Rust Data Plane
The high-performance data plane handles wire-speed packet processing, PQC-TLS termination, and deep packet inspection using Rust.
Overview
The Rust data plane is the performance-critical path in QBITEL Bridge. It captures network traffic at wire speed, terminates PQC-TLS connections, performs deep packet inspection, and forwards processed data to the AI Engine for analysis.
Crate Structure
rust/dataplane/
crates/
pqc_tls/ # Post-quantum TLS implementation
dpdk_engine/ # DPDK packet capture and forwarding
dpi_engine/ # Deep packet inspection engine
io_engine/ # I/O engine with HA clustering
ai_bridge/ # Bridge to Python AI Engine
k8s_operator/ # Kubernetes custom operator
bin/
qbitel-bridge/ # Main binary entrypointPQC-TLS Implementation
The pqc_tls crate implements quantum-safe TLS using the Open Quantum Safe (liboqs) library. Supported algorithms:
| Algorithm | Type | Use Case |
|---|---|---|
| ML-KEM-1024 (Kyber) | Key Encapsulation | TLS key exchange |
| ML-DSA-87 (Dilithium) | Digital Signature | Certificate signing |
| Falcon-1024 | Digital Signature | Compact signatures |
| SLH-DSA (SPHINCS+) | Hash-based Signature | Stateless signing |
DPDK Engine
The DPDK engine provides kernel-bypass packet processing for maximum throughput:
- Zero-copy packet processing -- direct NIC access without kernel overhead
- Multi-queue RSS -- receive-side scaling across CPU cores
- Configurable pipelines -- pluggable packet processing stages
- 100K+ messages/second -- sustained throughput under load
Deep Packet Inspection
The DPI engine inspects packet payloads for protocol identification, threat signatures, and data classification:
- Protocol signature matching against known protocol fingerprints
- Stateful flow tracking for connection reassembly
- Content classification for data loss prevention
- Integration with AI Engine for unknown protocol discovery
AI Bridge
The ai_bridge crate provides the interface between the Rust data plane and the Python AI Engine:
- Serializes captured packets into AI Engine-compatible format
- Manages connection pooling to the Python gRPC service
- Handles backpressure when the AI Engine is under load
- Provides fallback classification when the AI Engine is unavailable
Kubernetes Operator
The k8s_operator crate implements a custom Kubernetes operator for managing data plane resources:
- Custom Resource Definitions -- define data plane configurations as Kubernetes resources
- Controller -- reconciliation loop for control plane, policy, and service mesh resources
- Metrics -- exports Prometheus metrics for operator health
Performance Characteristics
| Metric | Target |
|---|---|
| PQC-TLS handshake latency | < 1ms |
| Packet processing throughput | 100K+ msg/s |
| DPI classification latency | < 50 microseconds |
| Memory footprint | < 256 MB baseline |
Next Steps
- PQC Algorithms -- detailed algorithm specifications
- Rust Development Guide -- contribute to the data plane
- Go Control Plane -- service orchestration layer