Preprint

A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research

Authors:
Preprints and early-stage research may not have been peer reviewed yet.
To read the file of this research, you can request a copy directly from the authors.

Abstract

With traditional networking, users can configure control plane protocols to match the specific network configuration, but without the ability to fundamentally change the underlying algorithms. With SDN, the users may provide their own control plane, that can control network devices through their data plane APIs. Programmable data planes allow users to define their own data plane algorithms for network devices including appropriate data plane APIs which may be leveraged by user-defined SDN control. Thus, programmable data planes and SDN offer great flexibility for network customization, be it for specialized, commercial appliances, e.g., in 5G or data center networks, or for rapid prototyping in industrial and academic research. Programming protocol-independent packet processors (P4) has emerged as the currently most widespread abstraction, programming language, and concept for data plane programming. It is developed and standardized by an open community and it is supported by various software and hardware platforms. In this paper, we survey the literature from 2015 to 2020 on data plane programming with P4. Our survey covers 497 references of which 367 are scientific publications. We organize our work into two parts. In the first part, we give an overview of data plane programming models, the programming language, architectures, compilers, targets, and data plane APIs. We also consider research efforts to advance P4 technology. In the second part, we analyze a large body of literature considering P4-based applied research. We categorize 241 research papers into different application domains, summarize their contributions, and extract prototypes, target platforms, and source code availability.

No file available

Request Full-text Paper PDF

To read the file of this research,
you can request a copy directly from the authors.

ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
The advent of programmable network switch ASICs and recent developments on other programmable data planes (NPUs, FPGAs) drive the renewed interest in network data plane programmability. The P4 language has emerged as a strong candidate to describe a protocol independent datapath pipeline. With its supported architectures, the P4 language provides an excellent way to define the packet processing and forwarding behavior, while leaving other networking components such as the traffic management engine, to non-programmable fixed function elements, based on the capabilities of most programmable devices. However, network flexibility is essential to meet the Quality of Service (QoS) requirements of traffic flows. Thus, enabling programmable control for fixed-function elements like traffic management is crucial. Towards that end we propose the use of virtual queues in the P4 pipeline, investigate the application of virtual queue-based traffic management, and portability of the approach using different P4 programmable targets. Specifically, we focus on virtual queue based Active Queue Management (AQM) for congestion policing and meeting the latency targets of distinct network slices. The solution is compared to P4 built-in functionality for bandwidth management using meters, proving also that the additional dimensions of control are achieved without compromising the processing complexity of the solution.
Article
Full-text available
Traditional IP multicast (IPMC) maintains state per IPMC group in core devices to distribute one-to-many traffic along tree-like structures through the network. This limits its scalability because whenever subscribers of IPMC groups change, forwarding state in the core network needs to be updated. Bit Index Explicit Replication (BIER) has been proposed by the IETF for efficient transport of IPMC traffic without the need of IPMC-group-dependent state in core devices. However, legacy devices do not offer the required features to implement BIER. P4 is a programming language which follows the software-defined networking (SDN) paradigm. It provides a programmable data plane by programming the packet processing pipeline of P4 devices. The contribution of this paper is threefold. First, we provide a hardware-based prototype of BIER and BIER fast reroute (BIER-FRR) which leverages packet recirculation. Our target is the P4-programmable high-performance switching ASIC Tofino; the source code is publicly available. Second, we perform an experimental evaluation, with regard to failover time and throughput, which shows that up to 100 Gb/s throughput can be obtained and that failures affect BIER forwarding for less than 1 ms. However, throughput can decrease if switch-internal packet loss occurs due to missing recirculation capacity. As a remedy, we add more recirculation capacity by turning physical ports into loopback mode. To quantify the problem, we derive a prediction model for reduced throughput whose results are in good accordance with measured values. Third, we provide a provisioning rule for recirculation ports, that is applicable to general P4 programs, to avoid switch-internal packet loss due to packet recirculation. In a case study we show that BIER requires only a few such ports under realistic mixes of unicast and multicast traffic.
Conference Paper
Full-text available
An emerging trend in network security consists in the adoption of programmable switches for performing various security tasks in large-scale, high-speed networks. However, since existing solutions are tailored to specific tasks, they cannot accommodate a growing variety of ML-based security applications, i.e., security-focused tasks that perform targeted flow classification based on packet size or inter-packet frequency distributions with the help of supervised machine learning algorithms. We present FlowLens, a system that leverages programmable switches to efficiently support multi-purpose ML-based security applications. FlowLens collects features of packet distributions at line speed and classifies flows directly on the switches, enabling network operators to re-purpose this measurement primitive at runtime to serve a different flow classification task. To cope with the resource constraints of programmable switches, FlowLens computes for each flow a memory-efficient representation of relevant features, named “flow marker”. Despite its small size, a flow marker contains enough information to perform accurate flow classification. Since flow markers are highly customizable and application-dependent, FlowLens can automatically parameterize the flow marker generation guided by a multi-objective optimization process that can balance their size and accuracy. We evaluated our system in three usage scenarios: covert channel detection, website fingerprinting, and botnet chatter detection. We find that very small markers enable FlowLens to achieve a 150 fold increase in monitoring capacity for covert channel detection with an accuracy drop of only 3% when compared to collecting full packet distributions.
Article
Full-text available
Recently, the programmable data plane (PDP) switches have been considered as the key enablers for in-network computing. However, the limited memory resources in them for flow tables might restrict their performance. This work addresses this challenge by studying how to optimize the placements of flow tables in the external memory on multiple servers, and to access them with remote direct memory access (RDMA) for ensuring low latency. Specifically, we consider a data-center network (DCN) that uses PDP switches as top-of-rack (ToR) switches, and propose and optimize the hybrid flow table installation (hFT-INST) on each ToR switch. With hFT-INST, the switch can either store flow tables in its local memory or use RDMA to install and access them remotely in its rack servers. We first design the protocol and operation procedure of hFT-INST. Then, regarding the key problem of hFT-INST, i.e., how to place the flow tables on the external memory on different servers, we take a few practical parameters into account, and formulate a mixed integer linear programming (MILP) model to tackle it. Next, the optimization in the MILP is transformed into a capacitated facility location problem (CFLP) with additional constraints. We further transform it into a k-median problem through pre-processing, and design a polynomial-time approximation algorithm to solve the problem. Extensive simulations confirm the performance of our proposed algorithm. We also prototype our design of the hFT-INST, and conduct experiments to demonstrate its feasibility.
Conference Paper
Full-text available
Virtualized multi-tenant programmable switches enable on-demand support of different users' protocols and programs. However, supporting multiple tenants on a virtualized switch raises concerns such as resource isolation and security. Truly isolating users is mandatory for virtualized programmable switches to be deployed in production networks. In this paper we propose MTPSA, a Multi Tenant Portable Switch Architecture. MTPSA offers performance, resource and security isolation. It further introduces roles and privileges within programmable switches. MTPSA is an open-source contribution, implemented over PSA and NetFPGA. Our evaluation shows that it adds minimal overheads, supports line-rate throughput, and scales with the number of users, while providing an isolation of users.
Conference Paper
Full-text available
5G Radio Access Networks consists of two key services: User Plane Function (UPF) and next generation NodeB (gNB). Though several papers have recently demonstrated that the high-level UPF can be described in P4, for the lowest-level gNB service it is more challenging and cannot purely be done with existing programmable switches. In this paper, we show that gNB requires functionalities such as Automatic Repeat Request (ARQ) and ciphering/deciphering that are not supported by the high speed P4-programmable switches available in the market. To overcome these limitations, we propose a hybrid approach where the majority of packet processing is done by a high speed P4-programmable switch while the additional functionalities are solved by external services implemented in DPDK. The coordination of packets among the services is also handled by the P4-switch. Our preliminary results include the identification of functionalities required by a gNB node for delivering user data, the design of a hybrid architecture, and the performance evaluation of the buffering and re-transmission service. Finally, our measurements demonstrate that the proposed hybrid approach is scalable and could be an alternative to existing gNB solutions in the future.
Article
Full-text available
Data plane programmability brings network flexibility to a new level. However, it introduces the complexity of the data path's program as a new factor that influences packet forwarding latency and thus devices' performance. Accurate identification of the relation between data path complexity and packet forwarding latency enables the design and management of networks with predictable performance. In this paper, we leverage the characteristics of P4 programming language to provide a method for estimating the packet forwarding latency as a function of the data path program. We analyze the impact of different P4 constructs on packet processing latency for three state-of-the-art P4 devices: Netronome SmartNIC, NetFPGA-SUME, and T4P4S DPDK-based software switch. Besides comparing the performance of these three targets, we use the derived results to propose a method for estimating the average packet latency, at compilation time, of arbitrary P4-based network functions implemented using the surveyed P4 constructs. The proposed method is finally validated using a set of realistic network functions, which shows that our method estimates the average packet latency with sub-microsecond precision.
Conference Paper
Full-text available
In recent years, programmable data planes enabled by the protocol independent switch architecture (PISA) allowed the relocation of network functions closer to traffic flows and thereby the ability to react in real-time to network events. However, expressing complex and stateful network monitoring functions using state-of-the-art data plane programming languages such as P4 still remain challenging. In this context, we propose a method for modeling a stateful security monitoring function as an Extended Finite State Machine (EFSM) and express the EFSM using P4 language abstractions. We demonstrate the feasibility and benefit of our proposed approach in detecting and mitigating Explicit Congestion Notification (ECN) protocol abuse without any TCP protocol modification. Our evaluation shows that the proposed security monitoring function can restore 24.67% throughput loss caused by misbehaving TCP end-hosts while ensuring fair share of bandwidth among TCP flows.
Article
Programmable data plane technologies enable the systematic reconfiguration of the low-level processing steps applied to network packets and are key drivers toward realizing the next generation of network services and applications. This survey presents recent trends and issues in the design and implementation of programmable network devices, focusing on prominent abstractions, architectures, algorithms, and applications proposed, debated, and realized over the past years. We elaborate on the trends that led to the emergence of this technology and highlight the most important pointers from the literature, casting different taxonomies for the field, and identifying avenues for future research.
Conference Paper
Virtualized data centers implement overlay networking to provide network isolation. The key component that makes the overlay networking possible is a hypervisor switch, such as Open vSwitch (OVS), that is running on each compute node and switches packets to and from virtual machines. Software switches frequently require upgrading and customization of network protocol's stack to introduce novel or domain-specific networking techniques. However, it is still difficult to extend OVS to support new network features as it requires mastery of network protocol design, programming expertise and familiarity with the complex codebase of OVS. Moreover, there is currently no solution that enables the deployment of network features in OVS without recompilation.In this paper, we present P4rt-OVS, an original extension of OVS that enables runtime programming of protocol-independent and stateful packet processing pipelines. It extends the forwarding model of OVS with Berkeley Packet Filter (BPF), bringing a new extensibility mechanism. Moreover, P4rt-OVS comes with a P4-to-uBPF compiler, which allows developers to write data plane programs in the high-level P4 language. Our design results in a hybrid approach that provides P4 programmability without sacrificing the well-known features of OVS. The performance evaluation shows that P4rt-OVS does not introduce significant processing overhead, yet enables runtime protocol extensions and stateful packet processing.
Article
Industrial Internet of Things (I-IoT) applications require a large number of sensor data to be processed under tight delay and jitter constraints. In such applications, flexible event detection and fast reaction to critical events is an important building block. Traditional approaches use either proprietary networks and dedicated hardware or transmit sensor data towards processing elements in the Cloud or at the Network Edge, using distributed stream processing frameworks. For scalability, a large number of servers are needed and processing on commodity CPUs typically involves high and unpredictable latency. In this paper, we explore how programmable data planes can be used to detect events flexibly and trigger customized and programmable actions directly from the switch program or the programmable network interface card (SmartNIC). We present FastReact-PS, an event-based publish/subscribe I-IoT processing framework in P4 language, which can be flexibly customized from the control plane. Together with stateful processing, FastReact-PS supports windowed time series analysis as well as complex event detection and processing based on boolean logic directly in the data plane of newly emerging programmable networking devices. The logic can be adjusted dynamically from the control plane without the need for recompilation. We implement FastReact-PS in P4 and evaluate it on both a SmartNIC and a DPDK-based software switch running in user space. Our evaluation shows that the latency is reduced by one order of magnitude compared to end-host based approaches at significantly lower jitter while being scalable to processing up to 11 million events per second.
Article
Programmable data planes recently emerged as a prominent innovation in Software Defined Networking (SDN). They provide support for stateful per-packet/per-flow operations over hardware network switches specifically designed for network processing. Unlike early SDN solutions such as OpenFlow, modern stateful data planes permit to keep (and dynamically update) per-flow states local to each switch, thus dramatically improving reactiveness of network applications to different state changes. Still, in stateful data planes, the management of non-local states is assumed to be completely delegated to a centralized controller, thus requiring extra overhead to be accessed. Our LOADER proposal aims at contrasting the apparent dichotomy between local and non-local states. We do so by introducing a new possibility: permit to take localized (in-switch) decisions not only on local states but also on global replicated states, thus providing support for network-wide applications without incurring the drawbacks of classic approaches. To this purpose, (i) we provide high-level programming abstractions devised to define the states and the update logic of a generic network-wide application, and (ii) we detail the underlying low-level state management and replication mechanisms. We then show LOADER’s independence of the stateful data plane technology employed, by implementing it over two distinct stateful data planes (P4 switches and OPP – Open Packet Processor – switches), and by experimentally validating both implementations in an emulated testbed using a simple distributed Deny-of-Service (DoS) detection application.
Article
Network elements, such as switches, network functions, or middleboxes must preserve states that they maintain on a per-flow basis, during switch updates in a software defined network. If all the packets of a flow, in both the forward and reverse directions, either use the new or the old set of rules but not a combination of both during an update, per-bidirectional-flow consistency (PBFC) is preserved. We propose a PBFC-preserving update as a general solution to solve consistency problems occurring in stateful network elements, during updates for service chaining, network virtualization, and server load balancing. In our update algorithm, ProFlow, the number of switches modified is proportional (equal) to the number of affected switches, improving efficiency. It requires no path computation, packet buffering or network function modifications and works regardless of the relative execution speeds of switches or links, or the number or type of stateful elements, at line rate. It supports wildcarded rules, unlimited concurrent disjoint updates, and practical timing asynchrony. Our prototype in P4 demonstrates that during a ProFlow update, new flows maintain their throughput while old flows undergo a marginal reduction, where the first affected switch in the flow-path has both new and old rules.
Conference Paper
Though centrally managed by a controller, a software-defined network (SDN) can still encounter routing inconsistencies among its switches due to the non-atomic updates to their forwarding tables. In this paper, we propose a new method to rectify these inconsistencies that is inspired by causal consistency, a consistency model for shared-memory systems. Applied to SDNs, causal consistency would imply that once a packet is matched to ("reads") a forwarding rule in a switch, it can be matched in downstream switches only to rules that are equally or more up-to-date. We propose and analyze a relaxed but functionally equivalent version of this property called suffix causal consistency (SCC) and evaluate an implementation of SCC in Open vSwitch and P4 switches, in conjunction with the Ryu and P4Runtime controllers. Our results show that SCC provides greater efficiency than competing consistent-update alternatives while offering consistency that is strong enough to ensure high-level routing properties (black-hole freedom, bounded looping, etc.).
Conference Paper
Named data networking (NDN) is a content-centric future Internet architecture that uses routable content names instead of IP addresses to achieve location-independent forwarding. Nevertheless, NDN's design is limited to offering hosted applications a simple content pull mechanism. As a result, increased complexity is needed in developing applications that require more sophisticated content delivery functionalities (e.g., push, publish/subscribe, streaming, generalized forwarding, and dynamic content naming). In this paper, we introduce a novel Enhanced NDN (ENDN) architecture that offers an extensible catalog of content delivery services (e.g., adaptive forwarding, customized monitoring, and in-network caching control) that can be programmed in the data plane using customizable P4 programs. More precisely, the proposed architecture allows hosted applications to associate their content namespaces with a set of services offered by the ENDN control plane. The controller then configures the data plane, which is comprised of two main modules: the enhanced packet processing and the forwarding logic modules. The former parses the packets and queries the enhanced content-based forwarding tables to generate a set of metadata fields used by P4 functions. The latter module is a novel P4 target architecture that executes these P4 functions on the arriving packets. The new architecture extends existing P4 models to overcome their limitations with respect to processing string-based content names. It also allows running independent P4 functions in isolation, thus enabling P4 code run-time pluggability. Experimental results demonstrate the ability of ENDN to achieve network efficiency with low latency.
Article
Fast detection of heavy flows (e.g., heavy hitters and heavy changers) in massive network traffic is challenging due to the stringent requirements of fast packet processing and limited resource availability. Invertible sketches are summary data structures that can recover heavy flows with small memory footprints and bounded errors, yet existing invertible sketches incur high memory access overhead that leads to performance degradation. We present MV-Sketch, a fast and compact invertible sketch that supports heavy flow detection with small and static memory allocation. MV-Sketch tracks candidate heavy flows inside the sketch data structure via the idea of majority voting, such that it incurs small memory access overhead in both update and query operations, while achieving high detection accuracy. We present theoretical analysis on the memory usage, performance, and accuracy of MV-Sketch in both local and network-wide scenarios. We further show how MV-Sketch can be implemented and deployed on P4-based programmable switches subject to hardware deployment constraints. We conduct evaluation in both software and hardware environments. Trace-driven evaluation in software shows that MV-Sketch achieves higher accuracy than existing invertible sketches, with up to 3.38x throughput gain. We also show how to boost the performance of MV-Sketch with SIMD instructions. Furthermore, we evaluate MV-Sketch on a Barefoot Tofino switch and show how MV-Sketch achieves line-rate measurement with limited hardware resource overhead.
Article
Bit Indexed Explicit Replication (BIER) is a novel IP multicast (IPMC) forwarding paradigm proposed by the IETF. It offers a transport layer for other IPMC traffic, keeps core routers unaware of IPMC groups, and utilizes a routing underlay, e.g., an IP network, for its forwarding decisions. With BIER, core networks do not require dynamic signaling and support a large number of IPMC groups with large churn rates. The contribution of this work is threefold. First, we propose a novel fast reroute (FRR) mechanism for BIER (BIER-FRR) so that IPMC traffic can be rerouted as soon as the routing underlay is able to carry traffic again after a failure. In particular, BIER-FRR enables BIER to profit from FRR mechanisms in the routing underlay. Second, we describe a prototype for BIER and BIER-FRR within an IP network with IP fast reroute (IP-FRR). It is based on the programmable data plane technology P4. Third, we propose a controller hierarchy with local controllers for local tasks, in particular to enable IP-FRR and BIER-FRR. The prototype demonstrates that BIER-FRR reduces the protection time for BIER traffic to the protection time for unicast traffic in the routing underlay.