Datapath Healing
2022 Apr 14
Concept of datapath healing process in NSM
Table of contents
Datapath healing
Description
Datapath healing is extremely simple. The existing connection is used to make sure the connection stays online. The connection is checked at specified intervals using ‘ping’. As soon as the check fails, the client requests a new connection.
Parameters
These parameters are using for configuring datapath healing on the NSC side.
NSM_LIVENESS_CHECK_ENABLED
means datapath healing feature is enabled.NSM_LIVENESS_CHECK_INTERVAL
means interval between pings.NSM_LIVENESS_CHECK_TIMEOUT
means timeout for the ping.
Benifits
- Network Health: Regular liveness checking can help monitor the health and availability of a network or a specific vWire. If the ping responses are consistently successful, it indicates that the network or device is functioning correctly. Any disruptions or failures in ping responses can alert the NSC to ask NSM to change the connection.
- Server Uptime: For NSC, liveness checking a endpoint’s interface at regular intervals can be a way to ensure that the endpoint is online and operational. If endpoint is not online then NSC requests a new endpoint immediately.
- Intrusion Detection: Regular Liveness Check can be part of a broader security monitoring strategy. It helps detect unauthorized changes or intrusions by alerting you to unexpected changes in liveness check response patterns.
- Firewall and ACL Testing: Liveness Check can be used to test the effectiveness of firewalls and Access Control Lists (ACLs). You can verify that the configured rules are working as intended if NSC doesn’t come up.
Add datapath healing for a custom dataplane framework
NSM uses the next contract for liveness check function.
|
|
To use a custom liveness check function you need simply implement and pass it to the heal client
|
|
See at example of kernel liveness check implementation.
References
Table of contents