Dong Zhang,Xiang Chen,Qun Huang,Xiaoyan Hong,Chunming Wu,Haifeng Zhou,Yi Yang,Hongyan Liu,Yuxin Chen

DOI: https://doi.org/10.1109/access.2019.2950446

IF: 3.9

2019-01-01

IEEE Access

Abstract:Network function virtualization allows network functions to be implemented and managed flexibly as a service function chain (SFC) in the data plane to process flows. However, software-based SFCs lead to poor performance compared to proprietary middleboxes. Moreover, existing solutions tackling performance issues suffer from the development complexity incurred by hardware details. To address these problems, we leverage both the high performance of P4-capable devices and the high flexibility of P4 language. In this paper, we present a P4 Service Chaining framework (P4SC), which tackles multiple challenges for P4 to support the SFC implementation. P4SC provides a suite of primitives allowing efficient SFC expression, and a converter and a generator converting input SFC requests to the corresponding P4 program. Here, an algorithm based on longest common subsequence (LCS) is used to allow simultaneously implementing multiple SFCs. Moreover, P4SC offers a runtime manager for flexible SFC management at runtime. It also provides an automatic integration mechanism to integrate P4-based NFs into P4SC. We implement a P4SC prototype, which supports three types of P4-capable devices. The experimental results show that P4SC outperforms state of the arts with orders-of-magnitude SFC performance improvement while maintains high flexibility.

Ali Kheradmand,Grigore Rosu

DOI: https://doi.org/10.48550/arXiv.1804.01468

2018-04-04

Networking and Internet Architecture

Abstract:Programmable packet processors and P4 as a programming language for such devices have gained significant interest, because their flexibility enables rapid development of a diverse set of applications that work at line rate. However, this flexibility, combined with the complexity of devices and networks, increases the chance of introducing subtle bugs that are hard to discover manually. Worse, this is a domain where bugs can have catastrophic consequences, yet formal analysis tools for P4 programs / networks are missing. We argue that formal analysis tools must be based on a formal semantics of the target language, rather than on its informal specification. To this end, we provide an executable formal semantics of the P4 language in the K framework. Based on this semantics, K provides an interpreter and various analysis tools including a symbolic model checker and a deductive program verifier for P4. This paper overviews our formal K semantics of P4, as well as several P4 language design issues that we found during our formalization process. We also discuss some applications resulting from the tools provided by K for P4 programmers and network administrators as well as language designers and compiler developers, such as detection of unportable code, state space exploration of P4 programs and of networks, bug finding using symbolic execution, data plane verification, program verification, and translation validation.

Cheng Zhang,Jun Bi,Yu Zhou,Jianping Wu,Bingyang Liu,Zhaogeng Li,Abdul Basit Dogar,Yangyang Wang

DOI: https://doi.org/10.1109/tnet.2019.2927110

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:While extending network programmability to a more considerable extent, P4 raises the difficulty of detecting and locating bugs, e.g., P4 program bugs and missed table rules, in runtime. These runtime bugs, without prompt disposal, can ruin the functionality and performance of networks. Unfortunately, the absence of efficient debugging tools makes runtime bug troubleshooting intricate for operators. This paper is devoted to on-the-fly debugging of runtime bugs for programmable data planes. We propose P4DB, a general debugging platform that empowers operators to debug P4 programs in three levels of visibility with rich primitives. By P4DB, operators can use the watch primitive to quickly narrow the debugging scope from the network level or the device level to the table level, then use the break and next primitives to decompose match-action tables and finely locate bugs. We implement a prototype of P4DB and evaluate the prototype on two widely-used P4 targets. On the software target, P4DB merely introduces a small throughput penalty 1.3% to 13.8% and a little delay increase 0.6% to 11.9%. Notably, P4DB almost introduces no performance overhead on Tofino, the hardware P4 target.

Fabian Ruffy,Tao Wang,Anirudh Sivaraman

DOI: https://doi.org/10.48550/arXiv.2006.01074

2020-06-01

Networking and Internet Architecture

Abstract:Programmable packet-processing devices such as programmable switches and network interface cards are becoming mainstream. These devices are configured in a domain-specific language such as P4, using a compiler to translate packet-processing programs into instructions for different targets. As networks with programmable devices become widespread, it is critical that these compilers be dependable. This paper considers the problem of finding bugs in compilers for packet processing in the context of P4-16. We introduce domain-specific techniques to induce both abnormal termination of the compiler (crash bugs) and miscompilation (semantic bugs). We apply these techniques to (1) the open-source P4 compiler (P4C) infrastructure, which serves as a common base for different P4 back ends; (2) the P4 back end for the P4 reference software switch; and (3) the P4 back end for the Barefoot Tofino switch. Across the 3 platforms, over 8 months of bug finding, our tool Gauntlet detected 96 new and distinct bugs (62 crash and 34 semantic), which we confirmed with the respective compiler developers. 54 have been fixed (31 crash and 23 semantic); the remaining have been assigned to a developer. Our bug-finding efforts also led to 6 P4 specification changes. We have open sourced Gauntlet at p4gauntlet.github.io and it now runs within P4C's continuous integration pipeline.

Karuna Grewal,Loris D'Antoni,Justin Hsu

DOI: https://doi.org/10.48550/arXiv.2204.03113

2022-04-06

Programming Languages

Abstract:Modern programmable network switches can implement custom applications using efficient packet processing hardware, and the programming language P4 provides high-level constructs to program such switches. The increase in speed and programmability has inspired research in dataplane programming, where many complex functionalities, e.g., key-value stores and load balancers, can be implemented entirely in network switches. However, dataplane programs may suffer from novel security errors that are not traditionally found in network switches. To address this issue, we present a new information-flow control type system for P4. We formalize our type system in a recently-proposed core version of P4, and we prove a soundness theorem: well-typed programs satisfy non-interference. We also implement our type system in a tool, P4bid, which extends the type checker in the p4c compiler, the reference compiler for the latest version of P4. We present several case studies showing that natural security, integrity, and isolation properties in networks can be captured by non-interference, and our type system can detect violations of these properties while certifying correct programs.

Jens Kanstrup Larsen,Roberto Guanciale,Philipp Haller,Alceste Scalas

DOI: https://doi.org/10.48550/arXiv.2309.03566

2023-09-07

Programming Languages

Abstract:Software-Defined Networking (SDN) significantly simplifies programming, reconfiguring, and optimizing network devices, such as switches and routers. The de facto standard for programmming SDN devices is the P4 language. However, the flexibility and power of P4, and SDN more generally, gives rise to important risks. As a number of incidents at major cloud providers have shown, errors in SDN programs can compromise the availability of networks, leaving them in a non-functional state. The focus of this paper are errors in control-plane programs that interact with P4-enabled network devices via the standardized P4Runtime API. For clients of the P4Runtime API it is easy to make mistakes that lead to catastrophic failures, despite the use of Google's Protocol Buffers as an interface definition language. This paper proposes P4R-Type, a novel verified P4Runtime API for Scala that performs static checks for P4 control plane operations, ruling out mismatches between P4 tables, allowed actions, and action parameters. As a formal foundation of P4R-Type, we present the $F_{\text{P4R}}$ calculus and its typing system, which ensure that well-typed programs never get stuck by issuing invalid P4Runtime operations. We evaluate the safety and flexibility of P4R-Type with 3 case studies. To the best of our knowledge, this is the first work that formalises P4Runtime control plane applications, and a typing discipline ensuring the correctness of P4Runtime operations.

Patrick Wintermeyer,Maria Apostolaki,Alexander Dietmüller,Laurent Vanbever

DOI: https://doi.org/10.1145/3422604.3425941

2020-11-04

Abstract:Programmable devices allow the operator to specify the data-plane behavior of a network device in a high-level language such as P4. The compiler then maps the P4 program to the hardware after applying a set of optimizations to minimize resource utilization. Yet, the lack of context restricts the compiler to conservatively account for all possible inputs -- including unrealistic or infrequent ones -- leading to sub-optimal use of the resources or even compilation failures. To address this inefficiency, we propose that the compiler leverages insights from actual traffic traces, effectively unlocking a broader spectrum of possible optimizations. We present a system working alongside the compiler that uses traffic-awareness to reduce the allocated resources of a P4 program by: (i) removing dependencies that do not manifest; (ii) adjusting table and register sizes to reduce the pipeline length; and (iii) offloading parts of the program that are rarely used to the controller. Our prototype implementation on the Tofino switch automatically profiles the P4 program, detects opportunities and performs optimizations to improve the pipeline efficiency. Our work showcases the potential benefit of applying profiling techniques used to compile general-purpose languages to compiling P4 programs.

Radu Stoenescu,Dragos Dumitrescu,Matei Popovici,Lorina Negreanu,Costin Raiciu

DOI: https://doi.org/10.1145/3230543.3230548

2018-08-07

Abstract:We present Vera, a tool that verifies P4 programs using symbolic execution. Vera automatically uncovers a number of common bugs including parsing/deparsing errors, invalid memory accesses, loops and tunneling errors, among others. Vera can also be used to verify user-specified properties in a novel language we call NetCTL. To enable scalable, exhaustive verification of P4 program snapshots, Vera automatically generates all valid header layouts and uses a novel data-structure for match-action processing optimized for verification. These techniques allow Vera to scale very well: it only takes between 5s-15s to track the execution of a purely symbolic packet in the largest P4 program currently available (6KLOC) and can compute SEFL model updates in milliseconds. Vera can also explore multiple concrete dataplanes at once by allowing the programmer to insert symbolic table entries; the resulting verification highlights possible control plane errors. We have used Vera to analyze many P4 programs including the P4 tutorials, P4 programs in the research literature and the switch code from https://p4.org. Vera has found several bugs in each of them in seconds/minutes.

Yu Zhou,Jun Bi,Yunsenxiao Lin,Yangyang Wang,Dai Zhang,Zhaowei Xi,Jiamin Cao,Chen Sun

DOI: https://doi.org/10.1145/3326285.3329040

2019-01-01

Abstract:P4 and programmable data planes bring significant flexibility to network operation but are inevitably prone to various faults. Some faults, like P4 program bugs, can be verified statically, while some faults, like runtime rule faults, only happen to running network devices, and they are hardly possible to handle before deployment. Existing network testing systems can troubleshoot runtime rule faults via injecting probes, but are insufficient for programmable data planes due to large overheads or limited fault coverage. In this paper, we propose P4Tester, a new network testing system for troubleshooting runtime rule faults on programmable data planes. First, P4Tester proposes a new intermediate representation based on Binary Decision Diagram, which enables efficient probe generation for various P4-defined data plane functions. Second, P4Tester offers a new probe model that uses source routing to forward probes. This probe model largely reduces rule fault detection overheads, i.e. requiring only one server to generate probes for large networks and minimizing the number of probes. Moreover, this probe model can test all table rules in a network, achieving full fault coverage. Evaluation based on real-world data sets indicates that P4Tester can efficiently check all rules in programmable data planes, generate 59% fewer probes than ATPG and Pronto, be faster than ATPG by two orders of magnitude, and troubleshoot multiple rule faults within one second on BMv2 and Tofino.

Apoorv Shukla,Kevin Hudemann,Zsolt Vági,Lily Hügerich,Georgios Smaragdakis,Stefan Schmid,Artur Hecker,Anja Feldmann

DOI: https://doi.org/10.48550/arXiv.2004.10887

2020-04-22

Software Engineering

Abstract:Is it possible to patch software bugs in P4 programs without human involvement? We show that this is partially possible in many cases due to advances in software testing and the structure of P4 programs. Our insight is that runtime verification can detect bugs, even those that are not detected at compile-time, with machine learning-guided fuzzing. This enables a more automated and real-time localization of bugs in P4 programs using software testing techniques like Tarantula. Once the bug in a P4 program is localized, the faulty code can be patched due to the programmable nature of P4. In addition, platform-dependent bugs can be detected. From P4_14 to P4_16 (latest version), our observation is that as the programmable blocks increase, the patchability of P4 programs increases accordingly. To this end, we design, develop, and evaluate P6 that (a) detects, (b) localizes, and (c) patches bugs in P4 programs with minimal human interaction. P6 tests P4 switch non-intrusively, i.e., requires no modification to the P4 program for detecting and localizing bugs. We used a P6 prototype to detect and patch seven existing bugs in eight publicly available P4 application programs deployed on two different switch platforms: behavioral model (bmv2) and Tofino. Our evaluation shows that P6 significantly outperforms bug detection baselines while generating fewer packets and patches bugs in P4 programs such as switch.p4 without triggering any regressions.

Jiasong Bai,Jun Bi,Peng Kuang,Chengze Fan,Yu Zhou,Cheng Zhang

DOI: https://doi.org/10.1145/3185467.3185470

2018-01-01

Abstract:Network simulation plays a crucial role in the field of network research, education, and industry. However, before conducting a simulation on traditional network simulators, operators need to develop a simulative behavioral model, which requires intimate knowledge of the simulator implementation. Besides, the behavioral model cannot be migrated directly into real-world devices due to its tight coupling with the simulator platform, resulting in redundant and error-prone codes rewriting. Recently, P4, a high-level domain specific language (DSL), has attracted great attention from both academia and industry for its advantages of enabling operators to define behaviors of the programmable data plane. Inspired by the idea of DSL, we present NS4, a P4-driven network simulator supporting simulation of P4-enabled networks to address the problems existing in traditional simulators. Taking advantage of P4, NS4 simplifies the development of a behavioral model and bridges the gap between simulation and deployment. Furthermore, to the best of our knowledge, NS4 is the first research effort to enable simulation of a P4-enabled network, providing a useful tool for P4 research and development. In this paper, we designed and implemented NS4, consisting of data plane models integrated with ns-3, the state-of-the-art network simulator, and control plane models to interact with the P4 pipeline. Then we evaluated its effectiveness and efficiency by simulating several representative P4 programs. Results show that NS4 can simulate large-scale P4-enabled networks at a low cost.

Roberto Metere,Andreas Lindner,Roberto Guanciale

DOI: https://doi.org/10.1007/978-3-319-70848-5_13

2018-07-27

Abstract:In order to handle the complexity and heterogeneity of mod- ern instruction set architectures, analysis platforms share a common design, the adoption of hardware-independent intermediate representa- tions. The usage of these platforms to verify systems down to binary-level is appealing due to the high degree of automation they provide. How- ever, it introduces the need for trusting the correctness of the translation from binary code to intermediate language. Achieving a high degree of trust is challenging since this transpilation must handle (i) all the side effects of the instructions, (ii) multiple instruction encoding (e.g. ARM Thumb), and (iii) variable instruction length (e.g. Intel). We overcome these problems by formally modeling one of such intermediate languages in the interactive theorem prover HOL4 and by implementing a proof- producing transpiler. This tool translates ARMv8 programs to the in- termediate language and generates a HOL4 proof that demonstrates the correctness of the translation in the form of a simulation theorem. We also show how the transpiler theorems can be used to transfer properties verified on the intermediate language to the binary code.

Programming Languages

Bhargavi Goswami,Manasa Kulkarni,Joy Paulose

DOI: https://doi.org/10.1109/access.2023.3275756

IF: 3.9

2023-01-01

IEEE Access

Abstract:Software Defined Networking (SDN) has been a prominent technology in the last decade that increases networking programmability. The SDN philosophy decouples the application, control, and data plane to increase the network programmability. The data plane is an essential but unsolved component that receives less attention than control and application planes. Traditionally, the data plane uses fixed functions that forward packets using a limited number of protocols. The P4 (Programming Protocol-independent Packet Processors) language makes it possible to program SDN data plane, which push the SDN to the next level. In the research community and industry, programming the data plane has garnered significant attention. Surprisingly, there has been no comprehensive reviews of programmable data-plane switches, which have many advantages in today’s networks. The authors reviewed the evolution of networks from legacy to programmable data planes, explained the fundamentals of programmable switches, and summarized the network generation from traditional to programmable networks. In this paper, SDN is described from a P4-centric standpoint and discusses over 75 related research papers. Several taxonomies for the field are provided, outline potential research areas, and provide greater details regarding the patterns that have led to the development of this technology.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ryan Doenges,Mina Tahmasbi Arashloo,Santiago Bautista,Alexander Chang,Newton Ni,Samwise Parkinson,Rudy Peterson,Alaia Solko-Breslin,Amanda Xu,Nate Foster

DOI: https://doi.org/10.1145/3434322

2021-01-04

Proceedings of the ACM on Programming Languages

Abstract:P4 is a domain-specific language for programming and specifying packet-processing systems. It is based on an elegant design with high-level abstractions like parsers and match-action pipelines that can be compiled to efficient implementations in software or hardware. Unfortunately, like many industrial languages, P4 has developed without a formal foundation. The P4 Language Specification is a 160-page document with a mixture of informal prose, graphical diagrams, and pseudocode, leaving many aspects of the language semantics up to individual compilation targets. The P4 reference implementation is a complex system, running to over 40KLoC of C++ code, with support for only a few targets. Clearly neither of these artifacts is suitable for formal reasoning about P4 in general. This paper presents a new framework, called Petr4, that puts P4 on a solid foundation. Petr4 consists of a clean-slate definitional interpreter and a core calculus that models a fragment of P4. Petr4 is not tied to any particular target: the interpreter is parameterized over an interface that collects features delegated to targets in one place, while the core calculus overapproximates target-specific behaviors using non-determinism. We have validated the interpreter against a suite of over 750 tests from the P4 reference implementation, exercising our target interface with tests for different targets. We validated the core calculus with a proof of type-preserving termination. While developing Petr4, we reported dozens of bugs in the language specification and the reference implementation, many of which have been fixed.

English Else

Debobroto Das Robin,Javed I. Khan

DOI: https://doi.org/10.1016/j.comnet.2024.110246

IF: 5.493

2024-02-15

Computer Networks

Abstract:Recently emerging reconfigurable match-action table (RMT) paradigm-based switches coupled with P4 programming language have opened up the development life cycle of network data plane devices. However, there is no open-source P4 compiler backend available for RMT switches. Thus, it is very difficult for an researcher/developer to get deep insight into the performance of his/her algorithm when executed at the silicon level. Proprietary, closed-source compiler backends from hardware vendors do not provide access to the internal mapping mechanisms. Which inhibits experimenting with new mapping algorithms and innovative instruction sets for reconfigurable match-action table architecture. This paper describes our work toward an open-source compiler backend to enable innovation in this domain. It is capable of compiling a P4 program for the V1Model architecture, which is the most widely available realization of the RMT paradigm. It provides open intelligence about the P4 program's critical performance metrics (processing latency, resource usage, etc.) at the silicon level. As an open-source extendable platform, it allows researchers to experiment with different internal components of a compiler backend. To the best of our knowledge, this is the first complete open-source P4 16 (the latest version of P4 language) compiler backend for the V1Model architecture-based programmable switches.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Chengze Fan,Jun Bi,Yu Zhou,Cheng Zhang,Haisu Yu

DOI: https://doi.org/10.1145/3123878.3132002

2017-01-01

Abstract:We present NS4, a P4-driven network simulator, which is, to the best of our knowledge, the first research effort in applying P4 to network simulation. Key features of NS4 include (1) elimination of laborious and redundant work for developing internal models of the simulator; (2) direct migration from simulation code to real-world P4 devices; (3) simulation of P4-enabled devices and network systems; (4) seamless compatibility with ns-3; (5) better scalability over other P4 behavioral model validation tools. We proposed and prototyped NS4 by integrating a P4 behavioral model in ns-3, and evaluated its effectiveness by a user case study. Source codes and examples of NS4 are publicly available at https://ns-4.github.io/

Mihai-Valentin Dumitru,Vlad-Andrei Bădoiu,Costin Raiciu

2024-06-20

Abstract:Languages such as P4 and NPL have enabled a wide and diverse range of networking applications that take advantage of programmable dataplanes. However, software development in these languages is difficult. To address this issue, high-level languages have been designed to offer programmers powerful abstractions that reduce the time, effort and domain-knowledge required for developing networking applications. These languages are then translated by a compiler into P4/NPL code. Inspired by the recent success of Large Language Models (LLMs) in the task of code generation, we propose to raise the level of abstraction even higher, employing LLMs to translate prose into high-level networking code. We analyze the problem, focusing on the motivation and opportunities, as well as the challenges involved and sketch out a roadmap for the development of a system that can generate high-level dataplane code from natural language instructions. We present some promising preliminary results on generating Lucid code from natural language.

Networking and Internet Architecture,Machine Learning

Peng Zheng,Theophilus A. Benson,Chengchen Hu

DOI: https://doi.org/10.1109/jsac.2020.2986693

IF: 16.4

2020-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Programmable data planes, PDPs, enable an unprecedented level of flexibility and have emerged as a promising alternative to existing data planes. Despite the rapid development and prototyping cycles that PDPs promote, the existing PDP ecosystem lacks appropriate abstractions and algorithms to support these rapid testing and deployment life-cycles. In this paper, we propose P4Visor, a lightweight virtualization abstraction that provides testing primitives as a first-order citizen of the PDP ecosystem. P4Visor can efficiently support multiple PDP programs through a combination of compiler optimizations and program analysis-based algorithms. P4Visor's algorithm improves over state-of-the-art techniques by significantly reducing the resource overheads associated with embedding numerous versions of a PDP program into hardware. To demonstrate the efficiency and viability of P4Visor, we implemented and evaluated P4Visor on both a software switch and an FPGA-based hardware switch using fourteen of different PDP programs. Our results demonstrate that P4Visor introduces minimal overheads and is one order of magnitude more efficient than existing PDPs primitives for concurrently supporting multiple programs.