# Packet Traceback for Software-Defined Networks

Report ID:
TR-978-15
Authors:
Date:
February 13, 2015
Pages:
7
[PDF]

#### Abstract:

Packet traceback---determining how a packet could have arrived at a point of observation---is useful for network debugging, performance testing, and network forensics. However, existing mechanisms (e.g., NetSight) require modifications to switches and introduce additional network overhead. By providing a centralized representation of the network's packet-processing behavior as a {\em policy}, Software-Defined Networking (SDN) makes it possible to compute the transformations that could lead to the observed packet. Our work leverages higher-level SDN controller languages to perform packet traceback in a provably-correct manner \emph{entirely on the controller}. Using the current policy as input, we precompute a compact symbolic representation of the {\em back policy}, which can then quickly produce all possible predecessors for any input packet. Our prototype is implemented in the Pyretic language; however, since any policy specified in low-level OpenFlow rules can be easily converted to a Pyretic representation, our method is completely general.