Research On Reliability Guarantee Of Programmable Data Plane Based On P4

With the rapid development of network technology,programmable data plane technology is used to solve the limitations in existing network equipment.Programming Protocol-independent Packet Processors(P4)[1] is a representative programmable data plane technology that provides packet processing abstraction in network hardware in the form of high-level programming languages.The enhancement of programmable functions also brings network reliability problems: the correctness of P4 program code is closely related to the security of the network； at the same time,with the isolation between the programmable control plane and the data plane,malicious modification of the data plane in the programmable network runtime will result in inconsistent forwarding behavior between the data plane and the control plane,and the packets in the network are forwarded in the network in a way that cannot achieve the expected effect of the control plane,which poses a security risk to the network and reduces the reliability of the programmable network.For the reliability guarantee of programmable network runtime and focusing on two problems of control-data plane forwarding behavior inconsistency and packet forwarding loops,this thesis proposes a lightweight forwarding behavior consistency check method and a lightweight packet forwarding loop detection method.The specific contributions of this thesis are as follows:1.A lightweight reliability guarantee method for programmable network runtime based on control-data plane forwarding behavior consistency check is proposed.In this thesis,by mapping different flows to the different register units of programmable switches,the register value indicates that the flow has passed through the current device.When the forwarding behavior of the flow on the data plane changes,the device can timely discover the change of the actual forwarding behavior of the packet according to the corresponding register value,and collect the actual forwarding path of the packet.The control plane parses the expected forwarding rule configuration file in advance to quickly determine whether the change of the actual forwarding behavior of the flow on the data plane conforms to the expected policy of the control plane.The method enables in-band network telemetry only in the first packet of a flow and the packet whose actual forwarding behavior changes,effectively reducing the extra bandwidth overhead.This thesis evaluates the bandwidth overhead and consistency check time overhead of the method through experiments,and the results show that the method responds quickly to inconsistent packet forwarding behavior and brings low additional bandwidth overhead；2.A lightweight reliability guarantee method for programmable network runtime based on packet forwarding loop detection is proposed.In this thesis,at the beginning of each timing period of the ingress switch,the header of the data packet marks the position of the flag for forwarding loop detection as a valid value.The register in the programmable switch is used as a counter for each data flow.When the header flag bit of the data packet is valid,the counter corresponding to the flow is incremented,and the switch judges whether there is a packet forwarding loop in the network according to the characteristic that when the data packet is normally forwarded in the network,the non-incremented counter value in the current switch that the data packet passes through is always smaller than the incremented counter value of the previous hop switch.The method reduces the proportion of telemetry data packets in the data flow by periodically changing the flag bit,and simultaneously records less telemetry data in the telemetry data packets,and judges the forwarding loop more efficiently.In this thesis,the error coverage,bandwidth overhead and response time to errors of the method are evaluated through experiments,and the experimental results show that the method is highly sensitive to the packet forwarding loop problem and brings a lower additional network bandwidth overhead；3.Combining two lightweight methods for module division,a prototype of a programmable data plane reliability assurance method for forwarding consistency and forwarding loop problems is implemented.This thesis introduces the implementation details of the two methods in detail according to the module division,and shows the implementation of the method for solving the two types of problems in combination with the actual scene.This thesis evaluates the impact of path change frequency and loop detection cycle on the actual network bandwidth through experiments.The experimental results show that the prototype can effectively reduce the extra bandwidth overhead caused by in band network telemetry.