Flow Management over Network TAP Configuration

Stateful Flow Management

Platform
Napatech SmartNIC
Content Type
User Guide
Capture Software Version
Link™ Capture Software 12.11

Upstream traffic is received on port 0, and downstream traffic is received on port 1 of the SmartNIC in this example.

Network TAP configuration


Page-1 Sheet.131 TAP TAP Sheet.39 Round Corner Rectangle SmartNIC SmartNIC Round Corner Rectangle.24 Round Corner Rectangle.25 Round Corner Rectangle.26 Round Corner Rectangle.27 Round Corner Rectangle.28 Round Corner Rectangle.29 Round Corner Rectangle.30 Round Corner Rectangle.31 L Shape Round Corner Rectangle.33 Round Corner Rectangle.34 L Shape.38 Round Corner Rectangle A A Round Corner Rectangle.41 B B Sheet.117 Sheet.118 Dynamic connector Dynamic connector.136

5 tuple

5 tuple is used in this example which tracks the following header fields for the flow identification:
  • IPv4 source address
  • IPv4 destination address
  • Layer 4 source port number
  • Layer 4 destination port number
  • IPv4 protocol number

Swap

The swap feature is used in this configuration.


Page-1 Sheet.1 Sheet.2 Sheet.3 Sheet.4 Sheet.5 Port 0 Port 0 Sheet.6 Src IP Src IP Sheet.7 Dst IP Dst IP Sheet.8 Src port Src port Sheet.9 Dst port Dst port Sheet.10 192.168.0.1 192.168.0.1 Sheet.11 20.0.0.1 20.0.0.1 Sheet.12 25 25 Sheet.13 80 80 Sheet.14 Sheet.15 Sheet.16 Sheet.17 Sheet.19 192.168.0.1 192.168.0.1 Sheet.20 20.0.0.1 20.0.0.1 Sheet.21 25 25 Sheet.22 80 80 Sheet.23 Sheet.24 Sheet.25 Sheet.26 Sheet.27 192.168.0.1 192.168.0.1 Sheet.28 20.0.0.1 20.0.0.1 Sheet.29 25 25 Sheet.30 80 80 Sheet.31 Sheet.32 Sheet.33 Sheet.34 Sheet.35 192.168.0.1 192.168.0.1 Sheet.36 20.0.0.1 20.0.0.1 Sheet.37 25 25 Sheet.38 80 80 Sheet.39 Sheet.40 Sheet.41 Packet header Packet header Sheet.42 Extracted flow information Extracted flow information Sheet.43 FieldAction=Swap FieldAction=Swap Sheet.44 FieldAction=None FieldAction=None Sheet.45 Port 1 Port 1

The figure shows that source and destination fields of IPv4 packets received on port 1 are swapped so as to treat upstream traffic and downstream traffic as the same flow.

Network TAP NTPL example

The following NTPL example can be used for the network TAP configuration.

Delete=All
Define Upstream = Macro("Port==0 and Layer3Protocol==IPv4")
Define Downstream = Macro("Port==1 and Layer3Protocol==IPv4")
Define KeyTypeProtoSpecs = Macro("(Layer3Header[12]/32/32, Layer4Header[0]/16/16)")

KeyType[Name=KT_TAP] = {sw_32_32, sw_16_16}
KeyDef[Name=KD_TAP; KeyType=KT_TAP; IpProtocolField=Outer] = KeyTypeProtoSpecs

HashMode = Hash5TupleSorted
Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Upstream and Key(KD_TAP, KeyID=1) == UNHANDLED
Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Downstream and Key(KD_TAP, KeyID=1, FieldAction=Swap) == UNHANDLED

Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Upstream and Key(KD_TAP, KeyID=1) == MISS
Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Downstream and Key(KD_TAP, KeyID=1, FieldAction=Swap) == MISS

Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Upstream and Key(KD_TAP, KeyID=1) == 4
Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Downstream and Key(KD_TAP, KeyID=1, \\
 FieldAction=Swap) == 4
Save the NTPL example in a file and run the ntpl tool to apply the configuration as shown in the following example.
/opt/napatech/bin/ntpl -f tap.ntpl
An output example:
ntpl (v. 3.25.2.13-0ebb373f)
==============================================================================

NTPL CMD: Delete=All
NTPL ID:    0
NTPL CMD: Define Upstream = Macro("Port==0 and Layer3Protocol==IPv4")
NTPL ID:    0
NTPL CMD: Define Downstream = Macro("Port==1 and Layer3Protocol==IPv4")
NTPL ID:    0
NTPL CMD: Define KeyTypeProtoSpecs = Macro("(Layer3Header[12]/32/32, Layer4Header[0]/16/16)")
NTPL ID:    0
NTPL CMD: KeyType[Name=KT_TAP] = {sw_32_32, sw_16_16}
NTPL ID:    126
NTPL CMD: KeyDef[Name=KD_TAP; KeyType=KT_TAP; IpProtocolField=Outer] = KeyTypeProtoSpecs
NTPL ID:    127
NTPL CMD: HashMode = Hash5TupleSorted
NTPL ID:    128
NTPL CMD: Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=Layer3Header[12],  Offset1=Layer4Header[0]] = Upstream and Key(KD_TAP, KeyID=1) == UNHANDLED
NTPL ID:    129
NTPL CMD: Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=Layer3Header[12],  Offset1=Layer4Header[0]] = Downstream and Key(KD_TAP, KeyID=1, FieldAction=Swap) == UNHANDLED
NTPL ID:    130
NTPL CMD: Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = Upstream and Key(KD_TAP, KeyID=1) == MISS
NTPL ID:    131
NTPL CMD: Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=Layer3Header[12],  Offset1=Layer4Header[0]] = Downstream and Key(KD_TAP, KeyID=1, FieldAction=Swap) == MISS
NTPL ID:    132
NTPL CMD: Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Upstream  and Key(KD_TAP, KeyID=1) == 4
NTPL ID:    133
NTPL CMD: Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Downstream  and Key(KD_TAP, KeyID=1, FieldAction=Swap) == 4
NTPL ID:    134
Note: NTPL commands can be applied using NTAPI in the application. Refer to the code examples which are placed in the /opt/napatech3/examples/flow directory.

Macros

Three macros are defined to simplify NTPL commands in this example.
  • Upstream: Filter IPv4 packets received on port 0.
    Define Upstream = Macro("Port==0 and Layer3Protocol==IPv4")
  • Downstream: Filter IPv4 packets received on port 1.
    Define Downstream = Macro("Port==1 and Layer3Protocol==IPv4")
  • KeyTypeProtoSpecs: Specify the location of the fields.
    Define KeyTypeProtoSpecs = Macro("(Layer3Header[12]/32/32, Layer4Header[0]/16/16)")
    The first field, Layer3Header[12]/32/32 corresponds to source and destination IP addresses of an IPv4 packet. Two 32 bits are selected on the layer 3 header with a 12 byte offset. The second field, Layer4Header[0]/16/16 corresponds to layer 4 source and destination port numbers. It indicates that two 16 bits are selected on the layer 4 header with a 0 byte offset.

KeyType command

KeyType defines the number of fields and the size of fields. Two fields are specified in this example. The size of the first field is set to sw_32_32 which represents 2 × 32 = 64 bits. The size of the second field is set to sw_16_16 which represents 2 × 16 = 32 bits. These sw_N_N types are used for the swap feature so that two N bits can be swapped during the field extraction. It results in generating identical keys for upstream and downstream frames of a flow.
KeyType[Name=KT_TAP] = {sw_32_32, sw_16_16}

KeyDef command

KeyDef defines the location of fields. In this example, the outer IP protocol field is specified in addition to IPv4 source/destination addresses and layer 4 source/destination port numbers.
KeyDef[Name=KD_TAP; KeyType=KT_TAP; IpProtocolField=Outer] = KeyTypeProtoSpecs
Note: If IpProtocol is set to Inner, the IP protocol field in the inner layer of a tunneled packet is extracted. KeyTypeProtoSpecs must be redefined if the inner layer is used for the flow identification. See Flow Management over SPAN Port Configuration which shows an NTPL example with IpProtocolField=Inner.
Note: IpProtocolField=Outer also determines that outer layer TCP sessions are tracked for automatic TCP unlearning and TCP flags of flow info records. See Unlearned flow information for more information about automatic TCP unlearning and TCP flags.

Assign command

The Assign commands are used to apply actions to received traffic.
HashMode = Hash5TupleSorted
Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Upstream and Key(KD_TAP, KeyID=1) == 4
Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Downstream and Key(KD_TAP, KeyID=1, \\
 FieldAction=Swap) == 4
These Assign commands are applied to handle traffic belonging to the flows that are found in the flow table. Actions include the following:
  • Frames are distributed to 4 streams using hash mode Hash5TupleSorted.
  • The packet descriptor Dyn4 is selected to specify the ColorBits parameter. It is set to FlowID enabling the flow ID information of a received frame. See Programming Key ID, key set ID and flow ID and User-Defined Flow ID for further information about the flow ID.
  • The Color parameter is used to classify flows so that frames can be handled based on the color information in the application. If the flow is found in the flow table, frames are delivered with the Color0 value 0 in dynamic packet descriptor 4. See API: Classify Received Frames for more information about how to classify received frames based on the color information.
  • FieldAction=Swap is applied to downstream traffic (on port 1) only.
  • Key ID and Key set ID: See Key set ID and key ID.
The following Assign commands are applied to handle traffic belonging to the flows that are not found in the flow table.
Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Upstream and Key(KD_TAP, KeyID=1) == MISS
Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Downstream and Key(KD_TAP, KeyID=1, FieldAction=Swap) == MISS
The missed traffic is delivered to the host with the Color0 value 1 of dynamic packet descriptor 4. The packet descriptor Dyn4 is used to specify Offset0 and Offset1, such that Offset0 points to IPv4 source address and Offset1 points to layer 4 source port number.
Using the following Assign commands, the unhandled traffic is delivered with a specific color value so as to be handled in the application.
Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Upstream and Key(KD_TAP, KeyID=1) == UNHANDLED
Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=Layer3Header[12], Offset1=Layer4Header[0]] = \\
 Downstream and Key(KD_TAP, KeyID=1, FieldAction=Swap) == UNHANDLED
The SmartNIC may not be able to look up flows of received frames, for example, in rare situations where the RX rate is faster than the lookup rate of the flow manager in sustained high traffic load. These frames are delivered to the application. The unhandled traffic can be classified using the Color0 value 2 of dynamic packet descriptor 4 using these Assign commands.

Key set ID and key ID

The key set ID is used to deliver specific traffic to a specific stream. For instance, if blacklisted IP traffic and whitelisted IP traffic need to be handled separately, two different key set IDs can be configured. See the following NTPL example.
Define WhiteList = Macro("3")
Define BlackList = Macro("4")

KeyType[Name=kt_ipv4] = {sw_32_32, sw_16_16}
KeyDef[Name=KD_IPv4; KeyType=KT_IPv4; IpProtocolField=Outer] = (Layer3Header[12]/32/32, Layer4Header[0]/16/16)

// Stream 0 for whitelisted traffic
Assign[StreamId=0] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == WhiteList

// Stream 1 for blacklisted traffic
Assign[StreamId=1] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == BlackList
In this NTPL example, key set ID 3 is used to deliver whitelisted IP traffic to stream 0, and key set ID 4 is used to deliver blacklisted IP traffic to stream 1. These key set IDs are used while learning a flow in the application to associate the flow and the stream.
The valid range of the key set ID value is 3 to 15, as key set ID 1 and 2 are reserved for MISS and UNHANDLED. This implies that a Key(…) can be compared to 13 key sets as well as MISS and UNHANDLED. In the following NTPL example, Key(KD_4Tuple, KeyID=1) is compared to BlackList/WhiteList key sets and MISS.
Define BlackList = Macro("3")
Define WhiteList = Macro("4")

Define IngressPort = Macro("Port==0")
Define isIPv4 = Macro("Layer3Protocol==IPv4")
Define isTcpUdp = Macro("Layer4Protocol==TCP,UDP")

KeyType[Name=KT_4Tuple] = {sw_32_32, sw_16_16}
KeyDef[Name=KD_4Tuple; KeyType=KT_4Tuple; IpProtocolField=Outer] = (Layer3Header[12]/32/32, Layer4Header[0]/16/16)

// Forward flows that are not handled by the flow manager to the host and transmit on port 1.
Assign[StreamId=0; DestinationPort=1; Priority=1]=IngressPort AND isIPv4 AND isTcpUdp AND Key(KD_4Tuple, KeyID=1) == MISS

// Drop blacklisted flows.
Assign[StreamId=Drop; Priority=1]=IngressPort AND isIPv4 AND isTcpUdp AND Key(KD_4Tuple, KeyID=1) == BlackList

// Transmit whitelisted flows on port 1, but do not forward them to the host.
Assign[StreamId=Drop; DestinationPort=1; Priority=1]=IngressPort AND isIPv4 AND isTcpUdp AND Key(KD_4Tuple, KeyID=1) == WhiteList

// Transmit all remaining traffic on port 1.
Assign[DestinationPort=1; Priority=2]=IngressPort
A key ID is linked to the defined KeyDef. A key ID for each KeyDef must be unique if multiple KeyDefs are defined. The defined key IDs in NTPL commands are used while learning a flow in the application to link the flow and the KeyDef. For example, if IPv4 and IPv6 packets are mixed in the received traffic, two KeyDefs can be defined as shown in the following NTPL example.
Define WhiteList = Macro("3")
Define BlackList = Macro("4")
Define IPv4KeyID = Macro("1")
Define IPv6KeyID = Macro("2")

// IPv4 KeyType and KeyDef
KeyType[Name=KT_IPv4] = {sw_32_32, sw_16_16}
KeyDef[Name=KD_IPv4; KeyType=KT_IPv4; IpProtocolField=Outer] = (Layer3Header[12]/32/32, Layer4Header[0]/16/16)

// IPv6 KeyType and KeyDef
KeyType[Name=KT_IPv6] = {sw_128_128, sw_16_16}
KeyDef[Name=KD_IPv6; KeyType=KT_IPv6; IpProtocolField=Outer] = (Layer3Header[8]/128/128, Layer4Header[0]/16/16)

// IPv4 traffic
Assign[StreamId=0] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=IPv4KeyID) == WhiteList
Assign[StreamId=1] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=IPv4KeyID) == BlackList

// IPv6 traffic
Assign[StreamId=0] = layer3Protocol==IPv6 and Key(KD_IPv6, KeyID=IPv6KeyID) == WhiteList
Assign[StreamId=1] = layer3Protocol==IPv6 and Key(KD_IPv6, KeyID=IPv6KeyID) == BlackList
Key ID 1 is used for kd_ipv4 and Key ID 2 is used for kd_ipv6 in this example.

KeyID is set to 1 and the key set ID is set to 4, MISS or UNHANDLED in the Network TAP NTPL example and the SPAN port NTPL example. The valid range of the key ID value is 0 to 255.

Note: A key set ID and a key ID are mandatory for the flow configuration.
Note: The defined values of key set IDs and key IDs in the NTPL commands must be used when learning flows in the application.