Hi Adrian, There is a lot of publications on the subject, many new NFV frameworks are based on/use DPDK.
FastClick, FD.io, SoftNIC, NetBricks, NetVM, OpenNetVM, ... Provide basic network functions with various level of isolation but are not strictly targeting middleboxes. They will abstract a good part of the work though. mOS, E2, Climb, Xomb, Comb are more middlebox-targeted. Maybe not all supporting directly DPDK (first 3 at least). Depending on the project, things like OpenBox, or E2 also cover a controller-based approach. And this is very far from an exhaustive list... Basically you're looking for "DPDK NFV dataplane". Reading about the ones I cited will get you closer at least. Tom Tom Barbette PhD Student @ Université de Liège Office 1/13 Bâtiment B37 Quartier Polytech Allée de la découverte, 12 4000 Liège 04/366 91 75 0479/60 94 63 ----- Mail original ----- > De: "Adrian Duralia" <[email protected]> > À: "Stephen Hemminger" <[email protected]> > Cc: [email protected] > Envoyé: Dimanche 14 Janvier 2018 12:53:01 > Objet: Re: [dpdk-users] middlebox using dkdp > Thank you for the response! > While I'm not scared to add a lot of code in the app side, I wouldn't like > to reinvent the wheel. So, is there any framework or library that you think > it would be more appropiate to create a middlebox? > > Thank you, > Adrian > > On Sunday, January 14, 2018, Stephen Hemminger <[email protected]> > wrote: > >> On Sat, 13 Jan 2018 22:10:55 +0200 >> Adrian Duralia <[email protected]> wrote: >> >> > Hello, >> > >> > I'm curious if it would be possible to implement a middlebox device using >> > dpdk, that can filter & sign all traffic. >> > My goal is to be able to filter some packets and also to secure the >> > communication between a few computers (that cannot be updated/modified) >> on >> > the same LAN and I'm thinking to place such device in front on each >> > computer, leaving current network topology untouched. >> > I had a look at the existing samples in dpdk and l2fwd-crypto seems to >> be a >> > good place to start. >> > >> > Thank you, >> > Adrian >> >> DPDK is about sending and receiving packets. It has pieces that could be >> used >> to handle IP etc, but really 95% of the work would have to be in the >> application. >> So yes, you could build a middlebox; but lots left to do. >> > > > -- > Adrian Duralia > Tel. +40723698531 > Email: [email protected]
