Highlighting the Gap Between Expected and Actual Behavior in P4-enabled Networks

摘要

Modern networks increasingly rely on Software-defined Networking (SDN) and Network Function Virtualization (NFV) to augment their flexibility in high load scenarios. To further enhance the performance, a part of the functionality is often offloaded to forwarding devices, which are used as hardware accelerators and are configured by high level programming languages such as P4. However, hardware vendors use sophisticated technologies to implement these standards, which need to be understood by the programmer to avoid unintended behavior. In this demonstration we highlight the severe consequences of only relying on the network programming language when ignoring the device-specific limitations. We show this by the example of a Denial of Service attack against a P4-enabled SmartNIC. Finally, we discuss possible mitigations to this attack and stress the importance of an overall understanding of the entire system.