Difference between revisions of "UDPI"
(→Scope) |
Gonzopancho (Talk | contribs) (→Scope) |
||
| Line 79: | Line 79: | ||
** TCP session aware expiration mechanism | ** TCP session aware expiration mechanism | ||
| − | * TCP | + | * TCP Segment Reassembly |
| − | ** TCP connection | + | ** TCP connection tracking |
| − | ** TCP | + | ** TCP segment re-ordering |
| − | ** TCP | + | ** TCP segment overlap handling |
* Application Database | * Application Database | ||
| Line 90: | Line 90: | ||
* Application Detection | * Application Detection | ||
** Leverage Hyperscan Stream Mode | ** Leverage Hyperscan Stream Mode | ||
| − | ** Reassembly TCP segments on the fly | + | ** Reassembly of TCP segments on the fly |
* Application-based Actions | * Application-based Actions | ||
| − | ** | + | ** QoS |
** Rate Limiting | ** Rate Limiting | ||
** Policy Routing | ** Policy Routing | ||
| − | ** | + | ** SD-WAN |
* Supported Protocols: | * Supported Protocols: | ||
Revision as of 15:13, 17 September 2019
| UDPI Facts |
|
Project Lead: Hongjun Ni, @ Intel
Repository: git clone https://gerrit.fd.io/r/udpi |
Contents
Intro
The UDPI (Universal Deep Packet Inspection) project is a reference framework to build a high performance solution for Deep Packet Inspection, integrated with the general purpose FD.io VPP stack. It leverages industry regex matching library to provide a rich set of features, which can be used in IPS/IDS, Web Firewall and similar applications.
The initial code contributions are from Intel and Travelping.
Overview
Overview of the UDPI reference framework: https://wiki.fd.io/view/File:Reference.png
Project Contact
- Hongjun Ni, @ Intel,
- Jian Gu, @ ZTE,
- Jianghua Shan, @ China Telecom,
- Xingfu Li, @ HuachenTel,
- Xiaofan Li, @ Inspur,
- Yuying Xia, @ Yxlink,
- Chenggang Fan, @ Sunyainfo,
- Feng Gao, @ Tencent,
- Zhong Liu, @ China Unicom,
- Yong Zhao, @ Huawei,
- Haiquan Chen, @ QingCloud,
- Jim Thompson, @ Netgate,
- Pengjie Li, @ Alibaba,
Scope
UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
- Flow Classification
- HW flow offloading leveraging rte_flow on DPDK
- SW flow classification
- Supports both ipv4 and ipv6 flows
- Supports Tunnel Traffic Classification
- BD-aware and VRF-aware
- Bi-directional traffic maps to one flow.
- Flow Expiration
- Timer-based expiration mechanism
- TCP session aware expiration mechanism
- TCP Segment Reassembly
- TCP connection tracking
- TCP segment re-ordering
- TCP segment overlap handling
- Application Database
- Default static Application Database
- Add new Application rules dynamically
- Application Detection
- Leverage Hyperscan Stream Mode
- Reassembly of TCP segments on the fly
- Application-based Actions
- QoS
- Rate Limiting
- Policy Routing
- SD-WAN
- Supported Protocols:
- TLS/HTTPS
- HTTP
- DNS
- QUIC
- etc.
Releases
UDPI releases are based on VPP version numbers.
Contributing
Contributions must go through code-review before being merged:
git clone https://gerrit.fd.io/r/udpi
Feel free to subscribe to the following mailing lists:
- udpi-dev@lists.fd.io : to be notified about UDPI talks
FAQ
Meeting
UDPI backlog
Backlog can be found in: UDPI's JIRA.
Code quality
There is no current sonar analysis on: https://sonar.fd.io
