Skip to content

Instantly share code, notes, and snippets.

@nickwallen

nickwallen/Quick Tcpreplay.md

Last active May 17, 2017 16:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nickwallen/89252397b6563d7cb306fb962a982bd3 to your computer and use it in GitHub Desktop.
Save nickwallen/89252397b6563d7cb306fb962a982bd3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Quick Tcpreplay.md

Install PF Ring

Download

PREFIX=/usr/local
wget https://github.com/ntop/PF_RING/archive/6.6.0.tar.gz -O - | tar -xz

Build the kernel module.

cd PF_RING-6.6.0/kernel
./configure --prefix=$PREFIX
make && make install

Should see the kernel module under /lib/modules/...

[root@y137 kernel]# ls -l /lib/modules/3.10.0-514.16.1.el7.x86_64/kernel/net/pf_ring
total 1328
-rw-r--r-- 1 root root 1357148 May 16 13:15 pf_ring.ko

Build the core library.

cd ../userland/lib
./configure --prefix=$PREFIX
make && make install

Should see the core library and header files installed.

[root@y137 lib]# ls -l /usr/local/lib/*pfring*
-rw-r--r-- 1 root root 703738 May 16 13:18 /usr/local/lib/libpfring.a
-rwxr-xr-x 1 root root 522128 May 16 13:18 /usr/local/lib/libpfring.so
[root@y137 lib]# ls -l  /usr/local/include/pf*
-rw-r--r-- 1 root root 52514 May 16 13:18 /usr/local/include/pfring.h
-rw-r--r-- 1 root root 12326 May 16 13:18 /usr/local/include/pfring_mod_sysdig.h
-rw-r--r-- 1 root root 27430 May 16 13:18 /usr/local/include/pfring_zc.h

Build libpcap backed by PF_Ring

cd ../userland/libpcap
./configure --prefix=$PREFIX
make && make install

Should see the libpcap library.

[root@y137 libpcap]# ls -l /usr/local/lib/libpcap*
-rw-r--r-- 1 root root 1691650 May 16 13:20 /usr/local/lib/libpcap.a
lrwxrwxrwx 1 root root      12 May 16 13:20 /usr/local/lib/libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root      16 May 16 13:20 /usr/local/lib/libpcap.so.1 -> libpcap.so.1.7.4
-rwxr-xr-x 1 root root 1457381 May 16 13:20 /usr/local/lib/libpcap.so.1.7.4

Install the driver.

cd PF_RING-6.6.0/drivers/intel/ixgbe/ixgbe-4.1.5-zc/src
make

# needed to modify this to only use interface specifid as argument
./load_driver.sh enp129s0f1

Install Tcpreplay

yum -y install numactl-devel

wget https://github.com/appneta/tcpreplay/releases/download/v4.2.5/tcpreplay-4.2.5.tar.gz -O - | tar -xz
cd tcpreplay-4.2.5/
./autogen.sh
./configure --with-libpcap=/usr/local/ --with-pfring-lib=/usr/local/lib/libpfring.a --enable-static-link
make && make install

Run

 zsend -i zc:enp129s0f1 -c 1 -g 0 -b 8 -f /root/pcaps/example.pcap -r 1.0 -n 0

Test 1

Sending packets with zsend. Why is it not recognizing our license?

[root@y137 src]# zsend -i zc:enp129s0f1 -c 1 -g 0 -b 8 -f /root/pcaps/example.pcap -r 1.0 -n 0
Reading packets from pcap file /root/pcaps/example.pcap
#########################################################################
# ERROR: You do not seem to have a valid PF_RING ZC license 6.7.0.170424 for enp129s0f1 [Intel 10 Gbit ixgbe 82599-based]
# ERROR: Please get one at http://shop.ntop.org/.
#########################################################################
# We're now working in demo mode with packet capture and
# transmission limited to 5 minutes
#########################################################################
#########################################################################
# ERROR: You do not seem to have a valid PF_RING ZC license 6.7.0.170424 for enp129s0f1 [Intel 10 Gbit ixgbe 82599-based]
# ERROR: Please get one at http://shop.ntop.org/.
#########################################################################
Sending packets to zc:enp129s0f1
Estimated CPU freq: 2434833000 Hz
Read 761 packets from pcap file
Rate set to 1.00 Gbit/s, 655-byte packets, 185185 pps
...

Fastcapa can pitch and catch.

[root@y138 ~]# fastcapa -l 8-15,24   --huge-dir /mnt/huge_1GB   --   -t pcap128   -c /etc/fastcapa/fastcapa.ycluster   -b 128   -x 262144   -q 4   -s fastcapa-kafka.log
EAL: Detected 32 lcore(s)
EAL: Probing VFIO support...
EAL: PCI device 0000:01:00.0 on NUMA socket 0
EAL:   probe driver: 8086:1521 net_e1000_igb
EAL: PCI device 0000:01:00.1 on NUMA socket 0
EAL:   probe driver: 8086:1521 net_e1000_igb
EAL: PCI device 0000:09:00.0 on NUMA socket 0
EAL:   probe driver: 1137:43 net_enic
EAL: PCI device 0000:0a:00.0 on NUMA socket 0
EAL:   probe driver: 1137:43 net_enic
EAL: PCI device 0000:81:00.0 on NUMA socket 1
EAL:   probe driver: 8086:10fb net_ixgbe
EAL: PCI device 0000:81:00.1 on NUMA socket 1
EAL:   probe driver: 8086:10fb net_ixgbe
[ -t KAFKA_TOPIC ] defined as pcap128
[ -c KAFKA_CONFIG ] defined as /etc/fastcapa/fastcapa.ycluster
[ -b BURST_SIZE ] defined as 128
[ -x TX_RING_SIZE ] defined as 262144
[ -q NB_RX_QUEUE ] defined as 4
[ -s KAFKA_STATS ] defined as fastcapa-kafka.log
[ -p PORT_MASK ] undefined; defaulting to 0x01
[ -r NB_RX_DESC ] undefined; defaulting to 1024
USER1: Initializing port 0
USER1: Device setup successfully; port=0, mac=90 e2 ba d9 3c f9
USER1: Appending Kafka client stats to 'fastcapa-kafka.log'
USER1: Launching receive worker; worker=0, core=9, queue=0
USER1: Receive worker started; core=9, socket=1, queue=0 attempts=0
USER1: Launching receive worker; worker=1, core=10, queue=1
USER1: Receive worker started; core=10, socket=1, queue=1 attempts=0
USER1: Launching receive worker; worker=2, core=11, queue=2
USER1: Receive worker started; core=11, socket=1, queue=2 attempts=0
USER1: Launching receive worker; worker=3, core=12, queue=3
USER1: Launching transmit worker; worker=0, core=13 ring=0
USER1: Receive worker started; core=12, socket=1, queue=3 attempts=0
USER1: Transmit worker started; core=13, socket=1
USER1: Launching transmit worker; worker=1, core=14 ring=1
USER1: Transmit worker started; core=14, socket=1
USER1: Launching transmit worker; worker=2, core=15 ring=2
USER1: Transmit worker started; core=15, socket=1
USER1: Launching transmit worker; worker=3, core=24 ring=3
USER1: Transmit worker started; core=24, socket=1
USER1: Starting to monitor workers; core=8, socket=1


      ----- in -----  --- queued --- ----- out ----- ---- drops ----
[nic]          736904               -               -               -
[rx]           736904               -          736904               0
[tx]           736904               -          736904               0
[kaf]          736904               0               0               0

...
      ----- in -----  --- queued --- ----- out ----- ---- drops ----
[nic]       109500725               -               -               -
[rx]        109500725               -       109500725               0
[tx]        109500725               -       109500725               0
[kaf]       109500725               0       109500725               0


      ----- in -----  --- queued --- ----- out ----- ---- drops ----
[nic]       109500725               -               -               -
[rx]        109500725               -       109500725               0
[tx]        109500725               -       109500725               0
[kaf]       109500725               0       109500725               0

Query for the packets in HDFS

[metron@y136 0.4.0]$ bin/pcap_query.sh query -df "yyyyMMdd" -st 20170516 --query "" -nr 100
17/05/16 20:29:14 INFO impl.TimelineClientImpl: Timeline service address: http://y114.l42scl.hortonworks.com:8188/ws/v1/timeline/
17/05/16 20:29:14 INFO client.RMProxy: Connecting to ResourceManager at y114.l42scl.hortonworks.com/172.26.32.214:8050
17/05/16 20:29:14 INFO client.AHSProxy: Connecting to Application History server at y114.l42scl.hortonworks.com/172.26.32.214:10200
17/05/16 20:29:14 INFO hdfs.DFSClient: Created HDFS_DELEGATION_TOKEN token 40 for metron on 172.26.32.213:8020
17/05/16 20:29:14 INFO security.TokenCache: Got dt for hdfs://y113.l42scl.hortonworks.com:8020; Kind: HDFS_DELEGATION_TOKEN, Service: 172.26.32.213:8020, Ident: (HDFS_DELEGATION_TOKEN token 40 for metron)
17/05/16 20:29:15 INFO input.FileInputFormat: Total input paths to process : 129
17/05/16 20:29:16 INFO mapreduce.JobSubmitter: number of splits:130
17/05/16 20:29:16 INFO mapreduce.JobSubmitter: Submitting tokens for job: job_1493663757318_0021
17/05/16 20:29:16 INFO mapreduce.JobSubmitter: Kind: HDFS_DELEGATION_TOKEN, Service: 172.26.32.213:8020, Ident: (HDFS_DELEGATION_TOKEN token 40 for metron)
17/05/16 20:29:16 INFO impl.YarnClientImpl: Submitted application application_1493663757318_0021
17/05/16 20:29:16 INFO mapreduce.Job: The url to track the job: http://y114.l42scl.hortonworks.com:8088/proxy/application_1493663757318_0021/
17/05/16 20:29:16 INFO mapreduce.Job: Running job: job_1493663757318_0021
17/05/16 20:29:25 INFO mapreduce.Job: Job job_1493663757318_0021 running in uber mode : false
17/05/16 20:29:25 INFO mapreduce.Job:  map 0% reduce 0%
17/05/16 20:29:44 INFO mapreduce.Job:  map 1% reduce 0%
17/05/16 20:29:51 INFO mapreduce.Job:  map 2% reduce 0%
17/05/16 20:29:54 INFO mapreduce.Job:  map 3% reduce 0%
17/05/16 20:29:56 INFO mapreduce.Job:  map 4% reduce 0%
17/05/16 20:29:58 INFO mapreduce.Job:  map 5% reduce 0%
17/05/16 20:29:59 INFO mapreduce.Job:  map 6% reduce 0%
17/05/16 20:30:00 INFO mapreduce.Job:  map 8% reduce 0%
17/05/16 20:30:01 INFO mapreduce.Job:  map 9% reduce 0%
17/05/16 20:30:02 INFO mapreduce.Job:  map 11% reduce 0%
17/05/16 20:30:03 INFO mapreduce.Job:  map 13% reduce 0%
17/05/16 20:30:04 INFO mapreduce.Job:  map 14% reduce 0%
17/05/16 20:30:05 INFO mapreduce.Job:  map 16% reduce 0%
17/05/16 20:30:06 INFO mapreduce.Job:  map 18% reduce 0%
17/05/16 20:30:07 INFO mapreduce.Job:  map 19% reduce 0%
17/05/16 20:30:08 INFO mapreduce.Job:  map 21% reduce 0%
17/05/16 20:30:09 INFO mapreduce.Job:  map 24% reduce 0%
17/05/16 20:30:10 INFO mapreduce.Job:  map 25% reduce 0%
17/05/16 20:30:11 INFO mapreduce.Job:  map 27% reduce 0%
17/05/16 20:30:12 INFO mapreduce.Job:  map 29% reduce 0%
17/05/16 20:30:14 INFO mapreduce.Job:  map 30% reduce 0%
17/05/16 20:30:15 INFO mapreduce.Job:  map 32% reduce 0%
17/05/16 20:30:16 INFO mapreduce.Job:  map 35% reduce 0%
17/05/16 20:30:17 INFO mapreduce.Job:  map 39% reduce 0%
17/05/16 20:30:18 INFO mapreduce.Job:  map 43% reduce 0%
17/05/16 20:30:19 INFO mapreduce.Job:  map 44% reduce 0%
17/05/16 20:30:20 INFO mapreduce.Job:  map 45% reduce 0%
17/05/16 20:30:23 INFO mapreduce.Job:  map 46% reduce 0%
17/05/16 20:30:26 INFO mapreduce.Job:  map 47% reduce 0%
17/05/16 20:30:28 INFO mapreduce.Job:  map 48% reduce 1%
17/05/16 20:30:29 INFO mapreduce.Job:  map 49% reduce 1%
17/05/16 20:30:30 INFO mapreduce.Job:  map 50% reduce 1%
17/05/16 20:30:32 INFO mapreduce.Job:  map 52% reduce 1%
17/05/16 20:30:33 INFO mapreduce.Job:  map 55% reduce 2%
17/05/16 20:30:35 INFO mapreduce.Job:  map 57% reduce 2%
17/05/16 20:30:36 INFO mapreduce.Job:  map 60% reduce 2%
17/05/16 20:30:38 INFO mapreduce.Job:  map 61% reduce 2%
17/05/16 20:30:39 INFO mapreduce.Job:  map 63% reduce 2%
17/05/16 20:30:40 INFO mapreduce.Job:  map 64% reduce 2%
17/05/16 20:30:41 INFO mapreduce.Job:  map 66% reduce 2%
17/05/16 20:30:42 INFO mapreduce.Job:  map 68% reduce 2%
17/05/16 20:30:43 INFO mapreduce.Job:  map 70% reduce 2%
17/05/16 20:30:44 INFO mapreduce.Job:  map 71% reduce 2%
17/05/16 20:30:45 INFO mapreduce.Job:  map 72% reduce 2%
17/05/16 20:30:46 INFO mapreduce.Job:  map 73% reduce 2%
17/05/16 20:30:47 INFO mapreduce.Job:  map 74% reduce 2%
17/05/16 20:30:48 INFO mapreduce.Job:  map 75% reduce 2%
17/05/16 20:30:50 INFO mapreduce.Job:  map 76% reduce 3%
17/05/16 20:30:51 INFO mapreduce.Job:  map 77% reduce 4%
17/05/16 20:30:53 INFO mapreduce.Job:  map 78% reduce 4%
17/05/16 20:30:55 INFO mapreduce.Job:  map 79% reduce 4%
17/05/16 20:30:56 INFO mapreduce.Job:  map 80% reduce 4%
17/05/16 20:30:57 INFO mapreduce.Job:  map 81% reduce 4%
17/05/16 20:30:58 INFO mapreduce.Job:  map 82% reduce 4%
17/05/16 20:31:00 INFO mapreduce.Job:  map 83% reduce 5%
17/05/16 20:31:01 INFO mapreduce.Job:  map 84% reduce 5%
17/05/16 20:31:02 INFO mapreduce.Job:  map 85% reduce 5%
17/05/16 20:31:04 INFO mapreduce.Job:  map 86% reduce 5%
17/05/16 20:31:05 INFO mapreduce.Job:  map 87% reduce 5%
17/05/16 20:31:07 INFO mapreduce.Job:  map 88% reduce 5%
17/05/16 20:31:08 INFO mapreduce.Job:  map 89% reduce 5%
17/05/16 20:31:09 INFO mapreduce.Job:  map 90% reduce 5%
17/05/16 20:31:11 INFO mapreduce.Job:  map 90% reduce 6%
17/05/16 20:31:12 INFO mapreduce.Job:  map 91% reduce 6%
17/05/16 20:31:15 INFO mapreduce.Job:  map 92% reduce 7%
17/05/16 20:31:16 INFO mapreduce.Job:  map 92% reduce 8%
17/05/16 20:31:18 INFO mapreduce.Job:  map 93% reduce 8%
17/05/16 20:31:21 INFO mapreduce.Job:  map 94% reduce 9%
17/05/16 20:31:24 INFO mapreduce.Job:  map 95% reduce 9%
17/05/16 20:31:31 INFO mapreduce.Job:  map 96% reduce 9%
17/05/16 20:31:32 INFO mapreduce.Job:  map 96% reduce 10%
17/05/16 20:31:38 INFO mapreduce.Job:  map 97% reduce 10%
17/05/16 20:31:45 INFO mapreduce.Job:  map 98% reduce 10%
17/05/16 20:31:52 INFO mapreduce.Job:  map 98% reduce 11%
17/05/16 20:31:58 INFO mapreduce.Job:  map 99% reduce 11%
17/05/16 20:32:13 INFO mapreduce.Job:  map 100% reduce 11%
17/05/16 20:32:14 INFO mapreduce.Job:  map 100% reduce 12%
17/05/16 20:32:18 INFO mapreduce.Job:  map 100% reduce 32%
17/05/16 20:32:19 INFO mapreduce.Job:  map 100% reduce 36%
17/05/16 20:32:21 INFO mapreduce.Job:  map 100% reduce 40%
17/05/16 20:32:22 INFO mapreduce.Job:  map 100% reduce 53%
17/05/16 20:32:23 INFO mapreduce.Job:  map 100% reduce 63%
17/05/16 20:32:24 INFO mapreduce.Job:  map 100% reduce 67%
17/05/16 20:32:25 INFO mapreduce.Job:  map 100% reduce 73%
17/05/16 20:32:26 INFO mapreduce.Job:  map 100% reduce 81%
17/05/16 20:32:27 INFO mapreduce.Job:  map 100% reduce 94%
17/05/16 20:32:28 INFO mapreduce.Job:  map 100% reduce 96%
17/05/16 20:32:33 INFO mapreduce.Job:  map 100% reduce 97%
17/05/16 20:32:53 INFO mapreduce.Job:  map 100% reduce 98%
17/05/16 20:34:14 INFO mapreduce.Job:  map 100% reduce 99%
17/05/16 20:37:08 INFO mapreduce.Job:  map 100% reduce 100%
17/05/16 20:47:58 INFO mapreduce.Job: Job job_1493663757318_0021 completed successfully
17/05/16 20:47:59 INFO mapreduce.Job: Counters: 51
	File System Counters
		FILE: Number of bytes read=101654670808
		FILE: Number of bytes written=203347362064
		FILE: Number of read operations=0
		FILE: Number of large read operations=0
		FILE: Number of write operations=0
		HDFS: Number of bytes read=104664720235
		HDFS: Number of bytes written=102992069121
		HDFS: Number of read operations=820
		HDFS: Number of large read operations=0
		HDFS: Number of write operations=200
	Job Counters
		Launched map tasks=130
		Launched reduce tasks=100
		Data-local map tasks=129
		Rack-local map tasks=1
		Total time spent by all maps in occupied slots (ms)=6401494
		Total time spent by all reduces in occupied slots (ms)=9750296
		Total time spent by all map tasks (ms)=6401494
		Total time spent by all reduce tasks (ms)=4875148
		Total vcore-milliseconds taken by all map tasks=6401494
		Total vcore-milliseconds taken by all reduce tasks=4875148
		Total megabyte-milliseconds taken by all map tasks=58996168704
		Total megabyte-milliseconds taken by all reduce tasks=89858727936
	Map-Reduce Framework
		Map input records=138009185
		Map output records=134116151
		Map output bytes=101248347953
		Map output materialized bytes=101654748136
		Input split bytes=22916
		Combine input records=0
		Combine output records=0
		Reduce input groups=69604620
		Reduce shuffle bytes=101654748136
		Reduce input records=134116151
		Reduce output records=134116151
		Spilled Records=268232302
		Shuffled Maps =13000
		Failed Shuffles=0
		Merged Map outputs=13000
		GC time elapsed (ms)=652043
		CPU time spent (ms)=8245280
		Physical memory (bytes) snapshot=487028658176
		Virtual memory (bytes) snapshot=3114865291264
		Total committed heap usage (bytes)=541910892544
	Shuffle Errors
		BAD_ID=0
		CONNECTION=0
		IO_ERROR=0
		WRONG_LENGTH=0
		WRONG_MAP=0
		WRONG_REDUCE=0
	File Input Format Counters
		Bytes Read=104664697319
	File Output Format Counters
		Bytes Written=102992069121
	org.apache.metron.pcap.mr.PcapJob$PCAP_COUNTER
		MALFORMED_PACKET_COUNT=1913849

After all is said and done...

Quien? Cuanto?
Fastcapa sent 109,500,725
Query found 134,116,151
Malformed 1,913,849
Malformed (%) 1.4%

Test 2

No pcap files from today, before the test starts.

[metron@y136 ~]$ hdfs dfs -ls -r -t /apps/metron/pcap
...
-rw-r--r--   1 metron hadoop 1987101251 2017-05-16 21:56 /apps/metron/pcap/pcap_pcap128_1494962815456178000_103_pcap-62-1494971709
-rw-r--r--   1 metron hadoop 2071207596 2017-05-16 21:56 /apps/metron/pcap/pcap_pcap128_1494962815456569000_73_pcap-62-1494971709
-rw-r--r--   1 metron hadoop 2042066090 2017-05-16 21:56 /apps/metron/pcap/pcap_pcap128_1494962815458370000_52_pcap-62-1494971709
-rw-r--r--   1 metron hadoop 2012039063 2017-05-16 21:56 /apps/metron/pcap/pcap_pcap128_1494962815458504000_10_pcap-62-1494971709
-rw-r--r--   1 metron hadoop 1995017282 2017-05-16 21:56 /apps/metron/pcap/pcap_pcap128_1494962815458921000_118_pcap-62-1494971709

Before test, pcap query returns no results.

[metron@y136 ~]$ /usr/metron/0.4.0/bin/pcap_query.sh query -df "yyyyMMdd" -st 20170517 --query "" -nr 150
Exception in thread "main" java.lang.IllegalArgumentException: Can not create a Path from an empty string
	at org.apache.hadoop.fs.Path.checkPathArg(Path.java:126)
	at org.apache.hadoop.fs.Path.<init>(Path.java:134)
	at org.apache.hadoop.mapreduce.lib.input.FileInputFormat.addInputPaths(FileInputFormat.java:485)
	at org.apache.metron.pcap.mr.PcapJob.createJob(PcapJob.java:285)
	at org.apache.metron.pcap.mr.PcapJob.query(PcapJob.java:237)
	at org.apache.metron.pcap.query.PcapCli.run(PcapCli.java:138)
	at org.apache.metron.pcap.query.PcapCli.main(PcapCli.java:53)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.hadoop.util.RunJar.run(RunJar.java:233)
	at org.apache.hadoop.util.RunJar.main(RunJar.java:148)

Fastcapa wants to play

[root@y138 ~]# fastcapa -l 8-15,24   --huge-dir /mnt/huge_1GB   --   -t pcap128   -c /etc/fastcapa/fastcapa.ycluster   -b 128   -x 262144   -q 4   -s fastcapa-kafka.log
EAL: Detected 32 lcore(s)
EAL: Probing VFIO support...
EAL: PCI device 0000:01:00.0 on NUMA socket 0
EAL:   probe driver: 8086:1521 net_e1000_igb
EAL: PCI device 0000:01:00.1 on NUMA socket 0
EAL:   probe driver: 8086:1521 net_e1000_igb
EAL: PCI device 0000:09:00.0 on NUMA socket 0
EAL:   probe driver: 1137:43 net_enic
EAL: PCI device 0000:0a:00.0 on NUMA socket 0
EAL:   probe driver: 1137:43 net_enic
EAL: PCI device 0000:81:00.0 on NUMA socket 1
EAL:   probe driver: 8086:10fb net_ixgbe
EAL: PCI device 0000:81:00.1 on NUMA socket 1
EAL:   probe driver: 8086:10fb net_ixgbe
[ -t KAFKA_TOPIC ] defined as pcap128
[ -c KAFKA_CONFIG ] defined as /etc/fastcapa/fastcapa.ycluster
[ -b BURST_SIZE ] defined as 128
[ -x TX_RING_SIZE ] defined as 262144
[ -q NB_RX_QUEUE ] defined as 4
[ -s KAFKA_STATS ] defined as fastcapa-kafka.log
[ -p PORT_MASK ] undefined; defaulting to 0x01
[ -r NB_RX_DESC ] undefined; defaulting to 1024
USER1: Initializing port 0
USER1: Device setup successfully; port=0, mac=90 e2 ba d9 3c f9
USER1: Appending Kafka client stats to 'fastcapa-kafka.log'
USER1: Launching receive worker; worker=0, core=9, queue=0
USER1: Receive worker started; core=9, socket=1, queue=0 attempts=0
USER1: Launching receive worker; worker=1, core=10, queue=1
USER1: Launching receive worker; worker=2, core=11, queue=2
USER1: Receive worker started; core=10, socket=1, queue=1 attempts=0
USER1: Receive worker started; core=11, socket=1, queue=2 attempts=0
USER1: Launching receive worker; worker=3, core=12, queue=3
USER1: Launching transmit worker; worker=0, core=13 ring=0
USER1: Receive worker started; core=12, socket=1, queue=3 attempts=0
USER1: Transmit worker started; core=13, socket=1
USER1: Launching transmit worker; worker=1, core=14 ring=1
USER1: Transmit worker started; core=14, socket=1
USER1: Launching transmit worker; worker=2, core=15 ring=2
USER1: Transmit worker started; core=15, socket=1
USER1: Launching transmit worker; worker=3, core=24 ring=3
USER1: Transmit worker started; core=24, socket=1
USER1: Starting to monitor workers; core=8, socket=1


      ----- in -----  --- queued --- ----- out ----- ---- drops ----
[nic]               0               -               -               -
[rx]                0               -               0               0
[tx]                0               -               0               0
[kaf]               0               0               0               0

Start sending packets with zsend.

[root@y137 ~]# zsend -i zc:enp129s0f1 -c 1 -g 0 -b 8 -f /root/pcaps/example.pcap -r 1.0 -n 0
Reading packets from pcap file /root/pcaps/example.pcap
#########################################################################
# ERROR: You do not seem to have a valid PF_RING ZC license 6.7.0.170424 for enp129s0f1 [Intel 10 Gbit ixgbe 82599-based]
# ERROR: Please get one at http://shop.ntop.org/.
#########################################################################
# We're now working in demo mode with packet capture and
# transmission limited to 5 minutes
#########################################################################
#########################################################################
# ERROR: You do not seem to have a valid PF_RING ZC license 6.7.0.170424 for enp129s0f1 [Intel 10 Gbit ixgbe 82599-based]
# ERROR: Please get one at http://shop.ntop.org/.
#########################################################################
Sending packets to zc:enp129s0f1
Estimated CPU freq: 2511273000 Hz
Read 761 packets from pcap file
Rate set to 1.00 Gbit/s, 655-byte packets, 185185 pps
=========================
Absolute Stats: 176'560 pkts - 119'233'719 bytes
=========================

=========================
Absolute Stats: 353'131 pkts - 238'469'755 bytes
Actual Stats: 176'562.34 pps - 0.95 Gbps [119236036 bytes / 1.0 sec]
=========================

Wait 5 minutes for zsend to stop. Still have to deal with the pesky license issue.

Nothing was getting written to HDFS during the test. I have filed https://issues.apache.org/jira/browse/METRON-960.

Test 3

Had to restart the pcap topology.

Here is what is in HDFS before the test. There are 128 files from today created as part of the last test.

[metron@y136 ~]$ hdfs dfs -ls -r -t /apps/metron/pcap
Found 512 items
-rw-r--r--   1 metron hadoop 1045180928 2017-05-12 21:04 /apps/metron/pcap/pcap_pcap128-1hour-2_1494459507825147000_40_pcap-38-1494613692
-rw-r--r--   1 metron hadoop 2707886080 2017-05-12 21:04 /apps/metron/pcap/pcap_pcap128-1hour-2_1494459507825695000_12_pcap-38-1494613692
-rw-r--r--   1 metron hadoop 2646987484 2017-05-12 21:04 /apps/metron/pcap/pcap_pcap128-1hour-2_1494459507825994000_54_pcap-38-1494613692
...
-rw-r--r--   1 metron hadoop 2839142786 2017-05-17 13:22 /apps/metron/pcap/pcap_pcap128_1494962815455923000_48_pcap-63-1495027314
-rw-r--r--   1 metron hadoop 2825590046 2017-05-17 13:22 /apps/metron/pcap/pcap_pcap128_1494962815455964000_121_pcap-63-1495027314
-rw-r--r--   1 metron hadoop 2906102296 2017-05-17 13:22 /apps/metron/pcap/pcap_pcap128_1494962815455980000_85_pcap-63-1495027314
-rw-r--r--   1 metron hadoop 2344358991 2017-05-17 13:22 /apps/metron/pcap/pcap_pcap128_1494962815457986000_18_pcap-63-1495027314

Start Fastcapa

[root@y138 ~]# fastcapa -l 8-15,24   --huge-dir /mnt/huge_1GB   --   -t pcap128   -c /etc/fastcapa/fastcapa.ycluster   -b 128   -x 262144   -q 4   -s fastcapa-kafka.log
EAL: Detected 32 lcore(s)
EAL: Probing VFIO support...
EAL: PCI device 0000:01:00.0 on NUMA socket 0
EAL:   probe driver: 8086:1521 net_e1000_igb
EAL: PCI device 0000:01:00.1 on NUMA socket 0
EAL:   probe driver: 8086:1521 net_e1000_igb
EAL: PCI device 0000:09:00.0 on NUMA socket 0
EAL:   probe driver: 1137:43 net_enic
EAL: PCI device 0000:0a:00.0 on NUMA socket 0
EAL:   probe driver: 1137:43 net_enic
EAL: PCI device 0000:81:00.0 on NUMA socket 1
EAL:   probe driver: 8086:10fb net_ixgbe
EAL: PCI device 0000:81:00.1 on NUMA socket 1
EAL:   probe driver: 8086:10fb net_ixgbe
[ -t KAFKA_TOPIC ] defined as pcap128
[ -c KAFKA_CONFIG ] defined as /etc/fastcapa/fastcapa.ycluster
[ -b BURST_SIZE ] defined as 128
[ -x TX_RING_SIZE ] defined as 262144
[ -q NB_RX_QUEUE ] defined as 4
[ -s KAFKA_STATS ] defined as fastcapa-kafka.log
[ -p PORT_MASK ] undefined; defaulting to 0x01
[ -r NB_RX_DESC ] undefined; defaulting to 1024
USER1: Initializing port 0
USER1: Device setup successfully; port=0, mac=90 e2 ba d9 3c f9
USER1: Appending Kafka client stats to 'fastcapa-kafka.log'
USER1: Launching receive worker; worker=0, core=9, queue=0
USER1: Receive worker started; core=9, socket=1, queue=0 attempts=0
USER1: Launching receive worker; worker=1, core=10, queue=1
USER1: Launching receive worker; worker=2, core=11, queue=2
USER1: Receive worker started; core=10, socket=1, queue=1 attempts=0
USER1: Launching receive worker; worker=3, core=12, queue=3
USER1: Receive worker started; core=11, socket=1, queue=2 attempts=0
USER1: Launching transmit worker; worker=0, core=13 ring=0
USER1: Receive worker started; core=12, socket=1, queue=3 attempts=0
USER1: Transmit worker started; core=13, socket=1
USER1: Launching transmit worker; worker=1, core=14 ring=1
USER1: Transmit worker started; core=14, socket=1
USER1: Launching transmit worker; worker=2, core=15 ring=2
USER1: Transmit worker started; core=15, socket=1
USER1: Launching transmit worker; worker=3, core=24 ring=3
USER1: Transmit worker started; core=24, socket=1
USER1: Starting to monitor workers; core=8, socket=1


      ----- in -----  --- queued --- ----- out ----- ---- drops ----
[nic]               0               -               -               -
[rx]                0               -               0               0
[tx]                0               -               0               0
[kaf]               0               0               0               0

...

Start zsend. License issue will only let it run for 5 minutes.

[root@y137 ~]# zsend -i zc:enp129s0f1 -c 1 -g 0 -b 8 -f /root/pcaps/example.pcap -r 1.0 -n 0
Reading packets from pcap file /root/pcaps/example.pcap
#########################################################################
# ERROR: You do not seem to have a valid PF_RING ZC license 6.7.0.170424 for enp129s0f1 [Intel 10 Gbit ixgbe 82599-based]
# ERROR: Please get one at http://shop.ntop.org/.
#########################################################################
# We're now working in demo mode with packet capture and
# transmission limited to 5 minutes
#########################################################################
#########################################################################
# ERROR: You do not seem to have a valid PF_RING ZC license 6.7.0.170424 for enp129s0f1 [Intel 10 Gbit ixgbe 82599-based]
# ERROR: Please get one at http://shop.ntop.org/.
#########################################################################
Sending packets to zc:enp129s0f1
Estimated CPU freq: 2445018000 Hz
Read 761 packets from pcap file
Rate set to 1.00 Gbit/s, 655-byte packets, 185185 pps
...

Wait for Zsend to terminate in 5 minutes.

Zsend stopped.

#########################################################################
 Demo time elapsed: please get a valid license
#########################################################################
Leaving...
=========================
Absolute Stats: 130'841'706 pkts - 88'361'836'740 bytes
Actual Stats: 176'814.86 pps - 0.95 Gbps [56184630 bytes / 0.5 sec]
=========================

=========================
Absolute Stats: 130'841'707 pkts - 88'361'836'763 bytes
Actual Stats: 13'333.33 pps - 0.00 Gbps [23 bytes / 0.0 sec]
=========================

Stopped Fastcapa.

      ----- in -----  --- queued --- ----- out ----- ---- drops ----
[nic]       130841706               -               -               -
[rx]        130841706               -       130841706               0
[tx]        130841706               -       130841706               0
[kaf]       130841706               0       130841706               0


      ----- in -----  --- queued --- ----- out ----- ---- drops ----
[nic]       130841706               -               -               -
[rx]        130841706               -       130841706               0
[tx]        130841706               -       130841706               0
[kaf]       130841706               0       130841706               0
^CUSER1: Exiting on signal '2'
USER1: Finished monitoring workers; core=8, socket=1
USER1: Transmit worker finished; core=14, socket=1
USER1: Receive worker finished; core=12, socket=1, queue=3
USER1: Receive worker finished; core=10, socket=1, queue=1
USER1: Transmit worker finished; core=13, socket=1
USER1: Receive worker finished; core=11, socket=1, queue=2
USER1: Transmit worker finished; core=15, socket=1
USER1: Receive worker finished; core=9, socket=1, queue=0
USER1: Transmit worker finished; core=24, socket=1
USER1: Closing all Kafka connections
USER1: '1' message(s) queued on fastcapa-y138-enp129s0f1#producer-1
USER1: '1' message(s) queued on fastcapa-y138-enp129s0f1#producer-2
USER1: '1' message(s) queued on fastcapa-y138-enp129s0f1#producer-3
USER1: '1' message(s) queued on fastcapa-y138-enp129s0f1#producer-4
USER1: Waiting for '1' message(s) on fastcapa-y138-enp129s0f1#producer-1
USER1: All messages cleared on fastcapa-y138-enp129s0f1#producer-1
USER1: Waiting for '1' message(s) on fastcapa-y138-enp129s0f1#producer-2
USER1: All messages cleared on fastcapa-y138-enp129s0f1#producer-2
USER1: Waiting for '1' message(s) on fastcapa-y138-enp129s0f1#producer-3
USER1: All messages cleared on fastcapa-y138-enp129s0f1#producer-3
USER1: Waiting for '1' message(s) on fastcapa-y138-enp129s0f1#producer-4
USER1: All messages cleared on fastcapa-y138-enp129s0f1#producer-4

There are now 256 files from today. Before the test there were 128.

[metron@y136 ~]$ hdfs dfs -ls -r -t /apps/metron/pcap | grep 2017-05-17 | wc -l
256

Still cannot get data for today.

[metron@y136 ~]$ /usr/metron/0.4.0/bin/pcap_query.sh query -df "yyyyMMdd" -st 20170517 --query "" -nr 150
Exception in thread "main" java.lang.IllegalArgumentException: Can not create a Path from an empty string
	at org.apache.hadoop.fs.Path.checkPathArg(Path.java:126)
	at org.apache.hadoop.fs.Path.<init>(Path.java:134)
	at org.apache.hadoop.mapreduce.lib.input.FileInputFormat.addInputPaths(FileInputFormat.java:485)
	at org.apache.metron.pcap.mr.PcapJob.createJob(PcapJob.java:285)
	at org.apache.metron.pcap.mr.PcapJob.query(PcapJob.java:237)
	at org.apache.metron.pcap.query.PcapCli.run(PcapCli.java:138)
	at org.apache.metron.pcap.query.PcapCli.main(PcapCli.java:53)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.hadoop.util.RunJar.run(RunJar.java:233)
	at org.apache.hadoop.util.RunJar.main(RunJar.java:148)

The query took about 1 hr 20 minutes.

7/05/17 16:07:07 INFO mapreduce.Job: Counters: 53
	File System Counters
		FILE: Number of bytes read=617105558599
		FILE: Number of bytes written=1234391731124
		FILE: Number of read operations=0
		FILE: Number of large read operations=0
		FILE: Number of write operations=0
		HDFS: Number of bytes read=628268623021
		HDFS: Number of bytes written=625292653042
		HDFS: Number of read operations=3530
		HDFS: Number of large read operations=0
		HDFS: Number of write operations=300
	Job Counters
		Failed map tasks=2
		Launched map tasks=772
		Launched reduce tasks=150
		Other local map tasks=2
		Data-local map tasks=735
		Rack-local map tasks=35
		Total time spent by all maps in occupied slots (ms)=61565004
		Total time spent by all reduces in occupied slots (ms)=98820766
		Total time spent by all map tasks (ms)=61565004
		Total time spent by all reduce tasks (ms)=49410383
		Total vcore-milliseconds taken by all map tasks=61565004
		Total vcore-milliseconds taken by all reduce tasks=49410383
		Total megabyte-milliseconds taken by all map tasks=567383076864
		Total megabyte-milliseconds taken by all reduce tasks=910732179456
	Map-Reduce Framework
		Map input records=833603157
		Map output records=819329534
		Map output bytes=614620766400
		Map output materialized bytes=617106250195
		Input split bytes=135646
		Combine input records=0
		Combine output records=0
		Reduce input groups=289401155
		Reduce shuffle bytes=617106250195
		Reduce input records=819329534
		Reduce output records=819329534
		Spilled Records=1638659068
		Shuffled Maps =115500
		Failed Shuffles=5
		Merged Map outputs=115500
		GC time elapsed (ms)=2444874
		CPU time spent (ms)=58569680
		Physical memory (bytes) snapshot=2559557615616
		Virtual memory (bytes) snapshot=10447057743872
		Total committed heap usage (bytes)=2833663393792
	Shuffle Errors
		BAD_ID=0
		CONNECTION=0
		IO_ERROR=5
		WRONG_LENGTH=0
		WRONG_MAP=0
		WRONG_REDUCE=0
	File Input Format Counters
		Bytes Read=628268487375
	File Output Format Counters
		Bytes Written=625292653042
	org.apache.metron.pcap.mr.PcapJob$PCAP_COUNTER
		MALFORMED_PACKET_COUNT=12294438

After all is said and done...

Quien? Cuanto?
Query found 819,329,534
Malformed 12,294,438
Malformed (%) 1.5%
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment