Implementing and analyzing in Maude the Enhanced Interior Gateway Routing Protocol

Adrián Riesco, Alberto Verdejo
2009 Electronical Notes in Theoretical Computer Science  
The Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router. This paper presents an executable specification using the rewriting logic based language Maude, that allows to connect several running instances of the protocol and on top of which concrete applications can be executed. The protocol
more » ... also modeled in Real-Time Maude, which allows to formally analyze it in several ways. ing Protocol), and DSDV (Destination-Sequenced Distance-Vector Routing) [23] . EIGRP consumes less network resources because routing updates are sent only when there is a change in the topology, while the other protocols use periodic updates. Furthermore, RIP and IGRP can produce routing loops (techniques to reduce these loops result in long convergence times), while EIGRP uses an algorithm that allows loop-free routing and fast convergence (on the other hand, EIGRP routers must keep more information). The other kind of IGP protocols are the link-state ones, where the basic concept is that the updates have to be communicated to the whole network. Although these protocols are simpler to implement and avoid loops in all cases, we focus on EIGRP in order to minimize the bandwidth usage. As networks increase in size and complexity, routing protocols become more sophisticated, and it becomes crucial to formally analyze them to ensure that important properties hold. Rewriting logic [13, 14] was proposed in the early nineties as a unified model for concurrency in which several well-known models of concurrent and distributed systems can be represented. Maude is a high-performance logical and semantic framework supporting both equational and rewriting logic computations [4] . It can be used to specify in a natural way a wide range of software models and systems and, since (most of) the specifications are directly executable, Maude can be used to prototype those systems. Moreover, the Maude system includes a series of tools for formally analyzing the specifications. Since version 2.2, Maude supports communication with external objects by means of TCP sockets, which allows the implementation of real distributed applications. Real-Time Maude [18,16] is a natural extension of the Maude language that supports the specification and analysis of real-time systems, including object-oriented distributed ones. It supports a wide spectrum of formal methods, including: executable specification, symbolic simulation, breadth-first search for failures of safety properties in infinite-state systems, and linear temporal logic model checking of time-bounded LTL formulas. A formal methodology in Maude for specifying and analyzing network systems and communication protocols, arranged as a sequence of increasingly stronger methods (formal specification, execution of that specification, formal model-checking analysis, narrowing analysis, and formal proof), was presented in [5] , and successfully used for example in [12, 24, 10] . In this paper we have applied the first three methods for modeling and analyzing the EIGRP protocol. Real-Time Maude has strengthened that analyzing power by allowing to specify sometimes crucial timing aspects. It has been used, for example, to specify the NORM multicast protocol [11] , wireless communication protocols [19] , and the AER/NCA active network protocol [15] . In this paper we first show how several Maude instances (possibly running on different machines) can be interconnected through sockets. These instances will be executing the EIGRP protocol, whose behavior is specified by means of succinct rewrite rules. On top of this infrastructure (which is dynamic, where nodes can join and leave) we can run, for example, an object-oriented application where the configuration of objects and messages is split into several located configurations. This is part of an ongoing project in which we are developing a methodology for implementing real distributed applications in Maude. We first applied these ideas to a
doi:10.1016/j.entcs.2009.05.023 fatcat:l342eilghfgdleeo6iudw5zgwa