Difference between revisions of "UDPI"

From fd.io
Jump to: navigation, search
(Created page with "{{Project Facts |name=UDPI |shortname=UDPI |jiraName=UDPI |projectLead=[mailto:hongjun.ni@intel.com Hongjun Ni], @ Intel |committers= * [mailto:xiang.w.wang@intel.com Xiang Wa...")
 
(Project Contact)
 
(34 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Project Facts
 
{{Project Facts
 
|name=UDPI
 
|name=UDPI
|shortname=UDPI
+
|shortname=udpi
 
|jiraName=UDPI
 
|jiraName=UDPI
 
|projectLead=[mailto:hongjun.ni@intel.com Hongjun Ni], @ Intel
 
|projectLead=[mailto:hongjun.ni@intel.com Hongjun Ni], @ Intel
Line 12: Line 12:
 
* [mailto:zhangy.yun@chinatelecom.cn Yang Zhang], @ China Telecom,
 
* [mailto:zhangy.yun@chinatelecom.cn Yang Zhang], @ China Telecom,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
* [mailto:wushuai@inspur.com Shuai Wu], @ Inspur,
+
* [mailto:lixiaofan@inspur.com Xiaofan Li], @ Inspur,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
Line 40: Line 40:
 
* [mailto:shanjiangh@chinatelecom.cn Jianghua Shan], @ China Telecom,
 
* [mailto:shanjiangh@chinatelecom.cn Jianghua Shan], @ China Telecom,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
* [mailto:wushuai@inspur.com Shuai Wu], @ Inspur,
+
* [mailto:lixiaofan@inspur.com Xiaofan Li], @ Inspur,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
Line 49: Line 49:
 
* [mailto:jim@netgate.com Jim Thompson], @ Netgate,
 
* [mailto:jim@netgate.com Jim Thompson], @ Netgate,
 
* [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba,
 
* [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba,
 
+
* [mailto:weiyanhua@360.cn Yanhua Wei], @ 360,
 +
* [mailto:Leon_Li@trendmicro.com Leon Li], @ Trend Micro,
 +
* [mailto:michael.a.yu@nokia-sbell.com Michael Yu], @ Nokia,
 +
* [mailto:lxq@haohandata.com.cn Xianqiang Li], @ HAOHAN Data,
  
 
== Scope ==
 
== Scope ==
Line 67: Line 70:
 
         - Integration with other systems
 
         - Integration with other systems
 
-->
 
-->
UDPI's main responsibility is to enable communication between northbound interfaces and VPP's management APIs, performing all necessary translations in the background. It is important to note that many features and utilities will be reused from open source projects and tools (e.g. netopeer2, Sysrepo) and will not be a direct part of UDPI. This section is splitted into 2 sections: in-scope and out-of-scope to clearly define what is developed as part of UDPI project and what will be just reused from other projects (or where UDPI relies on other projects).
+
UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
 +
* Flow Classification
 +
** HW flow offloading leveraging rte_flow on DPDK
 +
** SW flow classification
 +
** Supports both IPv4 and IPv6 flows
 +
** Supports Tunnel Traffic Classification
 +
** BD-aware and VRF-aware
 +
** Bi-directional traffic maps to one flow.
  
'''UDPI project scope:'''
+
* Flow Expiration
 +
** Timer-based expiration mechanism
 +
** TCP session aware expiration mechanism
  
* Northbound interfaces exposed:
+
* TCP Segment Reassembly
** [http://tools.ietf.org/html/rfc4741, Netconf] from [https://github.com/CESNET/Netopeer2 CESNET/Netopeer2]
+
** TCP connection tracking
** [https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md, gNMI] northbound interface from [https://github.com/YohanPipereau/sysrepo-gnxi sysrepo-gnxi]
+
** TCP segment re-ordering
** [https://tools.ietf.org/html/draft-ietf-netconf-restconf-05, Restconf] (does not exist yet)
+
** TCP segment overlap handling
  
* Translation layer between VPP management and Yang based data structures
+
* Application Database
** Must support all features of VPP exposed in its APIs in an extensible manner
+
** Default static Application Database
 +
** Add new Application rules dynamically
  
* Write YANG models for VPP specific features
+
* Application Detection
 +
** Leverage Hyperscan Stream Mode
 +
** Reassembly of TCP segments on the fly
  
* Expose APIs to integrate with other open source projects
+
* Application-based Actions
** Base implementation of all generic southbound interfaces leverage VPP-VAPI
+
** QoS
** expose APIs to integrate with SD-WAN control plane, such as SDN Controller.
+
** Rate Limiting
** expose APIs to integrate with Routing Daemon, such as FRR.
+
** Policy Routing
** expose APIs to integrate with IKE protocol, such as strongswan.
+
** SD-WAN
** expose APIs to integrate with DPI control plane, such as nDPI.
+
** expose APIs to integrate with BRAS control plane, such as OpenBRAS.
+
  
'''Out of scope:'''
+
* Supported Protocols:
* VPP API (VAPI or VOM)
+
** TLS/HTTPS
** '''VAPI:''' C APIs for VPP, allowing C-based applications to interact with VPP is out of scope of UDPI project and is part of the base VPP project.
+
** HTTP
** '''VOM:''' C++ based API offering storage of networking objects
+
** DNS
 
+
** QUIC
* Writing yang models for VPP management
+
** etc.
** IETF and Openconfig YANG models are used as much as possible
+
** For missing features, we rely on Honeycomb YANG models
+
 
+
* Compliancy with YANG models, storage of YANG tree
+
** Provided by sysrepo project and libraries it uses
+
 
+
* Server implementation of northbound interfaces
+
** [http://tools.ietf.org/html/rfc4741, Netconf] from [https://github.com/CESNET/Netopeer2 CESNET/Netopeer2]
+
** [https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md, gNMI] northbound interface from [https://github.com/YohanPipereau/sysrepo-gnxi sysrepo-gnxi]
+
 
+
* Integration/performance testing
+
** Complex integration or performance tests are out of scope of UDPI project and are part of CSIT project
+
 
+
* Any other application based on top of UDPI is out of scope of this project and needs to be hosted in a dedicated project inside or outside of fd.io
+
  
 
== Releases ==
 
== Releases ==
  
 
UDPI releases are based on VPP version numbers.
 
UDPI releases are based on VPP version numbers.
+
 
=== 20.01 - Current master ===
+
* [[UDPI/20.01 Release Plan | 20.01 Release Plan]]
  
 
== Contributing ==
 
== Contributing ==
Line 125: Line 124:
 
* '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks
 
* '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks
  
== FAQ ==
+
== Papers, Presentations and Demos ==
 
+
* '''Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs''', [https://www.usenix.org/conference/nsdi19/presentation/wang-xiang Hyperscan NSDI Paper], By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019
[https://wiki.fd.io/view/UDPI/FAQ FAQ]
+
* '''Flow-based Packet Processing Framework on DPDK and VPP''', [https://kccncosschn19eng.sched.com/event/Nrth/flow-based-packet-processing-framework-on-dpdk-and-vpp-hongjun-ni-intel Flow-base Framework], By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019
 
+
* '''Identify Encrypted Application Protocols Based on VPP''', [https://ossalsjp19.sched.com/event/OVs5/identify-encrypted-application-protocols-based-on-vpp-hongjun-ni-xiang-wang-intel Identifying Encrypted Application], By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019
== Meeting ==
+
* '''Identifying Layer 7 Applications for HTTPS Traffic''' at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019
 
+
* '''Hyperscan Use Case & UDPI Introduction''', Presentation and Demo, [https://www.sdnlab.com/23453.html Intel PP Meetup], By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019
[https://wiki.fd.io/view/UDPI/Meeting UDPI meeting]
+
 
+
== UDPI backlog ==
+
Backlog can be found in: [https://jira.fd.io/projects/UDPI/ UDPI's JIRA].
+
  
 
== Code quality ==
 
== Code quality ==
 
There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io]
 
There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io]

Latest revision as of 07:05, 16 December 2019

UDPI Facts

Project Lead: Hongjun Ni, @ Intel
Committers:

Repository: git clone https://gerrit.fd.io/r/udpi
Mailing List: udpi-dev@lists.fd.io
Jenkins: jenkins silo
Gerrit Patches: code patches/reviews
Bugs: UDPI bugs

Intro

The UDPI (Universal Deep Packet Inspection) project is a reference framework to build a high performance solution for Deep Packet Inspection, integrated with the general purpose FD.io VPP stack. It leverages industry regex matching library to provide a rich set of features, which can be used in IPS/IDS, Web Firewall and similar applications.

The initial code contributions are from Intel and Travelping.

Overview

Overview of the UDPI reference framework: https://wiki.fd.io/view/File:Reference.png

Project Contact

Scope

UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:

  • Flow Classification
    • HW flow offloading leveraging rte_flow on DPDK
    • SW flow classification
    • Supports both IPv4 and IPv6 flows
    • Supports Tunnel Traffic Classification
    • BD-aware and VRF-aware
    • Bi-directional traffic maps to one flow.
  • Flow Expiration
    • Timer-based expiration mechanism
    • TCP session aware expiration mechanism
  • TCP Segment Reassembly
    • TCP connection tracking
    • TCP segment re-ordering
    • TCP segment overlap handling
  • Application Database
    • Default static Application Database
    • Add new Application rules dynamically
  • Application Detection
    • Leverage Hyperscan Stream Mode
    • Reassembly of TCP segments on the fly
  • Application-based Actions
    • QoS
    • Rate Limiting
    • Policy Routing
    • SD-WAN
  • Supported Protocols:
    • TLS/HTTPS
    • HTTP
    • DNS
    • QUIC
    • etc.

Releases

UDPI releases are based on VPP version numbers.

Contributing

Contributions must go through code-review before being merged: 

   git clone https://gerrit.fd.io/r/udpi


Feel free to subscribe to the following mailing lists:

Papers, Presentations and Demos

  • Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs, Hyperscan NSDI Paper, By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019
  • Flow-based Packet Processing Framework on DPDK and VPP, Flow-base Framework, By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019
  • Identify Encrypted Application Protocols Based on VPP, Identifying Encrypted Application, By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019
  • Identifying Layer 7 Applications for HTTPS Traffic at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019
  • Hyperscan Use Case & UDPI Introduction, Presentation and Demo, Intel PP Meetup, By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019

Code quality

There is no current sonar analysis on: https://sonar.fd.io

Retrieved from "https://wiki.fd.io/index.php?title=UDPI&oldid=10224"