We develop new data structures and algorithms for checking verification queries in NetKAT, a domain-specific language for specifying the behavior of network data planes. Our results extend the techniques obtained in prior work on symbolic automata and provide a framework for building efficient and scalable verification tools. We present KATch, an implementation of these ideas in Scala, featuring an extended set of NetKAT operators that are useful for expressing network-wide specifications, and a verification engine that constructs a bisimulation or generates a counter-example showing that none exists. We evaluate the performance of our implementation on real-world and synthetic benchmarks, verifying properties such as reachability and slice isolation, typically returning a result in well under a second, which is orders of magnitude faster than previous approaches. Our advancements underscore NetKAT's potential as a practical, declarative language for network specification and verification.

翻译：我们针对NetKAT（一种用于描述网络数据平面行为的领域特定语言）中的验证查询检查，开发了新的数据结构和算法。我们的研究成果扩展了先前在符号自动机工作中获得的技术，并为构建高效可扩展的验证工具提供了框架。我们提出了KATch——基于Scala语言实现这些思想的工具，其特点包括：扩展的NetKAT运算符集（可用于表达网络范围规范），以及能构建互模拟关系或生成反例（当不存在互模拟时）的验证引擎。我们在真实场景与合成基准测试中评估了该实现的性能，验证了可达性、切片隔离等网络属性，通常在远少于一秒的时间内返回结果，这比现有方法快数个数量级。我们的进展凸显了NetKAT作为一种实用声明式网络规范与验证语言的潜力。