Difference between revisions of "UDPI"

From fd.io
Jump to: navigation, search
(Project Contact)
 
(32 intermediate revisions by 2 users not shown)
Line 12: Line 12:
 
* [mailto:zhangy.yun@chinatelecom.cn Yang Zhang], @ China Telecom,
 
* [mailto:zhangy.yun@chinatelecom.cn Yang Zhang], @ China Telecom,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
* [mailto:wushuai@inspur.com Shuai Wu], @ Inspur,
+
* [mailto:lixiaofan@inspur.com Xiaofan Li], @ Inspur,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
Line 40: Line 40:
 
* [mailto:shanjiangh@chinatelecom.cn Jianghua Shan], @ China Telecom,
 
* [mailto:shanjiangh@chinatelecom.cn Jianghua Shan], @ China Telecom,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
 
* [mailto:lixingfu@huachentel.com Xingfu Li], @ HuachenTel,
* [mailto:wushuai@inspur.com Shuai Wu], @ Inspur,
+
* [mailto:lixiaofan@inspur.com Xiaofan Li], @ Inspur,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:yuyingxia@yxlink.com Yuying Xia], @ Yxlink,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
 
* [mailto:fanchenggang@sunyainfo.com Chenggang Fan], @ Sunyainfo,
Line 49: Line 49:
 
* [mailto:jim@netgate.com Jim Thompson], @ Netgate,
 
* [mailto:jim@netgate.com Jim Thompson], @ Netgate,
 
* [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba,
 
* [mailto:pengjie.lpj@alibaba-inc.com Pengjie Li], @ Alibaba,
 
+
* [mailto:weiyanhua@360.cn Yanhua Wei], @ 360,
 +
* [mailto:Leon_Li@trendmicro.com Leon Li], @ Trend Micro,
 +
* [mailto:michael.a.yu@nokia-sbell.com Michael Yu], @ Nokia,
 +
* [mailto:lxq@haohandata.com.cn Xianqiang Li], @ HAOHAN Data,
  
 
== Scope ==
 
== Scope ==
Line 67: Line 70:
 
         - Integration with other systems
 
         - Integration with other systems
 
-->
 
-->
UDPI's main responsibility is to enable communication between northbound interfaces and VPP's management APIs, performing all necessary translations in the background. It is important to note that many features and utilities will be reused from open source projects and tools (e.g. netopeer2, Sysrepo) and will not be a direct part of UDPI. This section is splitted into 2 sections: in-scope and out-of-scope to clearly define what is developed as part of UDPI project and what will be just reused from other projects (or where UDPI relies on other projects).
 
 
'''UDPI project scope:'''
 
 
 
UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
 
UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
 
* Flow Classification
 
* Flow Classification
 
** HW flow offloading leveraging rte_flow on DPDK
 
** HW flow offloading leveraging rte_flow on DPDK
 
** SW flow classification
 
** SW flow classification
** Supports both ipv4 and ipv6 flows
+
** Supports both IPv4 and IPv6 flows
 
** Supports Tunnel Traffic Classification
 
** Supports Tunnel Traffic Classification
 
** BD-aware and VRF-aware
 
** BD-aware and VRF-aware
Line 84: Line 83:
 
** TCP session aware expiration mechanism
 
** TCP session aware expiration mechanism
  
* TCP Segments Reassembly
+
* TCP Segment Reassembly
** TCP connection track
+
** TCP connection tracking
** TCP segments re-ordering
+
** TCP segment re-ordering
** TCP segments overlap handling
+
** TCP segment overlap handling
  
 
* Application Database
 
* Application Database
Line 95: Line 94:
 
* Application Detection
 
* Application Detection
 
** Leverage Hyperscan Stream Mode
 
** Leverage Hyperscan Stream Mode
** Reassembly TCP segments on the fly
+
** Reassembly of TCP segments on the fly
  
 
* Application-based Actions
 
* Application-based Actions
** Qos
+
** QoS
 
** Rate Limiting
 
** Rate Limiting
 
** Policy Routing
 
** Policy Routing
** SDWAN
+
** SD-WAN
  
 
* Supported Protocols:
 
* Supported Protocols:
Line 108: Line 107:
 
** DNS
 
** DNS
 
** QUIC
 
** QUIC
......
+
** etc.
  
 
== Releases ==
 
== Releases ==
  
 
UDPI releases are based on VPP version numbers.
 
UDPI releases are based on VPP version numbers.
+
 
=== 20.01 - Current master ===
+
* [[UDPI/20.01 Release Plan | 20.01 Release Plan]]
  
 
== Contributing ==
 
== Contributing ==
Line 125: Line 124:
 
* '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks
 
* '''[https://lists.fd.io/g/udpi-dev udpi-dev@lists.fd.io]''' : to be notified about UDPI talks
  
== FAQ ==
+
== Papers, Presentations and Demos ==
 
+
* '''Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs''', [https://www.usenix.org/conference/nsdi19/presentation/wang-xiang Hyperscan NSDI Paper], By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019
[https://wiki.fd.io/view/UDPI/FAQ FAQ]
+
* '''Flow-based Packet Processing Framework on DPDK and VPP''', [https://kccncosschn19eng.sched.com/event/Nrth/flow-based-packet-processing-framework-on-dpdk-and-vpp-hongjun-ni-intel Flow-base Framework], By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019
 
+
* '''Identify Encrypted Application Protocols Based on VPP''', [https://ossalsjp19.sched.com/event/OVs5/identify-encrypted-application-protocols-based-on-vpp-hongjun-ni-xiang-wang-intel Identifying Encrypted Application], By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019
== Meeting ==
+
* '''Identifying Layer 7 Applications for HTTPS Traffic''' at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019
 
+
* '''Hyperscan Use Case & UDPI Introduction''', Presentation and Demo, [https://www.sdnlab.com/23453.html Intel PP Meetup], By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019
[https://wiki.fd.io/view/UDPI/Meeting UDPI meeting]
+
 
+
== UDPI backlog ==
+
Backlog can be found in: [https://jira.fd.io/projects/UDPI/ UDPI's JIRA].
+
  
 
== Code quality ==
 
== Code quality ==
 
There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io]
 
There is no current sonar analysis on: [https://sonar.fd.io https://sonar.fd.io]

Latest revision as of 07:05, 16 December 2019

UDPI Facts

Project Lead: Hongjun Ni, @ Intel
Committers:

Repository: git clone https://gerrit.fd.io/r/udpi
Mailing List: udpi-dev@lists.fd.io
Jenkins: jenkins silo
Gerrit Patches: code patches/reviews
Bugs: UDPI bugs

Intro

The UDPI (Universal Deep Packet Inspection) project is a reference framework to build a high performance solution for Deep Packet Inspection, integrated with the general purpose FD.io VPP stack. It leverages industry regex matching library to provide a rich set of features, which can be used in IPS/IDS, Web Firewall and similar applications.

The initial code contributions are from Intel and Travelping.

Overview

Overview of the UDPI reference framework: https://wiki.fd.io/view/File:Reference.png

Project Contact

Scope

UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:

  • Flow Classification
    • HW flow offloading leveraging rte_flow on DPDK
    • SW flow classification
    • Supports both IPv4 and IPv6 flows
    • Supports Tunnel Traffic Classification
    • BD-aware and VRF-aware
    • Bi-directional traffic maps to one flow.
  • Flow Expiration
    • Timer-based expiration mechanism
    • TCP session aware expiration mechanism
  • TCP Segment Reassembly
    • TCP connection tracking
    • TCP segment re-ordering
    • TCP segment overlap handling
  • Application Database
    • Default static Application Database
    • Add new Application rules dynamically
  • Application Detection
    • Leverage Hyperscan Stream Mode
    • Reassembly of TCP segments on the fly
  • Application-based Actions
    • QoS
    • Rate Limiting
    • Policy Routing
    • SD-WAN
  • Supported Protocols:
    • TLS/HTTPS
    • HTTP
    • DNS
    • QUIC
    • etc.

Releases

UDPI releases are based on VPP version numbers.

Contributing

Contributions must go through code-review before being merged:

   git clone https://gerrit.fd.io/r/udpi


Feel free to subscribe to the following mailing lists:

Papers, Presentations and Demos

  • Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs, Hyperscan NSDI Paper, By Xiang Wang & Yang Hong & Harry Chang & KyoungSoo Park & Geoff Langdale & Jiayu Hu & Heqing Zhu, At NSDI 2019
  • Flow-based Packet Processing Framework on DPDK and VPP, Flow-base Framework, By Hongjun Ni & Qi Zhang, At Open Source Summit China 2019
  • Identify Encrypted Application Protocols Based on VPP, Identifying Encrypted Application, By Hongjun Ni & Xiang Wang, At Open Source Summit Japan 2019
  • Identifying Layer 7 Applications for HTTPS Traffic at Intel Booth, by Hongjun Ni, At Open Source Summit North America 2019
  • Hyperscan Use Case & UDPI Introduction, Presentation and Demo, Intel PP Meetup, By Xiang Wang & Hongjun Ni, At Intel Packet Processing Beijing Meetup 2019

Code quality

There is no current sonar analysis on: https://sonar.fd.io