[P4-dev] creating a counter on p4_16

hemant at mnkcg.com hemant at mnkcg.com
Mon Oct 2 10:54:07 EDT 2017


For your use case, you could use the P4 heavy hitter.

 

https://github.com/p4lang/tutorials/tree/master/SIGCOMM_2016/heavy_hitter

 

Hemant

 

From: Mostafa Abdallah. Ammar [mailto:mostafaammar at aast.edu] 
Sent: Monday, October 02, 2017 4:02 AM
To: hemant at mnkcg.com; p4-dev at lists.p4.org
Subject: RE: [P4-dev] creating a counter on p4_16

 

Dear Hemant,

 

In current switches or routers Control plane policing (COPP) is responsible for traffic  targeting router or switch control plane, for example I am sending ping to router ip address or management traffic for router or switch.

 

In my case I am  targetting traffic passing or forwarded through router or switch ,  for example I have a server connected to a switch port and I want to detect any DOS attack targetting this server. Using P4 benefits I can make a threshold for certain type of traffic . If ping traffic to the server from another PC reaches certain threshold the switch blocks connection to server. 

​

 

Best Regards,

Eng. Mostafa Abdallah Ammar,Msc.
Head of Information Security Department
CCIE security #23971
Arab Academy For Science And Technology & maritime Transport
Computer Networks & Data Center (CNDC)
Mobile: 002 01001983674

  _____  

From: hemant at mnkcg.com <mailto:hemant at mnkcg.com>  <hemant at mnkcg.com <mailto:hemant at mnkcg.com> >
Sent: Sunday, October 1, 2017 10:56 PM
To: Mostafa Abdallah. Ammar; p4-dev at lists.p4.org <mailto:p4-dev at lists.p4.org> 
Subject: RE: [P4-dev] creating a counter on p4_16 

 

With a ping packet ingressed into a forwarding plane, unless the packet destination is destined  for_us (any IP address on the router/switch), the ping request in punted (diverted) to the control plane to generate a ping reply.  For the diverted packet, one would use COPP (Control Plane Policing) – I don’t think there is a P4 program in public domain for COPP.  Also, see https://tools.ietf.org/html/rfc6192.   If you want to rate-limit for_us packets in the forwarding plane, I don’t think a P4 rate limiter exists either.  Forwarding plane rate limiting is tricky, because you’d slow down performance for every packet to inspect if the packet if a ping packet and the packet is destined for_us.

 

In summary, stick to COPP in the control plane.  If you do, the problem is out of scope for the p4-dev mailer.  P4 is a language to program a forwarding plane. 

 

Hemant

 

 

From: P4-dev [mailto:p4-dev-bounces at lists.p4.org] On Behalf Of Mostafa Abdallah. Ammar
Sent: Sunday, October 01, 2017 3:02 PM
To: p4-dev at lists.p4.org <mailto:p4-dev at lists.p4.org> 
Subject: [P4-dev] creating a counter on p4_16

 

​Dear All,

 

Kindly I want to detect large amount of traffic in small time and drop traffic generator using p4_16 . I want this feature to work in addition to normal ip forwarding.

 

for example I want to count ping packets if it reached a certain threshold it is considered an atttack and attacker should be blocked.

any guidance for this implementation.

 

Best Regards,

Eng. Mostafa Abdallah Ammar,Msc.
Head of Information Security Department
CCIE security #23971
Arab Academy For Science And Technology & maritime Transport
Computer Networks & Data Center (CNDC)
Mobile: 002 01001983674

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p4.org/pipermail/p4-dev_lists.p4.org/attachments/20171002/3ac7e7d4/attachment-0002.html>


More information about the P4-dev mailing list