VCP4: Virtualization of the Programmable Data Plane for Security Protocol

Xianwei ZHU; Chaowen CHANG; Xi QIN; Zhibin ZUO

doi:10.11999/JEIT190720

Volume 43 Issue 1

Jan. 2021

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2021 > 43(1): 226-233

Xianwei ZHU, Chaowen CHANG, Xi QIN, Zhibin ZUO. VCP4: Virtualization of the Programmable Data Plane for Security Protocol[J]. Journal of Electronics & Information Technology, 2021, 43(1): 226-233. doi: 10.11999/JEIT190720

Citation:

Xianwei ZHU, Chaowen CHANG, Xi QIN, Zhibin ZUO. VCP4: Virtualization of the Programmable Data Plane for Security Protocol[J]. Journal of Electronics & Information Technology, 2021, 43(1): 226-233. doi: 10.11999/JEIT190720

Citation:

PDF( 3172 KB)

VCP4: Virtualization of the Programmable Data Plane for Security Protocol

doi: 10.11999/JEIT190720

School of Crpytographic Engineering, PLA Strategic Support Force Information Engineering University, Zhengzhou 450004, China

Funds: The National Natural Science Foundation of China (61572517)

Received Date: 2019-09-17
Rev Recd Date: 2020-08-30

Available Online: 2020-09-16

Publish Date: 2021-01-15

Abstract

Abstract

With the development of network security technology, network security protocol emerges one by one, which requires functional support from network forwarding devices. Due to the independence of protocols, the programmable data plane enables rapid deployment of security protocols. However, the current programmable data plane has the problem that the header is parsed multiple times, the exclusive data plane and the cryptographic algorithm are difficult to implement. In view of the above problems, VCP4(Virtualization Cryptogram P4) as a virtualized programmable data plane for security protocols is proposed, which reduces the number of parsing times and improves the header parsing efficiency by introducing a description header. The control flow queue generator and the dynamic mapping table are used to achieve the virtualization of the programmable data plane, thereby realizing the isolation of the data plane under the multi-tenant and solving the problem of the exclusive data plane. A cryptographic algorithm primitive is added to the VCP4 language compiler to implement a cryptographic algorithm that can be reused. Finally, the VCP4 resource utilization, virtualization performance and security protocol performance are evaluated. The results show that the implementation of VCP4 brings less performance loss, and the code amount can be reduced by 50%.
- Cryptographic algorithm primitive,
- Programmable data plane,
- Description header,
- Virtualization,
- Control flow queue generator,
- Dynamic mapping table

FullText(HTML)

References(16)

References

MCKEOWN N. Software-defined networking[C]. IEEE International Conference on Computer Communications, Rio de Janeiro, Brazil, 2009: 30–32.

MCKEOWN N. OpenFlow 1.3[EB/OL].https://github.com/CPqD/ofsoftswitch1.3/, 2006.

曹作伟, 陈晓, 倪宏, 等. 应用于协议无感知转发交换机的流缓存方法[J]. 电子与信息学报, 2018, 40(11): 2772–2778. doi: 10.11999/JEIT180042

CAO Zuowei, CHEN Xiao, NI Hong, et al. Flow caching in protocol oblivious forwarding switches[J]. Journal of Electronics &Information Technology, 2018, 40(11): 2772–2778. doi: 10.11999/JEIT180042

CHOLE S, FINGERHUT A, MA Sha, et al. dRMT: Disaggregated programmable switching[C]. ACM Special Interest Group on Data Communication, Los Angeles, USA, 2017: 1–14. doi: 10.1145/3098822.3098823.

BOSSHART P, DALY D, GIBB G, et al. Programming protocol-independent packet processors[J]. ACM SIGCOMM Computer Communication Review, 2014, 44(3): 87–95. doi: 10.1145/2656877.2656890

HANCOCK D and VAN DER MERWE J. Hyper4: Using P4 to virtualize the programmable data plane[C]. The 12th International on Conference on Emerging Networking Experiments and Technologies, Irvine, USA, 2016: 35–49. doi: 10.1145/2999572.2999607.

ZHANG Cheng, BI Jun, ZHOU Yu, et al. HyperVDP: High-performance virtualization of the programmable data plane[J]. IEEE Journal on Selected Areas in Communications, 2019, 37(3): 556–569. doi: 10.1109/JSAC.2019.2894308

ZHOU Yu and BI Jun. ClickP4: Towards modular programming of P4[C]. SIGCOMM Posters and Demos, Los Angeles, USA, 2017: 100–102. doi: 10.1145/3123878.3132000.

季新生, 徐水灵, 刘文彦, 等. 一种面向安全的虚拟网络功能动态异构调度方法[J]. 电子与信息学报, 2019, 41(10): 2435–2441. doi: 10.11999/JEIT181130

JI Xinsheng, XU Shuiling, LIU Wenyan, et al. A security-oriented dynamic and heterogeneous scheduling method for virtual network function[J]. Journal of Electronics &Information Technology, 2019, 41(10): 2435–2441. doi: 10.11999/JEIT181130

BANSAL M, MEHLMAN J, KATTI S, et al. OpenRadio: A programmable wireless dataplane[C]. The 1st Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 109–114. doi: 10.1145/2342441.2342464.

NORDAL A Ø, KVALNES Å, PETTERSEN R, et al. Streaming as a hypervisor service[C]. The 7th International Workshop on Virtualization Technologies in Distributed Computing, New York, USA: 2013: 33–40. doi: 10.1145/2465829.2465831.

BOSSHART P. P4-bmv2[EB. OL]. https://github.com/p4lang/behavioral-model, 2017.

LIU J, HALLAHAN W, SCHLESINGER C, et al. P4v: Practical verification for programmable data planes[C]. 2018 ACM Special Interest Group on Data Communication, Budapest, Hungary, 2018: 490–503. doi: 10.1145/3230543.3230582.

IBANEZ S, BREBNER G, MCKEOWN N, et al. The P4-> NetFPGA workflow for line-rate packet processing[C]. 2019 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, Seaside, USA, 2019: 1–9. doi: 145/3289602.3293924.

MARTINEZ-YELMO I, ALVAREZ-HORCAJO J, BRISO-MONTIANO M, et al. ARP-P4: A hybrid Arp-path/p4runtime switch[C]. The 26th IEEE International Conference on Network Protocols, Cambridge, UK, 2018: 438–439. doi: 10.1109/ICNP.2018.00062.

BOSSHART P. Behavioral-model[EB/OL]. https://github.com/p4lang/behavioral-model, 2017.

Relative Articles

Supplements(0)

Cited By

Proportional views