## Implementation of SCION border router in P4 for Intel Tofino

Caspar Schutijser (SIDN Labs) caspar.schutijser@sidn.nl www.sidnlabs.nl www.2stic.nl

SCIONLab meeting, 2021-06-08





## Security, Stability and Transparency in inter-network Communication

Put Dutch and European internet communities in leading position of secure, stable and transparent inter-network communication











### **UNIVERSITY OF TWENTE.**





## Introduction

• Goal: evaluate feasibility of running a future internet architecture like SCION directly on hardware

### No introduction necessary, I think

## SCION

"Programming Protocol-independent Packet Processors (P4) is a domain-specific language for network devices, specifying how data plane devices (switches, NICs, routers, filters, etc.) process packets." Source: https://p4.org/

## P4

- P4-programmable Ethernet switch ASIC
- Switches available with e.g., 32 or 64 100 Gbit/sec ports

## Intel Tofino

## Implementation of prototype

Cryptographic MAC
Changes to SCION headers

# Cryptographic MAC Intel Tofino lacks support for cryptographic

- Intel Tofino lacks supportions
- Hop fields
- Table
- Patched SCION control server
- Room for 160k-200k hop fields

ol server Nop fields



## Changes to SCION headers

 Redesigned forwarding path Address types



## Evaluation

## 2STiC testbed (https://2stic.nl/testbed.html) 3 ASs (4<sup>th</sup> being connected)





## Future work

 Not implemented yet: peering, generation of SCMP error messages, ... • EPIC and COLIBRI: cryptographic MACs for individual packets



Caspar Schutijser (SIDN Labs) caspar.schutijser@sidn.nl www.sidnlabs.nl www.2stic.nl

## Questions?

