This work addresses the verification of eventual stability properties—such as reachability and access control—in network control planes by introducing the CB-VER framework. CB-VER pioneers the use of a "convergence-before graph" (CB-graph) to modularly model network component interfaces, enabling automated synthesis of interfaces that satisfy global correctness and fault tolerance. The approach translates verification conditions into SMT and Constrained Horn Clause (CHC) problems to concurrently check component-level specifications, while formally verifying the correctness of the underlying algorithms within the Lean theorem prover. Experimental results demonstrate that this method efficiently verifies complex stability properties across diverse benchmarks, substantially improving both scalability and automation compared to existing techniques.

Network operators are often interested in verifying \emph{eventually-stable properties} of network control planes: properties of control plane states that hold eventually, and hold forever thereafter, provided the operating environment remains unchanged. Examples include eventually-stable reachability, access control, or path length properties. In this work, we introduce \textsc{CB-Ver}, a new framework for verifying such properties, based on the key idea of a \emph{converges-before graph} (CB-graph for short). When a user provides interfaces for each network component, \textsc{CB-Ver} checks the necessary component-by-component requirements in parallel using an SMT solver. In addition, the tool automatically synthesizes a CB-graph and checks whether it connects all nodes in a network -- if it does, the interfaces are valid and users can check whether additional eventually-stable properties are implied. Moreover, the CB-graph can then be used to determine fault tolerance properties of the network. We formalize our verification algorithm in the Lean theorem proving environment and prove its soundness. We evaluate the performance of \textsc{CB-Ver} on a range of benchmarks that demonstrate its ability to verify expressive properties in reasonable time. Finally, we demonstrate it is possible to automatically generate suitable interfaces by turning the problem around: Given a CB-graph, we use an off-the-shelf Constrained Horn Clause (CHC) solver to synthesize interfaces for every network component that together ensure the given correctness property.