I think a language like P4 will be great for sharing switching logic. I hope we will see re-usable modules written in P4 that can be shared.
a working lexer and parser for the full p4 language (version 1.1: working
release). There are plenty of unit tests, but I'm sure there are
still bugs (not yet a lot of p4 v1.1 code to test out at this point,
most existing p4 code is v1.0 which has some significant differences).
If DDOS filtering modules can be written in P4, then they could be used on software switches and maybe even compiled into packet filters that run before packets are processed by the Linux kernel (or compiled into a kernel-bypass module for embedding in an application).
I think we really need to have better support for low-level high performance packet filtering (i.e. before the packet gets to higher levels in the kernel).
With multi-gigabit networking becoming cheaper, we really should have better support for dropping bad traffic.
How about a switch layer that runs in the kernel? Physical NICs and virtual NICs could be handled by the switch layer (programmed using P4 or eBPF). The kernel would only have to handle packets it receives from the virtual NICs. This would allow packet filtering and even some routing to happen without having to go through the kernels network-stack. The software switch layer would work like a data-plane with the kernel as the control-plane (like a lot of hardware routers/switches). If the computer has specialized hardware (smart NICs, co-processors), then the switch logic (P4 code) could be handled in that hardware instead of on the CPU.
That's what openvswitch.ko is doing already. I agree that P4 is interesting also in this perspective: having the compiled P4 blob being ran either by the CPU or, if available, in hardware by a smart NIC.
They've (jointly?) developed P4 and have tooling to compile it down to their new switch silicon, Tofino.
Hard to say exactly how impressive all this is considering how price sensitive and competitive merchant silicon is.
They could, for example, have glued a large FPGA to a huge amount of network I/O and then developed a P4 compiler to their FPGA fabric. Who knows?
P4 seems to be attempting to be a CUDA for switching, except more open. Barefoot, I presume, is betting on producing the most efficient, by whatever metric, hardware implementation of it.
Compiling to iptables would be incredibly slow and miss the advantages. Plus, p4 is more general than iptables so many p4 programs could not be expressed as iptables.
For very high performance packet generation and processing the Linux kernel is sub-par because it's extremely complex and general purpose. There is just too much going on.
did you mean bpf ?
For those who don't use P4, imagine if this project were named git (though that might not be as fair since git is much more popular).