Abstract: A method for verifying data plane programs is provided in some embodiments. Because the behavior of a data plane program (e.g., a program written in the P4 language) is determined in part by the control plane populating match-action tables with specific forwarding rules, in some embodiments, programmers are provided with a way to document assumptions about the control plane using annotations (e.g., in the form of “assertions” or “assumptions” about the state based on the unknown control plane contribution). In some embodiments, annotations are added automatically to verify common properties, including checking that every header read or written is valid, that every expression has a well-defined value, and that all standard metadata is manipulated correctly. The method in some embodiments translates programs from a first language (e.g., P4) to a second language (e.g., Guarded Command Language (GCL)) for verification by a satisfiability modulo theory (SMT) solver.

Abstract: Examples described herein relate to a network interface device that includes packet processing circuitry and circuitry. In some examples, the circuitry is to execute a first process to provide a remote procedure call (RPC) interface for a second process. In some examples, the second process comprises a business logic. In some examples, resource and deployment definitions of the first and second processes are based on an Interface Description Language (IDL) and a memory allocation. In some examples, the memory allocation among the processes provides share at least one RPC message as at least one formatted object accessible from memory.

Abstract: A method for verifying data plane programs is provided in some embodiments. Because the behavior of a data plane program (e.g., a program written in the P4 language) is determined in part by the control plane populating match-action tables with specific forwarding rules, in some embodiments, programmers are provided with a way to document assumptions about the control plane using annotations (e.g., in the form of “assertions” or “assumptions” about the state based on the unknown control plane contribution). In some embodiments, annotations are added automatically to verify common properties, including checking that every header read or written is valid, that every expression has a well-defined value, and that all standard metadata is manipulated correctly. The method in some embodiments translates programs from a first language (e.g., P4) to a second language (e.g., Guarded Command Language (GCL)) for verification by a satisfiability modulo theory (SMT) solver.

Abstract: A method for verifying data plane programs is provided in some embodiments. Because the behavior of a data plane program (e.g., a program written in the P4 language) is determined in part by the control plane populating match-action tables with specific forwarding rules, in some embodiments, programmers are provided with a way to document assumptions about the control plane using annotations (e.g., in the form of “assertions” or “assumptions” about the state based on the unknown control plane contribution). In some embodiments, annotations are added automatically to verify common properties, including checking that every header read or written is valid, that every expression has a well-defined value, and that all standard metadata is manipulated correctly. The method in some embodiments translates programs from a first language (e.g., P4) to a second language (e.g., Guarded Command Language (GCL)) for verification by a satisfiability modulo theory (SMT) solver.

Abstract: Some embodiments provide a method for a forwarding element (FE) operating in a network of FEs. The method receives a data message with an access control list (ACL) rule and a first digest for the ACL rule appended to the data message. The ACL rule specifies that the packet is allowed to be sent through the network. The method verifies the ACL rule by computing a second digest from the ACL rule using a secret key and comparing the first digest to the second digest. The method determines whether the packet matches the ACL rule by comparing values in headers of the data message to values specified in the ACL rule. The method only forwards the data message if the ACL rule is verified and the packet matches the ACL rule.

Abstract: Some embodiments provide a method for a particular FE in a network of FEs. The method receives a data message at a first port of the FE. The data message includes a header that specifies an egress port for each FE along a path from a source of the data message to a destination of the data message and an ingress port for at least each FE along the path that the data message has previously traversed. The method determines that the particular egress port specified for the FE is a second port that is not operational. The method generates a path failure message specifying that the second port is not operational and including a header that uses the egress ports and ingress ports in the data message. The method sends the path failure message out of the first port for delivery to the source of the data message.

Abstract: Some embodiments provide a method for a particular forwarding element (FE) in a network of FEs. The method receives a packet at the particular FE. The packet includes a packet header that includes, for each of multiple FEs along a path from a source of the packet to a destination of the packet, (i) an identifier for the FE and (ii) a set of one or more actions for the FE to perform on the packet. The method parses the packet header to identify the set of actions for the particular FE. The method performs the identified set of actions.

Abstract: Some embodiments provide a network that includes (i) multiple forwarding elements, (ii) a set of one or more global control plane (GCP) servers, and (iii) multiple end-node machines. The GCP servers maintain topological information about connections between the forwarding elements. Each of the end-node machines receives the topological information, identifies a source-routing path for a message sent by the machine, and embeds the source-routing path in a source-routing message header that includes an egress port for each forwarding element along the path.

Abstract: Some embodiments of the invention provide a data plane circuit for a network forwarding element that searches for one or more patterns of characters stored in data messages received by the data plane circuit. In some embodiments, the data plane circuit analyzes the data messages as it processes the data messages to forward the data messages to their destinations in a network. Because the data messages are already flowing through the network, it is optimal to search the data messages for the character patterns as the data messages pass through the network, instead of performing these operations on a separate set of servers that typically perform these searches at slower rates. In other embodiments, the data plane circuit does not perform its character pattern searches in conjunction with its forwarding operations, as it receives the data messages from a set of servers just for the purpose of performing its character pattern searches, in order to offload some or all of these searches from the server set.

Abstract: Some embodiments provide a method for a forwarding element (FE) operating in a network of FEs. The method receives a data message with an access control list (ACL) rule and a first digest for the ACL rule appended to the data message. The ACL rule specifies that the packet is allowed to be sent through the network. The method verifies the ACL rule by computing a second digest from the ACL rule using a secret key and comparing the first digest to the second digest. The method determines whether the packet matches the ACL rule by comparing values in headers of the data message to values specified in the ACL rule. The method only forwards the data message if the ACL rule is verified and the packet matches the ACL rule.

Abstract: Some embodiments provide a method for a particular FE in a network of FEs. The method receives a data message at a first port of the FE. The data message includes a header that specifies an egress port for each FE along a path from a source of the data message to a destination of the data message and an ingress port for at least each FE along the path that the data message has previously traversed. The method determines that the particular egress port specified for the FE is a second port that is not operational. The method generates a path failure message specifying that the second port is not operational and including a header that uses the egress ports and ingress ports in the data message. The method sends the path failure message out of the first port for delivery to the source of the data message.

Abstract: Some embodiments provide a network that includes (i) multiple forwarding elements, (ii) a set of one or more global control plane (GCP) servers, and (iii) multiple end-node machines. The GCP servers maintain topological information about connections between the forwarding elements. Each of the end-node machines receives the topological information, identifies a source-routing path for a message sent by the machine, and embeds the source-routing path in a source-routing message header that includes an egress port for each forwarding element along the path.

Abstract: Some embodiments provide a method for a particular forwarding element (FE) in a network of FEs. The method receives a packet at the particular FE. The packet includes a packet header that includes, for each of multiple FEs along a path from a source of the packet to a destination of the packet, (i) an identifier for the FE and (ii) a set of one or more actions for the FE to perform on the packet. The method parses the packet header to identify the set of actions for the particular FE. The method performs the identified set of actions.

Abstract: A method for verifying data plane programs is provided in some embodiments. Because the behavior of a data plane program (e.g., a program written in the P4 language) is determined in part by the control plane populating match-action tables with specific forwarding rules, in some embodiments, programmers are provided with a way to document assumptions about the control plane using annotations (e.g., in the form of “assertions” or “assumptions” about the state based on the unknown control plane contribution). In some embodiments, annotations are added automatically to verify common properties, including checking that every header read or written is valid, that every expression has a well-defined value, and that all standard metadata is manipulated correctly. The method in some embodiments translates programs from a first language (e.g., P4) to a second language (e.g., Guarded Command Language (GCL)) for verification by a satisfiability modulo theory (SMT) solver.

Abstract: An instance of a consensus protocol in initiated by a processor initiating an application program interface to submit a value and obtaining the value. The processor sends a message including the value to one or more hardware components communicatively coupled to the processor. Logic in the hardware components obtains the message and appends the message with a sequence number, where the sequence number identifies the instance. Logic in the hardware accepts the value and supplies the value to the processor. The processor replicates the value for the instance and returns the value to the application via a callback.

Abstract: An instance of a consensus protocol in initiated by a processor initiating an application program interface to submit a value and obtaining the value. The processor sends a message including the value to one or more hardware components communicatively coupled to the processor. Logic in the hardware components obtains the message and appends the message with a sequence number, where the sequence number identifies the instance. Logic in the hardware accepts the value and supplies the value to the processor. The processor replicates the value for the instance and returns the value to the application via a callback.

Abstract: A virtual execution environment (VEE) for a streaming Intermediate Language (IL), wherein the streaming IL represents a streaming program, communicates streaming data in queues, stores data-at-rest in variables, and determines data by functions, where inputs are read from the queues and the variables, and outputs are written to the queues and the variables.

Abstract: A method of transforming relational queries of a database into on a data processing system includes receiving a series of relational queries, transforming first parts of the queries into a continuous query embodied as a streaming application, sending parameters in second parts of the queries in the series to the streaming application as a data stream, and executing the continuous query based on the received data stream to generate query results for the series of relational queries. Each query in the series includes a first part and a second part. The first parts are a pattern common to all the queries in the series and the second parts each have one or more parameters that are not common to all of the queries in the series.

Abstract: A method of transforming relational queries of a database into on a data processing system includes receiving a series of relational queries, transforming first parts of the queries into a continuous query embodied as a streaming application, sending parameters in second parts of the queries in the series to the streaming application as a data stream, and executing the continuous query based on the received data stream to generate query results for the series of relational queries. Each query in the series includes a first part and a second part. The first parts are a pattern common to all the queries in the series and the second parts each have one or more parameters that are not common to all of the queries in the series.

Abstract: A virtual execution environment (VEE) for a streaming Intermediate Language (IL), wherein the streaming IL represents a streaming program, communicates streaming data in queues, stores data-at-rest in variables, and determines data by functions, where inputs are read from the queues and the variables, and outputs are written to the queues and the variables.