* [dpdk-users] middlebox using dkdp @ 2018-01-13 20:10 Adrian Duralia 2018-01-14 5:25 ` Stephen Hemminger 0 siblings, 1 reply; 6+ messages in thread From: Adrian Duralia @ 2018-01-13 20:10 UTC (permalink / raw) To: users Hello, I'm curious if it would be possible to implement a middlebox device using dpdk, that can filter & sign all traffic. My goal is to be able to filter some packets and also to secure the communication between a few computers (that cannot be updated/modified) on the same LAN and I'm thinking to place such device in front on each computer, leaving current network topology untouched. I had a look at the existing samples in dpdk and l2fwd-crypto seems to be a good place to start. Thank you, Adrian ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-users] middlebox using dkdp 2018-01-13 20:10 [dpdk-users] middlebox using dkdp Adrian Duralia @ 2018-01-14 5:25 ` Stephen Hemminger 2018-01-14 11:53 ` Adrian Duralia 0 siblings, 1 reply; 6+ messages in thread From: Stephen Hemminger @ 2018-01-14 5:25 UTC (permalink / raw) To: Adrian Duralia; +Cc: users On Sat, 13 Jan 2018 22:10:55 +0200 Adrian Duralia <adrian@techexpress.ro> wrote: > Hello, > > I'm curious if it would be possible to implement a middlebox device using > dpdk, that can filter & sign all traffic. > My goal is to be able to filter some packets and also to secure the > communication between a few computers (that cannot be updated/modified) on > the same LAN and I'm thinking to place such device in front on each > computer, leaving current network topology untouched. > I had a look at the existing samples in dpdk and l2fwd-crypto seems to be a > good place to start. > > Thank you, > Adrian DPDK is about sending and receiving packets. It has pieces that could be used to handle IP etc, but really 95% of the work would have to be in the application. So yes, you could build a middlebox; but lots left to do. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-users] middlebox using dkdp 2018-01-14 5:25 ` Stephen Hemminger @ 2018-01-14 11:53 ` Adrian Duralia 2018-01-14 17:12 ` Stephen Hemminger 2018-01-14 18:51 ` tom.barbette 0 siblings, 2 replies; 6+ messages in thread From: Adrian Duralia @ 2018-01-14 11:53 UTC (permalink / raw) To: Stephen Hemminger; +Cc: users Thank you for the response! While I'm not scared to add a lot of code in the app side, I wouldn't like to reinvent the wheel. So, is there any framework or library that you think it would be more appropiate to create a middlebox? Thank you, Adrian On Sunday, January 14, 2018, Stephen Hemminger <stephen@networkplumber.org> wrote: > On Sat, 13 Jan 2018 22:10:55 +0200 > Adrian Duralia <adrian@techexpress.ro> wrote: > > > Hello, > > > > I'm curious if it would be possible to implement a middlebox device using > > dpdk, that can filter & sign all traffic. > > My goal is to be able to filter some packets and also to secure the > > communication between a few computers (that cannot be updated/modified) > on > > the same LAN and I'm thinking to place such device in front on each > > computer, leaving current network topology untouched. > > I had a look at the existing samples in dpdk and l2fwd-crypto seems to > be a > > good place to start. > > > > Thank you, > > Adrian > > DPDK is about sending and receiving packets. It has pieces that could be > used > to handle IP etc, but really 95% of the work would have to be in the > application. > So yes, you could build a middlebox; but lots left to do. > -- Adrian Duralia Tel. +40723698531 Email: adrian.duralia@gmail.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-users] middlebox using dkdp 2018-01-14 11:53 ` Adrian Duralia @ 2018-01-14 17:12 ` Stephen Hemminger 2018-01-14 18:51 ` tom.barbette 1 sibling, 0 replies; 6+ messages in thread From: Stephen Hemminger @ 2018-01-14 17:12 UTC (permalink / raw) To: Adrian Duralia; +Cc: users On Sun, 14 Jan 2018 13:53:01 +0200 Adrian Duralia <adrian.duralia@gmail.com> wrote: > Thank you for the response! > While I'm not scared to add a lot of code in the app side, I wouldn't like > to reinvent the wheel. So, is there any framework or library that you think > it would be more appropiate to create a middlebox? Look at FD.io maybe? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-users] middlebox using dkdp 2018-01-14 11:53 ` Adrian Duralia 2018-01-14 17:12 ` Stephen Hemminger @ 2018-01-14 18:51 ` tom.barbette 2018-01-15 17:55 ` Adrian Duralia 1 sibling, 1 reply; 6+ messages in thread From: tom.barbette @ 2018-01-14 18:51 UTC (permalink / raw) To: Adrian Duralia; +Cc: Stephen Hemminger, users Hi Adrian, There is a lot of publications on the subject, many new NFV frameworks are based on/use DPDK. FastClick, FD.io, SoftNIC, NetBricks, NetVM, OpenNetVM, ... Provide basic network functions with various level of isolation but are not strictly targeting middleboxes. They will abstract a good part of the work though. mOS, E2, Climb, Xomb, Comb are more middlebox-targeted. Maybe not all supporting directly DPDK (first 3 at least). Depending on the project, things like OpenBox, or E2 also cover a controller-based approach. And this is very far from an exhaustive list... Basically you're looking for "DPDK NFV dataplane". Reading about the ones I cited will get you closer at least. Tom Tom Barbette PhD Student @ Université de Liège Office 1/13 Bâtiment B37 Quartier Polytech Allée de la découverte, 12 4000 Liège 04/366 91 75 0479/60 94 63 ----- Mail original ----- > De: "Adrian Duralia" <adrian.duralia@gmail.com> > À: "Stephen Hemminger" <stephen@networkplumber.org> > Cc: users@dpdk.org > Envoyé: Dimanche 14 Janvier 2018 12:53:01 > Objet: Re: [dpdk-users] middlebox using dkdp > Thank you for the response! > While I'm not scared to add a lot of code in the app side, I wouldn't like > to reinvent the wheel. So, is there any framework or library that you think > it would be more appropiate to create a middlebox? > > Thank you, > Adrian > > On Sunday, January 14, 2018, Stephen Hemminger <stephen@networkplumber.org> > wrote: > >> On Sat, 13 Jan 2018 22:10:55 +0200 >> Adrian Duralia <adrian@techexpress.ro> wrote: >> >> > Hello, >> > >> > I'm curious if it would be possible to implement a middlebox device using >> > dpdk, that can filter & sign all traffic. >> > My goal is to be able to filter some packets and also to secure the >> > communication between a few computers (that cannot be updated/modified) >> on >> > the same LAN and I'm thinking to place such device in front on each >> > computer, leaving current network topology untouched. >> > I had a look at the existing samples in dpdk and l2fwd-crypto seems to >> be a >> > good place to start. >> > >> > Thank you, >> > Adrian >> >> DPDK is about sending and receiving packets. It has pieces that could be >> used >> to handle IP etc, but really 95% of the work would have to be in the >> application. >> So yes, you could build a middlebox; but lots left to do. >> > > > -- > Adrian Duralia > Tel. +40723698531 > Email: adrian.duralia@gmail.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-users] middlebox using dkdp 2018-01-14 18:51 ` tom.barbette @ 2018-01-15 17:55 ` Adrian Duralia 0 siblings, 0 replies; 6+ messages in thread From: Adrian Duralia @ 2018-01-15 17:55 UTC (permalink / raw) To: tom.barbette; +Cc: users Thank you for your responses! On Sun, Jan 14, 2018 at 8:51 PM, <tom.barbette@uliege.be> wrote: > Hi Adrian, > > There is a lot of publications on the subject, many new NFV frameworks are > based on/use DPDK. > > FastClick, FD.io, SoftNIC, NetBricks, NetVM, OpenNetVM, ... Provide basic > network functions with various level of isolation but are not strictly > targeting middleboxes. They will abstract a good part of the work though. > > mOS, E2, Climb, Xomb, Comb are more middlebox-targeted. Maybe not all > supporting directly DPDK (first 3 at least). > > Depending on the project, things like OpenBox, or E2 also cover a > controller-based approach. > > And this is very far from an exhaustive list... Basically you're looking > for "DPDK NFV dataplane". Reading about the ones I cited will get you > closer at least. > > Tom > > Tom Barbette > PhD Student @ Université de Liège > > Office 1/13 > Bâtiment B37 > Quartier Polytech > Allée de la découverte, 12 > 4000 Liège > > 04/366 91 75 > 0479/60 94 63 > > ----- Mail original ----- > > De: "Adrian Duralia" <adrian.duralia@gmail.com> > > À: "Stephen Hemminger" <stephen@networkplumber.org> > > Cc: users@dpdk.org > > Envoyé: Dimanche 14 Janvier 2018 12:53:01 > > Objet: Re: [dpdk-users] middlebox using dkdp > > > Thank you for the response! > > While I'm not scared to add a lot of code in the app side, I wouldn't > like > > to reinvent the wheel. So, is there any framework or library that you > think > > it would be more appropiate to create a middlebox? > > > > Thank you, > > Adrian > > > > On Sunday, January 14, 2018, Stephen Hemminger < > stephen@networkplumber.org> > > wrote: > > > >> On Sat, 13 Jan 2018 22:10:55 +0200 > >> Adrian Duralia <adrian@techexpress.ro> wrote: > >> > >> > Hello, > >> > > >> > I'm curious if it would be possible to implement a middlebox device > using > >> > dpdk, that can filter & sign all traffic. > >> > My goal is to be able to filter some packets and also to secure the > >> > communication between a few computers (that cannot be > updated/modified) > >> on > >> > the same LAN and I'm thinking to place such device in front on each > >> > computer, leaving current network topology untouched. > >> > I had a look at the existing samples in dpdk and l2fwd-crypto seems to > >> be a > >> > good place to start. > >> > > >> > Thank you, > >> > Adrian > >> > >> DPDK is about sending and receiving packets. It has pieces that could be > >> used > >> to handle IP etc, but really 95% of the work would have to be in the > >> application. > >> So yes, you could build a middlebox; but lots left to do. > >> > > > > > > -- > > Adrian Duralia > > Tel. +40723698531 > > Email: adrian.duralia@gmail.com > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-01-15 17:55 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-01-13 20:10 [dpdk-users] middlebox using dkdp Adrian Duralia 2018-01-14 5:25 ` Stephen Hemminger 2018-01-14 11:53 ` Adrian Duralia 2018-01-14 17:12 ` Stephen Hemminger 2018-01-14 18:51 ` tom.barbette 2018-01-15 17:55 ` Adrian Duralia
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).