Connection tracking in P4

andyfingerhut · June 8, 2023, 3:13pm

I am posting this here since I received a personal email with questions on these topics, but preferred to publish the answers here, in case they are of interest to anyone else.

Question 1:

I see the sample code for TCP connection tracking on P4 Github

github.com

p4lang/pna/blob/main/examples/pna-example-tcp-connection-tracking.p4

/*
Copyright 2021-2022 Intel Corporation

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include <core.p4>
#include "../pna.p4"

This file has been truncated. show original

plus two more example programs in this directory with ‘connection-tracking’ in their name: pna/examples at main · p4lang/pna · GitHub

Have you run it on the bmv2 test platform?

Answer 1:

No, I have not, because the add-on-miss feature has not been added to the BMV2 software switch. Yes, BMv2 is open source, and anyone with the necessary interest, time, and skill could do so, but so far, no one has volunteered to do so, nor been paid to do so (a lot of contributions to open source p4c are from people paid to do so as part of their job, as is common for many open source projects). If you know someone interested in and capable of doing so, their efforts are very welcome.

The add-on-miss feature has been added to the P4 DPDK software switch. There is a document I published showing one way to install P4 DPDK, with an example P4 program and a PTF test that demonstrates that at least basic add-on-miss capability does work there: p4-guide/README-install-ipdk-networking-container-ubuntu-20.04-and-test.md at master · jafingerhut/p4-guide · GitHub

Note: A section of that article mentions that there is very little debug tracing/logging capability for debugging your P4 programs on the P4 DPDK software switch, as compared to the BMv2 software switch. That could change in the future, but it is the current state of affairs as of 2023-June.

Question 2:

On the PNA architecture, if i want to debug the P4 TCP Conntrack function, is there a good debugging platform?

Answer 2:

Not an open source one that I am aware of, no. As explained above, as of 2023-June, there is the BMv2 software switch with good debugging/tracing capabilities, but no implementation of add-on-miss, and there is the P4 DPDK software switch with implementation of add-on-miss, but no good debugging/tracing capabilities. Contributions from anyone wishing to improve on this situation are welcome, but they are unlikely to be something one could do in a day. More like a few weeks for a good developer with nothing else to do, again depending upon pre-existing knowledge of the implementations, time, skill, interest, etc.

Question 3:

In the tcp-connect-state example, ct_tcp_table has add_on_miss and default_idle_timeout_for_data_plane_added_entries fields, which are the attributes of the table. What is the type of this property, and how does the P4 compiler know the size of the field?

Answer 3:

The names and types of values that all PNA-specific table properties can be assigned are given in the PNA specification document, in particular in this section: P4 Portable NIC Architecture (PNA)

Note that default_idle_timeout_for_data_plane_added_entries is not present in that table, because that table property name has been removed and replaced with assigning this table property instead: pna_idle_timeout = PNA_IdleTimeout_t.AUTO_DELETE. The example programs should be updated to match this – thanks for pointing out this obsolete part of the example programs. I can create a PR to fix that soon.

andyfingerhut · June 9, 2023, 5:02pm

I also received this follow-up question: You said to use pna_idle_timeout = PNA_IdleTimeout_t.AUTO_DELETE. What is the timeout time? Seems undefined.

Answer:

PNA defines that a target device should support multiple “expire time profile ids”, e.g. a device might support 4 expire time profile ids numbered 0 to 3, and the control plane API would provide an API for configuring the duration of each of these profiles independently of each other, e.g. profile id 0 might be configured as 30 sec, while profile id 1 is configured for 120 sec. Different table entries in the same table can have their expire time profile id chosen independently by the P4 program, and later modified when packets are processed, by calling the extern function named set_entry_expire_time: pna/pna.p4 at main · p4lang/pna · GitHub

Benvin · June 16, 2023, 2:48am

Thank you for your reply, with a lot of help.

Topic		Replies	Views
P4 and DPDK instructions	4	1435	August 18, 2022
English version of german BA thesis "Getting an easier start into P4" Getting Started with P4	3	366	September 17, 2023
Problems regarding p4 program on my linux machine	4	139	March 4, 2024
German Bachelor thesis for easier getting-into-P4 Getting Started with P4	5	642	May 25, 2023
How to implement softwared P4 switch in PC or general server to achieve better performance？ Getting Started with P4	7	1166	April 6, 2023

Connection tracking in P4

Related Topics