Flow Classification and Actions

Stateful Flow Management

Platform
Napatech SmartNIC
Content Type
User Guide
Capture Software Version
Link™ Capture Software 12.11

The SmartNIC decodes every received frame and applies actions after classifying the flow.

Flow classification

Received frames are decoded in the SmartNIC, and the decoded information is used to identify the flow of each frame. If the flow of a received frame is known (hit; the flow is found in the flow table), specified actions are applied.

If the flow of a received frame is unknown (missed; the flow is not found in the flow table), it can be forwarded to the application for further processing; for example, flow learning, so that future frames to the same flow are handled by the SmartNIC.

If frames were not handled by the SmartNIC (unhandled), for example, in rare situations where the RX rate is faster than the lookup rate of the flow manager in sustained high traffic load. These frames can be delivered to the host for further processing in the application.

The packet coloring feature can be used to classify hit, missed and unhandled frames so as to be handled individually in the application. See API: Classify Received Frames for further information about how to handle flow classification in the application.

Flow specific actions

The SmartNIC can apply one or more actions for each flow. The configuration is done using NTPL commands.
  • Load distribution: Flows can be distributed to a maximum of 128 host buffers. The frames belonging to the same flow are delivered to the same host buffer. See the Network TAP NTPL example and the SPAN port NTPL example. In these examples received frames are distributed to 4 streams using the hash mode HashInner5TupleSorted.
  • Forwarding to a specific stream: Specific flows can be forwarded to a specific stream. The following example configures forwarding of whitelisted traffic to stream 0 and blacklisted traffic to stream 1. Counters for statistics of each flow are updated.
    Define WhiteList = Macro("3")
    Define BlackList = Macro("4")
    KeyType[Name=kt_ipv4] = {sw_32_32, sw_16_16}
    KeyDef[Name=KD_IPv4; KeyType=KT_IPv4; IpProtocolField=Outer] = (Layer3Header[12]/32/32, Layer4Header[0]/16/16)
    
    // Forward whitelisted traffic to Stream 0 
    Assign[StreamId=0] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == WhiteList
    
    // Drop blacklisted traffic
    Assign[StreamId=1] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == BlackList
    In this example the action to forward whitelisted traffic to stream 0 is applied to the flows associated with key set ID 3. The action to forward blacklisted traffic to stream 1 is applied to the flows associated with key set ID 4.
  • Drop: It is possible to drop specific flows. The following NTPL example configures to drop blacklisted traffic. Counters for statistics of each flow are updated.
    Define WhiteList = Macro("3")
    Define BlackList = Macro("4")
    KeyType[Name=kt_ipv4] = {sw_32_32, sw_16_16}
    KeyDef[Name=KD_IPv4; KeyType=KT_IPv4; IpProtocolField=Outer] = (Layer3Header[12]/32/32, Layer4Header[0]/16/16)
    
    // Forward whitelisted traffic to Stream 0 
    Assign[StreamId=0] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == WhiteList
    
    // Drop blacklisted traffic
    Assign[StreamId=Drop] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == BlackList
    The drop action is applied to the flows associated with key set ID 4 in this example.
  • Slicing: The last part of received frames can be removed by applying the slicing action. The following example configures slicing of frames to 16 bytes plus the size of any layer 2, 3 and 4 headers before forwarding to the stream.
    Define WhiteList = Macro("3")
    Define BlackList = Macro("4")
    KeyType[Name=kt_ipv4] = {sw_32_32, sw_16_16}
    KeyDef[Name=KD_IPv4; KeyType=KT_IPv4; IpProtocolField=Outer] = (Layer3Header[12]/32/32, Layer4Header[0]/16/16)
    
    // Forward whitelisted traffic to Stream 0 
    Assign[StreamId=0; Slice=Layer4Header[16]] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == WhiteList
    
    // Drop blacklisted traffic
    Assign[StreamId=Drop] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == BlackList
    The slicing action is applied to the flows associated with key set ID 3 in this example.
  • Local retransmission: It is possible to retransmit received frames of specific flows on one or more ports of the same SmartNIC. The following NTPL example configures retransmission of frames to port 1 while the same frames are delivered to stream 0.
    Define WhiteList = Macro("3")
    Define BlackList = Macro("4")
    
    KeyType[Name=kt_ipv4] = {sw_32_32, sw_16_16}
    KeyDef[Name=KD_IPv4; KeyType=KT_IPv4; IpProtocolField=Outer] = (Layer3Header[12]/32/32, Layer4Header[0]/16/16)
    
    // Forward whitelisted traffic to Stream 0 
    Assign[StreamId=0; DestinationPort=1] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == WhiteList
    
    // Drop blacklisted traffic
    Assign[StreamId=Drop] = layer3Protocol==IPv4 and Key(KD_IPv4, KeyID=1) == BlackList
    In this example the action is applied to the flows associated with key set ID 4.
    Note: The FCS is recalculated before frames are retransmitted.
    Note: Slicing on locally retransmitted frames are not supported.
    Note: It is possible to retransmit frames without delivering them to the host.
    Note: If local retransmission is enabled while the application transmits frames, the order of frames in the TX queue of the SmartNIC is unpredictable. For example, the first frame of a flow is programmed while subsequent frames are in the host buffer. Once the flow is learned, new frames in the SmartNIC are retransmitted. At the same time, the existing frames in the host buffer may be transmitted by the application. In this case, it is possible that the frames are transmitted out of order. The new frames may be transmitted before the existing frames (frames from the host) are transmitted.