[dpdk-users] middlebox using dkdp

[dpdk-users] middlebox using dkdp

[Adrian Duralia]

Hello,

I'm curious if it would be possible to implement a middlebox device using
dpdk, that can filter & sign all traffic.
My goal is to be able to filter some packets and also to secure the
communication between a few computers (that cannot be updated/modified) on
the same LAN and I'm thinking to place such device in front on each
computer, leaving current network topology untouched.
I had a look at the existing samples in dpdk and l2fwd-crypto seems to be a
good place to start.

Thank you,
Adrian

Re: [dpdk-users] middlebox using dkdp

[Stephen Hemminger]

On Sat, 13 Jan 2018 22:10:55 +0200
Adrian Duralia <adrian@techexpress.ro> wrote:

> Hello,
> 
> I'm curious if it would be possible to implement a middlebox device using
> dpdk, that can filter & sign all traffic.
> My goal is to be able to filter some packets and also to secure the
> communication between a few computers (that cannot be updated/modified) on
> the same LAN and I'm thinking to place such device in front on each
> computer, leaving current network topology untouched.
> I had a look at the existing samples in dpdk and l2fwd-crypto seems to be a
> good place to start.
> 
> Thank you,
> Adrian

DPDK is about sending and receiving packets. It has pieces that could be used
to handle IP etc, but really 95% of the work would have to be in the application.
So yes, you could build a middlebox; but lots left to do.

Re: [dpdk-users] middlebox using dkdp

[Adrian Duralia]

Thank you for the response!
While I'm not scared to add a lot of code in the app side, I wouldn't like
to reinvent the wheel. So, is there any framework or library that you think
it would be more appropiate to create a middlebox?

Thank you,
Adrian

On Sunday, January 14, 2018, Stephen Hemminger <stephen@networkplumber.org>
wrote:

> On Sat, 13 Jan 2018 22:10:55 +0200
> Adrian Duralia <adrian@techexpress.ro> wrote:
>
> > Hello,
> >
> > I'm curious if it would be possible to implement a middlebox device using
> > dpdk, that can filter & sign all traffic.
> > My goal is to be able to filter some packets and also to secure the
> > communication between a few computers (that cannot be updated/modified)
> on
> > the same LAN and I'm thinking to place such device in front on each
> > computer, leaving current network topology untouched.
> > I had a look at the existing samples in dpdk and l2fwd-crypto seems to
> be a
> > good place to start.
> >
> > Thank you,
> > Adrian
>
> DPDK is about sending and receiving packets. It has pieces that could be
> used
> to handle IP etc, but really 95% of the work would have to be in the
> application.
> So yes, you could build a middlebox; but lots left to do.
>


-- 
Adrian Duralia
Tel. +40723698531
Email: adrian.duralia@gmail.com

Re: [dpdk-users] middlebox using dkdp

[Stephen Hemminger]

On Sun, 14 Jan 2018 13:53:01 +0200
Adrian Duralia <adrian.duralia@gmail.com> wrote:

> Thank you for the response!
> While I'm not scared to add a lot of code in the app side, I wouldn't like
> to reinvent the wheel. So, is there any framework or library that you think
> it would be more appropiate to create a middlebox?

Look at FD.io maybe?

Re: [dpdk-users] middlebox using dkdp

[tom.barbette]

Hi Adrian,

There is a lot of publications on the subject, many new NFV frameworks are based on/use DPDK.

FastClick, FD.io, SoftNIC, NetBricks, NetVM, OpenNetVM,  ... Provide basic network functions with various level of isolation but are not strictly targeting middleboxes. They will abstract a good part of the work though.

mOS, E2, Climb, Xomb, Comb are more middlebox-targeted. Maybe not all supporting directly DPDK (first 3 at least).

Depending on the project, things like OpenBox, or E2 also cover a controller-based approach.

And this is very far from an exhaustive list... Basically you're looking for "DPDK NFV dataplane". Reading about the ones I cited will get you closer at least.

Tom

Tom Barbette 
PhD Student @ Université de Liège 

Office 1/13 
Bâtiment B37 
Quartier Polytech 
Allée de la découverte, 12 
4000 Liège 

04/366 91 75 
0479/60 94 63

----- Mail original -----
> De: "Adrian Duralia" <adrian.duralia@gmail.com>
> À: "Stephen Hemminger" <stephen@networkplumber.org>
> Cc: users@dpdk.org
> Envoyé: Dimanche 14 Janvier 2018 12:53:01
> Objet: Re: [dpdk-users] middlebox using dkdp

> Thank you for the response!
> While I'm not scared to add a lot of code in the app side, I wouldn't like
> to reinvent the wheel. So, is there any framework or library that you think
> it would be more appropiate to create a middlebox?
> 
> Thank you,
> Adrian
> 
> On Sunday, January 14, 2018, Stephen Hemminger <stephen@networkplumber.org>
> wrote:
> 
>> On Sat, 13 Jan 2018 22:10:55 +0200
>> Adrian Duralia <adrian@techexpress.ro> wrote:
>>
>> > Hello,
>> >
>> > I'm curious if it would be possible to implement a middlebox device using
>> > dpdk, that can filter & sign all traffic.
>> > My goal is to be able to filter some packets and also to secure the
>> > communication between a few computers (that cannot be updated/modified)
>> on
>> > the same LAN and I'm thinking to place such device in front on each
>> > computer, leaving current network topology untouched.
>> > I had a look at the existing samples in dpdk and l2fwd-crypto seems to
>> be a
>> > good place to start.
>> >
>> > Thank you,
>> > Adrian
>>
>> DPDK is about sending and receiving packets. It has pieces that could be
>> used
>> to handle IP etc, but really 95% of the work would have to be in the
>> application.
>> So yes, you could build a middlebox; but lots left to do.
>>
> 
> 
> --
> Adrian Duralia
> Tel. +40723698531
> Email: adrian.duralia@gmail.com

Re: [dpdk-users] middlebox using dkdp

[Adrian Duralia]

Thank you for your responses!

On Sun, Jan 14, 2018 at 8:51 PM, <tom.barbette@uliege.be> wrote:

> Hi Adrian,
>
> There is a lot of publications on the subject, many new NFV frameworks are
> based on/use DPDK.
>
> FastClick, FD.io, SoftNIC, NetBricks, NetVM, OpenNetVM,  ... Provide basic
> network functions with various level of isolation but are not strictly
> targeting middleboxes. They will abstract a good part of the work though.
>
> mOS, E2, Climb, Xomb, Comb are more middlebox-targeted. Maybe not all
> supporting directly DPDK (first 3 at least).
>
> Depending on the project, things like OpenBox, or E2 also cover a
> controller-based approach.
>
> And this is very far from an exhaustive list... Basically you're looking
> for "DPDK NFV dataplane". Reading about the ones I cited will get you
> closer at least.
>
> Tom
>
> Tom Barbette
> PhD Student @ Université de Liège
>
> Office 1/13
> Bâtiment B37
> Quartier Polytech
> Allée de la découverte, 12
> 4000 Liège
>
> 04/366 91 75
> 0479/60 94 63
>
> ----- Mail original -----
> > De: "Adrian Duralia" <adrian.duralia@gmail.com>
> > À: "Stephen Hemminger" <stephen@networkplumber.org>
> > Cc: users@dpdk.org
> > Envoyé: Dimanche 14 Janvier 2018 12:53:01
> > Objet: Re: [dpdk-users] middlebox using dkdp
>
> > Thank you for the response!
> > While I'm not scared to add a lot of code in the app side, I wouldn't
> like
> > to reinvent the wheel. So, is there any framework or library that you
> think
> > it would be more appropiate to create a middlebox?
> >
> > Thank you,
> > Adrian
> >
> > On Sunday, January 14, 2018, Stephen Hemminger <
> stephen@networkplumber.org>
> > wrote:
> >
> >> On Sat, 13 Jan 2018 22:10:55 +0200
> >> Adrian Duralia <adrian@techexpress.ro> wrote:
> >>
> >> > Hello,
> >> >
> >> > I'm curious if it would be possible to implement a middlebox device
> using
> >> > dpdk, that can filter & sign all traffic.
> >> > My goal is to be able to filter some packets and also to secure the
> >> > communication between a few computers (that cannot be
> updated/modified)
> >> on
> >> > the same LAN and I'm thinking to place such device in front on each
> >> > computer, leaving current network topology untouched.
> >> > I had a look at the existing samples in dpdk and l2fwd-crypto seems to
> >> be a
> >> > good place to start.
> >> >
> >> > Thank you,
> >> > Adrian
> >>
> >> DPDK is about sending and receiving packets. It has pieces that could be
> >> used
> >> to handle IP etc, but really 95% of the work would have to be in the
> >> application.
> >> So yes, you could build a middlebox; but lots left to do.
> >>
> >
> >
> > --
> > Adrian Duralia
> > Tel. +40723698531
> > Email: adrian.duralia@gmail.com
>