Overview
Programming Protocol-Independent Packet Processors (P4) is an open-source language for programming the data plane on networking devices. P4Runtime is an API for controlling the data plane on devices defined in a P4 program. The P4 language and P4Runtime specification are maintained at p4.org.
The SR Linux eXtensible Data Path (XDP) is not programmed in P4. However, SR Linux is packaged with a fixed P4 program that provides support for marking packets for trapping to a P4Runtime client via PacketIn messages, and transmitting packets from the P4Runtime client to an interface on the device via PacketOut messages. The following fields can be used to mark frames for extraction:
- VLAN ID
- Ethertype
- TTL
This could for example be used to redirect traceroute packets with TTL=0, TTL=1, or TTL=2 to a P4runtime client, so they can be enriched with information that is not visible to the device for the following ACL rules:
-
TTL=0, IPv4 (ethertype 0x0800)
-
TTL=1, IPv4 (ethertype 0x0800)
-
TTL=2, IPv4 (ethertype 0x0800)
-
TTL=0, IPv6 (ethertype 0x86DD)
-
TTL=1, IPv6 (ethertype 0x86DD)
-
TTL=2, IPv6 (ethertype 0x86DD)
Another use case is to use a free ethertype to allow the P4Runtime client to transmit and receive packets on all internal links on all devices in a network as a means of topology discovery.
To accommodate these use cases, the SR Linux runs a process p4rt_server
that runs a gRPC server that provides the interface between P4Runtime clients and SR
Linux.
SR Linux p4rt_server
process
SR Linux supports packet input/output to P4Runtime clients through the
p4rt_server
process. The p4rt_server
process
exposes instances of P4Runtime RPCs that P4Runtime clients can connect to, with
mandatory arbitration to elect a single P4Runtime client as the primary (see P4Runtime client arbitration).
Instead of running multiple processes, SR Linux runs a single
p4rt_server
process with multiple sockets. The
p4rt_server
process can expose sockets in multiple
network-instances, supporting both per network-instance configuration and UNIX-socket
configuration, allowing the p4rt_server
process to run on different
ports or use different authentication mechanisms within different network-instances.
The p4rt_server
process uses TCP port 9559 by default, but this port is
configurable. Communication between client and server is secured using TLS, so that
P4Runtime clients are authenticated using the settings in a TLS profile.
The p4rt_server
process runs as the p4rtrpc
user. The
p4rtrpc
user is installed in the tls
group, which
allows the p4rt_server
process to read and use certificates and keys
populated via linux_mgr
.
See Configuring SR Linux for P4Runtime for information about configuring the
p4rt_server
process.