    Burgess, M.: A site configuration engine. In: USENIX, pp. 309–337 (1995)Google Scholar
  14. 14.
    Schönwälder, J., Marinov, V., Burgess, M.: Integrating cfengine and scli: managing network devices like host systems. In: IEEE/IFIP Network Operations and Management Symposium: Pervasive Management for Ubioquitous Networks and Services, NOMS (2008) 7–11 April 2008, Salvador, Bahia, Brazil, pp. 1067–1070. IEEE (2008)Google Scholar
  15. 15.
  16. 16.
    Puppet Labs investors: (2013).
  17. 17.
    Taylor, M., Vargo, S.: Learning Chef. O’Reilly, Sebastopol, CA (2014)Google Scholar
  18. 18.
    Goldsack, P., Guijarro, J., Loughran, S., Coles, A.N., Farrell, A., Lain, A., Murray, P., Toft, P.: The SmartFrog configuration management framework. Oper. Syst. Rev. 43(1), 16–25 (2009)CrossRefGoogle Scholar
  19. 19.
    Lobo, J., Bhatia, R., Naqvi, S.A.: A policy description language. In: Hendler, J., Subramanian, D. (eds.) Proceedings of the Sixteenth National Conference on Artificial Intelligence and Eleventh Conference on Innovative Applications of Artificial Intelligence, July 18–22, 1999, Orlando, FL, USA, pp. 291–298. AAAI Press/The MIT Press (1999)Google Scholar
  20. 20.
    Agrawal, D., Calo, S.B., Lee, K.-W., Lobo, J.: Issues in designing a policy language for distributed management of IT infrastructures. In: Integrated Network Management, pp. 30–39. IEEE (2007)Google Scholar
  21. 21.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E. (eds.) POLICY, vol. 1995 of Lecture Notes in Computer Science, pp. 18–38. Springer, Berlin (2001)Google Scholar
  22. 22.
    Object constraint language version 2.2, tech. rep. (2010).
  23. 23.
    Hallé, S., Deca, R., Cherkaoui, O., Villemaire, R.: Automated validation of service configuration on network devices. In: Vicente, J.B., Hutchison, D. (eds.) MMNS, vol. 3271 of Lecture Notes in Computer Science, pp. 176–188. Springer, Berlin (2004)Google Scholar
  24. 24.
    Tuncer, D., Charalambides, M., Pavlou, G., Wang, N.: Dacorm: a coordinated, decentralized and adaptive network resource management scheme. In: 2012 IEEE Network Operations and Management Symposium, Maui, HI, USA, April 16–20, 2012 [35], pp. 417–425Google Scholar
  25. 25.
    Seitz, L., Selander, G., Rissanen, E., Ling, C., Sadighi, B.: Decentralized access control management for network configuration. J. Netw. Syst. Manag. 16(3), 303–316 (2008)CrossRefGoogle Scholar
  26. 26.
    Burgess, M.: Theory and practice of configuration management in decentralized systems. In: Hellerstein, J.L., Stiller, B. (eds.) Proceedings of the Management of Integrated End-to-End Communications and Services, 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006, Vancouver, Canada, April 3–7, 2006, p. 583. IEEE (2006)Google Scholar
  27. 27.
    Koch, F.L., Westphall, C.B.: Decentralized network management using distributed artificial intelligence. J. Netw. Syst. Manag. 9(4), 375–388 (2001)CrossRefGoogle Scholar
  28. 28.
    Kahani, M., Beadle, P.: Decentralized approaches for network management. Comput. Commun. Rev. 27(3), 36–47 (1997)CrossRefGoogle Scholar
  29. 29.
    Hallé, S., Wenaas, É., Villemaire, R., Cherkaoui, O.: Self-configuration of network devices with Configuration Logic. In: Gaïti, D., Pujolle, G., Al-Shaer, E.S., Calvert, K.L., Dobson, S.A., Leduc, G., Martikainen, O. (eds.) Autonomic Networking, vol. 4195 of Lecture Notes in Computer Science, pp. 36–49. Springer, Berlin (2006)Google Scholar
  30. 30.
    Agoulmine, N.: Autonomic Network Management Principles. Academic Press, London (2011)Google Scholar
  31. 31.
    Henderson, P., Morris, J., Jr.: A lazy evaluator. In: Proceedings of the 3rd ACM SIGACT-SIGPLAN Symposium on Principles on Programming Languages, pp. 95–103. ACM (1976)Google Scholar
  32. 32.
    Friedman, D.P., Wise, D.S.: CONS should not evaluate its arguments. In: ICALP, pp. 257–284 (1976)Google Scholar
  33. 33.
    Hallé, S., Cherkaoui, O., Valtchev, P.: Towards a semantic virtualization of configurations. In: 2012 IEEE Network Operations and Management Symposium, Maui, HI, USA, April 16–20, pp. 1268–1271. IEEE (2012)Google Scholar
  34. 34.
    Mendelson, E.: Introduction to Mathematical Logic, 4th edn. Springer, Berlin (1997)MATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Éric Lunaud Ngoupé
    • 1
  • Clément Parisot
    • 2
  • Sylvan Stoesel
    • 2
  • Petko Valtchev
    • 3
  • Roger Villemaire
    • 3
  • Omar Cherkaoui
    • 3
  • Pierre Boucher
    • 4
  • Sylvain Hallé
    • 1
  1. 1.Laboratoire d’informatique formelleUniversité du Québec à ChicoutimiSaguenayCanada
  2. 2.Télécom NancyNancyFrance
  3. 3.Laboratoire de téléinformatique et réseauxUniversité du Québec à MontréalMontrealCanada
  4. 4.Ericsson CanadaMontrealCanada

Personalised recommendations