Difference between revisions of "UDPI"

From fd.io
Jump to: navigation, search
Line 1: Line 1:
 
{{Project Facts
 
{{Project Facts
|name=udpi
+
|name=UDPI
|shortname=UDPI
+
|shortname=udpi
 
|jiraName=UDPI
 
|jiraName=UDPI
 
|projectLead=[mailto:hongjun.ni@intel.com Hongjun Ni], @ Intel
 
|projectLead=[mailto:hongjun.ni@intel.com Hongjun Ni], @ Intel
Line 71: Line 71:
 
'''UDPI project scope:'''
 
'''UDPI project scope:'''
  
* Northbound interfaces exposed:
+
UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
** [http://tools.ietf.org/html/rfc4741, Netconf] from [https://github.com/CESNET/Netopeer2 CESNET/Netopeer2]
+
* Flow Classification
** [https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md, gNMI] northbound interface from [https://github.com/YohanPipereau/sysrepo-gnxi sysrepo-gnxi]
+
** HW flow offloading leveraging rte_flow on DPDK
** [https://tools.ietf.org/html/draft-ietf-netconf-restconf-05, Restconf] (does not exist yet)
+
** SW flow classification
 +
** Supports both ipv4 and ipv6 flows
 +
** Supports Tunnel Traffic Classification
 +
** BD-aware and VRF-aware
 +
** Bi-directional traffic maps to one flow.
  
* Translation layer between VPP management and Yang based data structures
+
* Flow Expiration
** Must support all features of VPP exposed in its APIs in an extensible manner
+
** Timer-based expiration mechanism
 +
** TCP session aware expiration mechanism
  
* Write YANG models for VPP specific features
+
* TCP Segments Reassembly
 +
** TCP connection track
 +
** TCP segments re-ordering
 +
** TCP segments overlap handling
  
* Expose APIs to integrate with other open source projects
+
* Application Database
** Base implementation of all generic southbound interfaces leverage VPP-VAPI
+
** Default static Application Database
** expose APIs to integrate with SD-WAN control plane, such as SDN Controller.
+
** Add new Application rules dynamically
** expose APIs to integrate with Routing Daemon, such as FRR.
+
** expose APIs to integrate with IKE protocol, such as strongswan.
+
** expose APIs to integrate with DPI control plane, such as nDPI.
+
** expose APIs to integrate with BRAS control plane, such as OpenBRAS.
+
  
'''Out of scope:'''
+
* Application Detection
* VPP API (VAPI or VOM)
+
** Leverage Hyperscan Stream Mode
** '''VAPI:''' C APIs for VPP, allowing C-based applications to interact with VPP is out of scope of UDPI project and is part of the base VPP project.
+
** Reassembly TCP segments on the fly
** '''VOM:''' C++ based API offering storage of networking objects
+
  
* Writing yang models for VPP management
+
* Application-based Actions
** IETF and Openconfig YANG models are used as much as possible
+
** Qos
** For missing features, we rely on Honeycomb YANG models
+
** Rate Limiting
 +
** Policy Routing
 +
** SDWAN
  
* Compliancy with YANG models, storage of YANG tree
+
* Supported Protocols:
** Provided by sysrepo project and libraries it uses
+
** TLS/HTTPS
 
+
** HTTP
* Server implementation of northbound interfaces
+
** DNS
** [http://tools.ietf.org/html/rfc4741, Netconf] from [https://github.com/CESNET/Netopeer2 CESNET/Netopeer2]
+
** QUIC
** [https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md, gNMI] northbound interface from [https://github.com/YohanPipereau/sysrepo-gnxi sysrepo-gnxi]
+
......
 
+
* Integration/performance testing
+
** Complex integration or performance tests are out of scope of UDPI project and are part of CSIT project
+
 
+
* Any other application based on top of UDPI is out of scope of this project and needs to be hosted in a dedicated project inside or outside of fd.io
+
  
 
== Releases ==
 
== Releases ==

Revision as of 22:35, 29 August 2019

UDPI Facts

Project Lead: Hongjun Ni, @ Intel
Committers:

Repository: git clone https://gerrit.fd.io/r/udpi
Mailing List: udpi-dev@lists.fd.io
Jenkins: jenkins silo
Gerrit Patches: code patches/reviews
Bugs: UDPI bugs

Intro

The UDPI (Universal Deep Packet Inspection) project is a reference framework to build a high performance solution for Deep Packet Inspection, integrated with the general purpose FD.io VPP stack. It leverages industry regex matching library to provide a rich set of features, which can be used in IPS/IDS, Web Firewall and similar applications.

The initial code contributions are from Intel and Travelping.

Overview

Overview of the UDPI reference framework: https://wiki.fd.io/view/File:Reference.png

Project Contact


Scope

UDPI's main responsibility is to enable communication between northbound interfaces and VPP's management APIs, performing all necessary translations in the background. It is important to note that many features and utilities will be reused from open source projects and tools (e.g. netopeer2, Sysrepo) and will not be a direct part of UDPI. This section is splitted into 2 sections: in-scope and out-of-scope to clearly define what is developed as part of UDPI project and what will be just reused from other projects (or where UDPI relies on other projects).

UDPI project scope:

UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:

  • Flow Classification
    • HW flow offloading leveraging rte_flow on DPDK
    • SW flow classification
    • Supports both ipv4 and ipv6 flows
    • Supports Tunnel Traffic Classification
    • BD-aware and VRF-aware
    • Bi-directional traffic maps to one flow.
  • Flow Expiration
    • Timer-based expiration mechanism
    • TCP session aware expiration mechanism
  • TCP Segments Reassembly
    • TCP connection track
    • TCP segments re-ordering
    • TCP segments overlap handling
  • Application Database
    • Default static Application Database
    • Add new Application rules dynamically
  • Application Detection
    • Leverage Hyperscan Stream Mode
    • Reassembly TCP segments on the fly
  • Application-based Actions
    • Qos
    • Rate Limiting
    • Policy Routing
    • SDWAN
  • Supported Protocols:
    • TLS/HTTPS
    • HTTP
    • DNS
    • QUIC

......

Releases

UDPI releases are based on VPP version numbers.

20.01 - Current master

Contributing

Contributions must go through code-review before being merged:

   git clone https://gerrit.fd.io/r/udpi


Feel free to subscribe to the following mailing lists:

FAQ

FAQ

Meeting

UDPI meeting

UDPI backlog

Backlog can be found in: UDPI's JIRA.

Code quality

There is no current sonar analysis on: https://sonar.fd.io