search

cablelabs / transparent-security

Transparent Security is a solution for identify the source devices of a DDoS attack and mitigates the attack in the customer premises or the access network. This solution leverages a P4 based programmable data plane for add in-band network telemetry (INT) for device identification and in-band mitigation.
https://www.cablelabs.com/vaccinate-your-network-to-prevent-the-spread-of-ddos-attacks
Apache License 2.0
32 stars 4 forks source link

Implemented TNA Register in core_tna.p4 for sampling of Telemetry Reports #329

Closed spisarski closed 3 years ago

spisarski commented 3 years ago

Fixes #153

What does this PR do?

Implements a TNA extern called a "Register" where we can keep track of each potential packets to mirror so we can configure the "mirror_sampler" register to mirror out every or on in every nth packet for generation of Telemetry Reports.

Do you have any concerns with this PR?

no

How can the reviewer verify this PR?

If the data-inspection tests are run and the TpsCoreIngress.mirror_sampler table's "rate" field has a value other than 0, the tests that count packets on the "clone" machine will fail. If the "rate" is '1', every other packet will be mirrored, '2', every third, etc.

Any background context you want to provide?

We need this functionality for the lab trial as the Telemetry Reports could overwhelm the network and AEs under load.

Screenshots or logs (if appropriate)

Questions:

spisarski commented 3 years ago

Run Tofino aggregate build

spisarski commented 3 years ago

Run Tofino aggregate build

spisarski commented 3 years ago

Run Tofino aggregate build

spisarski commented 3 years ago

Run Tofino aggregate build