SDN Policy Implementation

SDN Policy Offload Reference Pipeline User Guide (UG1668)

Document ID
Release Date
1.1 English

The SDN Policy Offload Pipeline provides a ready-to-deploy P4 library to accelerate:

  • SDN policy evaluation (LPM table lookup for forwarding decision)
  • Metering
  • ACL lookup for security
  • Flow session aging without consuming CPU cycles

The P4 tables can be programmed using the generated C++ APIs that support Create, Read, Update, Delete (CRUD) operations. Figure 1 shows the API model.

Figure 1. SDN Policy Offload API Model

The ready to deploy services can be deployed along with custom-developed P4 code on the same DPU to achieve high performance to support very high session setup rate, high scale CPS and large scale flow table with hardware-based flow aging. The P4 programs can be used to enhance or design and develop stateless functions (not flow aware or session aware) or stateful service by combining the AMD developed P4 libraries with the flow and session table placed in P4I and P4E pipelines.

Routing and policies are implemented in P4 RxDMA and P4 TxDMA that are exercised for all flow miss packets. A typical flow miss packet path is as follows:

Uplink Port → Ingress (flow-miss) → RxDMA → TxDMA → Egress → RxDMA → DP App → TxDMA → Ingress → Egress → Uplink Port

On receiving a flow-miss packet containing metadata about LPM and security policy results that the P4 accelerates, the Dp-App installs the flow with the corresponding policy and routing information, and reinjects the packet into the P4 Ingress pipeline. The next packets for the flow take the following flow-hit path and get forwarded in P4:

Uplink Port → Ingress (flow-hit) → Egress → Uplink Port

Figure 2 shows the packet flow-miss and flow-hit paths.

Figure 2. Packet Flow-Miss and Flow-Hit Paths