Difference between revisions of "UDPI"

From fd.io

Jump to: navigation, search

Revision as of 22:35, 29 August 2019

UDPI Facts
Project Lead: Hongjun Ni, @ Intel Committers: Xiang Wang, @ Intel, Yang Hong, @ Intel, Harry Chang, @ Intel, Jian Gu, @ ZTE, Jianghua Shan, @ China Telecom, Yang Zhang, @ China Telecom, Xingfu Li, @ HuachenTel, Shuai Wu, @ Inspur, Yuying Xia, @ Yxlink, Chenggang Fan, @ Sunyainfo, Feng Gao, @ Tencent, Zhong Liu, @ China Unicom, Yong Zhao, @ Huawei, Haiquan Chen, @ QingCloud, Jim Thompson, @ Netgate, Pengjie Li, @ Alibaba, Zhao Zhang, @ Alibaba, Zhangpeng Xie, @ Alibaba, Drenfong Wang, @ Intel, Hongjun Ni, @ Intel, Repository: git clone https://gerrit.fd.io/r/udpi Mailing List: udpi-dev@lists.fd.io Jenkins: jenkins silo Gerrit Patches: code patches/reviews Bugs: UDPI bugs

1 Intro
- 1.1 Overview
2 Project Contact
3 Scope
4 Releases
- 4.1 20.01 - Current master
5 Contributing
6 FAQ
7 Meeting
8 UDPI backlog
9 Code quality

Intro

The UDPI (Universal Deep Packet Inspection) project is a reference framework to build a high performance solution for Deep Packet Inspection, integrated with the general purpose FD.io VPP stack. It leverages industry regex matching library to provide a rich set of features, which can be used in IPS/IDS, Web Firewall and similar applications.

The initial code contributions are from Intel and Travelping.

Overview

Overview of the UDPI reference framework: https://wiki.fd.io/view/File:Reference.png

Project Contact

Hongjun Ni, @ Intel,
Jian Gu, @ ZTE,
Jianghua Shan, @ China Telecom,
Xingfu Li, @ HuachenTel,
Shuai Wu, @ Inspur,
Yuying Xia, @ Yxlink,
Chenggang Fan, @ Sunyainfo,
Feng Gao, @ Tencent,
Zhong Liu, @ China Unicom,
Yong Zhao, @ Huawei,
Haiquan Chen, @ QingCloud,
Jim Thompson, @ Netgate,
Pengjie Li, @ Alibaba,

Scope

UDPI's main responsibility is to enable communication between northbound interfaces and VPP's management APIs, performing all necessary translations in the background. It is important to note that many features and utilities will be reused from open source projects and tools (e.g. netopeer2, Sysrepo) and will not be a direct part of UDPI. This section is splitted into 2 sections: in-scope and out-of-scope to clearly define what is developed as part of UDPI project and what will be just reused from other projects (or where UDPI relies on other projects).

UDPI project scope:

UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:

Flow Classification
- HW flow offloading leveraging rte_flow on DPDK
- SW flow classification
- Supports both ipv4 and ipv6 flows
- Supports Tunnel Traffic Classification
- BD-aware and VRF-aware
- Bi-directional traffic maps to one flow.

Flow Expiration
- Timer-based expiration mechanism
- TCP session aware expiration mechanism

TCP Segments Reassembly
- TCP connection track
- TCP segments re-ordering
- TCP segments overlap handling

Application Database
- Default static Application Database
- Add new Application rules dynamically

Application Detection
- Leverage Hyperscan Stream Mode
- Reassembly TCP segments on the fly

Application-based Actions
- Qos
- Rate Limiting
- Policy Routing
- SDWAN

Supported Protocols:
- TLS/HTTPS
- HTTP
- DNS
- QUIC

......

Releases

UDPI releases are based on VPP version numbers.

20.01 - Current master

Contributing

Contributions must go through code-review before being merged:

   git clone https://gerrit.fd.io/r/udpi

Feel free to subscribe to the following mailing lists:

udpi-dev@lists.fd.io : to be notified about UDPI talks

FAQ

Meeting

UDPI meeting

UDPI backlog

Backlog can be found in: UDPI's JIRA.

Code quality

There is no current sonar analysis on: https://sonar.fd.io

Retrieved from "https://wiki.fd.io/index.php?title=UDPI&oldid=9815"

Category:

Project Main Pages

@@ Line 1: / Line 1: @@
 {{Project Facts
-|name=udpi
+|name=UDPI
-|shortname=UDPI
+|shortname=udpi
 |jiraName=UDPI
 |projectLead=[mailto:hongjun.ni@intel.com Hongjun Ni], @ Intel
@@ Line 71: / Line 71: @@
 '''UDPI project scope:'''
-* Northbound interfaces exposed:
+UDPI's main responsibility is to provide a reference framework for Deep Packet Inspection. It will cover below key components:
-** [http://tools.ietf.org/html/rfc4741, Netconf] from [https://github.com/CESNET/Netopeer2 CESNET/Netopeer2]
+* Flow Classification
-** [https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md, gNMI] northbound interface from [https://github.com/YohanPipereau/sysrepo-gnxi sysrepo-gnxi]
+** HW flow offloading leveraging rte_flow on DPDK
-** [https://tools.ietf.org/html/draft-ietf-netconf-restconf-05, Restconf] (does not exist yet)
+** SW flow classification
+** Supports both ipv4 and ipv6 flows
+** Supports Tunnel Traffic Classification
+** BD-aware and VRF-aware
+** Bi-directional traffic maps to one flow.
-* Translation layer between VPP management and Yang based data structures
+* Flow Expiration
-** Must support all features of VPP exposed in its APIs in an extensible manner
+** Timer-based expiration mechanism
+** TCP session aware expiration mechanism
-* Write YANG models for VPP specific features
+* TCP Segments Reassembly
+** TCP connection track
+** TCP segments re-ordering
+** TCP segments overlap handling
-* Expose APIs to integrate with other open source projects
+* Application Database
-** Base implementation of all generic southbound interfaces leverage VPP-VAPI
+** Default static Application Database
-** expose APIs to integrate with SD-WAN control plane, such as SDN Controller.
+** Add new Application rules dynamically
-** expose APIs to integrate with Routing Daemon, such as FRR.
-** expose APIs to integrate with IKE protocol, such as strongswan.
-** expose APIs to integrate with DPI control plane, such as nDPI.
-** expose APIs to integrate with BRAS control plane, such as OpenBRAS.
-'''Out of scope:'''
+* Application Detection
-* VPP API (VAPI or VOM)
+** Leverage Hyperscan Stream Mode
-** '''VAPI:''' C APIs for VPP, allowing C-based applications to interact with VPP is out of scope of UDPI project and is part of the base VPP project.
+** Reassembly TCP segments on the fly
-** '''VOM:''' C++ based API offering storage of networking objects
-* Writing yang models for VPP management
+* Application-based Actions
-** IETF and Openconfig YANG models are used as much as possible
+** Qos
-** For missing features, we rely on Honeycomb YANG models
+** Rate Limiting
+** Policy Routing
+** SDWAN
-* Compliancy with YANG models, storage of YANG tree
+* Supported Protocols:
-** Provided by sysrepo project and libraries it uses
+** TLS/HTTPS
+** HTTP
-* Server implementation of northbound interfaces
+** DNS
-** [http://tools.ietf.org/html/rfc4741, Netconf] from [https://github.com/CESNET/Netopeer2 CESNET/Netopeer2]
+** QUIC
-** [https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md, gNMI] northbound interface from [https://github.com/YohanPipereau/sysrepo-gnxi sysrepo-gnxi]
+......
-* Integration/performance testing
-** Complex integration or performance tests are out of scope of UDPI project and are part of CSIT project
-* Any other application based on top of UDPI is out of scope of this project and needs to be hosted in a dedicated project inside or outside of fd.io
 == Releases ==

Difference between revisions of "UDPI"

Revision as of 22:35, 29 August 2019

Contents

Intro

Overview

Project Contact

Scope

Releases

20.01 - Current master

Contributing

FAQ

Meeting

UDPI backlog

Code quality

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Tools