Repository files navigation

This repository contains an experimentalP4 program to enable a Virtual Private Cloud with P4 based switches.

P4VPC tries to emulate Amazon VPC solution as described inthis presentation.

• Execute
• Topology YAML
• Demo

git clone https://github.com/joncastro/p4vpccd p4vpcpip install -r requirements.txtpython p4vpc-commands.pysudo mnp4

• MiniP4

p4vpc-commands.py script generates all the required P4 switch commands for the given topology.

The topology YAML file follows theMiniP4 definition and only addscustomer optional property with it sets to1 by default is not given.

Givenp4-topo.yml topology contains two customers with the same number of hosts and ip addresses. This demo explains how run and test network reachability between hosts belonging to the same customer.

The topology contains two customerred andblue. Both customer contains the same number of hosts and ip addresses. Host mac addresses are unique.

Each customer has two subnets:10.0.0.0/24 and192.168.0.0/24.

• pinging two hosts in the same subnet

The hosts that starts the ping will first send an ARP request to discover the mac address of the destination host. Notice that the ARP request is returned directly by the P4 switch using the tablearp_reply and this ARP request is not flooded into the network. P4 captures the ARP packet and transforms the packet into ARP reply sending it back to the host. P4 switches are pre-populated with the mac addresses on the same subnet.

Then, the source host sends an ICMP request to the destination switch. The initial P4 switch captures the IP packet and encapsulate into a new header type calledvpc. This encapsulation mechanism contains the customer, source and destination switch, and source and destination IP.

The packet is transmitted through the network and the egress P4 switch will remove thevpc header and deliver the packet to the destination host.

The ICMP reply from the destination host to the source switch is treated in the same way.

Testing

Ping from hosth102red toh103red.

mininet> h102red ping h103redPING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=4.40 ms

To ensureh103red is the one replying to the ICMP packet, executeh102red nc h103red 8888 which will return the mac address and then very that it is the same as the one by executeh103red ifconfig eth0

Note: all hosts creates a netcat process listening on 8888 which returns the mac address of eth0 usingscripts/netcat_hostname.sh script.

mininet> h102red nc h103red 8888eth0 00:00:00:00:00:67mininet> h103red ifconfig eth0nohup: appending output to ‘nohup.out’eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:67          inet addr:10.0.0.3  Bcast:10.0.0.255  Mask:255.255.255.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:14 errors:0 dropped:0 overruns:0 frame:0          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000          RX bytes:1060 (1.0 KB)  TX bytes:705 (705.0 B)mininet>

• pinging two hosts in different subnets

In this case, two hosts in different subnets require a gateway in between to talk each other. Notice, this gateway does not really exists in our topology and P4VPC emulates this non-existing gateway. When the hosts send the ARP requests to obtain the gateway mac address, the P4 switch will capture and convert that packet into a reply with the fictitious gateway mac address.

Then the source host will send a ICMP packet to the destination host and P4 switches will perform the same encapsulation. The only difference is the ethernet source and destination mac address will be overwritten to the gateway on destination switch before delivering into the port.

Testing

Ping from hosth102red toh202red.

mininet> h102red ping h202redPING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=2.13 ms

To ensureh202red is the one replying to the ICMP packet, executeh102red nc h202red 8888 which will return the mac address and then very that it is the same as the one by executeh202red ifconfig eth0

mininet> h102red nc h202red 8888eth0 00:00:00:00:00:camininet> h202red ifconfig eth0eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:ca          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:16 errors:0 dropped:0 overruns:0 frame:0          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000          RX bytes:1200 (1.2 KB)  TX bytes:1013 (1.0 KB)mininet>