Flow Management over SPAN Port Configuration

Stateful Flow Management

Platform
Napatech SmartNIC
Content Type
User Guide
Capture Software Version
Link™ Capture Software 12.7

This describes how to configure the SmartNIC for the SPAN port configuration.

SPAN port configuration

The SmartNIC receives both upstream and downstream traffic on the same port as illustrated in the following figure.


Page-1 Sheet.1 Switch Switch Sheet.39 Round Corner Rectangle SmartNIC SmartNIC Round Corner Rectangle.24 Round Corner Rectangle.25 Round Corner Rectangle.26 Round Corner Rectangle.27 Round Corner Rectangle.28 Round Corner Rectangle.29 Round Corner Rectangle.30 Round Corner Rectangle.31 L Shape Round Corner Rectangle.33 Round Corner Rectangle.34 L Shape.38 Round Corner Rectangle A A Round Corner Rectangle.41 B B Sheet.117 Sheet.118 Dynamic connector Sheet.182 SPAN port SPAN port Sheet.186 Sheet.187

Inner layer 5 tuple

In this example inner layer 5 tuple is used for the flow identification which tracks the following header fields:
  • Inner layer IPv4 source address
  • Inner layer IPv4 destination address
  • Inner layer 4 source port number
  • Inner layer 4 destination port number
  • Inner layer IPv4 protocol number

Sort

The sort feature is used in this configuration to treat upstream traffic and downstream traffic as the same flow. The sort operation is done based on the first two fields extracted from a received frame. If the first field is greater than the second field, the fields will be swapped before the flow lookup. The last two fields are also swapped if the first two fields are swapped as shown in the following figure.


Page-1 Sheet.1 Sheet.2 Sheet.3 Sheet.4 Sheet.5 Upstream Upstream Sheet.6 Inner src IP Inner src IP Sheet.7 Inner dst IP Innerdst IP Sheet.8 Inner src port Inner src port Sheet.9 Inner dst port Innerdst port Sheet.10 192.168.0.1 192.168.0.1 Sheet.11 20.0.0.1 20.0.0.1 Sheet.12 25 25 Sheet.13 80 80 Sheet.14 Sheet.15 Sheet.16 Sheet.17 Sheet.18 Downstream Downstream Sheet.19 192.168.0.1 192.168.0.1 Sheet.20 20.0.0.1 20.0.0.1 Sheet.21 25 25 Sheet.22 80 80 Sheet.23 Sheet.24 Sheet.25 Sheet.26 Sheet.27 192.168.0.1 192.168.0.1 Sheet.28 20.0.0.1 20.0.0.1 Sheet.29 25 25 Sheet.30 80 80 Sheet.31 Sheet.33 Packet header Packet header Sheet.34 Extracted flow information Extracted flow information Sheet.35 KeySort=Sorted KeySort=Sorted Sheet.36 KeySort=Sorted KeySort=Sorted Sheet.37 Sheet.38 Sheet.39 Sheet.40 Sheet.41 192.168.0.1 192.168.0.1 Sheet.42 20.0.0.1 20.0.0.1 Sheet.43 25 25 Sheet.44 80 80 Sheet.32

As inner layer IPv4 source and destination addresses of a downstream frame are swapped, inner layer 4 source and destination port numbers are also swapped in the figure.

SPAN port NTPL example

The following NTPL example can be used for the SPAN port configuration.
Delete=All
Define Port0 = Macro("Port==0 and InnerLayer3Protocol==IPv4")
Define KeyTypeProtoSpecs = Macro("(InnerLayer3Header[12]/32, InnerLayer3Header[16]/32, \\
 InnerLayer4Header[0]/16, InnerLayer4Header[2]/16)")

KeyType[Name=KT_SPAN] = {32, 32, 16, 16}
KeyDef[Name=KD_SPAN; KeyType=KT_SPAN; IpProtocolField=Inner; KeySort=Sorted] = KeyTypeProtoSpecs

HashMode = HashInner5TupleSorted
Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=InnerLayer3Header[12], \\
 Offset1=InnerLayer4Header[0]] = Port0 and Key(KD_SPAN, KeyID=1) == UNHANDLED

Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=InnerLayer3Header[12], \\
 Offset1=InnerLayer4Header[0]] = Port0 and Key(KD_SPAN, KeyID=1) == MISS

Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Port0 and Key(KD_SPAN, KeyID=1) == 4
Save the NTPL example in a file and run the ntpl tool to apply the configuration as shown in the following example.
/opt/napatech/bin/ntpl -f span.ntpl
An output example:
ntpl (v. 3.25.2.13-0ebb373f)
==============================================================================

NTPL CMD: Delete=All
NTPL ID:    0
NTPL CMD: Define Port0 = Macro("Port==0 and InnerLayer3Protocol==IPv4")
NTPL ID:    0
NTPL CMD: Define KeyTypeProtoSpecs = Macro("(InnerLayer3Header[12]/32, InnerLayer3Header[16]/32,  InnerLayer4Header[0]/16, InnerLayer4Header[2]/16)")
NTPL ID:    0
NTPL CMD: KeyType[Name=KT_SPAN] = {32, 32, 16, 16}
NTPL ID:    135
NTPL CMD: KeyDef[Name=KD_SPAN; KeyType=KT_SPAN; IpProtocolField=Inner; KeySort=Sorted] = KeyTypeProtoSpecs
NTPL ID:    136
NTPL CMD: HashMode = HashInner5TupleSorted
NTPL ID:    137
NTPL CMD: Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=InnerLayer3Header[12], Offset1=InnerLayer4Header[0]] = Port0 and Key(KD_SPAN, KeyID=1) == UNHANDLED
NTPL ID:    138
NTPL CMD: Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=InnerLayer3Header[12],Offset1=InnerLayer4Header[0]] = Port0 and Key(KD_SPAN, KeyID=1) == MISS
NTPL ID:    139
NTPL CMD: Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Port0 and Key(KD_SPAN, KeyID=1) == 4
NTPL ID:    140
Note: NTPL commands can be applied using NTAPI in the application. Refer to the code examples which are placed in the /opt/napatech3/examples/flow directory.

Macros

Two macros are defined to simplify NTPL commands in this example.
  • Port0: Filter inner layer IPv4 packets received on port 0.
    Define Port0 = Macro("Port==0 and InnerLayer3Protocol==IPv4")
  • KeyTypeProtoSpecs: Specify the location of the fields.
    Define KeyTypeProtoSpecs = Macro("(InnerLayer3Header[12]/32, InnerLayer3Header[16]/32, \\
     InnerLayer4Header[0]/16, InnerLayer4Header[2]/16)")
    The first two fields, InnerLayer3Header[12]/32 and InnerLayer3Header[16]/32 correspond to source and destination IP addresses of a tunneled packet. Two 32 bits are selected on the inner layer 3 header with a 12 byte offset. The last two fields, InnerLayer4Header[0]/16 and InnerLayer4Header[2]/16) correspond to inner layer 4 source and destination port numbers. It indicates that two 16 bits are selected on the inner layer 4 header with a 0 byte offset.

KeyType command

KeyType defines the number of fields and the size of fields. Four fields are specified in this example. The size of the first two fields is 32 bits and the size of the last two fields is 16 bits.
KeyType[Name=KT_SPAN] = {32, 32, 16, 16}

KeyDef command

KeyDef specifies the location of fields. Inner layer IPv4 source/destination addresses and inner layer 4 source/destination port numbers are specified. KeySort=Sorted enables the sort feature. If the inner layer IPv4 source address is greater than the inner layer IPv4 destination address, the fields will be swapped. The inner layer 4 source and destination port numbers are also swapped if the inner layer IPv4 source and destination addresses are swapped.
KeyDef[Name=KD_SPAN; KeyType=KT_SPAN; IpProtocolField=Inner; KeySort=Sorted] = KeyTypeProtoSpecs
The inner IP protocol field is specified in addition to inner layer IPv4 source/destination addresses and inner layer 4 source/destination port numbers.
Note: If IpProtocol is set to Outer, the IP protocol field in the outer layer is extracted. KeyTypeProtoSpecs must be redefined as well. See Flow Management over Network TAP Configuration which shows an NTPL example with IpProtocolField=Outer.
Note: IpProtocolField=Inner also determines that inner layer TCP sessions are tracked for automatic TCP unlearning and TCP flags of flow info records. See Unlearned flow information for more information about automatic TCP unlearning and TCP flags.

Assign command

The Assign commands are used to apply actions to received traffic.
HashMode = HashInner5TupleSorted
Assign[StreamId=(0..3); Color=0; Descriptor=DYN4, ColorBits=FlowID] = Port0 and Key(KD_SPAN, KeyID=1) == 4
This Assign command is applied to handle frames belonging to the flows that are found in the flow table. Actions include the following:
  • Frames are distributed to 4 streams using hash mode HashInner5TupleSorted.
  • The packet descriptor Dyn4 is selected to specify the ColorBits parameter. ColorBits is set to FlowID which enables the flow ID information of a frame. See Programming Key ID, key set ID and flow ID and User-Defined Flow ID for further information about the flow ID.
  • The Color parameter is used to classify flows so that frames can be handled based on the color information in the application. If the flow is found in the flow table, frames are delivered with the Color0 value 0 in dynamic packet descriptor 4. See API: Classify Received Frames for more information about how to classify received frames based on the color information.
  • Key ID and Key set ID: See Key set ID and key ID.
The following Assign command is applied to handle traffic belonging to the flows that are not found in the flow table.
Assign[StreamId=(0..3); Color=1; Descriptor=DYN4, Offset0=InnerLayer3Header[12], \\
 Offset1=InnerLayer4Header[0]] = Port0 and Key(KD_SPAN, KeyID=1) == MISS
The missed traffic can be classified using the Color0 value 1 of dynamic packet descriptor 4 in the application. The packet descriptor Dyn4 in this example is used to specify Offset0 and Offset1, such that Offset0 points to IPv4 source address and Offset1 points to layer 4 source port number.
Using the following Assign command, unhandled traffic is delivered with a specific color value so that they can be classified and handled in the application.
Assign[StreamId=(0..3); Color=2; Descriptor=DYN4, Offset0=InnerLayer3Header[12], \\
 Offset1=InnerLayer4Header[0]] = Port0 and Key(KD_SPAN, KeyID=1) == UNHANDLED
The SmartNIC may not be able to look up flows of received frames, for example, in rare situations where the RX rate is faster than the lookup rate of the flow manager in sustained high traffic load. Unhandled frames are delivered to the application. In this example unhandled frames can be classified using the Color0 value 2 of dynamic packet descriptor 4.