CyberTraining: Implementation: Small: Cybertraining on P4 Programmable Devices using an Online Scalable Platform with Physical and Virtual Switches and Real Protocol Stacks

网络培训：实施：小型：使用具有物理和虚拟交换机以及真实协议栈的在线可扩展平台在 P4 可编程设备上进行网络培训

• 批准号: 2118311
• 负责人: Jorge Crichigno
• 金额: $ 49.95万
• 依托单位: University of South Carolina at Columbia
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2118311&HistoricalAwards=false
• 关键词: CyberTraining; Implementation; Small; Cybertraining; P4

Traditionally, the data plane of network devices has been designed with fixed functions to forward data packets, using a small set of communication protocols. This closed-design paradigm has limited the capability of switches to costly proprietary implementations that are hard-coded by vendors. Recently, data plane programmability has attracted significant attention, permitting the owners of communication networks to use switches with customized processing functions. While large companies are now using programmable platforms, campus networks and small- and medium-sized enterprises have yet to fully benefit from the advantages of P4, the de-facto standard for programming the data plane. A key barrier preventing faster adoption of P4 is the availability of engaging training material for cyberinfrastructure (CI) professionals that focuses on the operation and management of P4 systems. This project addresses the gap by developing hands-on virtual labs that run on a platform for online instruction, referred to as the academic cloud. The project will lower the entry barrier to innovation through P4 technology, which will enable CI professionals to reduce the time to design, test, and adopt new communication protocols; devise new customized applications; understand the behavior of data packets as they travel across networks; develop more effective defenses against cybersecurity attacks; and improve the performance of applications used in essential areas such as cybersecurity, Internet of Things (IoT), congestion control, and others.The first goal of the project is to facilitate the adoption of programmable P4 devices by CI professionals and by network owners in general, by developing virtual labs. The second goal is to promote the integration of P4 and virtual labs into academic degree programs at the associate, bachelor, and graduate levels. Equipment used in virtual labs consists of production-grade devices such as software switches (e.g., Open vSwitch, PISCES), hardware switches based on state-of-the-art Tofino chips, and open-source operating systems and controllers (e.g., Open Network Linux, Open Network Operating System). For virtual labs using physical devices, the equipment pods incorporate P4 programmable hardware switches that are attached to the cloud and are managed via remote-access capability. Virtual labs provide both functional and traffic realism, as they use the same equipment as in real deployments and generate interactive network traffic. They emulate communications across local area networks (LANs), wide area networks (WANs), campus networks, data centers, and high-performance systems. The project will organize workshops to create awareness of this new technology and virtual labs resources, and to train CI professionals on P4. Workshops are co-organized and broadly disseminated through collaborators that play a critical role in enhancing and securing the national cyberinfrastructure: ESnet, the high-performance network that carries science traffic for the U.S. Department of Energy, including the National Laboratory system; and Internet2 and Front Range GigaPOP, two Research and Education Networks (RENs) that operate national and regional communication backbones. Finally, in coordination with the Western Academy Support and Training Center, one of the main technical training centers in the U.S. for two- and four-year instruction, and the Network Development Group, a company in virtualized training, the project will train IT instructors interested in the P4 technology.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

传统上，网络设备的数据平面是使用固定功能的，可以使用一小部分通信协议来转发数据包。这种封闭设计的范式将开关的能力限制在供应商硬编码的昂贵的专有实施中。最近，数据平面的可编程性吸引了大大关注，使通信网络的所有者可以使用具有自定义处理功能的开关。尽管大型公司现在正在使用可编程平台，但校园网络和中小型企业尚未从P4的优势（用于编程数据平面的DECACTO标准）中完全受益。防止P4采用更快的关键障碍是为网络基础设施（CI）专业人员的培训材料提供可用性，该材料侧重于P4 Systems的运营和管理。该项目通过开发在在线教学平台上运行的动手虚拟实验室来解决差距，称为学术云。该项目将通过P4技术降低创新的进入障碍，这将使CI专业人员减少设计，测试和采用新的通信协议的时间；设计新的定制应用程序；了解数据包跨网络旅行时的行为；对网络安全攻击进行更有效的防御；并提高在网络安全，物联网（IoT），拥堵控制等基本领域使用的应用程序的性能。该项目的第一个目标是通过开发虚拟实验室来促进CI专业人员和一般网络所有者在CI专业人员和网络所有者中采用可编程的P4设备。第二个目标是将P4和Virtual Labs集成到同学，学士和研究生级别的学位课程中。虚拟实验室中使用的设备由生产级设备组成，例如软件交换机（例如，开放式VSWITCH，双鱼座），基于最先进的Tofino芯片的硬件开关以及开源操作系统和控制器（例如，开放网络Linux，Open Network Linux，Open Network Empery Systems）。对于使用物理设备的虚拟实验室，设备POD合并了附加到云的P4可编程硬件开关，并通过远程访问功能进行管理。虚拟实验室提供功能和交通现实主义，因为它们使用与实际部署相同的设备并生成交互式网络流量。他们模仿跨地区网络（LAN），广域网络（WAN），校园网络，数据中心和高性能系统的通信。该项目将组织研讨会，以提高对这项新技术和虚拟实验室资源的认识，并在P4上培训CI专业人员。研讨会是通过合作者共同组织和广泛传播的，这些合作者在增强和保护国家网络基础设施方面发挥着至关重要的作用：ESNET，ESNET，这是为美国能源部（包括国家实验室系统）带来科学交通的高性能网络；以及Internet2和Front Range Gigapop，两个研究和教育网络（RENS），它们运行国家和区域通信骨架。最后，在与西方学院支持和培训中心的协调中，美国的主要技术培训中心之一进行了两年和四年的教学，而网络开发小组是虚拟化培训的公司，该项目将培训对P4技术感兴趣的IT培训。该奖项反映了NSF的法定任务，并通过评估基金会的智力效果和广泛的criit和广泛的评估，并被认为是值得的支持。

项目成果

A survey on TCP enhancements using P4-programmable devices

• DOI: 10.1016/j.comnet.2022.109030
• 发表时间: 2022-05
• 期刊: Comput. Networks
• 作者: Ignacio Aguaded;Elie F. Kfoury;J. Crichigno;Gautam Srivastava

A survey on security applications of P4 programmable switches and a STRIDE-based vulnerability assessment

• DOI: 10.1016/j.comnet.2022.108800
• 发表时间: 2022-02
• 期刊: Comput. Networks
• 作者: Ali AlSabeh;Joseph Khoury;Elie F. Kfoury;J. Crichigno;E. Bou-Harb

P4DDPI: Securing P4-Programmable Data Plane Networks via DNS Deep Packet Inspection

P4DDPI：通过 DNS 深度数据包检查保护 P4 可编程数据平面网络

• 发表时间: 2022
• 期刊: Proceedings of the 2022 Network and Distributed System Security (NDSS
• 作者: AlSabeh, Ali and

Enabling P4 Hands-on Training in an Academic Cloud

• DOI: 10.1109/dcoss54816.2022.00077
• 发表时间: 2022-05
• 期刊: 2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS)
• 作者: Ignacio Aguaded;Elie F. Kfoury;J. Crichigno

A Survey on Rerouting Techniques with P4 Programmable Data Plane Switches

• DOI: 10.1016/j.comnet.2023.109795
• 发表时间: 2023-04
• 期刊: Comput. Networks
• 作者: A. Mazloum;Elie F. Kfoury;Ignacio Aguaded;J. Crichigno