skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: P4NFV: P4 Enabled NFV Systems with SmartNICs
Software Defined Networking (SDN) and Network Function Virtualization (NFV) are transforming Data Center (DC), Telecom, and enterprise networking. The programmability offered by P4 enables SDN to be more protocol-independent and flexible. Data Centers are increasingly adopting SmartNICs (sNICs) to accelerate packet processing that can be leveraged to support packet processing pipelines and custom Network Functions (NFs). However, there are several challenges in integrating and deploying P4 based SDN control as well as host and sNIC-based programmable NFs. These include configuration and management of the data plane components (Host and sNIC P4 switches) for the SDN control plane and effective utilization of data plane resources. P4NFV addresses these concerns and provides a unified P4 switch abstraction framework to simplify the SDN control plane, reducing management complexities, and leveraging a host-local SDN Agent to improve the overall resource utilization. The SDN agent considers the network-wide, host, and sNIC specific capabilities and constraints. Based on workload and traffic characteristics, P4NFV determines the partitioning of the P4 tables and optimal placement of NFs (P4 actions) to minimize the overall delay and maximize resource utilization. P4NFV uses Mixed Integer Linear Programming (MILP) based optimization formulation and achieves up to 2. 5X increase in system capacity while minimizing the delay experienced by flows. P4NFV considers the number of packet exchanges, flow size, and state dependency to minimize the delay imposed by data transmission over PCI Express interface.  more » « less
Award ID(s):
1823270
PAR ID:
10197029
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)
Page Range / eLocation ID:
1 to 7
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 2022 IEEE 30th International Conference on Network Protocols (ICNP))
    The 5G user plane function (UPF) is a critical inter-connection point between the data network and cellular network infrastructure. It governs the packet processing performance of the 5G core network. UPFs also need to be flexible to support several key control plane operations. Existing UPFs typically run on general-purpose CPUs, but have limited performance because of the overheads of host-based forwarding. We design Synergy, a novel 5G UPF running on SmartNICs that provides high throughput and low latency. It also supports monitoring functionality to gather critical data on user sessions for the prediction and optimization of handovers during user mobility. The SmartNIC UPF efficiently buffers data packets during handover and paging events by using a two-level flow-state access mechanism. This enables maintaining flow-state for a very large number of flows, thus providing very low latency for control and data planes and high throughput packet forwarding. Mobility prediction can reduce the handover delay by pre-populating state in the UPF and other core NFs. Synergy performs handover predictions based on an existing recurrent neural network model. Synergy's mobility predictor helps us achieve 2.32× lower average handover latency. Buffering in the SmartNIC, rather than the host, during paging and handover events reduces packet loss rate by at least 2.04×. Compared to previous approaches to building programmable switch-based UPFs, Synergy speeds up control plane operations such as handovers because of the low P4-programming latency leveraging tight coupling between SmartNIC and host. 
    more » « less
  2. ; ; ; (, IEEE Military Communications Conference (MILCOM))
    A virtual firewall based on Network Function Virtualization (NFV) with Software Defined Networking (SDN) provides high scalability and flexibility for low-cost monitoring of legacy networks by dynamically deploying virtual network appliances rather than traditional hardware-based appliances. However, full utilization of virtual firewalls requires efficient management of computer virtualization resources and on-demand placement of virtual firewalls by steering traffic to the correct routing path using an SDN controller. In this paper, we design P4Guard, a software-based configurable firewall based on a high-level domain-specific language to specify packet processing logic using P4. P4Guard is a protocol-independent and platform-agnostic software-based firewall that can be incorporated into software switches that is highly usable and deployable. We evaluate the efficiency of P4Guard in processing traffic, compared to our previous virtual firewall in NFV. 
    more » « less
  3. ; ; ; ; (, ACM)
    Software-defined networking (SDN) in conjunction with programmable switches revolutionizes network management, yet crafting optimal switch configurations remains complex. Traditional P4 optimizations rely on data plane level tuning. In this paper, we argue an essential piece for such optimizations is the control plane itself. We present P4CGO, a P4 compilation framework which focuses on realizing specifications based on control policies. P4CGO leverages user-defined objective functions and control plane policies to guide P4 program optimization through table merging and splitting. We have prototyped P4CGO and applied it solving real-world policy optimization problems. 
    more » « less
  4. ; ; ; (, IEEE 14th Annual Ubiquitous Computing, Electronics & Mobile Communications (UEMCON 2023))
    P4 (Programming Protocol-Independent Packet Processors) represents a paradigm shift in network programmability by providing a high-level language to define packet processing behavior in network switches/devices. The importance of P4 lies in its ability to overcome the limitations of OpenFlow, the previous de facto standard for software-defined networking (SDN). Unlike OpenFlow, which operates on fixed match-action tables, P4 offers an approach where network operators can define packet processing behaviors at various protocol layers. P4 provides a programmable platform to create and implement custom network switches/devices protocols. However, this opens a new attack surface for threat actors who can access P4-enabled switches/devices and manipulate custom protocols for malicious purposes. Attackers can craft malicious packets to exploit protocol-specific vulnerabilities in these network devices. This ongoing research work proposes a blockchain-based model to secure P4 custom protocols. The model leverages the blockchain’s immutability, tamperproof ability, distributed consensus for protocol governance, and auditing to guarantee the transparency, security, and integrity of custom protocols defined in P4 programmable switches. The protocols are recorded as transactions and stored on the blockchain network. The model's performance will be evaluated using execution time in overhead computation, false positive rate, and network scalability. 
    more » « less
  5. ; ; ; (, IEEE)
    The rapid evolution of Software-Defined Networking (SDN) has transformed network management by decoupling the control and data planes. It provides centralized control, enhanced flexibility, and programmability of network management services. However, this centralized control introduces security vulnerabilities and challenges related to data integrity, unauthorized access, and resource management. In addition, it brings forth significant challenges in secure and scalable data storage and computational resource management. These challenges are further increased by the need for real-time processing and the ever-increasing volume of data. To address these challenges, this paper presents a scalable blockchain-based framework for security and computational resource management in SDN architectures. The proposed framework ensures decentralized and tamper-resistant data handling and utilizes smart contracts for automated resource allocation. Due to the need for advanced security and scalability in SDN networks, this work incorporates sharding to improve parallel processing capabilities. The performance of sharded versus non-sharded blockchain systems under various network conditions is evaluated. Our findings demonstrate that the sharded blockchain model enhances scalability and throughput with robust security and fault tolerance. The framework is also assessed for its performance, scalability, and security to enhance SDN resilience against data breaches, malicious activities, and inefficient resource distribution. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email