A Programmable Framework for Validating Data Planes by Bressana, Pietro et al.
A Programmable Framework
for Validating Data Planes
Pietro Bressana






Universitá della Svizzera italiana
robert.soule@usi.ch
ABSTRACT
Due to the emerging trend of programmable network hard-
ware, developers have begun to explore ways to accelerate
various applications and services. As a result, there is a press-
ing need for new tools and techniques for debugging network
devices. This paper presents NetDebug, a fully programmable
hardware-software framework for validating and real-time
debugging of programmable data planes. We describe valida-
tion use cases, compare our design to alternative solutions,
and present a preliminary evaluation using a prototype im-
plementation.
CCS CONCEPTS
• Networks → Programmable networks; In-network
processing; •Hardware→ Networking hardware; Bug
detection, localization and diagnosis;
KEYWORDS
Data plane validation; Programmable networks; Networking
hardware
1 INTRODUCTION
The way in which we use network devices is changing. The
emerging trend of programmable data planes [2] has lead to
increased interest in in-network computing, a form of hard-
ware acceleration in which applications and services tra-
ditionally running on servers are executed on network de-
vices [5, 6]. This begs the question: Given that in-network
computing is asking network devices to do so much more work,
how can we be sure that they behave correctly?
Validating the correctness of software applications is widely
regarded as a difficult task [3]. The challenges become more
acute when moving programs to the network hardware, for
several reasons. First, the separation of the control plane
and data plane makes it hard to reason about the exact con-
figuration in which a program is run. Second, debugging
network devices often depends on network traffic. Once a
switch stops sending packets, existing tools have no way
to diagnose error. Third, network programming languages,
such as P4 [4], are designed to be target-independent by ab-
stracting away architecture-specific details. Although this
increases code portability, it can lead to problems; code may
Figure 1: The proposed architecture
have undefined behavior on some targets, and compiler may
support only a subset of the language specification.
There is clearly a need for new tools and techniques to
support network debugging. To address these challenges, we
introduce NetDebug, a programmable hardware-software
framework, which provides validation and real-time debug-
ging of programmable data planes.
2 SYSTEM OVERVIEW
NetDebug provides a fully programmable test infrastructure
inside network devices. It allows debugging in real time at
full line rate. NetDebug is deployed in parallel to live traf-
fic. Developers write test and validation code using P4. We
chose P4 because it was designed specifically for network
programming and has been widely adopted on a number of
hardware platforms [7–9]. However, NetDebug is indepen-
dent from the language of the application. It can validate
data planes designed using a number of different workflows
and languages, including high level synthesis, P4, C/C# and
hardware description languages.
The NetDebug architecture, shown in Figure 1, is com-
posed of two hardware modules implemented inside the
target network platform: a test packet generator and an out-
put packet checker. Both modules are managed by a software
tool, running on a host computer, which uses a dedicated
interface to configure the generation of test packets and
to collect test results. The hardware infrastructure, which
is fully programmable through P4 language, is internally
connected to the data plane under test. This design allows
NetDebug to validate the data plane while avoiding the sur-
rounding hardware, including the network interfaces. Users
can generate custom test packets and inject them directly
into the data plane under test, while running verification on
output packets at line rate, at real time. This is specifically
beneficial for programmable data planes, where the same
architecture is used for many different programs. If a bug
prevents packets from being correctly forwarded to the out-
put interfaces of the device, users can find where the fault
occurred, even inside the data plane.
3 USE-CASES
NetDebug can be applied to a wide range of use cases, in-
cluding but not limited to:
• Functional testing: finding functional bugs in the data
plane and in the control plane
• Performance testing: performance metrics, such as
throughput, packet rate and latency
• Compiler check: finding limitations in the compiler
• Architecture check: finding limitations in the
architecture
• Resources quantification: evaluating the consumption
of hardware resources
• Status monitoring: providing periodic internal status
information
• Comparison: comparing alternative specifications of the
same program
Figure 2: Use-cases
Figure 2 summarizes the capabilities of NetDebug com-
pared to related work. Software formal verification tools [3]
can check functional correctness. They can not be used to test
a hardware implementation, since verification is performed
only on the software specification of the programs. External
network testers [1] are able to run only partial tests related to
functional, performance, compiler and architecture use-cases,
since they lack a “internal view” of the device under test,
as they are limited by the external interfaces of a device,
and have no visibility into internal data plane failures. For
the same reason, they are unable to test either the resources
or status monitoring use-cases. NetDebug can perform full
comparisons, since it is able to run tests related to all the
discussed use-cases. Software formal verification tools and
external network testers can make comparisons based on
the use-cases that they are able to test.
4 EVALUATION
We have implemented a prototype of NetDebug on NetFPGA
SUME [11] using Xilinx SDNet [10], which translates P4 spec-
ifications into a hardware module. We have used NetDebug
to debug several data plane programs.
Preliminary experiments have already provided some use-
ful insights. For example, using NetDebug, we discovered
that the reject parser state, an essential feature of P4 lan-
guage, is not implemented by SDNet. This meant that any
packet coming into the data plane was sent out to the next
hop, even if it was supposed to be dropped. Our framework
immediately detected this severe bug, that would not be no-
ticed by applying software formal verification to the data
plane program [3].
5 CONCLUSIONS
We have presented NetDebug, a programmable framework
for validating data planes. NetDebug leverages both the P4
language and hardware design to provide flexibility and vis-
ibility into programmable network devices. We have built
a prototype of NetDebug, and used it to detect a bug not
visible through software formal verification tools. As in-
network computing becomes increasingly popular, NetDe-
bug addresses an urgent need for improved tools and tech-
niques for data plane debugging and verification.
Acknowledgments This work is partially supported by
SNSF award 407540_167173 and Doc.Mobility fellowship
P1TIP2_178657 and by the Leverhulme Trust (ECF-2016-289)
and the Isaac Newton Trust.
REFERENCES
[1] G. Antichi, M. Shahbaz, Y. Geng, N. Zilberman, A. Covington, M.
Bruyere, N. Mckeown, N. Feamster, B. Felderman, M. Blott, A. W.
Moore, and P. Owezarski. September 2014. OSNT: Open Source Net-
work Tester. IEEE Network (September 2014).
[2] P. Bosshart, G. Gibb, H. Kim, G. Varghese, N. McKeown, M. Izzard, F.
Mujica, and M. Horowitz. August 2013. Forwarding Metamorphosis:
Fast Programmable Match-action Processing in Hardware for SDN.
SIGCOMM Computer Communication Review (CCR) (August 2013).
[3] C. Cascaval, N. Foster, W. Hallahan, J. Lee, J. Liu, N. McKeown, C.
Schesinger, M. Sharif, R. Soulé, and H. Wang. August 2018. p4v: Prac-
tical Verification for Programmable Data Planes. ACM SIGCOMM
2
Conference on Applications, Technologies, Architectures, and Protocols
for Computer Communications (SIGCOMM) (August 2018).
[4] The P4 Language Consortium. May 2017. "P416 Language specification
(v1.0.0)". https://p4.org/p4-spec/docs/P4-16-v1.0.0-spec.html
[5] X. Jin, X. Li, H. Zhang, N. Foster, J. Lee, R. Soulé, C. Kim, and I. Sto-
ica. April 2018. NetChain: Scale-Free Sub-RTT Coordination. In 15th
USENIX Symposium on Networked Systems Design and Implementation
(NSDI).
[6] X. Jin, X. Li, H. Zhang, R. Soulé, J. Lee, N. Foster, C. Kim, and I. Stoica.
October 2017. NetCache: Balancing Key-Value Stores with Fast In-
Network Caching. In Proceedings of the 26th Symposium on Operating
Systems Principles (SOSP).
[7] Netronome. June 2018. Netronome SmartNICs. https://www.
netronome.com/
[8] Barefoot Networks. June 2018. Barefoot Tofino. https://
barefootnetworks.com/products/brief-tofino/
[9] Xilinx. June 2018. What is an FPGA? https://www.xilinx.com/
products/silicon-devices/fpga/what-is-an-fpga.html
[10] Xilinx. June 2018. Xilinx SDNet. https://www.xilinx.com/products/
design-tools/software-zone/sdnet.html
[11] N. Zilberman, Y. Audzevich, G. A. Covington, and A.W.Moore. Septem-
ber 2014. NetFPGA SUME: Toward 100 Gbps as Research Commodity.
IEEE Micro (September 2014).
3
