TSP Lab	The Ethernet monitoring card handler module	Sga-PacketDistributor

The Ethernet monitoring card handler module
`("Sga-PacketDistributor")`

Features
Built-in limitations
User interface
- The main menu
- Views
How Sga-PacketDistributor works?
Configuration (SgaPacketDistributor.ini) file settings
The Poller connection feature
Time synchronizing using ClockCard

Features

Handles Sga-Gplanar (for 1Gbps) and Sga-10GED (for 10Gbps) cards
Can filter based on IP addresses and protocols and ports and VLAN-ID ('Filter' feature - hardware filter)
Can postfilter for further message screening ('Subfilter' feature - software filter)
Sends messages to monitors through different distribution rules
Optionally connects to 7NPoller and sends events and statistics

Built-in limitations

No more than 8 cards.
No more than 16 filters.
No more than 1000 subfilters per filter.
No more than 16 schemes.
No more than 16 monitor.
No more than 1024 links.
No more than 64 links per monitor.
No more than 32 links per scheme.

User interface

The main menu

Menu	Menuitem	Shortcut(s)	Meaning
[Actions]
	Clear collected IP addresses		Clears list of collected IP addresses from the 'detected IP addresses' view
	Exit		Exits from the program
[Network]
	Allow incoming connections		Open listen socket for incoming network connections (HTTP request)
	Allow outgoing connections		Allow connection towards monitor programs
	Disconnect incoming connections gracefully		Close existing incoming connections properly
	Disconnect outgoing connections gracefully		Close existing outgoing connections properly
	Abort incoming connections		Tear down incoming connections immediatelly
	Abort outgoing connections		Tear down outgoing connections immediatelly
[Log]
	Find line containing...	Ctrl+F	Find expression in logfile
	Find next line	F3	Find next occurence of the expression above
	Details		Detail level of logging (Off, Normal, Detailed, or Debug)
[View]
	Detailed card status		Detailed information is shown for monitoring cards
	Detailed network status		Debug information is shown in network window
	Show log	Ctrl+L	Show log window
	Show network	Ctrl+N	Show network view
	Show cards	Ctrl+C	Show card view
	Show schemes	Ctrl+S	Show scheme view
	Show monitors	Ctrl+M	Show monitor view
	Show detected IP addresses	Ctrl+I	Show detected IP addresses view

Views

Network

In this view the status of Sga-PacketDstributor's network connecttions can be seen. Some details of this view can be hidden by the 'Detailed network status' menu item.

Elements of this view:

Monitor #N: status of the Nth monitor's connection; each defined monitor has its own entry
HTTP Listen: status of the HTTP connection
Poller: status of the Poller connection (optional)

Line details:

State: status of the connection ('Listen', 'Waiting to connect', 'Connected')
Remote: IP address of the remote side to which Sga-PaDi connects
Incoming: Incoming traffic indication in byte/sec; in round brackets the cumulated traffic is shown
Outgoing: Outgoing traffic indication in byte/sec; in round brackets the cumulated traffic is shown
Rx, Tx, Last RN/WN: debug level information about the sending and receving network buffers and the last operations on them

Cards

In this view the status of monitorings cards can be seen. Each card is shown with its filters and subfilters.
Details can be hidden by the 'Detailed card status' menu item.

Elements of this view:

CardN: Details of the Nth card
- Type: Card type: 'GPlanar' (for 1Gbps) or 10GED (for 10Gbps)
- Time: Current time on the card
- Traffic: Traffic indication in byte/sec; in round brackets the cumulated traffic is shown
- Last cycle: The elapsed time from the last card reading cycle
FilterM:
- <ipaddress1> <--> <ipaddress2>: IP addresses applied in the filter
- VID <vid>: VLAN ID value applied in the filter
- Target: The link ID where the traffic matching the filter is forwarded to
- Traffic: Traffic indication in byte/sec; in round brackets the cumulated traffic is shown
Subfilter:
- ipaddressA --> ipaddressB: IP addresses applied in the filter
- Target: The link ID where the traffic matching the filter is forwarded to
- Traffic: Traffic indication in byte/sec; in round brackets the cumulated traffic is shown

Schemes

In this view status of the schemes can be seen.

Elements of this view:

SchemeN: Details of the Nth scheme
- Distributon: applied distribution profile ('Normal', 'Multiplex', 'NS/BVCI-based', 'GTP/TEID-based')
- Traffic: Traffic indication in byte/sec; in round brackets the cumulated traffic is shown
- Lost: Number of packets which ones were not sent successfully
XXX: List of links which belong to the given scheme shown by their three-character long 'LinkID'
- Traffic indication in byte/sec; in round brackets the cumulated traffic is shown
- Lost: Number of packets which ones were not sent successfully

Monitors

In this view status of the monitors can be seen.

MonitorN: Details of the Nth monitor
- connected: state of connection towards the monitor ('not connected', 'connected')
- Traffic: Traffic indication in byte/sec; in round brackets the cumulated traffic is shown
XXX: List of links which belong to the given monitor shown by their three-character long 'LinkID'
- Traffic indication in byte/sec; in round brackets the cumulated traffic is shown
- Lost: Number of packets which ones were not sent successfully

Detected IP addresses

In this view collected IP addresses can be seen.

Elements of this view:

CardN:
- FilterM:
- ipaddressA --> ipaddressB X packets: This IP address pair was seen in X packets

How Sga-PacketDistributor works?

Filtering for different parameters

Defined filters are loaded into the card's internal 'processor' (FPGA) and they work as hardware filters. Each packet the card captures from the monitored links is supplied with a timestamp and checked against these filters. (A 'packet' means the whole Ethernet frame with its full content.) When a packet fits to a filter then the card passes it to the Sga-PacketDistributor software through its PCI-Express interface. Sga-PaDi gets the packet and based on the configuration sends it to the proper monitor with the proper three-character LinkID.

Each card has its own set of filters, i.e. in the confoguration file each [Card] section should have a list of filters. A card can handle at most 16 filters.

Note: The 'source' and 'destination' notations are valid for the 0th input (upper physical interface). The solution swaps them for the 1st interface so filtering is automatically done properly for the other directions.

The following parameters can be filtered:

Source IP address (SrcIP) - Defines the source IP address value for which filtering will be done
- 'ScrIP:10.123.133.143' - Messages from the given IP address are allowed
- 'ScrIP:10.123.133.100-10.123.133.120' - Defines an IP address range
- 'ScrIP:10.0.0.0-10.255.255.255' - Range definition for a whole subnet
- 'ScrIP:0.0.0.0' - Packets with any source IP address are allowed
Destination IP address (DstIP) - Definition is similar to SrcIP
Source port (SrcPort) - Defines the source port value for which filtering will be done
- 'ScrPort:2123' - Messages from port=2123 (typical setting for GTP-C messages) are allowed
- 'ScrPort:2905' - Messages from port=2905 (typical setting for Sigtran messages) are allowed
Destination port (DstPort) - Definition is similar to SrcPort
Protocol (IPProtocol) - IP protocol to be filtered; values can be: 'TCP', 'UDP' or any numerical value
- 'IPProtocol:UDP' - Only UDP packets will be forwarded
- 'IPProtocol:6' - Only TCP packets will be forwarded
- 'IPProtocol:132' - Only SCTP packets will be forwarded
Truncation (Truncate) - Long packets can be truncated to a predefined value when the beginning of them carry useful information and the remaining part is not necessary for the further processing
- 'Truncate:248' - Messages longer than 248 bytes will be truncated to 248 byte
VLAN ID (VID) - If the packet contains VLAN tag than it is possible to filter for its VLAN ID
- 'VID:200' - Packets with VLAN ID=200 will be forwarded
- 'VID:200-299' - Packets whose VLAN ID is between 200 and 299 will be forwarded
- 'VID:0' - The filter will be fit to all packets independently whether they contain VLAN ID or not

A filter can have any combination of the above mentioned parameters. Here are some examples:

The 'Link:' parameter is the destination of the traffic for which the filter matches.

```
'Filter0 = SrcIP:172.10.10.120 DstIP:172.10.10.121 IPProtocol:TCP SrcPort:7000 DstPort:7000 Link:L00'
```
Meaning: Traffic which is between 172.10.10.120 port 7000 and 172.10.10.121 port 7000 and carried byTCP protocol is forwarded to link 'L00'.
```
'Filter1 = SrcIP:0.0.0.0 Protocl:UDP SrcPort:2152 DstPort:2152 Truncate:248 Link:L00'
```
Meaning: Any UDP traffic whose both ports are 2123 are truncated to 248 bytes (if necessary) and forwarded to link 'L01'.
```
'Filter2 = Protocol:132 DstPort:2905 Link:L02'
```
Meaning: Any SCTP traffic whose destination port is 2905 are forwarded to link 'L02'.

Subfilters

Filters can be extended further packet filtering capabilities. These additional filters are defined by 'Subfilter' entries and used for a more precise filtering and traffic distribution.
Subfilters must belong to a 'Filter' and each 'Filter' can have at most 1000 subfilters.

Subfilters' format is strict as they must contain a source IP address filter and a destination IP address filter but no more parameters are needed. Exact IP addresses should be defined, no ranges can be used.

	Filter0 = VID:200 Link:L00
	SubFilter0/0 = SrcIP:10.0.0.1 DstIP:10.0.0.10 Link:L01
	SubFilter0/1 = SrcIP:10.0.0.1 DstIP:10.0.0.20 Link:L02
	SubFilter0/2 = SrcIP:10.0.0.2 DstIP:10.0.0.10 Link:L03
	SubFilter0/3 = SrcIP:10.0.0.2 DstIP:10.0.0.20 Link:L04

'Subfilter0' means that this subfilter belongs to 'Filter0' and '/0' means the ordinal within the subfilter set.

With settings above for each packet whose VLAN ID is 200:

If it is between 10.0.0.1 and 10.0.0.10 the it goes to 'L01'
If it is between 10.0.0.1 and 10.0.0.20 the it goes to 'L02'
If it is between 10.0.0.2 and 10.0.0.10 the it goes to 'L03'
If it is between 10.0.0.2 and 10.0.0.10 the it goes to 'L04'
Each packet with VLAN ID=200, but not between the defined IP addresses goes to 'L00' (if no link given for 'Filter0' then remaining packets are dropped)

Distribution through schemes

Further distribution profile can be used instead of filtering traffic towards one link. Schemes are defined under the [Scheme] section in the configuration file. Each scheme must have a list of links among which the traffic will be distributed.

There can be at most 16 schemes at the same time.

This can be achieved by putting 'Scheme' key at the end of the filter instead of 'Link':

'Filter1 = SrcIP:0.0.0.0 Protocl:UDP SrcPort:2152 DstPort:2152 Truncate:248 Scheme:0'

Distribution profiles are the followings:

'Normal' - Packets are distributed among links sequentially
- 'Scheme0 = Distribution:Normal Links:L00,L01' - First packet goes to 'L00', second one goes to 'L01', third one goes to 'L00', fourth one goes to 'L01', the fifth one goes to 'L00', and so on...
'Multiplex' - Each packet is sent for every link:
- 'Scheme1 = Distribution:Multiplex Links:L00,L01' - First packet goes to 'L00', as well as 'L01', second one goes to 'L00' and 'L01', and so on...
'NSBVCIBased' - Packets are distributed among links based on the carried NS/BVCI values. This is used for distributing Gb-over-IP traffic.
- 'Scheme2 = Distribution:NSBVCIBased Links:L00,L01' - The program distributes traffic so that packets with the same NS/BVCI values are landed at the same link. This distribution profile provides an evenly division.
'GTPTEIDBased' - Packets are distributed among links based on the carried GTP TEID values. This is used for the distribution of GTP-U traffic.
- 'Scheme3 = Distribution:GTPTEIDBased Links:L00,L01' - The program distributes traffic so that packets with the same GTP TEID values are landed at the same link. This distribution profile provides an evenly division.

Monitors

The destination links belong to one (or more) monitor where the Sga-PacketDistributor sends the proper traffic for store and processing. Monitors can be defined under the [Monitor] section with their IP address and the remote TCP port and the list of those links whose traffic is being sent to the particular monitor.

	Monitor0 = Address:172.16.160.110 Port:1001 Links:L00,L01,L02,L03,L04,L05,L06,L07,L08,L09,L10,L11,L12,L13,L14,L15,L16
	Monitor1 = Address:172.17.152.12  Port:1001 Links:L64,L65,L66,L67,L68,L69,L70,L71,L72,L73,L74,L75,L76,L77,L78,L79,L80

If a link is assigned more than one monitor, then only the fisrt monitor will get that traffic.
Each link must be assigned a monitor. Sga-PacketDistributor can serve at most 16 monitors.

Link copying

There is a possibility to send the same traffic with the same LinkID to different monitors. For this feature a plus sign should be placed in front of the given LinkID, like this:

	Monitor0 = Address:172.16.160.110 Port:1001 Links:+L00
	Monitor1 = Address:172.17.152.12  Port:1001 Links:+L00

In this way both monitors get the same traffic with the LinkID 'L00'.

This feature works only with "filtering for link" and does not work with "filtering for scheme" method (i.e. the destination of filters only can be 'Link' and can not be 'Scheme').

Configuration (`SgaPacketDistributor.ini`) file settings

Section	Entry	Example	Meaning
[Window]
	MainLeft	143	Position of the program window at startup
	MainTop	112	Position of the program window at startup
	MainWidth	1030	Width of the program window at startup
	MainHeight	758	Height of the program window at startup
	MainZoomed	0	If 1 the program will start with full screen. If 0 the saved size and position value will be used
	DetailedCardStatus	1	If 1 detailed information is shown in Card view at startup
[Log]
	Directory	d:\LogFiles	Path of the log files
	Level	0	Log detail level at startup 0:Off 1:Normal 2:Detailed 3:Debug
[NTP]
	Address	192.168.0.254	NTP server IP address
[Network]
	HTTPPort	8080	Port number for the incoming connections
	AllowIncomingConnections	1	Status of Incoming connections on startup 0: Deny 1: Allow
	AllowOutgoingConnections	1	Status of outgoing connections on startup 0: Deny 1: Allow
	DetailedNetworkStatus	1	Allow or deny network debug info on startup 0: Deny 1: Allow
[Poller]	This section is for Poller functionality.
	RemoteIPAddress	192.168.0.120	IP address of the Poller machine
	RemoteTCPPort	7000	TCP port of Poller
	KeepAlive	1	If 1 KeepAlive is activated on the Poller connection
	ConnectRetryDelaySec	5	Retrial period for establishing the Poller connection
	StatisticsReportPeriod	15	Statistics are sent to Poller at end of every period. Given in minutes.
	LocalIPAddress	192.168.0.12	This local IP address is used as local address during the Poller connection
[Monitors]
	MonitorN	Address:10.0.0.110 Port:1001 Links:L00,L01,L02	Address - IP address of the monitor Port - TCP port where the monitor listens Links - list of LinkIDs which belong to this monitor
[Schemes]
	SchemeN	Distribution:Normal Links:X00,X01	Distribution - distribution method Links - list of LinkIDs which are the destionations of this scheme
[Card0]
	Id	0	Card Id used to identify the card. This should be unique within the machine.
	Type	GPlanar	Type of monitoring card. Type can be: 'GPlanar' - for SgaGPlanar cards '10GED' - for Sga10GED cards
	SatelliteDriverPath	02e10020.sys	Path of the satellite driver file
	InputLinkID	PD0	This ID is treated as the identifier of the card and its interfaces if the Poller functionality is applied.
	TrafficSamplingInterval	2	If the Poller functionality is applied and if there is no traffic within this period then a 'No traffic' event is generated. Given in minutes.
	ClockCard	1	0 - Time synchronization is done through the main program using it as the NTP client 1 - In this case the ClockCard is used to provide a precise time stamping
	ClockCardMaster	1	Only used when 'ClockCard=1' 0 - This card is the 'master' of the ClockCard 1 - This card behaves as 'slave' of the ClockCard
	ClockCardSource	NTP	Only used when 'ClockCard=1' In case 'ClockCardMaster=1' this defined the clock source for ClockCard. Can be: NTP - NTP based time synchronization GPS - GPS based time synchronization (currently not used)
	ClockCardAddress	192.168.0.13	Only used when 'ClockCard=1' IP address for ClockCard as an NTP client
	ClockCardGatewayAddress	192.168.0.254	Only used when 'ClockCard=1' Gateway address of the network which the 'ClockCardAddress' belongs to
	ClockCardSubnetMask	255.255.255.0	Only used when 'ClockCard=1' Mask of the subnet of 'ClockCardAddress'
	ClockCardNTPServerAddress	192.168.0.254	Only used when 'ClockCard=1' NTP server address
	ClockCardNTPIntervalSecs	120	Only used when 'ClockCard=1' Maximum time interval when the time synchronization is done
	ClockCardNTPServerAddress	192.168.0.254	Only used when 'ClockCard=1' NTP server address
	ClockCardNTPIntervalSecs	120	Only used when 'ClockCard=1' Maximum time interval when the time synchronization is done
	ClockCardVer	2.0	Only used when 'ClockCard=1' Version of ClockCard firmware
	FilterN	DstIP:10.242.1.1 Link:L00	Each card should have at least one 'Filter' entry. For details please see Filtering section.
	SubFilterN/M	SrcIP:10.242.1.2 DstIP:10.242.1.1 Link:S00	Each Filter can have 'SubFilter' entries. For details please see Filtering section.

The Ethernet monitoring card handler module ("Sga-PacketDistributor")

Table of Contents

Features

Built-in limitations

User interface

The main menu

Views

Network

Cards

Schemes

Monitors

Detected IP addresses

How Sga-PacketDistributor works?

Filtering for different parameters

Subfilters

Distribution through schemes

Monitors

Link copying

Configuration (SgaPacketDistributor.ini) file settings

The Ethernet monitoring card handler module
`("Sga-PacketDistributor")`

Configuration (`SgaPacketDistributor.ini`) file settings