Linux / arm64
The NVIDIA® DOCA™ SDK (software development kit) enables developers to rapidly create applications and services on top of NVIDIA BlueField® data processing units (DPUs), leveraging industry-standard APIs.
The Application Recognition (AR) DOCA App runs on top of Data Plan Development Kit (DPDK) based Stateful Flow Tracking (SFT) to identify the flow that each packet belongs to, then uses DPI to process L7 classification.
All preparation steps are listed under DOCA's Container Deployment User Guide.
Note: The DOCA Application container is configured for K8S-based deployment, hence the use of the
docker pull command is discouraged.
As explained in the application's documentation there are some resource allocation steps needed before the application can be executed:
# Allocate huge-pages, required by DPDK echo 2048 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages # Make sure the regex engine is active systemctl status mlx-regex # If the status is inactive (“Active: failed”), run systemctl start mlx-regex
Once all SFs and OVS bridges are configured, we can continue on to the next step, in which we will notify the container about them.
The .yaml configuration for our container is doca_application_recognition.yaml:
wget --content-disposition https://api.ngc.nvidia.com/v2/resources/nvidia/doca/doca_container_configs/versions/1.3.0/files/configs/1.3.0/doca_application_recognition.yaml
Note: The file is also stored with the rest of the .yaml configurations as were pulled from NGC in the previous steps (See "Installation and Getting Started").
We are going to focus on the deployment-specific fields:
Note: The container currently shares a shared directory with the DPU:
Please make sure to create this directory (or modify the .yaml to use a path of your liking):
Important: Once created, make sure to copy your signature file to this folder, so that the application inside the container will be able to access it.
Simply copy the updated
doca_application_recognition.yaml file to the
/etc/kubelet.d directory. Kubelet will automatically pull the container image from NGC, and spawn a pod executing the container. The DOCA Application Recognition application will start executing right away, and its printouts could be seen via the container's logs:
# View currently active pods, and their IDs (it might take up to 20 seconds for the pod to start) crictl pods # View currently active containers, and their IDs crictl ps # Examine logs of a given container crictl logs # Examine kubelet logs, in case something didn't work as expected journalctl -u kubelet
Please refer to the documentation for more information.
The DOCA Application Recognition developer guide is available here.
DOCA is licensed under the NVIDIA DOCA License. By pulling and using the container, you accept the terms and conditions of this license.
Use the NVIDIA Developers forum for questions regarding this Software.