Advancing Deep Packet Inspection in SDNs: A Comparative Analysis of P4 and OpenFlow Programmability

Abstract

This thesis undertakes a critical examination of Deep Packet Inspection (DPI) capabilities within Software-Defined Networking (SDN) frameworks, emphasizing the comparative efficacy of P4 programming language against the conventional OpenFlow protocol.OpenFlow, while foundational in SDN’s evolution, exhibits notable constraints in DPI’s domain, primarily due to its limited packet inspection depth, confined largely to the Transport, Network, Data Link and Physical layers. In contrast, this research advocates for the adoption of P4 for its unique flexibility and programmability, potentially extending DPI functionalities to the application layer (Layer 7), thereby addressing and potentially surpassing OpenFlow’s limitations. Employing a methodical approach, this study harnesses Open vSwitch and BMv2 (Behavioral Model version 2) switches to emulate real-world network scenarios. These emulations facilitate a head-to-head comparison of OpenFlow and P4 in executing DPI tasks, particularly focusing on HTTP and SQL protocols — common vectors for network threats. Through a comprehensive suite of protocols including OpenFlow, gRPC (Google Remote Procedure Call), and P4Runtime, the research crafts a robust DPI framework, further complemented by a custom-developed controller designed for the BMv2 and P4 ecosystem. The research culminates providing three different implementations to do Deep Packet Inspection within SDN domain, benchmarking each of them to measure their advantages and disadvantages. With these implementations and benchmarking, we not only aim to validate P4’s superiority over OpenFlow in managing DPI tasks but we also seek to dynamically adapt packet-processing techniques to the ever-evolving landscape of network threats. By advancing SDN functionalities beyond traditional layer boundaries, this thesis contributes significantly to the discourse on network security, management, and optimization, paving the way for future innovations in increasingly complex network environments.