MarchProxy Documentation

MarchProxy is a high-performance, enterprise-grade egress proxy solution designed for data center environments. It provides intelligent traffic routing, advanced authentication, and optional hardware acceleration for maximum throughput.

Quick Links

• Installation Guide - Get started with MarchProxy
• Architecture Overview - System design and components
• Configuration Reference - Complete configuration options
• API Documentation - REST API reference
• Features - Advanced features and capabilities

Product Tiers

Community Edition (Open Source)

• ✅ Up to 3 proxy servers
• ✅ Single default cluster
• ✅ Basic authentication (Base64 tokens)
• ✅ Core protocol support (TCP/UDP/ICMP/HTTP/HTTPS)
• ✅ eBPF acceleration
• ✅ PostgreSQL database
• ✅ Web management interface

Enterprise Edition (Licensed)

• ✅ Unlimited proxy servers (license-based)
• ✅ Multi-cluster support with isolation
• ✅ Advanced authentication (SAML/SCIM/OAuth2/2FA)
• ✅ JWT token authentication with rotation
• ✅ XDP rate limiting and advanced features
• ✅ TLS proxy with certificate management
• ✅ Hardware acceleration (XDP/AF_XDP/SR-IOV)
• ✅ Advanced monitoring and alerting
• ✅ WebSocket and HTTP3/QUIC support
• ✅ Role-based access control
• ✅ Enterprise support

Architecture Overview

MarchProxy consists of two main components:

Manager (Python/py4web)

• Web-based management interface
• Configuration and policy management
• User authentication and authorization
• License validation and cluster management
• RESTful API for automation
• PostgreSQL database with pydal ORM

Proxy (Go/eBPF)

• High-performance packet processing
• Multi-tier acceleration (Hardware → eBPF → Go → Standard)
• Protocol support: TCP, UDP, ICMP, HTTP/HTTPS, WebSocket, HTTP3/QUIC
• Real-time metrics and health monitoring
• Horizontal scaling with stateless design

Performance Tiers

MarchProxy implements a multi-tier performance architecture:

1. Hardware Acceleration (Enterprise)
2. XDP for driver-level processing (~25 Gbps)
3. AF_XDP for zero-copy operations (~15 Gbps)

4. SR-IOV for virtualized environments (~10 Gbps)

5. eBPF Fast-path

6. Kernel-level packet filtering (~5 Gbps)
7. Simple rule matching and statistics

8. Automatic fast/slow path classification

9. Go Application Logic

10. Complex authentication and routing (~1 Gbps)
11. TLS termination and WebSocket handling

12. Full protocol feature support

13. Standard Networking

14. Traditional kernel socket processing (~100 Mbps)
15. Fallback for unsupported scenarios

Key Features

Traffic Management

• Service-to-service mapping with cluster isolation
• Port configuration: single, ranges, comma-separated lists
• Protocol support with automatic detection
• Load balancing and failover

Security & Authentication

• Multi-factor authentication (Enterprise)
• SAML/SCIM/OAuth2 integration (Enterprise)
• Base64 tokens or JWT with rotation
• Role-based access control
• TLS certificate management

Monitoring & Observability

• Prometheus metrics with custom dashboards
• Structured logging with aggregation
• Health check endpoints (/healthz, /metrics)
• UDP syslog integration
• Real-time performance monitoring

Clustering & Scaling

• Multi-cluster support (Enterprise)
• Horizontal proxy scaling
• Cluster-specific API keys
• License-based capacity management

System Requirements

Minimum Requirements

• Linux kernel 4.18+ (for eBPF support)
• 2 CPU cores, 4GB RAM
• 20GB storage space
• Docker and Docker Compose

Recommended (Production)

• Linux kernel 5.4+ (for advanced eBPF features)
• 8+ CPU cores, 16GB+ RAM
• SSD storage, 100GB+
• Dedicated network interfaces
• Hardware acceleration support (Enterprise)

Network Requirements

• Outbound internet connectivity for licensing
• Administrative access to network configuration
• Support for custom routing tables

Quick Start

1. Clone the repository:

   git clone https://github.com/penguintechinc/marchproxy.git
   cd marchproxy
   

2. Set up environment:

   cp .env.example .env
   # Edit .env with your configuration
   

3. Start services:

   docker-compose up -d
   

4. Access web interface:

5. Manager: http://localhost:8000
6. Grafana: http://localhost:3000

7. Prometheus: http://localhost:9090

8. Configure your first service:

9. Log into the manager interface
10. Create a new cluster (Enterprise) or use default
11. Add service mappings
12. Deploy proxy configuration

Support & Community

• Documentation: docs.marchproxy.com
• Issues: GitHub Issues
• Website: marchproxy.com
• Enterprise Support: Contact [email protected]

License

• Community Edition: Apache 2.0 License
• Enterprise Edition: Commercial license required

---

For detailed information on any topic, please refer to the specific documentation sections in the navigation menu.