[P4-dev] creating a counter on p4_16

Mostafa Abdallah. Ammar mostafaammar at aast.edu
Mon Oct 2 04:02:10 EDT 2017


Dear Hemant,


In current switches or routers Control plane policing (COPP) is responsible for traffic  targeting router or switch control plane, for example I am sending ping to router ip address or management traffic for router or switch.


In my case I am  targetting traffic passing or forwarded through router or switch ,  for example I have a server connected to a switch port and I want to detect any DOS attack targetting this server. Using P4 benefits I can make a threshold for certain type of traffic . If ping traffic to the server from another PC reaches certain threshold the switch blocks connection to server.

?

Best Regards,

Eng. Mostafa Abdallah Ammar,Msc.
Head of Information Security Department
CCIE security #23971
Arab Academy For Science And Technology & maritime Transport
Computer Networks & Data Center (CNDC)
Mobile: 002 01001983674
________________________________
From: hemant at mnkcg.com <hemant at mnkcg.com>
Sent: Sunday, October 1, 2017 10:56 PM
To: Mostafa Abdallah. Ammar; p4-dev at lists.p4.org
Subject: RE: [P4-dev] creating a counter on p4_16

With a ping packet ingressed into a forwarding plane, unless the packet destination is destined  for_us (any IP address on the router/switch), the ping request in punted (diverted) to the control plane to generate a ping reply.  For the diverted packet, one would use COPP (Control Plane Policing) - I don't think there is a P4 program in public domain for COPP.  Also, see https://tools.ietf.org/html/rfc6192.   If you want to rate-limit for_us packets in the forwarding plane, I don't think a P4 rate limiter exists either.  Forwarding plane rate limiting is tricky, because you'd slow down performance for every packet to inspect if the packet if a ping packet and the packet is destined for_us.

In summary, stick to COPP in the control plane.  If you do, the problem is out of scope for the p4-dev mailer.  P4 is a language to program a forwarding plane.

Hemant


From: P4-dev [mailto:p4-dev-bounces at lists.p4.org] On Behalf Of Mostafa Abdallah. Ammar
Sent: Sunday, October 01, 2017 3:02 PM
To: p4-dev at lists.p4.org
Subject: [P4-dev] creating a counter on p4_16


?Dear All,



Kindly I want to detect large amount of traffic in small time and drop traffic generator using p4_16 . I want this feature to work in addition to normal ip forwarding.



for example I want to count ping packets if it reached a certain threshold it is considered an atttack and attacker should be blocked.

any guidance for this implementation.


Best Regards,

Eng. Mostafa Abdallah Ammar,Msc.
Head of Information Security Department
CCIE security #23971
Arab Academy For Science And Technology & maritime Transport
Computer Networks & Data Center (CNDC)
Mobile: 002 01001983674
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p4.org/pipermail/p4-dev_lists.p4.org/attachments/20171002/bbe58aa1/attachment-0002.html>


More information about the P4-dev mailing list