[Paper] GraphCue for SDN Configuration Code Synthesis

Source: arXiv - 2512.17371v1

Overview

The paper introduces GraphCue, a novel framework that automatically generates SDN (Software‑Defined Networking) configuration code by grounding the synthesis process in the network’s topology. By combining graph‑based retrieval, a lightweight graph neural network, and an agent‑in‑the‑loop verifier, GraphCue can produce correct configurations with minimal human effort, achieving an 88 % success rate on a large validation set.

Key Contributions

• Topology‑grounded retrieval: Encodes each network case as a JSON graph and uses a three‑layer Graph Convolutional Network (GCN) with contrastive learning to find the most similar, already‑validated configuration.
• Structured prompting: Injects the retrieved reference into a carefully crafted prompt that constrains a large language model (LLM) to generate code that respects the network’s structure.
• Closed‑loop verification: Executes the generated configuration in a sandbox, captures any failures, and feeds them back to the LLM agent for iterative refinement.
• Empirical performance: On 628 test cases, GraphCue reaches an 88.2 % pass rate within 20 refinement iterations, with 95 % of verification loops completing in under 9 seconds.
• Ablation evidence: Demonstrates that removing either the retrieval step or the structured prompt dramatically degrades accuracy, confirming the importance of topology awareness and constraint‑based conditioning.

Methodology

1. Graph Representation – Each SDN scenario (devices, links, policies) is serialized into a JSON graph. Nodes capture elements like switches or hosts; edges encode physical or logical connections.
2. Embedding via GCN – A shallow (three‑layer) Graph Convolutional Network learns embeddings for these graphs. Contrastive learning forces embeddings of similar topologies to cluster together while pushing dissimilar ones apart.
3. Nearest‑Neighbor Retrieval – For a new configuration request, GraphCue finds the most similar previously‑validated graph in the embedding space. The associated configuration script becomes a “reference example.”
4. Structured Prompt Construction – The reference script is embedded into a prompt that explicitly tells the LLM: “Generate a configuration for a network matching this topology, reusing the patterns shown.” This reduces hallucination and keeps the output topology‑consistent.
5. Agent‑in‑the‑Loop Verification – The generated configuration is executed in a lightweight SDN emulator (e.g., Mininet). If verification fails (e.g., connectivity or policy violations), the error details are appended to the next prompt, allowing the LLM to iteratively fix the code.
6. Iterative Loop – The process repeats until the configuration passes verification or a maximum iteration count (20) is reached.

Results & Findings

• Pass Rate: 88.2 % of the 628 validation cases produced a correct configuration within the iteration budget.
• Speed: 95 % of verification loops finished in ≤ 9 seconds, making the system practical for interactive use.
• Ablation:
  • No retrieval: Pass rate dropped to ~62 %.
  • No structured prompt: Pass rate fell to ~55 %.
  • Both removed: Accuracy plummeted below 40 %.

These numbers underline that both topology‑aware retrieval and constraint‑driven prompting are essential for high‑quality synthesis.

Practical Implications

• Accelerated SDN Deployment: Network engineers can describe a desired topology and let GraphCue generate the boilerplate configuration, cutting weeks of manual scripting down to minutes.
• Reduced Human Error: By grounding code generation in validated examples and continuously verifying output, the framework mitigates common mistakes like mismatched port numbers or policy inconsistencies.
• Rapid Prototyping for DevOps: Teams building CI/CD pipelines for network services can integrate GraphCue to automatically spin up testbeds, validate policies, and roll out changes with confidence.
• Extensibility to Other Domains: The retrieval‑plus‑structured‑prompt pattern can be adapted to other infrastructure‑as‑code contexts (e.g., Terraform, Kubernetes manifests) where topology or dependency graphs are central.

Limitations & Future Work

• Domain Specificity: GraphCue currently targets OpenFlow‑style SDN configurations; extending to heterogeneous controller APIs (e.g., P4, NETCONF) will require additional graph schemas and training data.
• Scalability of Retrieval: As the reference library grows beyond a few thousand cases, nearest‑neighbor search may become a bottleneck; future work could explore approximate indexing or hierarchical retrieval.
• LLM Dependency: The quality of generated code hinges on the underlying language model; evaluating newer, more capable models could further boost success rates.
• Real‑World Deployment: The study uses emulated environments; testing GraphCue on production networks with live traffic would validate robustness under real operational constraints.

GraphCue demonstrates that marrying graph‑aware retrieval with LLM‑driven code synthesis and tight verification loops can dramatically streamline SDN configuration—a promising blueprint for AI‑assisted infrastructure automation.

Authors

• Haomin Qi
• Fengfei Yu
• Chengbo Huang

Paper Information

• arXiv ID: 2512.17371v1
• Categories: cs.SE
• Published: December 19, 2025
• PDF: Download PDF