Initial creation of netflow v5 payload generation

Author: scottopell

examples/netflow_v5.yaml

@@ -0,0 +1,83 @@
+# Example configuration for NetFlow v5 load testing
+# This generates NetFlow v5 packets and sends them over UDP
+
+version: "1"
+
+target: null  # No target needed for generators
+
+generator:
+  udp:
+    seed: [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32]
+    addr: "127.0.0.1:9995"  # NetFlow collector address
+    variant:
+      net_flow_v5:
+        # Number of flow records per packet (1-30 to stay within MTU)
+        flows_per_packet:
+          min: 5
+          max: 20
+
+        # Source IP range (10.0.0.0/8 network)
+        src_ip_range:
+          min: 167772161   # 10.0.0.1 in u32
+          max: 184549374   # 10.255.255.254 in u32
+
+        # Destination IP range (192.168.0.0/16 network)
+        dst_ip_range:
+          min: 3232235521  # 192.168.1.1 in u32
+          max: 3232301054  # 192.168.255.254 in u32
+
+        # Port ranges
+        src_port_range:
+          min: 1024
+          max: 65535
+        dst_port_range:
+          min: 1
+          max: 65535
+
+        # Flow metrics
+        packet_count_range:
+          min: 1
+          max: 1000
+        byte_count_range:
+          min: 64
+          max: 150000
+        flow_duration_range:
+          min: 1000      # 1 second
+          max: 300000    # 5 minutes
+
+        # Interface and AS ranges
+        interface_range:
+          min: 1
+          max: 10
+        as_number_range:
+          min: 100
+          max: 65000
+
+        # Protocol distribution (weights)
+        protocol_weights:
+          tcp: 70    # 70% TCP traffic
+          udp: 25    # 25% UDP traffic
+          icmp: 3    # 3% ICMP traffic
+          other: 2   # 2% other protocols
+
+        # Router identification
+        engine_type: 1
+        engine_id: 0
+
+    # Traffic generation settings
+    bytes_per_second: "1MB"              # Rate limit
+    maximum_block_size: "1400B"          # Stay within MTU
+    maximum_prebuild_cache_size_bytes: "100MB"
+
+    # Throttling (optional)
+    throttle:
+      stable: {}  # Stable rate throttling
+
+# Observability configuration
+observer:
+  prometheus:
+    addr: "127.0.0.1:9090"
+
+# General settings
+general:
+  id: "netflow-v5-generator"

lading_payload/src/NETFLOW_README.md

@@ -0,0 +1,163 @@
+# NetFlow v5 Support for Lading
+
+This implementation adds NetFlow v5 packet generation support to the lading load testing framework.
+
+## Overview
+
+NetFlow v5 is a network protocol developed by Cisco for collecting IP traffic information. This implementation generates realistic NetFlow v5 export packets that can be used to load test NetFlow collectors.
+
+## Features
+
+- **Standards Compliant**: Generates proper NetFlow v5 packets following Cisco's specification
+- **Configurable Data Ranges**: All packet fields can be configured with ranges for realistic data generation
+- **Protocol Distribution**: Weighted distribution of TCP, UDP, ICMP, and other protocols
+- **Fixed Random Seed**: Uses deterministic random generation for reproducible test data
+- **UDP Transport**: Sends packets over UDP (standard for NetFlow exports)
+- **MTU Aware**: Respects packet size limits to stay within network MTU
+
+## Packet Structure
+
+Each NetFlow v5 packet contains:
+- **Header** (24 bytes): Version, flow count, timestamps, sequence numbers, engine info
+- **Flow Records** (48 bytes each): Source/destination IPs, ports, byte/packet counts, timing, protocols, AS numbers
+
+## Configuration
+
+The NetFlow v5 payload type supports extensive configuration:
+
+### Basic Example
+```yaml
+generator:
+  udp:
+    addr: "127.0.0.1:9995"
+    variant:
+      net_flow_v5: {}  # Uses default configuration
+```
+
+### Full Configuration Example
+```yaml
+generator:
+  udp:
+    variant:
+      net_flow_v5:
+        flows_per_packet:
+          min: 1
+          max: 30
+        src_ip_range:
+          min: 167772161   # 10.0.0.1
+          max: 184549374   # 10.255.255.254
+        dst_ip_range:
+          min: 3232235521  # 192.168.1.1
+          max: 3232301054  # 192.168.255.254
+        protocol_weights:
+          tcp: 70
+          udp: 25
+          icmp: 3
+          other: 2
+```
+
+## Configuration Options
+
+| Field | Type | Description | Default |
+|-------|------|-------------|---------|
+| `flows_per_packet` | Range<u16> | Number of flow records per packet | 1-30 |
+| `src_ip_range` | Range<u32> | Source IP addresses as u32 | 10.0.0.0/8 |
+| `dst_ip_range` | Range<u32> | Destination IP addresses as u32 | 192.168.0.0/16 |
+| `src_port_range` | Range<u16> | Source port numbers | 1024-65535 |
+| `dst_port_range` | Range<u16> | Destination port numbers | 1-65535 |
+| `packet_count_range` | Range<u32> | Packets per flow | 1-10000 |
+| `byte_count_range` | Range<u32> | Bytes per flow | 64-1500000 |
+| `flow_duration_range` | Range<u32> | Flow duration in milliseconds | 1s-1h |
+| `interface_range` | Range<u16> | Interface indices | 1-254 |
+| `as_number_range` | Range<u16> | BGP AS numbers | 1-65535 |
+| `protocol_weights` | ProtocolWeights | Protocol distribution weights | TCP:70, UDP:25, ICMP:3, Other:2 |
+| `engine_type` | u8 | Flow switching engine type | 0 |
+| `engine_id` | u8 | Flow switching engine ID | 0 |
+
+## IP Address Configuration
+
+IP addresses are configured as u32 values in network byte order. Helper conversions:
+
+```bash
+# Convert IP to u32
+python3 -c "import socket, struct; print(struct.unpack('!I', socket.inet_aton('10.0.0.1'))[0])"
+
+# Convert u32 to IP
+python3 -c "import socket, struct; print(socket.inet_ntoa(struct.pack('!I', 167772161)))"
+```
+
+## Load Testing Scenarios
+
+### Single Router Simulation
+```yaml
+generator:
+  udp:
+    addr: "127.0.0.1:9995"
+    variant:
+      net_flow_v5:
+        engine_id: 1
+    bytes_per_second: "10MB"
+```
+
+### Multiple Router Simulation
+Deploy multiple generator instances with different engine_id values to simulate multiple routers.
+
+### Burst Testing
+```yaml
+generator:
+  udp:
+    variant:
+      net_flow_v5:
+        flows_per_packet:
+          min: 25
+          max: 30  # Maximum flows per packet
+    bytes_per_second: "50MB"  # High rate for burst testing
+```
+
+## Usage
+
+1. **Start a NetFlow collector** (or use netcat for testing):
+   ```bash
+   nc -ul 9995  # Listen on UDP port 9995
+   ```
+
+2. **Run lading with NetFlow configuration**:
+   ```bash
+   cargo run -- --config netflow_v5_example.yaml
+   ```
+
+3. **Monitor metrics** at http://localhost:9090 (if Prometheus observer is configured)
+
+## Metrics
+
+The generator emits standard UDP generator metrics:
+- `bytes_written`: Total bytes sent
+- `packets_sent`: Total packets sent
+- `request_failure`: Failed send attempts
+- `connection_failure`: Socket bind failures
+- `bytes_per_second`: Configured transmission rate
+
+## Implementation Details
+
+- Uses deterministic random generation with configurable seed
+- Generates realistic flow timing relationships
+- Handles protocol-specific fields (TCP flags, port usage)
+- Maintains sequence numbers across packets
+- Respects MTU limits (max 30 flows per packet = 1464 bytes)
+- Network byte order encoding for all multi-byte fields
+
+## Testing
+
+Run NetFlow-specific tests:
+```bash
+cd lading_payload && cargo test netflow
+```
+
+## Future Enhancements
+
+Potential areas for expansion:
+- NetFlow v9 template-based format
+- IPFIX support
+- IPv6 flow records
+- Flow sampling configuration
+- Custom field templates

lading_payload/src/block.rs

@@ -343,6 +343,20 @@ impl Cache {
                 let span = span!(Level::INFO, "fixed", payload = "otel-metrics");
                 let _guard = span.enter();
 
+                construct_block_cache_inner(rng, &mut pyld, maximum_block_bytes, total_bytes.get())?
+            }
+            crate::Config::NetFlowV5(config) => {
+                match config.valid() {
+                    Ok(()) => (),
+                    Err(e) => {
+                        warn!("Invalid NetFlowV5 configuration: {}", e);
+                        return Err(Error::InvalidConfig(e));
+                    }
+                }
+                let mut pyld = crate::NetFlowV5::new(*config, &mut rng)?;
+                let span = span!(Level::INFO, "fixed", payload = "netflow-v5");
+                let _guard = span.enter();
+
                 construct_block_cache_inner(rng, &mut pyld, maximum_block_bytes, total_bytes.get())?
             }
         };

lading_payload/src/lib.rs

@@ -36,6 +36,7 @@ pub use datadog_logs::DatadogLog;
 pub use dogstatsd::DogStatsD;
 pub use fluent::Fluent;
 pub use json::Json;
+pub use netflow::NetFlowV5;
 pub use opentelemetry_log::OpentelemetryLogs;
 pub use opentelemetry_metric::OpentelemetryMetrics;
 pub use opentelemetry_trace::OpentelemetryTraces;
@@ -51,6 +52,7 @@ pub mod datadog_logs;
 pub mod dogstatsd;
 pub mod fluent;
 pub mod json;
+pub mod netflow;
 pub mod opentelemetry_log;
 pub mod opentelemetry_metric;
 pub mod opentelemetry_trace;
@@ -171,6 +173,8 @@ pub enum Config {
     DogStatsD(crate::dogstatsd::Config),
     /// Generates `TraceAgent` payloads in JSON format
     TraceAgent(Encoding),
+    /// Generates NetFlow v5 packets
+    NetFlowV5(crate::netflow::Config),
 }
 
 #[derive(Debug)]
@@ -189,6 +193,7 @@ pub(crate) enum Payload {
     OtelMetrics(OpentelemetryMetrics),
     DogStatsdD(DogStatsD),
     TraceAgent(TraceAgent),
+    NetFlowV5(NetFlowV5),
 }
 
 impl Serialize for Payload {
@@ -211,6 +216,7 @@ impl Serialize for Payload {
             Payload::OtelMetrics(ser) => ser.to_bytes(rng, max_bytes, writer),
             Payload::DogStatsdD(ser) => ser.to_bytes(rng, max_bytes, writer),
             Payload::TraceAgent(ser) => ser.to_bytes(rng, max_bytes, writer),
+            Payload::NetFlowV5(ser) => ser.to_bytes(rng, max_bytes, writer),
         }
     }