Difference between revisions of "Archived-UDPI"
| m (Valderrv moved page UDPI to Archived-UDPI) | |||
| (29 intermediate revisions by 2 users not shown) | |||
| Line 49: | Line 49: | ||
| * [mailto:jim@netgate.com Jim Thompson], @ Netgate, | * [mailto:jim@netgate.com Jim Thompson], @ Netgate, | ||
| * [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba, | * [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba, | ||
| + | * [mailto:weiyanhua@360.cn Yanhua Wei], @ 360, | ||
| + | * [mailto:Leon_Li@trendmicro.com Leon Li], @ Trend Micro, | ||
| + | * [mailto:michael.a.yu@nokia-sbell.com Michael Yu], @ Nokia, | ||
| + | * [mailto:lxq@haohandata.com.cn Xianqiang Li], @ HAOHAN Data, | ||
| == Scope == | == Scope == | ||
| Line 70: | Line 74: | ||
| ** HW flow offloading leveraging rte_flow on DPDK | ** HW flow offloading leveraging rte_flow on DPDK | ||
| ** SW flow classification | ** SW flow classification | ||
| − | ** Supports both  | + | ** Supports both IPv4 and IPv6 flows | 
| ** Supports Tunnel Traffic Classification | ** Supports Tunnel Traffic Classification | ||
| ** BD-aware and VRF-aware | ** BD-aware and VRF-aware | ||
| Line 79: | Line 83: | ||
| ** TCP session aware expiration mechanism | ** TCP session aware expiration mechanism | ||
| − | * TCP  | + | * TCP Segment Reassembly | 
| − | ** TCP connection  | + | ** TCP connection tracking | 
| − | ** TCP  | + | ** TCP segment re-ordering | 
| − | ** TCP  | + | ** TCP segment overlap handling | 
| * Application Database | * Application Database | ||
| Line 90: | Line 94: | ||
| * Application Detection | * Application Detection | ||
| ** Leverage Hyperscan Stream Mode | ** Leverage Hyperscan Stream Mode | ||
| − | ** Reassembly TCP segments on the fly | + | ** Reassembly of TCP segments on the fly | 
| * Application-based Actions | * Application-based Actions | ||
| − | **  | + | ** QoS | 
| ** Rate Limiting | ** Rate Limiting | ||
| ** Policy Routing | ** Policy Routing | ||
| − | **  | + | ** SD-WAN | 
| * Supported Protocols: | * Supported Protocols: | ||
| Line 103: | Line 107: | ||
| ** DNS | ** DNS | ||
| ** QUIC | ** QUIC | ||
| − | + | ** etc. | |
| == Releases == | == Releases == | ||
| UDPI releases are based on VPP version numbers. | UDPI releases are based on VPP version numbers. | ||
| − | + | ||
| − | + | * [[UDPI/20.01 Release Plan | 20.01 Release Plan]] | |
| == Contributing == | == Contributing == | ||
| Line 120: | Line 124: | ||
| * '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks | * '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks | ||
| − | ==  | + | == Papers, Presentations and Demos == | 
| − | + | * '''Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs''', [https://www.usenix.org/conference/nsdi19/presentation/wang-xiang Hyperscan NSDI Paper], By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019 | |
| − | [https:// | + | * '''Flow-based Packet Processing Framework on DPDK and VPP''', [https://kccncosschn19eng.sched.com/event/Nrth/flow-based-packet-processing-framework-on-dpdk-and-vpp-hongjun-ni-intel Flow-base Framework], By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019 | 
| − | + | * '''Identify Encrypted Application Protocols Based on VPP''', [https://ossalsjp19.sched.com/event/OVs5/identify-encrypted-application-protocols-based-on-vpp-hongjun-ni-xiang-wang-intel Identifying Encrypted Application], By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019 | |
| − | + | * '''Identifying Layer 7 Applications for HTTPS Traffic''' at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019 | |
| − | + | * '''Hyperscan Use Case & UDPI Introduction''', Presentation and Demo, [https://www.sdnlab.com/23453.html Intel PP Meetup], By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019 | |
| − | [https:// | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| == Code quality == | == Code quality == | ||
| There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io] | There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io] | ||
Latest revision as of 16:20, 10 April 2025
| UDPI Facts | 
| Project Lead: Hongjun Ni, @ Intel 
 Repository: git clone https://gerrit.fd.io/r/udpi  | 
Contents
Intro
The UDPI (Universal Deep Packet Inspection) project is a reference framework to build a high performance solution for Deep Packet Inspection, integrated with the general purpose FD.io VPP stack. It leverages industry regex matching library to provide a rich set of features, which can be used in IPS/IDS, Web Firewall and similar applications.
The initial code contributions are from Intel and Travelping.
Overview
Overview of the UDPI reference framework: https://wiki.fd.io/view/File:Reference.png
Project Contact
- Hongjun Ni, @ Intel,
- Jian Gu, @ ZTE,
- Jianghua Shan, @ China Telecom,
- Xingfu Li, @ HuachenTel,
- Xiaofan Li, @ Inspur,
- Yuying Xia, @ Yxlink,
- Chenggang Fan, @ Sunyainfo,
- Feng Gao, @ Tencent,
- Zhong Liu, @ China Unicom,
- Yong Zhao, @ Huawei,
- Haiquan Chen, @ QingCloud,
- Jim Thompson, @ Netgate,
- Pengjie Li, @ Alibaba,
- Yanhua Wei, @ 360,
- Leon Li, @ Trend Micro,
- Michael Yu, @ Nokia,
- Xianqiang Li, @ HAOHAN Data,
Scope
UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
-  Flow Classification
- HW flow offloading leveraging rte_flow on DPDK
- SW flow classification
- Supports both IPv4 and IPv6 flows
- Supports Tunnel Traffic Classification
- BD-aware and VRF-aware
- Bi-directional traffic maps to one flow.
 
-  Flow Expiration
- Timer-based expiration mechanism
- TCP session aware expiration mechanism
 
-  TCP Segment Reassembly
- TCP connection tracking
- TCP segment re-ordering
- TCP segment overlap handling
 
-  Application Database
- Default static Application Database
- Add new Application rules dynamically
 
-  Application Detection
- Leverage Hyperscan Stream Mode
- Reassembly of TCP segments on the fly
 
-  Application-based Actions
- QoS
- Rate Limiting
- Policy Routing
- SD-WAN
 
-  Supported Protocols:
- TLS/HTTPS
- HTTP
- DNS
- QUIC
- etc.
 
Releases
UDPI releases are based on VPP version numbers.
Contributing
Contributions must go through code-review before being merged:
git clone https://gerrit.fd.io/r/udpi
Feel free to subscribe to the following mailing lists:
- udpi-dev@lists.fd.io : to be notified about UDPI talks
Papers, Presentations and Demos
- Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs, Hyperscan NSDI Paper, By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019
- Flow-based Packet Processing Framework on DPDK and VPP, Flow-base Framework, By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019
- Identify Encrypted Application Protocols Based on VPP, Identifying Encrypted Application, By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019
- Identifying Layer 7 Applications for HTTPS Traffic at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019
- Hyperscan Use Case & UDPI Introduction, Presentation and Demo, Intel PP Meetup, By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019
Code quality
There is no current sonar analysis on: https://sonar.fd.io
