p4v
play

p4v Practical Verification for Programmable Data Planes Jed Liu - PowerPoint PPT Presentation

Jan 20, 2024 •154 likes •725 views

p4v Practical Verification for Programmable Data Planes Jed Liu Robert Soul Bill Hallahan Han Wang Cole Schlesinger Clin Cacaval Milad Sharif Nick McKeown Jeongkeun Lee Nate Foster Fixed-function routers... Fixed-function

  1. p4v Practical Verification for Programmable Data Planes Jed Liu Robert Soulé Bill Hallahan Han Wang Cole Schlesinger Călin Caşcaval Milad Sharif Nick McKeown Jeongkeun Lee Nate Foster

  2. Fixed-function routers...

  3. Fixed-function routers... ...how do we know that they work? (with apologies to Insane Clown Posse)

  4. Fixed-function routers... ...how do we know that they work? By testing!

  5. Fixed-function routers... ...how do we know that they work? By testing! ● Expensive — lots of packet formats & protocols ● Pay cost once, during manufacturing

  6. Programmable routers... (specifically, programmable data planes) ...how do they work? Arista 7170 series switches

  7. Programmable routers... (specifically, programmable data planes) Barefoot Tofino chip ...how do they work? Arista 7170 series switches

  8. Programmable routers... (specifically, programmable data planes) ...how do they work? Arista 7170 series switches

  9. Programmable routers... (specifically, programmable data planes) ● New hotness ○ Rapid innovation ○ Novel uses of network ✦ In-band network telemetry ✦ In-network caching ● No longer have economy of scale for traditional testing Arista 7170 series switches

  10. Let’s verify! Bit-level description of data-plane behaviour Give programmers language-based verification tools P4 also used as HDL for fixed-function devices Arista 7170 series switches

  11. p4v overview ● Automated tool for verifying P4 programs ● Considers all paths ○ But also practical for large programs ● Includes basic safety properties for any program ● Extensible framework ○ Verify custom, program-specific properties ○ Assert-style debugging

  12. Anatomy of a P4 program /* Headers and Instances */ /* Actions */ header_type ethernet_t { Actions action allow() { fields { modify_field(standard_metadata.egress_spec,1); dst_addr:48; } Modify headers, src_addr:48; action deny() { drop(); } ether_type:16; action nop() { } } specify forwarding action rewrite(dst_addr) { } modify_field(ipv4.dst_addr,dst_addr); header_type ipv4_t { Headers } fields { pre_ttl:64; /* Tables */ ttl:8; table acl { protocol:8; reads { checksum:16; ipv4.src_addr:lpm; Tables src_addr:32; ipv4.dst_addr:lpm; dst_addr:32; } } Apply actions actions { allow; deny; } } } header ethernet_t ethernet; based on header data header ipv4_t ipv4; table nat { reads { ipv4.dst_addr:lpm; } /* Parsers */ actions { rewrite; nop; } parser start { default_action: nop(); Parsers extract(ethernet); } return select(ethernet.ether_type) { 0x800: parse_ipv4; Convert bitstreams /* Controls */ default: ingress; Controls control ingress { } apply(nat); into headers } apply(acl); Sequences of tables parser parse_ipv4 { } extract(ipv4); return ingress; control egress { } }

  13. P4 hardware model PISA [SIGCOMM 2013] Protocol-Independent Switch Architecture Traffic Manager Parser Ingress Queuing Egress Deparser

  14. P4 by example ● P4 is a low-level language → many gotchas ● Let’s explore by example! ○ IPv6 router w/ access control list (ACL)

  15. P4 by example ● P4 is a low-level language → many gotchas ● Let’s explore by example! control ingress { apply(acl); } ○ IPv6 router w/ access control list (ACL) table acl { }

  16. P4 by example ● P4 is a low-level language → many gotchas ● Let’s explore by example! control ingress { apply(acl); } ○ IPv6 router w/ access control list (ACL) table acl { reads { ipv6.dstAddr: lpm ; } actions { allow; deny; } }

  17. P4 by example ● P4 is a low-level language → many gotchas ● Let’s explore by example! control ingress { apply(acl); } ○ IPv6 router w/ access control list (ACL) table acl { reads { ipv6.dstAddr: lpm ; } actions { allow; deny; } } action allow() { modify_field(std_meta.egress_spec, 1); }

  18. P4 by example ● P4 is a low-level language → many gotchas ● Let’s explore by example! control ingress { apply(acl); } ○ IPv6 router w/ access control list (ACL) table acl { reads { ipv6.dstAddr: lpm ; } actions { allow; deny; } } action allow() { modify_field(std_meta.egress_spec, 1); } action deny() { drop(); }

  19. P4 by example ● P4 is a low-level language → many gotchas ● Let’s explore by example! control ingress { apply(acl); } ○ IPv6 router w/ access control list (ACL) table acl { reads { ipv6.dstAddr: lpm ; } actions { allow; deny; } } action allow() { modify_field(std_meta.egress_spec, 1); } action deny() { drop(); } What could possibly go wrong?

  20. What if we didn’t receive an IPv6 packet? ipv6 header will be invalid What goes wrong Table reads arbitrary values control ingress { apply(acl); } → Intended ACL policy violated table acl { reads { ipv6.dstAddr: lpm ; } actions { allow; deny; } } action allow() { modify_field(std_meta.egress_spec, 1); } action deny() { drop(); }

  21. What if we didn’t receive an IPv6 packet? ipv6 header will be invalid What goes wrong Table reads arbitrary values control ingress { apply(acl); } → Intended ACL policy violated table acl { reads { ipv6.dstAddr: lpm ; } actions { allow; deny; } Can read values from a previous packet } → Side channel vulnerability! action allow() { modify_field(std_meta.egress_spec, 1); } action deny() { drop(); }

  22. What if we didn’t receive an IPv6 packet? ipv6 header will be invalid What goes wrong Table reads arbitrary values control ingress { apply(acl); } → Intended ACL policy violated table acl { reads { ipv6.dstAddr: lpm ; } actions { allow; deny; } Can read values from a previous packet } → Side channel vulnerability! action allow() { modify_field(std_meta.egress_spec, 1); } Real programs are complicated: action deny() { drop(); } hard to keep validity in your head Property #1: header validity

  23. What if acl table misses (no rule matches)? Forwarding decision is unspecified What goes wrong Forwarding behaviour depends on control ingress { apply(acl); } hardware table acl { reads { ipv6.dstAddr: lpm ; } ● May not do what you expect! actions { allow; deny; } ● Code not portable } action allow() { modify_field(std_meta.egress_spec, 1); } action deny() { drop(); } Property #2: unambiguous forwarding

  24. Let’s add 6in4 tunnelling! table tunnel_decap { ... ethernet ipv4 inner_ipv6 actions { decap_6in4; } etherType “ipv4” } action decap_6in4() { copy_header(ipv6, inner_ipv6); remove_header(inner_ipv6); } table tunnel_term { ... actions { term_6in4; } } action term_6in4() { remove_header(ipv4); modify_field(ethernet.etherType, 0x86dd); }

  25. Let’s add 6in4 tunnelling! table tunnel_decap { ... ethernet ipv4 inner_ipv6 actions { decap_6in4; } etherType “ipv4” } action decap_6in4() { tunnel_decap copy_header(ipv6, inner_ipv6); remove_header(inner_ipv6); ipv4 } ethernet ipv6 table tunnel_term { etherType “ipv4” ... actions { term_6in4; } } action term_6in4() { remove_header(ipv4); modify_field(ethernet.etherType, 0x86dd); }

  26. Let’s add 6in4 tunnelling! table tunnel_decap { ... ethernet ipv4 inner_ipv6 actions { decap_6in4; } etherType “ipv4” } action decap_6in4() { tunnel_decap copy_header(ipv6, inner_ipv6); remove_header(inner_ipv6); ipv4 } ethernet ipv6 table tunnel_term { etherType “ipv4” ... actions { term_6in4; } tunnel_term } action term_6in4() { ethernet ipv6 remove_header(ipv4); modify_field(ethernet.etherType, 0x86dd); etherType “ ipv6 ” }

  27. Let’s add 6in4 tunnelling! ipv4 ethernet ipv6 etherType “ipv4”

  28. A look behind the curtain In PISA, state is copied verbatim from ingress to egress... Traffic Manager Parser Ingress Egress Deparser 28

  29. A look behind the curtain In PISA, state is copied verbatim from ingress to egress… Some architectures use parser and deparser to bridge state! TM Parser Ingress Egress Deparser 29

  30. What if the architecture reparses the packet? ● IPv4 and IPv6 are mutually exclusive protocols What goes wrong ipv4 ethernet ipv6 etherType “ipv4”

  31. What if the architecture reparses the packet? ● IPv4 and IPv6 are mutually exclusive protocols What goes wrong ipv4 deparse ethernet ipv6 ipv4 ethernet ipv6 etherType “ipv4” etherType “ipv4”

  32. What if the architecture reparses the packet? ● IPv4 and IPv6 are mutually exclusive protocols What goes wrong ipv4 deparse parse ethernet ipv6 ipv4 ethernet ipv6 etherType “ipv4” etherType “ipv4”

  33. What if the architecture reparses the packet? ● IPv4 and IPv6 are mutually exclusive protocols What goes wrong ipv4 deparse parse ethernet ipv6 ipv4 ethernet ipv6 etherType “ipv4” etherType “ipv4” Property #3: reparseability

  34. Another look behind the curtain ● Hardware devices have limited resources ● Compilers have options to improve resource usage ○ e.g., if headers are mutually exclusive in parser, assume they stay mutually exclusive in rest of program ○ Mutually exclusive headers can be overlaid in memory! ipv4 inner_ipv6 ethernet ipv6

  35. What if headers share memory? ● IPv4 and IPv6 might be overlaid ethernet ipv4 inner_ipv6 etherType “ipv4” What goes wrong tunnel_decap Data corruption ● e.g., tunnel_decap clobbers ipv4 ipv4 ethernet ipv6 etherType “ipv4” Parsers are complicated in practice Hard to keep track of mutually exclusive states Property #4: mutual exclusion of headers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verilog for Testbenches Big picture: Two main Hardware Description Languages (HDL) out there

Verilog for Testbenches Big picture: Two main Hardware Description Languages (HDL) out there

Verilog for Testbenches Verilog for Testbenches Big picture: Two main Hardware Description Languages (HDL) out there VHDL Designed by committee on request of the DoD Based on Ada Verilog Designed by a company for their own

436 views • 18 slides
Toward a methodology for Unified Verification of HW/SW Co-designs Building a bridge between two

Toward a methodology for Unified Verification of HW/SW Co-designs Building a bridge between two

Toward a methodology for Unified Verification of HW/SW Co-designs Building a bridge between two worlds Florian Lugou <florian.lugou@telecom-paristech.fr> Ludovic Apvrille <ludovic.apvrille@telecom-paristech.fr> Aurlien

440 views • 30 slides
The Dataverse Network: An Infrastructure for Data Sharing Gary King Institute for Quantitative

The Dataverse Network: An Infrastructure for Data Sharing Gary King Institute for Quantitative

The Dataverse Network: An Infrastructure for Data Sharing Gary King Institute for Quantitative Social Science Harvard University (8/14/08 talk at UseR! 2008, Technische Universit at, Dortmund, Germany) (8/14/08 talk at UseR! 2008

1.89k views • 151 slides
Introduction t to o AXI Custom om I IP Cristi tian Sister erna na Universidad

Introduction t to o AXI Custom om I IP Cristi tian Sister erna na Universidad

Introduction t to o AXI Custom om I IP Cristi tian Sister erna na Universidad Nacional San Juan Argentina ICTP AXI - Custom IP Agen enda Describe the AXI4 transactions Summarize the AXI4 valid/ready acknowledgment model

886 views • 84 slides
One Patients Point of View DANNY VAN LEEUWEN Empowering people as they travel together

One Patients Point of View DANNY VAN LEEUWEN Empowering people as they travel together

2018 www.pccds-ln.org One Patients Point of View DANNY VAN LEEUWEN Empowering people as they travel together towards best health 2018 About Me An action catalyst empowering people traveling together toward best health, wears many hats in

472 views • 16 slides
Overview of the Patient Safety Component Objectives 1. Describe NHSN and its purposes 2. Define

Overview of the Patient Safety Component Objectives 1. Describe NHSN and its purposes 2. Define

Overview of the Patient Safety Component Objectives 1. Describe NHSN and its purposes 2. Define the authority and confidentiality protections for NHSN 3. Identify the requirements for participating in the Patient Safety Component 4. Describe

627 views • 46 slides
SWEN 383 Software Design Principles & Patterns The Proxy Pattern Basic Proxy * Overview

SWEN 383 Software Design Principles & Patterns The Proxy Pattern Basic Proxy * Overview

SWEN 383 Software Design Principles & Patterns The Proxy Pattern Basic Proxy * Overview Joe and Mary want to sign a contract. Joe is in Canada. Mary is in Argentina. * Overview Joe asks Sandy to be a proxy for Mary. Mary asks Pedro to

467 views • 25 slides
Ascertaining Death and Hospitalization Endpoints: The TRANSFORM-HF Experience Eric Eisenstein

Ascertaining Death and Hospitalization Endpoints: The TRANSFORM-HF Experience Eric Eisenstein

Ascertaining Death and Hospitalization Endpoints: The TRANSFORM-HF Experience Eric Eisenstein and Kevin Anstrom October 04, 2019 Presentation Outline Death Endpoint Explanatory vs. Pragmatic trial Data collection options

783 views • 42 slides
Using CMS Data for Research on Disparities in Health and Health Care Nathan D. Shippee, PhD

Using CMS Data for Research on Disparities in Health and Health Care Nathan D. Shippee, PhD

Using CMS Data for Research on Disparities in Health and Health Care Nathan D. Shippee, PhD Assistant Professor, Division of Health Policy and Management University of Minnesota Work performed under CMS Contract #HHSM-500-2013-00166C Overview

534 views • 17 slides
Financial Engineering and real options analysis in evaluation of health care technology: a forward

Financial Engineering and real options analysis in evaluation of health care technology: a forward

Financial Engineering and real options analysis in evaluation of health care technology: a forward approach Innovation in Healthcare Delivery Systems Symposium Austin, 2017 Thaleia Zariphopoulou IROM, McCombs School of Business Mathematics

649 views • 32 slides
PLAN MANAGEMENT ADVISORY GROUP November 10, 2016 WELCOME AND AGENDA REVIEW JAMES DEBENEDETTI,

PLAN MANAGEMENT ADVISORY GROUP November 10, 2016 WELCOME AND AGENDA REVIEW JAMES DEBENEDETTI,

PLAN MANAGEMENT ADVISORY GROUP November 10, 2016 WELCOME AND AGENDA REVIEW JAMES DEBENEDETTI, DIRECTOR PLAN MANAGEMENT DIVISION 1 AGENDA AGENDA Plan Management and Delivery System Reform Advisory Group Meeting and Webinar Thursday,

466 views • 33 slides
Adverse selection or advantageous selection: Medigap insurance market revisted. Yang Liu

Adverse selection or advantageous selection: Medigap insurance market revisted. Yang Liu

Adverse selection or advantageous selection: Medigap insurance market revisted. Yang Liu Department of Economics Wayne State University Outline - Introduction - Literature Review - Open issues - Hypothesis test and Methodology Introduction

326 views • 13 slides
Total Cost of Care (TCOC) Workgroup December 4, 2019 Agenda MPA Collection Timeline for Y3 1.

Total Cost of Care (TCOC) Workgroup December 4, 2019 Agenda MPA Collection Timeline for Y3 1.

Total Cost of Care (TCOC) Workgroup December 4, 2019 Agenda MPA Collection Timeline for Y3 1. Maryland Cost Drivers 2. Comprehensive Review of MPA Approach 3. Goals & principles of the MPA i. Options for different attributions

878 views • 60 slides
AASPIRE Healthcare Toolkit DORA M RAYMAKER, PHD, PORTLAND STATE UNIVERSITY CLARISSA KRIPKE, MD,

AASPIRE Healthcare Toolkit DORA M RAYMAKER, PHD, PORTLAND STATE UNIVERSITY CLARISSA KRIPKE, MD,

3/9/2018 Disclosures Dr. Raymaker and Dr. Kripke and our families have no relationships with commercial interests. AASPIRE Healthcare Toolkit DORA M RAYMAKER, PHD, PORTLAND STATE UNIVERSITY CLARISSA KRIPKE, MD, UNIVERSITY OF CALIFORNIA SAN

355 views • 16 slides
Clinical and Pharma Research August 18, 2020 Terri Lynn Palmer Director of Data Analytics

Clinical and Pharma Research August 18, 2020 Terri Lynn Palmer Director of Data Analytics

FHIR Advancing Clinical and Pharma Research August 18, 2020 Terri Lynn Palmer Director of Data Analytics Delaware Health Information Network Mike ONeill CEO MedicaSoft Native FHIR Clinical Data Repository Message & Document Parsers

587 views • 24 slides
Globus MEDICUS Standards Based Enterprise Architecture for Medical Image Publication, Discovery,

Globus MEDICUS Standards Based Enterprise Architecture for Medical Image Publication, Discovery,

Globus MEDICUS Standards Based Enterprise Architecture for Medical Image Publication, Discovery, and Archiving in HealthGrids Stephan G. Erberich, Ann Chervenak, Robert Schuler, Laura Pearlman, Jonathan C. Silverstein, Carl Kesselman 2

803 views • 37 slides
DSHS Grand Rounds . Logistics Registration for free continuing education (CE) hours or

DSHS Grand Rounds . Logistics Registration for free continuing education (CE) hours or

DSHS Grand Rounds . Logistics Registration for free continuing education (CE) hours or certificate of attendance through TRAIN at: https://tx.train.org Streamlined registration for individuals not requesting CE hours or a certificate of attendance

1.09k views • 88 slides
First Quarter Review 29 / January / 2016 Important Information NO OFFER OR SOLICITATION This

First Quarter Review 29 / January / 2016 Important Information NO OFFER OR SOLICITATION This

First Quarter Review 29 / January / 2016 Important Information NO OFFER OR SOLICITATION This communication is not intended to and does not constitute an offer to sell or the solicitation of an offer to subscribe for or buy or an invitation to

465 views • 33 slides
Digital Bridge Governance Principles Transparency: Stakeholders will have Utility: The governance

Digital Bridge Governance Principles Transparency: Stakeholders will have Utility: The governance

Digital Bridge Governance Principles Transparency: Stakeholders will have Utility: The governance body will prioritize visibility into the governance bodys work use of existing information technology and opportunities to provide

444 views • 29 slides
Design and Implementation of Web Forward Proxy with Shibboleth Authentication Shibboleth

Design and Implementation of Web Forward Proxy with Shibboleth Authentication Shibboleth

Design and Implementation of Web Forward Proxy with Shibboleth Authentication Shibboleth Authentication KOMURA Takaaki Kyoto University SANO Hiroaki Kyoto University Library DEMIZU Noritoshi OCTOPATH corporation MAKIMURA Ken OCTOPATH corporation

415 views • 25 slides
The National Broadband Plan Challenges and Opportunities for the RLEC Industry June 30, 2010 1

The National Broadband Plan Challenges and Opportunities for the RLEC Industry June 30, 2010 1

The National Broadband Plan Challenges and Opportunities for the RLEC Industry June 30, 2010 1 Agenda Introduction and Overview of the NBP Glenn Brown Rural Alliance Association Panel Bob Gnapp NECA Tom Wacker NTCA Randy

693 views • 33 slides
Health, Consumption, and Inequality Jay H. Hong Josep Pijoan-Mas Jos e V ctor R

Health, Consumption, and Inequality Jay H. Hong Josep Pijoan-Mas Jos e V ctor R

Health, Consumption, and Inequality Jay H. Hong Josep Pijoan-Mas Jos e V ctor R os-Rull SNU CEMFI Penn and UCL ERC/UCL/IFSConference on Savings and Risks: Micro and Macro Perspectives IFS - December 2016 PRELIMINARY

923 views • 51 slides
Brian Robertson, Ph.D. Jason Maurice, Ph.D. Patrick Madden Presentation Contents Survey

Brian Robertson, Ph.D. Jason Maurice, Ph.D. Patrick Madden Presentation Contents Survey

Vermont Division of Health Care Administration 2005 Vermont Household Health Insurance Survey Brian Robertson, Ph.D. Jason Maurice, Ph.D. Patrick Madden Presentation Contents Survey Objectives Survey Methodology Primary Type of

1.13k views • 98 slides
Sub-mW Integrated Power Management Systems for Hearing aids Applications Yanhai Cao 1 , Frdric

Sub-mW Integrated Power Management Systems for Hearing aids Applications Yanhai Cao 1 , Frdric

Sub-mW Integrated Power Management Systems for Hearing aids Applications Yanhai Cao 1 , Frdric Hasbani 1 , Dennis land Larsen 1,2 , Kim Rasmussen 1 1 GN Hearing A/S, Denmark, 2 Technical University of Denmark 1 Modern hearing aids Overview

360 views • 23 slides

More recommend