Linux / arm64
The NVIDIA® DOCA™ SDK (software development kit) enables developers to rapidly create applications and services on top of NVIDIA BlueField® data processing units (DPUs), leveraging industry-standard APIs.
URL filtering limits access by comparing web traffic against a database to prevent users from different threats, malware and accessing harmful sites such as phishing pages.
All preparation steps are listed under DOCA's Container Deployment User Guide.
Note: The DOCA Application container is configured for K8S-based deployment, hence the use of the
docker pull command is discouraged.
As explained in the application's documentation there are some resource allocation steps needed before the application can be executed:
# Allocate huge-pages, required by DPDK echo 2048 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages # Make sure the regex engine is active systemctl status mlx-regex # If the status is inactive (“Active: failed”), run systemctl start mlx-regex
The application is meant to be used with Scalable Functions (SFs), hence they should be configured accordingly. An example illustration is shown in the application's system design section.
Once all SFs and OVS bridges are configured, we can continue on to the next step, in which we will notify the container about them.
The .yaml configuration for our container is doca_url_filter.yaml:
wget --content-disposition https://api.ngc.nvidia.com/v2/resources/nvidia/doca/doca_container_configs/versions/1.5.0/files/configs/1.5.0/doca_url_filter.yaml
The container doesn't require any update to the .yaml file and can simply be used "as-is".
Note: The file is also stored with the rest of the .yaml configurations as were pulled from NGC in the previous steps (See "Installation and Getting Started").
Simply copy the
doca_url_filter.yaml file to the
/etc/kubelet.d directory. Kubelet will automatically pull the container image from NGC, and spawn a pod executing the container. The DOCA URL Filter application won't start executing right away, because it needs to be manually deployed and it starts with an empty URL database.
Once the container is loaded you need to get its ID via:
# View currently active containers, and their IDs crictl ps
And then run the following command to connect to it and run the app from within the container:
# Will run a bash in the container and gives you interactive control of it sudo crictl exec -it /bin/bash # Inside the containers bash, run the app using the same command listed in the DevZone. cd /opt/mellanox/doca/examples/url_filter/bin ./doca_url_filter –-json url_filter_params.json
Please refer to the documentation for more information.
The DOCA URL Filter developer guide is available here.
DOCA is licensed under the NVIDIA DOCA License. By pulling and using the container, you accept the terms and conditions of this license.
Use the NVIDIA Developers forum for questions regarding this Software.