Example #1 Simple L2 switch (default program)
This page describes the default P4 program running on P4Pi with T4P4S. The program implements two core functionalities of a simple L2 switch: 1) MAC learning (control plane support is needed) and 2) forwarding of Ethernet frames.
To this end, the P4 program mainly consists of two tables: smac and dmac. The table smac stores the source MAC addresses learned by the switch and sends digest messages to the control plane for each unseen source MAC. The table dmac is used for forwarding Ethernet frames toward the proper output port or applies broadcasting (Note: broadcasting in T4P4S is implemented by setting the egress_port target's metadata to 100). As an extension, packet dropping is also implemented in both tables, so that MAC-based filtering would also be possible.
P4 source code: l2switch.p4.
The following figure depicts the setup used in this example:
P4Pi runs a DHCP daemon (dnsmasq) to assign IP addresses to devices connected through WiFi. The generated T4P4S switch interconnects the wireless interface wlan0 and the linux bridge br1. The default management IP address is assigned to br0 through which the P4Pi node is accessible via the web interface or via SSH. The 1GE Ethernet port eth0 is not used in this example.
Connecting to the wireless access point called "p4pi", your laptop will get an IP address assigned by the DHCP service (from the default address pool 192.168.4.0/24).
After connecting to the WiFi access point, you should be able to ping the IP assigned to br1 (br1 is inside netns gigport) from your laptop.
ping 192.168.4.150ICMP Echo requests go through the T4P4S switch and terminate at br1, while Echo replies follow the opposite way back to your laptop.
The L2 switch program broadcasts all the incoming packets.
In our simple setup, it only relays packets between the two ports of T4P4S switch.
In this scenario, we simply add a table entry to table smac to drop packets coming from br1 and see what happens with ICMP Echo replies.
We first check the MAC address of br1. To this end, add the following command in the SSH terminal:
sudo ip netns exec gigport ip addr show dev br1 | grep etherRight after "link/ether" you should find the MAC address of br1.
Then, we launch P4Runtime shell that can be used to fill tables. In the SSH terminal:
t4p4s-p4rtshell l2switchIn the P4Runtime shell you can use various commands to read, write and modify objects in the P4 pipeline. For more details, see the Github site of P4Runtime shell. In our case the following commands can be used to create a table entry, set the key and the action and add it to the table:
te = table_entry["ingress.smac"](action="ingress.drop")
te.match["hdr.ethernet.srcAddr"] = "<mac address>"
te.insertAs you can see this setup will drop all packets where the Ethernet source MAC is . Replacing this with the MAC of br1, the ICMP Echo replies will be dropped. The P4Runtime shell can be left by the 'exit' command. In the SSH terminal, we can easily check what happens:
sudo ip netns exec gigport tcpdump -i br1 icmpOne can see that all the ICMP Echo requests arrive and replies are generated as previously, but they do not return back to the laptop. Running tcpdump on interface br0, we can see that the replies have gone, being removed by the T4P4S switch.
sudo tcpdump -i br0 icmpThe following figure depicts another setup where P4Pi node acts as a low level relay or proxy between your laptop and your home router (or a private network) connected to the 1GE wired Ethernet port.
Connect to p4pi wireless access point and open an SSH to the management IP (192.168.4.1).
The following script should be executed to turn your P4Pi node into gateway mode:
sudo /root/t4p4s/setup_eth_wlan_bridge.shThis script will create the settings shown in the previous figure: setup bridge br2 and connect port 1 of T4P4S switch to the 1GE wired interface and configure new management IPs. The possible management IPs through which you can access the P4Pi node (incl. SSH, web interface, etc.) are reported by the script like this example output:
+-------------------------------------------------------------
| Management IP on the wired interface: 192.168.1.146/24
| Management IP on the wireless interface: 192.168.1.83/24
| Management IP on the wireless interface: 192.168.4.101/24
+-------------------------------------------------------------
The last IP address is configured statically and can be used as a backdoor to the P4Pi node.
It may happen that you should disconnect your laptop from the p4pi access point and reconnect again (or at least renew your IP from the local DHCP server). After that you will be able to access the networking domains (e.g., Internet) behind your P4Pi node. For example, if the wired port of your P4Pi is connected to your home router, you should be able to access the Internet. Just open your browser to test it. Note that in this case all the traffic go through th P4 pipeline running inside the T4P4S switch.
If you cannot access P4Pi through the management IP, the following trick can help in solving the issue:
- Connect to the p4pi WiFi access point.
- On your laptop, assign static IP 192.168.4.50/24 to the wireless interface.
- Open a SSH connection to 192.168.4.1.
- VLAN support
- MAC learning control plane (P4Runtime shell cannot handle digests)