The introduction of Software-Defined Networks (SDN) and the evolution towards programmable data planes bring the opportunity to offload several functions to the data plane. In this context, the P4 programming language opens the door to the customization of data planes. It can provide packet processing functionalities that can be applied to improve network security among other areas. This paper presents P4Knocking, a P4-based port knocking implementation that can externally open ports that appear to be closed. The goal of bringing port knocking capabilities to the network is to seamlessly deploy firewall functions in the data plane, reliving hosts from dealing with unintended traffic. Our work presents a total of four implementations that involve data and control planes in different degrees. In this case, P4Knocking can provide a more transparent and efficient way to deploy the port knocking service compared to a host-based port knocking implementation. In fact, it requires no specific purpose externs apart from registers, hence its higher portability and flexibility with local or remote control planes.
|Title of host publication||Proceedings of 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN)|
|Publication status||Published - 2020|
|Event||2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops - Paris, France|
Duration: 24 Feb 2020 → 27 Feb 2020
|Conference||2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops|
|Period||24/02/2020 → 27/02/2020|
- Port knocking