Monday June 9 – Friday June 13, 2025
Click Here to Register
- Western Academy Support and Training Center (WASTC)
- University of South Carolina (UofSC)
- Energy Sciences Network (ESnet)
- Online via Zoom
- NetLab link: https://netlab.cec.sc.edu/
Overview
Network packet processing faces significant performance challenges due to kernel overheads. These issues have become more pronounced with the rapid growth of network traffic, often leading to performance limitations in software-based security appliances. To address these challenges, the Data Plane Development Kit (DPDK) was developed. DPDK bypasses the kernel and operates directly in user space, offering significant improvements in performance and latency for packet processing tasks. DPDK's steep learning curve presents a barrier to entry for developers and network administrators.
In recent years, P4 has emerged as a language specifically designed for expressing packet processing data paths. Building on this development, P4-DPDK has been introduced as a new technology that bridges P4 and DPDK. It allows developers to create P4 code, which is then translated into a DPDK pipeline, combining the expressiveness of P4 with the performance benefits of DPDK. This workshop aims to provide students, developers, and practitioners with an introduction to P4-DPDK, followed by hands-on implementation of applications for cyberattack mitigations. The workshop will cover the fundamentals of P4, including P4 building blocks, parser implementation, and match-action tables. It will then progress to cybersecurity applications, such as identifying heavy hitters and mitigating SYN flood and DNS amplification attacks, with 100Gbps traffic rates. Through hands-on experiments, participants will gain practical experience in using P4-DPDK to address common network security challenges.
Outcomes
The workshop aims to equip participants with both theoretical knowledge and practical skills related to packet processing in high-speed networks, with an emphasis on cybersecurity applications. By the end of this workshop, attendees will:
- Implement DPDK pipelines using the P4 language
- Describe the elements of the Portable NIC Architecture (PNA), define and parse protocol headers and header fields in P4, define match-action tables and populate them at runtime, and leverage stateful elements (registers) to store arbitrary data in the dataplane
- Develop DPDK-based defense solutions to mitigate common cyberattacks
- Accelerate packet processing using the Receive Side Scaling (RSS), which distributes packets across multiple CPU cores
Intended Audience
The tutorial is targeted to IT educators and professionals such as system administrators, network engineers, practitioners. The content is suitable for instructors who want to incorporate advanced material into their networking classes. The content is available for NETLAB systems.
Award Information
This activity is supported by NSF award 2118311. Link to official webpage: NSF-2118311
Pre-requisites
Connectivity to Internet and a browser to access the online virtual platform. Attendees will be provided with an account to access a USC’s NETLAB system: https://netlab.cec.sc.edu/
Agenda
DAY 1: Monday, June 9
| Time (PT) | Topic | Presenter |
|---|---|---|
| 09:00 - 09:15 | Tutorial Overview | Elie Kfoury |
| 09:15 - 09:30 | Motivation for Cybersecurity Training | Elie Kfoury |
| 09:30 - 09:45 | Overview of USC's Labs | |
| 9:45 - 10:00 | Break | |
| 10:00-10:35 | Fundamentals of P4 and DPDK | Elie Kfoury |
| 10:35 - 11:25 | Lab 1: Introduction to P4 and DPDK | Sergio Elizalde |
| 11:25 - 11:35 | Demo 1: Classification of encrypted traffic at line rate | Amith GSPN |
| 11:35 - 11:55 | Lab 2: P4 building blocks with PNA architecture | Samia Choueiri |
| 11:55 - 12:00 | Summary day 1 | |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours |
DAY 2: Tuesday, June 10
| Time (PT) | Topic | Presenter |
|---|---|---|
| 09:00 - 09:25 | Introduction to P4 parsers | Elie Kfoury |
| 09:25 - 10:25 | Lab 3: PNA parser implementation | Sergio Elizalde |
| 10:25 - 10:40 | Break | |
| 10:40 - 11:00 | Match-action Tables | Ali Mazloum |
| 11:00 - 11:45 | Lab 4: Introduction to match-action tables | Samia Choueiri |
| 11:45 - 11:55 | Demo 2: DDoS Detection and mitigation | Samia Choueiri |
| 11:55 - 12:00 | Summary day 2 | |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours |
DAY 3: Wednesday, June 11
| Time (PT) | Topic | Presenter |
|---|---|---|
| 09:00 - 09:30 | Application of P4 to Cybersecurity | Ali AlSabeh |
| 09:30 - 10:30 | Lab 5: Calculating packet interarrival times | Sergio Elizalde |
| 10:30 - 10:45 | Break | |
| 10:45 - 11:45 | Lab 6: Limiting the impact of SYN floods | Samia Choueiri |
| 11:45 - 11:55 | Demo 3: Using regular-expression accelerators | Ali Mazloum |
| 11:55 - 12:00 | Summary day 3 | |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours |
DAY 4: Thursday June 12
| Time (PT) | Topic | Presenter |
|---|---|---|
| 09:00 - 09:30 | Application of P4 to measurements | Ali Mazloum |
| 09:30 - 10:30 | Lab 7: Identifying heavy-hitters using count-min sketches | Ali AlSabeh |
| 10:30 - 10:45 | Break | |
| 10:45 - 11:45 | Lab 8: Implementing stateful packet filtering with P4-DPDK | Samia Choueiri |
| 11:45 - 11:55 | Demo 4: P4 perfSONAR | Ali Mazloum |
| 11:55 - 12:00 | Summary day 3 | |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours |
DAY 5: Friday, June 13
| Time (PT) | Topic | Presenter |
|---|---|---|
| 09:00 - 09:30 | Introduction to smartNICs and DPU | Elie Kfoury |
| 09:30 - 10:30 | Lab 9: Introduction to NVIDIA's DOCA library | Amith GSPN |
| 10:30 - 10:45 | Break | |
| 10:45 - 11:45 | Lab 10: Progress engine and execution model | Elie Kfoury |
| 11:45 - 12:00 | Summary Tutorial and Survey | |
| Survey: | ||
Resources
| Item | Note |
|---|---|
| P4 installation guide Link | A useful guide for preparing the environment for P4 development |
| Which open-source IDS? Snort, Suricata or Zeek Link | Study that compares the performance of Zeek, Snort, and Suricata |
| Security Course Slides Link | Slides for a cybersecurity course |
| P4 Cheat Sheet: Link | P4 language cheat sheet |
| BMv2 Docker Containers: Link | DockerHub link for the BMv2 containers |
| Cybertraining Material: Link | List of virtual labs on P4, SDN, network tools and protocols, ... |
| P4 Campus: Link | P4 applications for campus networks |
| FABRIC: Link | A programmable research infrastructure |
| Behavioral Model version 2 (BMv2): Link | Reference P4 software switch used as a tool for developing, testing and debugging P4 data planes |
| Software-Defined Networks: A Systems Approach: Link | A book that explores the key principles of Software-Defined Networking (SDN) |
| Mininet: Link | Virtual testbed enabling the development and testing of network tools and protocols |
| Containernet: Link | Mininet fork that allows to use Docker containers as hosts in emulated networks |
| Mininet Installation:Link | A guide that describes the steps to install Mininet on Linux |
| Wireshark: Link | Packet analyzer used for network troubleshooting, analysis, protocol development, and education |