Proceedings ArticleDOI
Comparative Evaluation of IP Address Anti-Spoofing Mechanisms using a P4/NetFPGA-based Switch
Harsh Gondaliya,Ganesh C. Sankaran,Krishna M. Sivalingam +2 more
- pp 1-6
TLDR
The objective of this paper is to implement some common ASMs in P4 (a PDP language), in order to understand the feasibility of P4-based routers/switches for realizing anti-spoofing functions.Abstract:
IP source addresses can be easily spoofed and are often deployed for launching network attacks. Several anti-spoofing mechanisms (ASMs) have been implemented in commercial routers. However, the problem still remains fully unaddressed. This paper explores the use of programmable data plane (PDP) concepts for building better ASMs. The objective of this paper is to implement some common ASMs in P4 (a PDP language), in order to understand the feasibility of P4-based routers/switches for realizing anti-spoofing functions. This paper also presents results from the P4 implementation, realized using the NetFPGA SUME hardware platform. Experimental results describe FGPA resource utilization, throughput and latency characteristics.read more
Citations
More filters
Journal ArticleDOI
A survey on security applications of P4 programmable switches and a STRIDE-based vulnerability assessment
TL;DR: In this article , the authors provide a taxonomy of security applications developed with P4 and present a STRIDE analysis to examine vulnerabilities related to general P4 applications (e.g., congestion control, load balancing, in-network cache) and propose plausible remediation approaches.
Posted Content
A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research.
Frederik Hauser,Marco Häberle,Daniel Merling,Steffen Lindner,Vladimir Gurevich,Florian Zeiger,Reinhard Frank,Michael Menth +7 more
TL;DR: In this paper, the authors give a tutorial of data plane programming models, the P4 programming language, architectures, compilers, targets, and data plane APIs, and discuss potential next steps based on their findings.
Journal ArticleDOI
A Review of P4 Programmable Data Planes for Network Security
Ya Gao,Zhenling Wang +1 more
Journal ArticleDOI
A survey on data plane programming with P4: Fundamentals, advances, and applied research
TL;DR: Programmable data planes allow users to define their own data plane algorithms for network devices including appropriate data plane application programming interfaces (APIs) which may be leveraged by user-defined software-defined networking (SDN) control as mentioned in this paper .
Journal ArticleDOI
A Survey on In-Network Computing: Programmable Data Plane and Technology Specific Applications
TL;DR: In this paper , the authors discuss use cases, enabler technologies and protocols for in-network computing, considering programmable network elements to compute on the path and prior to traffic reaching the edge or cloud servers.
References
More filters
Journal ArticleDOI
P4: programming protocol-independent packet processors
Pat Bosshart,Daniel P. Daly,Glen Gibb,Martin J. Izzard,Nick McKeown,Jennifer Rexford,Cole Schlesinger,Daniel Talayco,Amin Vahdat,George Varghese,David Walker +10 more
TL;DR: This paper proposes P4 as a strawman proposal for how OpenFlow should evolve in the future, and describes how to use P4 to configure a switch to add a new hierarchical label.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
P. Ferguson,D. Senie +1 more
TL;DR: A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
Journal ArticleDOI
Defense against spoofed IP traffic using hop-count filtering
TL;DR: A novel filtering technique, called Hop-Count Filtering (HCF), is presented-which builds an accurate IP-to-hop-count (IP2HC) mapping table-to detect and discard spoofed IP packets.
Guidelines for creation, selection, and registration of an Autonomous System (AS)
J. Hawkinson,T. Bates +1 more
TL;DR: This memo discusses when it is appropriate to register and utilize an Autonomous System (AS), and lists criteria for such, including the IDRP equivalent of an AS is the RDI, or Routing Domain Identifier.
Ingress Filtering for Multihomed Networks
Fred Baker,P. Savola +1 more
TL;DR: This document describes the current ingress filtering operational mechanisms, examines generic issues related to inggress filtering, and delves into the effects on multihoming in particular.
Related Papers (5)
Design and performance of scalable high-performance programmable routers
Tilman Wolf,Jonathan S. Turner +1 more