# 25TiC SCION for the Intel Tofino, a prototype

Caspar Schutijser (SIDN Labs)
<a href="mailto:2stic.nl">2stic.nl</a>

MORE-IP, Amsterdam June 2, 2022

### Agenda

- •2STiC program
- •P4
- Intel Tofino
- •SCION
- SCION for the Intel Tofino



### 25TiC program

Goal: put Dutch and European internet communities in a leading position in the field of secure, stable and transparent inter-network communication



















#### **P**4

"Programming Protocol-independent Packet Processors (P4) is a domain-specific language for network devices, specifying how data plane devices (switches, NICs, routers, filters, etc.) process packets."

Source: www.p4.org



#### Intel Tofino

- •P4-programmable Ethernet switch ASIC
- •Switches available with e.g., 32 or 64 100 Gbit/sec ports



#### 5CION

- Scalability, control, and isolation on nextgeneration networks
- Gaining momentum
- Path-aware networking
  - Paths contained in message headers
  - Authenticated using Message Authentication Codes (MACs)



#### A new internet architecture in P4

- •We implemented the SCION internet architecture in P4 for the Intel Tofino
- Determine feasibility of running a new architecture on switch hardware and evaluate performance





## Some challenges

- No support for cryptographic operations in Intel Tofino
- Protocol not designed for hardware
  - Complex headers



## No cryptographic operations

- MACs verified using table containing all currently valid values
- Populated from control plane when MACs are generated
  - In the SCION control plane
  - At the switch
- Invalid entries removed



## Complex header fields

- •For example: forwarding path consisted of nested lists
- •Flattening the structure provides for more efficient parsing





### Lessons learned

- When designing a protocol with hardware in mind
  - •use explicit lengths
  - do not use absolute offsets
  - ·limit the usage of variable length fields
  - do not use complex data structures such as nested lists



### Evaluation

•Edgecore switches with 32 100 Gbps ports

Tested functionality with topology where all border routers

ran on switches

•Tested performance using packet generator for different path lengths

 Achieved near line-rate for almost all tested path lengths



AS 112



### 

- SCION can be implemented for switch hardware and run on high speeds
- Several lessons learned regarding protocol design
- Future work
  - Support for protocol error handling and additional SCION-related protocols
  - More extensive performance analysis
    - Code is open source and available at github.com/SIDN/p4-scion



## 2511

## Thanks for your attention!

Caspar Schutijser

<u>caspar.schutijser@sidn.nl</u>

<u>sidnlabs.nl</u>

<u>2stic.nl</u>