Generating IP Flow Statistics for Broadcom DNX Switches

Apr 8, 2019

Introduction

Broadcom’s current generation of XGS switches supports a capability called “Flow Tracker” which monitors statistics for IP Flows through the switch and exports information about these flows in IPFIX format (IP Flow Information for Export, see RFCs 3917, 7011 – 7015, and 5103). Broadcom’s DNX switches do not support this capability and there are several aspects that make offloading challenging, including memory limitations and processing and CPU limitations. Recognizing IP Flows, monitoring them, collecting statistics on them, and generating IPFIX records are challenging—and these need to be done at line rate in these terabit switches.
DNX customers, nonetheless, require these capabilities, and Northforge has developed a solution to meet this requirement.

Design Approach

The solution uses the port mirroring capability on a DNX switch such as the Qumran or Jericho. An egress port can be mirrored to another port and this capability is frequently used for troubleshooting network problems. But in this case, we use this capability to feed an external component, a network processor (NPU) or an FPGA, that performs the IP flow management. The NPU/FPGA detects, monitors, recognizes IP flows and builds statistics tables for them. Finally, it exports IPFIX records at regular intervals that can be collected and post-processed. The process looks like this.

Frames enter a DNX switch on one or more ingress ports. The switching function directs some of the packets to a monitored egress port (for a layer 2 switch this would be based on MAC-layer addressing and for a layer 3 router it would be based on IP address). The monitored egress port has its traffic mirrored to another port that has the NPU/FPGA attached.

The frames that enter the NPU/FPGA are inspected to ensure that they are IP frames (and discarded if not) and then a flow is identified based on an IP 5-tuple (source IP address, destination IP address, source IP port, destination IP port, layer 4 protocol). The NPU/FPGA maintains a flow table and statistics are collected for each flow. When a flow terminates or times out an IPFIX record is exported for storage and subsequent post-processing.

Summary

At IP Infusion we have developed and implemented this innovative solution with Qumran AX (BCM88470) using SDK 6.5.14. We used both a Broadcom’s BCM5871x NPU and an FPGA for flow processing and an open source IPFIX library.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
visitorId	1 year	ZoomInfo sets this cookie to identify a user.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	Google Analytics sets this cookie, to determine new sessions/visits. __utmb cookie is created when the JavaScript library executes and there are no existing __utma cookies. It is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. It is used to enable interoperability with urchin.js, which is an older version of Google Analytics and is used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmz	6 months	Google Analytics sets this cookie to store the traffic source or campaign by which the visitor reached the site.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_144639687_1	1 minute	Set by Google to distinguish users.
_ga_VZ8HYV5ELY	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__utmt_sfga	10 minutes	Set by Google Analytics and Google Tag Manager to enable website owners to track visitor behaviour and measure site performance.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

Cookie	Duration	Description
AWSALBAPP-0	7 days	No description
AWSALBAPP-1	7 days	No description
AWSALBAPP-2	7 days	No description
AWSALBAPP-3	7 days	No description
DEVICE_INFO	5 months 27 days	No description
guestidc	session	No description
ln_or	1 day	No description
lpv900271	30 minutes	No description
visitor_id900271	10 years	No description
visitor_id900271-hash	10 years	No description
_cfuvid	session	No description