Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4...
Transcript of Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4...
![Page 1: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/1.jpg)
StefanHeule
Konstantin Weitz
WaqarMohsin
Leveraging P4 for Fixed Function Switches
![Page 2: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/2.jpg)
P4 on Programmable SwitchesP
rogr
amm
able
P
arse
r
MemoryALU
MemoryALU
MemoryALU
Pro
gram
mab
le
Dep
arse
r
MemoryALU
P4 Program
P4 program determines what the Hardware does
presenter: konne
![Page 3: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/3.jpg)
P4 on Fixed-Function Switches
P4 Program
Fixe
d P
arse
r
L3 Admit
L3 Routing
Access Control
Lists
Fixe
d D
epar
ser
Virtual Routing
and Forwarding
L2 Routing
Hardware determines what the P4 program does
presenter: konne
![Page 4: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/4.jpg)
P4 on Fixed-Function Switches
P4 Program
Fixe
d P
arse
r
L3 Admit
L3 Routing
Access Control
Lists
Fixe
d D
epar
ser
Virtual Routing
and Forwarding
L2 Routing
Hardware determines what the P4 program does
But, only model what we need:- skip unused features (e.g. L2)- tables only include actually
used keys and actions- table sizes are what we use- for configurable aspects, only
model our configuration- ...
presenter: konne
![Page 5: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/5.jpg)
Why would you want to do this?
Clear contract of switch behavior:● Enables operation of a heterogeneous fleet● Automatically generate switch config● Enables automated switch validation
presenter: konne
![Page 6: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/6.jpg)
Why would you want to do this?
Clear contract of switch behavior:● Enables operation of a heterogeneous fleet● Automatically generate switch config● Enables automated switch validation
presenter: konne
![Page 7: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/7.jpg)
Automated Switch Validation
![Page 8: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/8.jpg)
Automated Switch Validation
Test inputs are automatically generated, either from production data,
or by analyzing our P4 programs.
presenter: konne
![Page 9: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/9.jpg)
Automated Switch Validation
We validate a single switch chip, not the
whole network.
presenter: konne
![Page 10: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/10.jpg)
Automated Switch Validation
Test outputs are compared to a P4
program simulation.
presenter: konne
![Page 11: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/11.jpg)
How do we test the switch?
P4 Switch
ATPG: Automated Test Packet Generation
Dataplane
Replay production flows/groups
Fuzzer to randomly create flow/group insert/delete requests
P4RTControlplane
presenter: konne
![Page 12: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/12.jpg)
Controlplane Fuzz Testing
![Page 13: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/13.jpg)
Controlplane Fuzzing
Randomly generate flow requests according to P4 program grammar
- Mostly generate well-formed requests- Sometimes generate ill-formed ones- Intuition: Need to be well-formed enough to not get
rejected early
Send flow to switch, check that they are handled correctly
- E.g. well-formed insert must succeed (unless resource exhausted or already present)
- P4 allows us to accurately predict the expected error (or success)
P4 Switch
P4Runtime
Switch-Under-Test
RandomFlows
presenter: heule
![Page 14: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/14.jpg)
Controlplane Fuzzing: Resource exhaustion
Time
Flow
s
Resource Exhaustion Forbidden
Resource Exhaustion Allowed
Specified Resource
Limit
P4 Switch
P4Runtime
Switch-Under-Test
RandomFlows
presenter: heule
![Page 15: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/15.jpg)
Automated Test Packet Generation
![Page 16: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/16.jpg)
Automated Test Packet Generation Flows
Switch
Expected OutputPackets
Actual OutputPackets
Verify Match
Packet Generator
Input Packets
Legend:
Software
Controlplane
Dataplane
P4Runtime
P4 Simulator(BMv2)
P4Runtime
presenter: heule
![Page 17: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/17.jpg)
VRF DstIP
42 10.152.8/24
… ...
Generation Strategy: Hitting every flow on the switchVRF Classifier IPv4 LPM
EthType SrcMac Port Set VRF
0x800 aa:bb:cc:dd:ee:ff
* 1337
0x800 * 4 42
VRF == 42 & DstIP[32:16] == "10.152" // hit target IPv4 LPM flow
SAT solverfinds packets to
satisfy the formula
42 10.152/16
& !(VRF == 42 & DstIP[32:8] == "10.152.8") & !(...) // avoid all other IPv4 LPM flows
Want to hitthis flow
// encode VRF assignment & ((!(EthType == 0x800 & SrcMac == "aa:bb:cc:dd:ee:ff") & (EthType == 0x800 & Port == 4)) → VRF == 42)
presenter: konne
![Page 18: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/18.jpg)
Dataplane Testing: why SAT works
- Everything is finite(no lists, loops, recursion, etc)
- Switch semantics are rigorously defined in the P4 program
presenter: heule
![Page 19: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/19.jpg)
Dataplane Testing: why it works
Test oracle: Clear semantics allow simulator to precisely predict switch behavior
Test generation: Semantics are simple enough that tools can reason about them automatically
P4
OpenFlow
Lack of formal and computer-readable specification makes both difficult to do automatically
presenter: heule
![Page 20: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/20.jpg)
presenter: konnepresenter: konne
- Bugs in the Switch
- Bugs in our SDN Controller
- Bugs in our P4 specs
- Bugs in BMv2
What kind of Bugs did we find?
![Page 21: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/21.jpg)
Conclusion
![Page 22: Mohsin Konstantin Leveraging P4 for Stefan Waqar Fixed ... · P4 on Fixed-Function Switches P4 Program Fixed Parser L3 Admit L3 Routing Access Control Lists Fixed Deparser Virtual](https://reader030.fdocuments.net/reader030/viewer/2022040306/5ec9d16be90e6a6b90413007/html5/thumbnails/22.jpg)
P4 provides a clear contract of switch behavior:- Enables operation of a heterogeneous fleet- Can be used to generate switch config- Enables automated switch validation
(it's fast and finds a broad spectrum of bugs)
Key Takeaways
We're hiring!Email: {konne, heule, wmohsin}@google.com