Difference between revisions of "UDPI"
From fd.io
(→Scope) |
(→Project Contact) |
||
| (26 intermediate revisions by 2 users not shown) | |||
| Line 49: | Line 49: | ||
* [mailto:jim@netgate.com Jim Thompson], @ Netgate, | * [mailto:jim@netgate.com Jim Thompson], @ Netgate, | ||
* [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba, | * [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba, | ||
| + | * [mailto:weiyanhua@360.cn Yanhua Wei], @ 360, | ||
| + | * [mailto:Leon_Li@trendmicro.com Leon Li], @ Trend Micro, | ||
| + | * [mailto:michael.a.yu@nokia-sbell.com Michael Yu], @ Nokia, | ||
| + | * [mailto:lxq@haohandata.com.cn Xianqiang Li], @ HAOHAN Data, | ||
== Scope == | == Scope == | ||
| Line 70: | Line 74: | ||
** HW flow offloading leveraging rte_flow on DPDK | ** HW flow offloading leveraging rte_flow on DPDK | ||
** SW flow classification | ** SW flow classification | ||
| − | ** Supports both | + | ** Supports both IPv4 and IPv6 flows |
** Supports Tunnel Traffic Classification | ** Supports Tunnel Traffic Classification | ||
** BD-aware and VRF-aware | ** BD-aware and VRF-aware | ||
| Line 79: | Line 83: | ||
** TCP session aware expiration mechanism | ** TCP session aware expiration mechanism | ||
| − | * TCP | + | * TCP Segment Reassembly |
| − | ** TCP connection | + | ** TCP connection tracking |
| − | ** TCP | + | ** TCP segment re-ordering |
| − | ** TCP | + | ** TCP segment overlap handling |
* Application Database | * Application Database | ||
| Line 90: | Line 94: | ||
* Application Detection | * Application Detection | ||
** Leverage Hyperscan Stream Mode | ** Leverage Hyperscan Stream Mode | ||
| − | ** Reassembly TCP segments on the fly | + | ** Reassembly of TCP segments on the fly |
* Application-based Actions | * Application-based Actions | ||
| − | ** | + | ** QoS |
** Rate Limiting | ** Rate Limiting | ||
** Policy Routing | ** Policy Routing | ||
| − | ** | + | ** SD-WAN |
* Supported Protocols: | * Supported Protocols: | ||
| Line 120: | Line 124: | ||
* '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks | * '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks | ||
| − | == | + | == Papers, Presentations and Demos == |
| − | + | * '''Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs''', [https://www.usenix.org/conference/nsdi19/presentation/wang-xiang Hyperscan NSDI Paper], By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019 | |
| − | [https:// | + | * '''Flow-based Packet Processing Framework on DPDK and VPP''', [https://kccncosschn19eng.sched.com/event/Nrth/flow-based-packet-processing-framework-on-dpdk-and-vpp-hongjun-ni-intel Flow-base Framework], By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019 |
| − | + | * '''Identify Encrypted Application Protocols Based on VPP''', [https://ossalsjp19.sched.com/event/OVs5/identify-encrypted-application-protocols-based-on-vpp-hongjun-ni-xiang-wang-intel Identifying Encrypted Application], By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019 | |
| − | + | * '''Identifying Layer 7 Applications for HTTPS Traffic''' at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019 | |
| − | + | * '''Hyperscan Use Case & UDPI Introduction''', Presentation and Demo, [https://www.sdnlab.com/23453.html Intel PP Meetup], By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019 | |
| − | [https:// | + | |
| − | + | ||
| − | + | ||
| − | + | ||
== Code quality == | == Code quality == | ||
There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io] | There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io] | ||
Latest revision as of 07:05, 16 December 2019
| UDPI Facts |
|
Project Lead: Hongjun Ni, @ Intel
Repository: git clone https://gerrit.fd.io/r/udpi |
Contents
Intro
The UDPI (Universal Deep Packet Inspection) project is a reference framework to build a high performance solution for Deep Packet Inspection, integrated with the general purpose FD.io VPP stack. It leverages industry regex matching library to provide a rich set of features, which can be used in IPS/IDS, Web Firewall and similar applications.
The initial code contributions are from Intel and Travelping.
Overview
Overview of the UDPI reference framework: https://wiki.fd.io/view/File:Reference.png
Project Contact
- Hongjun Ni, @ Intel,
- Jian Gu, @ ZTE,
- Jianghua Shan, @ China Telecom,
- Xingfu Li, @ HuachenTel,
- Xiaofan Li, @ Inspur,
- Yuying Xia, @ Yxlink,
- Chenggang Fan, @ Sunyainfo,
- Feng Gao, @ Tencent,
- Zhong Liu, @ China Unicom,
- Yong Zhao, @ Huawei,
- Haiquan Chen, @ QingCloud,
- Jim Thompson, @ Netgate,
- Pengjie Li, @ Alibaba,
- Yanhua Wei, @ 360,
- Leon Li, @ Trend Micro,
- Michael Yu, @ Nokia,
- Xianqiang Li, @ HAOHAN Data,
Scope
UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
- Flow Classification
- HW flow offloading leveraging rte_flow on DPDK
- SW flow classification
- Supports both IPv4 and IPv6 flows
- Supports Tunnel Traffic Classification
- BD-aware and VRF-aware
- Bi-directional traffic maps to one flow.
- Flow Expiration
- Timer-based expiration mechanism
- TCP session aware expiration mechanism
- TCP Segment Reassembly
- TCP connection tracking
- TCP segment re-ordering
- TCP segment overlap handling
- Application Database
- Default static Application Database
- Add new Application rules dynamically
- Application Detection
- Leverage Hyperscan Stream Mode
- Reassembly of TCP segments on the fly
- Application-based Actions
- QoS
- Rate Limiting
- Policy Routing
- SD-WAN
- Supported Protocols:
- TLS/HTTPS
- HTTP
- DNS
- QUIC
- etc.
Releases
UDPI releases are based on VPP version numbers.
Contributing
Contributions must go through code-review before being merged:
git clone https://gerrit.fd.io/r/udpi
Feel free to subscribe to the following mailing lists:
- udpi-dev@lists.fd.io : to be notified about UDPI talks
Papers, Presentations and Demos
- Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs, Hyperscan NSDI Paper, By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019
- Flow-based Packet Processing Framework on DPDK and VPP, Flow-base Framework, By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019
- Identify Encrypted Application Protocols Based on VPP, Identifying Encrypted Application, By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019
- Identifying Layer 7 Applications for HTTPS Traffic at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019
- Hyperscan Use Case & UDPI Introduction, Presentation and Demo, Intel PP Meetup, By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019
Code quality
There is no current sonar analysis on: https://sonar.fd.io
