Formal Network Verification

In the world of networks, a recent push toward software-based architecture has resulted in enormous changes to processes enterprise-wide. One of the most significant changes has been the implementation of automated formal network verification. Prior to this, manual checks, monitoring, and homegrown scripts comprised the majority of network testing. These methods limit functionality, as they identify issues only after they have occurred.

In theory, the mathematics of formal verification can prove that a network or system is functioning optimally throughout all stages – from gathering of data, to planning and executing actions, to producing desired results. How is this done? First, a formal network verification model is built, incorporating all components of the existing network, including routers, cloud-based software, firewalls, and so forth. The model is then used to verify that all data is flowing accurately and efficiently to evaluate the state of the network.

The potential value of this capability is enormous, as it can produce strong confidence in exact state of the network. The risk in manual testing lies mainly in the inevitability of human error, based on the fact that eventually a point is reached where, regardless of individual knowledge of network pathways and data flow, increased complexity will lead to increased guesswork. For example, a network engineer making changes to a list or a pathway might want to know which critical functions will remain unaffected by the planned changes. With formal verification, this information is immediately available. The network engineer no longer has to contend with the standard and previously necessary troubleshooting step after changes are made.

An important part of network automation is configuration: orchestration systems can be used for configuration creation from templates to integrate changes across the network. However, with increasing network complexity, results-based formal network verification is equally important. Rather than relying on manual or reactive checks to ensure the network is protected, it is now possible to use formal network verification technology to prove verification in an automated environment.

The goal of this automated environment is to mitigate and eliminate the risk of outages and vulnerability within the network, preventing delays in building and expanding the network, as network engineering teams can continue working under the knowledge that a formal verification system is in place, monitoring and verifying functionality of each new pathway. In fact, continuous verification of this nature is so valuable that it can be considered the first step of a network automation initiative, as it provides a baseline and safeguards against travelling too far along an unprotected or unverified path.


Please enter your comment!
Please enter your name here