The world of networking has undergone monumental shifts over the past decade, particularly in the ongoing move from specialized hardware into software defined network functions (NFV) for data plane1 and packet processing. While the transition to software has fashioned the rise of SDN (Software-defined networking) and programmable networks, new challenges have arisen in making these functions flexible, efficient, easier to use, and fast (i.e. little to no performance overhead). Our team at Comcast wanted to both leverage what the network does best, especially with regards to its transport capacity and routing mechanisms, while also being able to develop network programs through a modern software lens—stressing testing, swift iteration, and deployment. So, with these goals in mind, we developed Capsule, a new framework for network function development, written in Rust, inspired by Berkeley's NetBricks research, and built-on Intel's Data Plane Development Kit (DPDK).
Many networks today are still programmed using low-level languages that may lack safeguards against logic errors. Studies have even shown that logic errors are the most commonly found errors in packet-processing programs including failing to check expected branching conditions, forgetting conditional checks or validations, and getting checksums wrong. While there's been an influx of higher-level language frameworks and programming models entering the space, especially from research and academia, many tend to be difficult for application developers to get started with, extend for their own purposes, unit-test, and/or run in a production setting.
With Capsule, we set out with a goal to offer an ergonomic framework for network function development that traditionally has high barriers of entry for developers. We've created a tool to build and run network functions, efficiently manipulating network packets while being type-safe, memory-safe, and thread-safe. Building on DPDK and Rust, Capsule provides:
- a fast packet processor that uses minimum number of CPU cycles.
- a rich packet type system that guarantees memory-safety and thread-safety.
- a declarative programming model that emphasizes simplicity.
- an extensible and testable framework that is easy to develop and maintain.
The easiest way to start developing Capsule applications is to use Capsule's Vagrant virtual machine (VM) and Docker sandbox. The sandbox is preconfigured with all the necessary tools and libraries for Capsule development, including:
host$ vagrant plugin install vagrant-reload vagrant-disksize vagrant-vbguest
Next, clone Capsule's sandbox repository, then start and
ssh into the Vagrant VM:
host$ git clone https://github.com/capsule-rs/sandbox.git host$ cd sandbox host$ vagrant up host$ vagrant ssh
Once you're inside the created Debian VM with Docker installed, run the sandbox with:
vagrant$ docker run -it --rm \ --privileged \ --network=host \ --name sandbox \ --cap-add=SYS_PTRACE \ --security-opt seccomp=unconfined \ -v /lib/modules:/lib/modules \ -v /dev/hugepages:/dev/hugepages \ getcapsule/sandbox:19.11.1-1.43 /bin/bash
Remember to also mount the working directory of your project as a volume for the sandbox. Then you can use Rust Cargo commands inside the container as usual.
Finally, add Capsule as a dependency to your
Cargo.toml, and start writing your application:
[dependencies] capsule = "0.1"
If you want to develop Capsule without using Docker in Vagrant, please check out the Capsule sandbox repo for instructions on running our Vagrant VM environment, as well as other options that do not rely on either Vagrant or Docker. The Capsule Rust crate is available on crates.io.
The Capsule project is looking for contributors to help further develop and enhance the framework, including new protocols, features, and optimizations. If you are interested in participating, please see the contributing guide to get involved. We'd also love to see what use-cases and applications are explored with the framework. To see what Capsule programs look like, check out our examples, including a ping utility, and network functions that exercise network address translation and forwarding, TCP SYN flood generation with exposed metrics, and our general declarative approach to packet-processing.
The project and everyone participating in it agrees to and is governed by the Capsule Code Of Conduct.
The current maintainers with roles to merge pull requests are:
1Refers to the forwarding and modifying of network traffic. Please read Programmable Network Data Planes for a contemporary view on data plane programmability industry projects and research.