

# **P4** Language Tutorial



# What is Data Plane Programming?

Why program the Data Plane?



# Status Quo: Bottom-up design





### A Better Approach: Top-down design





# **Benefits of Data Plane Programmability**

- New Features Add new protocols
- Reduce complexity Remove unused protocols
- Efficient use of resources flexible use of tables
- Greater visibility New diagnostic techniques, telemetry, etc.
- SW style development rapid design cycle, fast innovation, fix data plane bugs in the field
- You keep your own ideas

Think programming rather than protocols...



# **Programmable Network Devices**

- PISA: Flexible Match+Action ASICs
  - Intel Flexpipe, Cisco Doppler, Cavium (Xpliant), Barefoot Tofino, ...
- NPU
  - EZchip, Netronome, ...
- · CPU
  - Open Vswitch, eBPF, DPDK, VPP...
- FPGA
  - Xilinx, Altera, ...

These devices let us tell them how to process packets.



### What can you do with P4?

- Layer 4 Load Balancer SilkRoad[1]
- Low Latency Congestion Control NDP[2]
- Fast In-Network cache for key-value stores NetCache[3]
- In-band Network Telemetry INT[4]
- Consensus at network speed NetPaxos[5]
- · ... and much more

- [1] Miao, Rui, et al. "SilkRoad: Making Stateful Layer-4 Load Balancing Fast and Cheap Using Switching ASICs." SIGCOMM, 2017.
- [2] Handley, Mark, et al. "Re-architecting datacenter networks and stacks for low latency and high performance." SIGCOMM, 2017.
- [3] Xin Jin et al. "NetCache: Balancing Key-Value Stores with Fast In-Network Caching." To appear at SOSP 2017
- [4] Kim, Changhoon, et al. "In-band network telemetry via programmable dataplanes." SIGCOMM. 2015.
- [5] Dang, Huynh Tu, et al. "NetPaxos: Consensus at network speed." SIGCOMM, 2015.



### **Brief History and Trivia**

```
May 2013:
                  Initial idea and the name "P4"
• July 2014:
                  First paper (SIGCOMM ACR)
• Aug 2014:
                  First P4<sub>14</sub> Draft Specification (v0.9.8)
                  P4<sub>14</sub> Specification released (v1.0.0)
• Sep 2014:
                  P4<sub>14</sub> v1.0.1
• Jan 2015:
• Mar 2015:
                  P4<sub>14</sub> v1.0.2
                  P4<sub>14</sub> v1.0.3
• Nov 2016:
                  P4_{14}^{17} v1.0.4
• May 2017:
                  P4<sub>16</sub> – first commits
• Apr 2016:

    Dec 2016: First P4<sub>16</sub> Draft Specification
```

P4<sub>16</sub> Specification released



• May 2017:

# P4\_16 Data Plane Model



# **PISA: Protocol-Independent Switch Architecture**





#### **PISA** in Action

- Packet is parsed into individual headers (parsed representation)
- Headers and intermediate results can be used for matching and actions
- Headers can be modified, added or removed
- Packet is departed (serialized)





# P4<sub>16</sub> Language Elements





# P4\_16 Approach

| Term            | Explanation                                                                                                     |
|-----------------|-----------------------------------------------------------------------------------------------------------------|
| P4 Target       | An embodiment of a specific hardware implementation                                                             |
| P4 Architecture | Provides an interface to program a target via some set of P4-programmable components, externs, fixed components |





# **Programming a P4 Target**





# Lab 1: Basics



### Before we start...

- Install VM image (Look for instructor with USB sticks)
- Please make sure that your VM is up to date
  - ∘\$ cd ~/tutorials && git pull
- ·We'll be using several software tools pre-installed on the VM
  - •Bmv2: a P4 software switch
  - ∘p4c: the reference P4 compiler
  - •Mininet: a lightweight network emulation environment
- Each directory contains a few scripts
  - •\$ make : compiles P4 program, execute on Bmv2 in Mininet, populate tables
  - •\*.py: send and receive test packets in Mininet
- Exercises
  - •Each example comes with an incomplete implementation; your job is to finish it!
  - •Look for "TODOs" (or peek at the P4 code in solution/ if you must)



### V1Model Architecture

Implemented on top of Bmv2's simple\_switch target





### V1Model Standard Metadata

```
struct standard metadata t {
  bit<9> ingress port;
  bit<9> egress_spec;
  bit<9> egress port;
  bit<32> clone spec;
  bit<32> instance type;
  bit<1> drop;
  bit<16> recirculate port;
  bit<32> packet length;
  bit<32> eng timestamp;
  bit<19> eng qdepth;
  bit<32> deg timedelta;
  bit<19> deq qdepth;
   bit<48> ingress_global_timestamp;
  bit<32> 1f field list;
  bit<16> mcast grp;
  bit<1> resubmit flag;
   bit<16> egress_rid;
   bit<1> checksum error;
```

- ingress\_port the port on which the packet arrived
- egress\_spec the port to which the packet should be sent to
- egress\_port the port on which the packet is departing from (read only in egress pipeline)



# P4<sub>16</sub> Program Template (V1Model)

```
#include <core.p4>
#include <v1model.p4>
/* HEADERS */
struct metadata { ... }
struct headers {
  ethernet t ethernet;
  ipv4 t
               ipv4;
/* PARSER */
parser MyParser(packet in packet,
          out headers hdr,
          inout metadata meta,
         inout standard metadata t smeta) {
/* CHECKSUM VERIFICATION */
control MyVerifyChecksum(in headers hdr,
                         inout metadata meta) -
/* INGRESS PROCESSING */
control MyIngress(inout headers hdr,
                  inout metadata meta.
                  inout standard metadata t std meta) {
```

```
EGRESS PROCESSING */
control MyEgress(inout headers hdr,
                 inout metadata meta,
                 inout standard metadata t std meta) -
/* CHECKSUM UPDATE */
control MyComputeChecksum(inout headers hdr,
                          inout metadata meta) {
/* DEPARSER */
control MyDeparser(inout headers hdr,
                   inout metadata meta) {
/* SWITCH */
V1Switch(
  MyParser(),
  MyVerifyChecksum(),
  MyIngress(),
  MyEgress(),
  MyComputeChecksum(),
  MyDeparser()
  main;
```

# P4<sub>16</sub> Hello World (V1Model)

```
#include <core.p4>
#include <v1model.p4>
struct metadata {}
struct headers {}
parser MyParser(packet in packet,
   out headers hdr,
   inout metadata meta,
   inout standard metadata t standard metadata) {
    state start { transition accept; }
control MyVerifyChecksum(inout headers hdr, inout metadata
meta) { apply { } }
control MyIngress(inout headers hdr,
   inout metadata meta,
   inout standard metadata t standard metadata) {
apply {
        if (standard metadata.ingress port == 1) {
            standard metadata.egress spec = 2;
         else if (standard metadata.ingress port == 2) {
            standard metadata.egress spec = 1;
```

```
control MyEgress(inout headers hdr,
  inout metadata meta,
  inout standard metadata t standard metadata) {
    apply { }
control MyComputeChecksum(inout headers hdr, inout metadata
meta) {
     apply { }
control MyDeparser(packet out packet, in headers hdr) {
    apply { }
V1Switch(
  MyParser(),
  MyVerifyChecksum(),
  MyIngress(),
  MyEgress(),
  MyComputeChecksum(),
  MyDeparser()
) main:
```

# P4<sub>16</sub> Hello World (V1Model)

```
#include <core.p4>
#include <v1model.p4>
struct metadata {}
struct headers {}
parser MyParser(packet in packet, out headers hdr,
   inout metadata meta,
   inout standard metadata t standard metadata) {
    state start { transition accept; }
control MyIngress(inout headers hdr, inout metadata meta,
   inout standard metadata t standard metadata) {
    action set egress spec(bit<9> port) {
        standard metadata.egress spec = port;
   table forward {
        key = { standard metadata.ingress port: exact;
        actions = {
            set egress spec;
            NoAction;
        size = 1024:
        default action = NoAction();
    apply { forward.apply(); }
```

```
control MyEgress(inout headers hdr,
  inout metadata meta,
  inout standard metadata t standard metadata) {
    apply { }
control MyVerifyChecksum(inout headers hdr, inout metadata
meta) { apply { } }
control MyComputeChecksum(inout headers hdr, inout metadata
meta) { apply { } }
control MyDeparser(packet_out packet, in headers hdr) {
   apply { }
V1Switch( MyParser(), MyVerifyChecksum(), MyIngress(),
MyEgress(), MyComputeChecksum(), MyDeparser() ) main;
```

| Key | Action Name     | Action Data |
|-----|-----------------|-------------|
| 1   | set_egress_spec | 2           |
| 2   | set_egress_spec | 1           |

# Running Example: Basic Forwarding

•We'll use a simple application as a running example—a basic router—to illustrate the main features of P4<sub>16</sub>

### Basic router functionality:

- Parse Ethernet and IPv4 headers from packet
- •Find destination in IPv4 routing table
- Update source / destination MAC addresses
- Decrement time-to-live (TTL) field
- Set the egress port
- Deparse headers back into a packet
- •We've written some starter code for you (basic.p4) and implemented a static control plane



# **Basic Forwarding: Topology**



# P4<sub>16</sub> Types (Basic and Header Types)

```
typedef bit<48> macAddr t;
typedef bit<32> ip4Addr t;
header ethernet t {
 macAddr t dstAddr;
 macAddr t srcAddr;
  bit<16> etherType;
header ipv4 t {
 bit<4>
          version:
 bit<4>
         ihl;
         diffserv;
 bit<8>
 bit<16> totalLen;
 bit<16> identification;
 bit<3>
         flags;
 bit<13> fragOffset;
 bit<8>
          ttl;
         protocol;
 bit<8>
 bit<16>
           hdrChecksum:
 ip4Addr t srcAddr;
 ip4Addr t dstAddr;
```

#### **Basic Types**

- bit<n>: Unsigned integer (bitstring) of size n
- bit is the same as bit<1>
- int<n>: Signed integer of size n (>=2)
- varbit<n>: Variable-length bitstring

#### **Header Types:** Ordered collection of members

- Can contain bit<n>, int<n>, and varbit<n>
- Byte-aligned
- Can be valid or invalid
- Provides several operations to test and set validity bit: isValid(), setValid(), and setInvalid()

**Typedef:** Alternative name for a type



# P4<sub>16</sub> Types (Other Types)

```
/* Architecture */
struct standard metadata t {
  bit<9> ingress port;
  bit<9> egress spec;
  bit<9> egress port;
  bit<32> clone spec;
  bit<32> instance type;
  bit<1> drop;
  bit<16> recirculate port;
  bit<32> packet length;
/* User program */
struct metadata {
struct headers {
  ethernet t ethernet;
  ipv4 t
              ipv4;
```

#### Other useful types

- Struct: Unordered collection of members (with no alignment restrictions)
- Header Stack: array of headers
- Header Union: one of several headers



25

# P4<sub>16</sub> Parsers

- Parsers are functions that map packets into headers and metadata, written in a state machine style
- Every parser has three predefined states
  - start
  - accept
  - reject
- Other states may be defined by the programmer
- In each state, execute zero or more statements, and then transition to another state (loops are OK)





26

# Parsers (V1Model)

```
/* From core.p4 */
extern packet in {
                                                                                   MyParser
  void extract<T>(out T hdr);
  void extract<T>(out T variableSizeHeader,
            in bit<32> variableFieldSizeInBits);
                                                                               packet_in
                                                                                                 hdr
  T lookahead<T>();
  void advance(in bit<32> sizeInBits);
  bit<32> length();
                                                                               meta
                                                                                               meta
/* User Program */
parser MyParser(packet_in packet,
                                                 The platform Initializes
          out headers hdr,
                                                   User Metadata to 0
          inout metadata meta,
          inout standard metadata t std meta) {
                                                                                   standard meta
  state start {
     packet.extract(hdr.ethernet);
     transition accept;
```



#### **Select Statement**

```
state start {
   transition parse_ethernet;
}

state parse_ethernet {
   packet.extract(hdr.ethernet);
   transition select(hdr.ethernet.etherType) {
      0x800: parse_ipv4;
      default: accept;
   }
}
```

P4<sub>16</sub> has a select statement that can be used to branch in a parser

Similar to case statements in C or Java, but without "fall-through behavior"—i.e., break statements are not needed

In parsers it is often necessary to branch based on some of the bits just parsed

For example, etherType determines the format of the rest of the packet

Match patterns can either be literals or simple computations such as masks



# **Coding Break**



# P4<sub>16</sub> Controls

- Similar to C functions (without loops)
- Can declare variables, create tables, instantiate externs, etc.
- Functionality specified by code in apply statement
- Represent all kinds of processing that are expressible as DAG:
  - Match-Action Pipelines
  - Deparsers
  - Additional forms of packet processing (updating checksums)
- Interfaces with other blocks are governed by user- and architecture-specified types (typically headers and metadata)



# **Example: Reflector (V1Model)**

#### **Desired Behavior:**

- Swap source and destination MAC addresses
- Bounce the packet back out on the physical port that it came into the switch on



### **Example: Simple Actions**

```
control MyIngress(inout headers hdr,
                  inout metadata meta,
                  inout standard metadata t std meta) {
  action swap mac(inout bit<48> src,
                  inout bit<48> dst) {
    bit<48> tmp = src;
    src = dst;
    dst = tmp;
  apply {
    swap mac(hdr.ethernet.srcAddr,
             hdr.ethernet.dstAddr);
    std meta.egress spec = std meta.ingress port;
```

- Very similar to C functions
- Can be declared inside a control or globally
- Parameters have type and direction
- Variables can be instantiated inside
- Many standard arithmetic and logical operations are supported

No division/modulo

- Non-standard operations:
  - Bit-slicing: [m:l] (works as I-value too)
  - Bit Concatenation: ++



# P4<sub>16</sub> Tables

### The fundamental unit of a Match-Action Pipeline

- Specifies what data to match on and match kind
- Specifies a list of possible actions
- Optionally specifies a number of table properties
  - Size
  - Default action
  - Static entries
  - etc.

### Each table contains one or more entries (rules)

### An entry contains:

- A specific key to match on
- A single action that is executed when a packet matches the entry
- Action data (possibly empty)



# **Tables: Match-Action Processing**





### **Example: IPv4\_LPM Table**



| Key         | Action       | Action Data                         |
|-------------|--------------|-------------------------------------|
| 10.0.1.1/32 | ipv4_forward | dstAddr=00:00:00:00:01:01<br>port=1 |
| 10.0.1.2/32 | drop         |                                     |
| *`          | NoAction     |                                     |

### Data Plane (P4) Program

- Defines the format of the table
  - Key Fields
  - Actions
  - Action Data
- Performs the lookup
- Executes the chosen action

# Control Plane (IP stack, Routing protocols)

- Populates table entries with specific information
  - Based on the configuration
  - Based on automatic discovery
  - Based on protocol calculations



# IPv4\_LPM Table

```
table ipv4_lpm {
   key = {
     hdr.ipv4.dstAddr: lpm;
   actions = {
     ipv4_forward;
     drop;
     NoAction;
   size = 1024;
   default_action = NoAction();
```



#### **Match Kinds**

```
/* core.p4 */
match_kind {
    exact,
    ternary,
    1pm
/* v1model.p4 */
match_kind {
    range,
    selector
/* Some other architecture */
match_kind {
    regexp,
    fuzzy
```

- The type match\_kind is special in P4
- The standard library (core.p4) defines three standard match kinds
  - Exact match
  - Ternary match
  - I PM match
- The architecture (v1model.p4) defines
   two additional match kinds:
  - range
  - selector
- Other architectures may define (and provide implementation for) additional match kinds



## **Defining Actions for L3 forwarding**

```
/* core.p4 */
action NoAction() {
/* basic.p4 */
action drop() {
  mark to drop();
/* basic.p4 */
action ipv4 forward(macAddr t dstAddr,
                    bit<9> port) {
```

- Actions can have two different types of parameters
  - Directional (from the Data Plane)
  - Directionless (from the Control Plane)
- Actions that are called directly:
  - Only use directional parameters
- Actions used in tables:
  - Typically use directionless parameters
  - May sometimes use directional parameters too



Action Execution



#### **Applying Tables in Controls**

```
control MyIngress(inout headers hdr,
                  inout metadata meta,
                  inout standard_metadata_t standard_metadata) {
 table ipv4_lpm {
    . . .
  apply {
     ipv4_lpm.apply();
```



# P4<sub>16</sub> Deparsing

```
/* From core.p4 */
extern packet out {
  void emit<T>(in T hdr);
/* User Program */
control DeparserImpl(packet out packet,
                     in headers hdr) {
  apply {
    packet.emit(hdr.ethernet);
```

- Assembles the headers back into a well-formed packet
- Expressed as a control function
  - No need for another construct!
- packet\_out extern is defined in core.p4: emit(hdr): serializes header if it is valid
- Advantages:
  - Makes deparsing explicit...
     ...but decouples from parsing



40

# **Coding Break**



#### Makefile: under the hood





## **Step 1: P4 Program Compilation**





#### **Step 2: Preparing veth Interfaces**



#### \$ sudo ~/p4lang/tutorials/examples/veth setup.sh

```
# ip link add name veth0 type veth peer name veth1
# for iface in "veth0 veth1"; do
    ip link set dev ${iface} up
    sysctl net.ipv6.conf.${iface}.disable_ipv6=1
    TOE_OPTIONS="rx tx sg tso ufo gso gro lro rxvlan txvlan rxhash"
    for TOE_OPTION in $TOE_OPTIONS; do
        /sbin/ethtool --offload $intf "$TOE_OPTION"
    done
    done
```





#### **Step 3: Starting the model**







45

## **Step 4: Starting the CLI**

\$ simple\_switch\_CLI







46

## Working with Tables in simple\_switch\_CLI

```
RuntimeCmd: show tables
m filter
                                  [meta.meter tag(exact, 32)]
m table
                                  [ethernet.srcAddr(ternary, 48)]
RuntimeCmd: table info m table
                                  [ethernet.srcAddr(ternary, 48)]
m table
nop
[]m action
                                    [meter idx(32)]
RuntimeCmd: table dump m table
                                                               Value and mask for ternary
m table:
                                                               matching. No spaces around
                                                                                                Entry priority
0: aaaaaaaaaaa &&& fffffffffff => m action - 0,
                                                                       "&&&"
SUCCESS
RuntimeCmd: table add m table m action 01:00:00:00:00:00:00:00:00:00:00:00 => 1 0
Adding entry to ternary match table m table
match key:
                      TERNARY-01:00:00:00:00:00 &&& 01:00:00:00:00
action:
                      m action
runtime data:
                      00:00:00:05
                                                                                            "=>" separates the key
                                                                                             from the action data
SUCCESS
entry has been added with handle 1
                                                All subsequent
RuntimeCmd: table delete 1
                                               operations use the
                                                 entry handle
```



#### **Step 5: Sending and Receiving Packets**





## **Basic Tunneling**

- Add support for basic tunneling to the basic IP router
- Define a new header type (myTunnel) to encapsulate the IP packet
- •myTunnel header includes:
  - proto\_id : type of packet being encapsulated
  - dst\_id : ID of destination host
- Modify the switch to perform routing using the myTunnel header



## **Basic Tunneling TODO List**

- Define myTunnel\_t header type and add to headers struct
- Update parser
- Define myTunnel\_forward action
- Define myTunnel\_exact table
- Update table application logic in MyIngress apply statement
- Update deparser
- Adding forwarding rules



# **Basic Forwarding: Topology**



# **Coding Break**



#### P4→NetFPGA

- Prototype and evaluate P4 programs in real hardware!
- 4x10G network interfaces
- Special price for academic users :)
- https://github.com/NetFPGA/P4-NetFPGA-public/wiki





## Fin!



#### **Debugging**

```
control MyIngress(...) {
  table debug {
    key = {
      std meta.egress spec : exact;
    actions = { }
 apply {
     debug.apply();
```

- Bmv2 maintains logs that keep track of how packets are processed in detail
  - /tmp/p4s.s1.log
  - /tmp/p4s.s2.log
  - /tmp/p4s.s3.log
- Can manually add information to the logs by using a dummy debug table that reads headers and metadata of interest

```
*[15:16:48.145] [bmv2] [D]
[thread 4090] [96.0] [cxt 0]
Looking up key:
* std_meta.egress_spec : 2
```

