The Problem: Network Packet Brokers (NPB) are essential for filtering traffic and enabling customers to segment that traffic to send to probes and analytics tools. Many NPBs use off-the-shelf merchant switches with Broadcom XGS silicon, which features Filter Processors capable of matching packet header fields and applying actions like outputting to specific ports. This capability, while powerful, requires specialized knowledge to calculate the bit offsets for matching headers that the XGS chip wasn’t designed to parse.
Moreover, setting priorities for these rules adds another layer of complexity. With thousands of rules inserted into the XGS, conflicts can arise, making it difficult and time-consuming to identify and resolve priority issues. This operational complexity necessitated that our customer maintain a specialized skillset on staff to manage and troubleshoot the rules effectively.
The Insight:The insight from a team member at Bluedot Insight was to transition the programming model for these devices from a linear approach to an object-oriented one. By grouping traffic into objects at each stage in the pipeline, we allowed objects further down the pipeline to subscribe to the curated traffic flow. Each pipeline stage represented grouped flows, starting with the broadest grouping and allowing for more granular filtering at each subsequent stage. This innovative approach significantly reduced the number of rules and conflicts.
Additionally, by implementing this packet broker using a Tofino fabric processor, we eliminated the need for customers to calculate bit offsets. The Tofino processor allowed us to program the parser with the necessary header fields for matching, simplifying the process and making it more accessible.
The Implementation: The packet broker was implemented using standard merchant P4 programmable switches from Edgecore, specifically the 64x100G DCS802 and the 32x100G DCS800. The P4 processor in these platforms provided a line-rate programmable parser, enabling us to define header fields in software that the customer could match on, operating at full line-rate.
By writing a pipeline in the P4-based platforms, we offered customers an object-oriented method to program rules. To enhance usability further, we developed a visual interface that displayed the internal rules using a Sankey diagram. This visualization allowed customers to see all the paths through the pipeline and the volume of data affecting each rule, which was incredibly useful for testing rule changes.
This implementation not only resolved the operational problems faced by our customer but also provided a scalable and intuitive solution for managing complex NPB configurations. The combination of object-oriented programming and visual interfaces streamlined rule management and reduced the dependency on specialized skillsets, delivering significant operational efficiencies and flexibility.
