Installing flow rules through the data plane?

Nowadays, when I want to install new flow rules in a P4 compatible switch, I need to have a controller and use a communication protocol like P4 Runtime to install new flow rules in the switch’s tables.

Will it be possible in a near future to install new table flow rules directly with P4 code in the data plane?

I attended the 2021 P4 Workshop and I am almost certain that I heard someone mentioning this future feature, but I cannot find the reference.
Now I am writing a Master thesis and that would be an interesting information and reference to include in my article.

The Portable NIC Architecture (PNA) specification includes a new add_on_miss property for tables that, when true, enables the default action for a table to add a new entry to the table. See Section named “Tables with add-on-miss capability” here: GitHub - p4lang/pna: Portable NIC Architecture

The proposed restrictions there are enough to satisfy many common use cases, and make it easier for hardware to implement. Basically the restrictions are:

  • allowing add_on_miss equal to true need only be supported for tables with all keys exact match
  • an entry can only be added to a table in the P4 program from the default action, i.e. when a search is done on the table, and no matching entry was found
  • the key of the new entry added must be the key that was just searched for and missed, i.e. you cannot choose an arbitrary key to add to the table from the data plane.

Even with those restrictions, that is enough to implement common desired features. For example you can implement a table with a key that is an application-level TCP/UDP flow 5-tuple (IP source & dest address, protocol, L4 source & dest port), and maintain some information about each such flow, adding new ones in the data plane as packets arrive.

1 Like

Just to elaborate on @andyfingerhut 's reply –

It is important to understand that P4 language itself does not describe how the entries are added to the tables or deleted from them. However, it provides plenty of mechanisms that make it possible to express the capabilities of certain targets/architectures to manage table entries from the data plane as long as these capabilities are present.

This is a very important distinction, since different targets may (and do) use a variety of mechanisms to accomplish this task (and this task is not at all trivial). Sometimes these mechanisms might be similar/compatible (which is what PNA tries to capture with regards to some existing NIC implementations) and sometimes they might be completely different.

In general, except for the very basic things defined in the P4 Language Specification as well, the rest is always target- and architecture-dependent and needs to be discussed as such.