Enabling Deep Forwarding Polices in the Data Plane Using Network Processors

The emergence of programmable network processors has created many opportunities for enhancing real-time and dynamic network capabilities. A major limitation of today’s data plane systems is the focus on packet headers. There is a wealth of data beyond the layer 3 and 4 headers that forwarding algorithms can use to make better informed decisions. To address this, we built a system that exploits the resources of a 40 Gbps SmartNIC (Netronome NFP-6000) to its fullest to achieve line rate when searching within packet payloads while maintaining high performance when extended to search across packet payloads within a flow. This new capability enables fine-grained forwarding decisions and rich data plane policies that would be difficult or impossible to implement using only information found in headers. We explore various applications in application-layer routing, network monitoring, and network security.

Paper and video presented at CoNEXT
Source Code on Github
Q&A Session