3,087 research outputs found
Recommended from our members
A Programmable Framework for Validating Data Planes
Due to the emerging trend of programmable network hardware, developers have begun to explore ways to accelerate various applications and services. As a result, there is a pressing need for new tools and techniques for debugging network devices. This paper presents NetDebug, a fully programmable hardware-software framework for validating and real-time debugging of programmable data planes. We describe validation use cases, compare our design to alternative solutions, and present a preliminary evaluation using a prototype implementation.Leverhulme Trust, Isaac Newton Trust, Swiss National Science Foundation (SNSF
Checking-in on Network Functions
When programming network functions, changes within a packet tend to have
consequences---side effects which must be accounted for by network programmers
or administrators via arbitrary logic and an innate understanding of
dependencies. Examples of this include updating checksums when a packet's
contents has been modified or adjusting a payload length field of a IPv6 header
if another header is added or updated within a packet. While static-typing
captures interface specifications and how packet contents should behave, it
does not enforce precise invariants around runtime dependencies like the
examples above. Instead, during the design phase of network functions,
programmers should be given an easier way to specify checks up front, all
without having to account for and keep track of these consequences at each and
every step during the development cycle. In keeping with this view, we present
a unique approach for adding and generating both static checks and dynamic
contracts for specifying and checking packet processing operations. We develop
our technique within an existing framework called NetBricks and demonstrate how
our approach simplifies and checks common dependent packet and header
processing logic that other systems take for granted, all without adding much
overhead during development.Comment: ANRW 2019 ~ https://irtf.org/anrw/2019/program.htm
P4Testgen: An Extensible Test Oracle For P4
We present P4Testgen, a test oracle for the P4-16 language that supports
automatic generation of packet tests for any P4-programmable device. Given a P4
program and sufficient time, P4Testgen generates tests that cover every
reachable statement in the input program. Each generated test consists of an
input packet, control-plane configuration, and output packet(s), and can be
executed in software or on hardware. Unlike prior work, P4Testgen is open
source and extensible, making it a general resource for the community.
P4Testgen not only covers the full P4-16 language specification, it also
supports modeling the semantics of an entire packet-processing pipeline,
including target-specific behaviors-i.e., whole-program semantics. Handling
aspects of packet processing that lie outside of the official specification is
critical for supporting real-world targets (e.g., switches, NICs, end host
stacks). In addition, P4Testgen uses taint tracking and concolic execution to
model complex externs (e.g., checksums and hash functions) that have been
omitted by other tools, and ensures the generated tests are correct and
deterministic. We have instantiated P4Testgen to build test oracles for the
V1model, eBPF, and the Tofino (TNA and T2NA) architectures; each of these
extensions only required effort commensurate with the complexity of the target.
We validated the tests generated by P4Testgen by running them across the entire
P4C program test suite as well as the Tofino programs supplied with Intel's P4
Studio. In just a few months using the tool, we discovered and confirmed 25
bugs in the mature, production toolchains for BMv2 and Tofino, and are
conducting ongoing investigations into further faults uncovered by P4Testgen
Decentralized trust in the inter-domain routing infrastructure
Inter-domain routing security is of critical importance to the Internet since it prevents unwanted traffic redirections. The current system is based on a Public Key Infrastructure (PKI), a centralized repository of digital certificates. However, the inherent centralization of such design creates tensions between its participants and hinders its deployment. In addition, some technical drawbacks of PKIs delay widespread adoption. In this paper we present IPchain, a blockchain to store the allocations and delegations of IP addresses. IPchain leverages blockchains' properties to decentralize trust among its participants, with the final goal of providing flexible trust models that adapt better to the ever-changing geopolitical landscape. Moreover, we argue that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case, and that blockchains offer relevant technical advantages when compared to existing systems, such as simplified management. In order to show its feasibility and suitability, we have implemented and evaluated IPchain's performance and scalability storing around 350k IP prefixes in a 2.5 GB chain.Peer ReviewedPostprint (published version
- …