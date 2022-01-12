NetFlow Programming Guide
NVIDIA DOCA NetFlow Programming Guide
This programming guide describes the DOCA Utils libraries used to develop DOCA-based applications over the NVIDIA® BlueField® DPU.
DOCA Utils are utility libraries intendent to be used alongside other DOCA packages (such as DOCA DPI) to extend their capabilities.
1.1. Related Documentation
|Document Name
|Description
|DPDK Installation
|Details how to install and compile DPDK
|NVIDIA BlueField DPU Family Software Documentation
|This document provides product release notes as well as information that explains the BlueField Software Distribution (BSD) and how to develop and/or customize applications, system software, and file system images for the BlueField platform.
1.2. Intended Audience
This document is intended for software developers writing DOCA-based applications and need to extend the app capabilities with utilities libraries such as export NetFlow format.
The document assumes familiarity with the DOCA packages and data plane development kit (DPDK).
The NetFlow lib simplifies and centralizes the formatting and exporting of NetFlow packets.
NetFlow is a protocol invented by Cisco for exporting device network flow information to a NetFlow collector. The collector saves and aggregates data. From there, the analyzer processes the data and produces insights on the organization traffic.
This lib only implements NetFlow exporter.
NetFlow protocol version 9 features custom template capabilities. With custom templates, the application can send any set of fields from a predefined field list.
The basic output of NetFlow is a flow record, the record contains info of one flow (e.g. 5-tuple, bytes count, packets count, application name, etc). For more information about flows, please refer to DOCA DPI Programming Guide. Each flow can have several records in the collector over time that differ in byte count, packet count, delivery time and so on.
2.1. Installation and Prerequisites
Please refer to DOCA Installation Guide for installation requirements.
The NetFlow example is provided as part of the DOCA Utils library packages and is provided both for Debian based operating systems as well as RH. The NetFlow example will be installed into
{prefix}/bin. The source will be installed into
{prefix}/src/doca/utils/netflow.
The configuration file is installed into
/etc/doca-netflow.conf. The configuration file can be placed anywhere but this is the default path.
The configuration file should contain:
- Title – "[doca_netflow_conf]"
- Target – the IP address and port of the collector (where to send the NetFlow records)
- Source ID – the source ID of the NetFlow exporter (defined by the end user) to be sent alongside NetFlow records to identify the source of the record
- Version – 9 (for future development)
For example:
[doca_netflow_conf]
target = 127.0.0.1:2055
source_id = 10
version = 9
2.2. NetFlow API
- Define record struct and template.
The app must define a TLV NetFlow v9 template. This is done by using
doca_netflow_types.hdefined macros. The order has no significance for the collector but must be maintained for the record struct. The struct must be in packed format without pointers.
The app can use the default record struct and template by using structs
doca_netflow_default_recordand
doca_netflow_template_default_get().
struct record_exmaple { uint32_t src_addr_V4; uint32_t dst_addr_V4; } struct doca_netflow_flowset_field fields[] = { {.type = DOCA_NETFLOW_IPV4_SRC_ADDR, .length = DOCA_NETFLOW_IPV4_SRC_ADDR_DEFAULT_LENGTH}, {.type = DOCA_NETFLOW_IPV4_DST_ADDR, .length = DOCA_NETFLOW_IPV4_DST_ADDR_DEFAULT_LENGTH} }; struct doca_netflow_template template = { .field_count = 2; .fields = fields; };
Alternatively, users may use the default template:
struct doca_netflow_template *template = doca_netflow_template_default_get();
- Initialize NetFlow exporter.
Call
doca_netflow_exporter_init()to initiate the exporter. Pass the configuration file or pass NULL for the default path.
doca_netflow_exporter_init("path/to/doca_netflow.conf");
Or:
doca_netflow_exporter_init(NULL); //the default location is used
- Update record information.
The app must update the flow information with the process that extracts it from the packets. For information on said process, please refer to the NVIDIA DOCA Application Recognition Reference Guide.
This part must be periodically updated before sending the records.
struct record_exmaple record = { .src_addr_v4 = inet_network("192.168.120.1"), .dst_addr_v4 = inet_network("192.168.120.2"), }; records[i] = &record;
- Send records.
Call
doca_netflow_exporter_send()to send the records to the collector.
This function should be periodically called as it contains the records of all the current active flows or flows sampled in that period time.
doca_netflow_exporter_send(template, (const void **)(records), records_len, &err);
- Destroy exporter. Call
doca_netflow_exporter_destroy()to close the exporter before exiting the app.
doca_netflow_exporter_destroy();
