Configuring SR Linux for P4Runtime

To configure SR Linux for P4Runtime, you perform the following configuration tasks:

Identifying interfaces to P4Runtime

The PacketIn and PacketOut messages within the P4Runtime StreamChannel RPC require that the interface a packet is received on or transmitted out of be uniquely identified. To do this, you configure a unique per-interface identifier, which is a tuple consisting of the following:
  • A chassis-unique port identifier (known as the interface_id). This identifier can be manually configured, or if it is not, the system ifIndex for the interface is used by default.
  • A chassis-unique device identifier that indicates the specific line card and ASIC with which the port is associated (known as the device_id)

For example, to identify interface ethernet 1/1 to P4Runtime, you can configure the interface_id for the ethernet 1/1 port, and configure a device_id identifying the line card and ASIC associated with the ethernet 1/1 port. The device_id,interface_id tuple uniquely identifies interface ethernet 1/1.

The P4Runtime client uses a lookup table consisting of the device_id,interface_id tuple → interface-name (as specified by the device) to translate where packets are to be sent to, or populate where a packet was received.

Configuring a port identifier for P4Runtime

The interface_id part of the device_id,interface_id tuple uniquely identifies a port in the SR Linux chassis to a P4Runtime client. You can configure the value for interface_id. If you do not configure a value for interface_id, the port's ifIndex value is used by default.

--{ candidate shared default }--[  ]--
# info interface ethernet-1/1 p4rt
    interface ethernet-1/1 {
        p4rt {
            id 2002
        }
    }

Configuring a device identifier for P4RT

The device_id identifies a specific line card and ASIC in the chassis. P4Runtime uses the combination of the device_id and interface_id to identify the specific interface that a packet was received on (in PacketIn messages). Note that for identifying the interface that a packet is to be sent via (in PacketOut messages), only the interface_id is used.

There is no default device_id for a line card / ASIC; you must configure the device_id value to be used by P4Runtime.

--{ candidate shared default }--[  ]--
# info platform linecard 1 forwarding-complex 0
    platform {
        linecard 1 {
            forwarding-complex 0 {
                p4rt {
                    id 10001
                }
            }
        }
    }

Configuring global P4Runtime server settings

You can configure global settings for the P4Runtime server. These settings apply to all network-instances where the P4Runtime server is enabled, and to UNIX sockets if enabled. You can configure the following:
  • Whether to administratively enable the P4Runtime server globally
  • Limit the number of connection attempts per minute by P4Runtime clients
  • Limit the number of P4Runtime RPC connections that can be active at one time
  • Idle-timeout in seconds for P4Runtime clients
--{ candidate shared default }--[  ]--
# info system p4rt-server
    system {
        p4rt-server {
            timeout 14400
            rate-limit 120
            session-limit 40
        }
    }

Configuring the P4Runtime server for a network-instance

You can configure settings for the P4Runtime server that apply to individual network-instances. For a specific network-instance, you can set the P4Runtime server for the following:

  • Whether to administratively enable the P4Runtime server for the network-instance
  • The port the P4Runtime server listens to for the network-instance. By default, this is TCP port 9559.
  • IP addresses the P4Runtime server listens on within the network-instance
  • TLS profile to secure communication between P4 Runtime clients and SR Linux for the network-instance
  • Whether username/password authentication is used for each P4Runtime RPC request

The following example configures settings for the P4Runtime server for two network-instances:

--{ candidate shared default }--[  ]--
# info system p4rt-server network-instance default
    system {
        p4rt-server {
            network-instance blue {
                admin-state enable
                use-authentication true
                tls-profile tls-profile-1
                source-address [
                    192.168.0.1
                ]
            }
            network-instance red {
                admin-state enable
                use-authentication true
                port 9449
                tls-profile tls-profile-2
                source-address [
                    192.168.0.22
                ]
            }
        }
    }

Configuring the P4Runtime server for UNIX sockets

You can configure the following settings for the P4Runtime server that apply to UNIX sockets:

  • Whether to administratively enable the P4Runtime server for UNIX sockets
  • TLS profile to secure communication between P4 Runtime clients and SR Linux for UNIX sockets
  • Whether username/password authentication is used for each P4Runtime RPC request

The following example configures settings for the P4Runtime server for UNIX sockets:

--{ candidate shared default }--[  ]--
# info system p4rt-server unix-socket
    system {
        p4rt-server {
            unix-socket {
                admin-state enable
                use-authentication true
                tls-profile tls-profile-3
            }
        }
    }

Disconnecting P4Runtime clients

You can use a tools command to manually disconnect P4Runtime clients from the server.

To do this, get the identifier for the P4Runtime client from the info from state system p4rt-server command, then enter the following command to disconnect the client:

-{ running }--[  ]--
# tools system p4rt-server client 4053 disconnect