Networking

Each GFN rig has three dedicated network interfaces, each serving a different traffic type.

Network Interfaces

From the rig's networkdata.txt:

Interface	ID	Purpose	IP Example	MTU
net1	STORAGE	Storage traffic (game installs, saves)	10.194.55.41/26	9000 (jumbo)
net2	STREAM	Streaming traffic to clients	10.193.81.41/26	1500
eth0	APP	Application traffic (internet, API calls)	10.192.79.57/26	1500

Routing

STORAGE: 10.194.0.0/16 via 10.194.55.1
STREAM:  10.193.0.0/16 via 10.193.81.1
         10.222.254.0/24 via 10.193.81.1
APP:     0.0.0.0/0 via 10.192.79.1 (default gateway)

DNS

• APP interface: 10.223.0.3 (internal resolver)
• STORAGE/STREAM: 8.8.8.8, 8.8.4.4 (Google DNS)
• DNS Cache Endpoints: 10.223.136.74

Key Service Endpoints

Service	Address	Port	Protocol
Provision Manager (PM)	10.192.17.9 + 4 others	3000 (cmd), 3301 (secure)	TLS
Game Seat Gateway (GSG)	gsg.np-ams-06.svc.cluster.local	443	gRPC/TLS
Logging Server	10.223.251.221	514	UDP (syslog)
KMS Server	consumerkms.nvidiangn.net	1688	KMS
Storage Servers	10.194.116.4, 10.194.92.3, 10.194.70.3	—	SMB/NFS
Scratch Storage	10.194.70.4, 10.194.92.4, 10.194.116.3	—	SMB/NFS
OpenTelemetry	prod.otel.kaizen.nvidia.com	8282	HTTPS
OpenTracing	ls.dtrace.nvidia.com	443	HTTPS
MessageBus	localhost	65000	TCP
State DB (Redis)	varies	6399	Redis

Provision Manager (PM) Connection

The PM manages seat allocation and session lifecycle. Communication is TLS-encrypted:

Cipher List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:
             ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
             ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384

Server Cert CN: pm.np-ams-06.svc.cluster.local
Issuer: GFN PM - API Server Zone NP-AMS-06 CA 02

Features:

• Auth enabled with nonce-based challenge
• CRL caching (720 minutes)
• Network interfaces restricted to APP

Game Seat Gateway (GSG)

gRPC-based communication with the scheduler:

{
  "connectionTimeoutMs": 5000,
  "keepAliveIntervalMs": 3000,
  "keepAliveTimeoutMs": 3000,
  "heartbeatPeriodMs": 60000,
  "loadBalancingPolicy": "pick_first",
  "enableSeatHeartbeat": true,
  "enableSessionHeartbeat": true,
  "apiKeyRefreshPeriodSec": 300
}

Retry settings:

• Initial backoff: 100ms
• Max backoff: 1000ms
• Backoff multiplier: 1.6
• Total retries: 5
• Retryable statuses: UNKNOWN, UNAVAILABLE, DEADLINE_EXCEEDED

Packet Capture

Rigs can capture network traffic for debugging:

{
  "filePath": "C:\\Asgard\\logs\\pcap\\game-seat.pcap",
  "tsharkPath": "c:\\asgard\\Wireshark\\tshark.exe",
  "networkInterface": "APP",
  "filesCount": 2,
  "fileSizeKb": 102400
}

Network Data Capture (NDC)

Traffic analysis configuration for detecting abuse:

{
  "NetworkConfig": {
    "MaxPacketSize": 28,
    "ProtocolAllowList": ["UDP"],
    "TrafficType": "IGW",
    "PortAllowRange": { "Upper": 65000, "Lower": 1 }
  },
  "ConditionConfig": {
    "Percentage": 50,
    "SessionTimeRange": { "Upper": 600, "Lower": 0 }
  }
}

QoS / Traffic Marking

GameStream supports QoS downlink marking:

aqos.qosTrafficType = 0|1 (disabled/enabled)
vqos[0].qosTrafficType = 0|1

Enabled conditionally on NGN Platform v2.0.5 and v2.1 with platform metadata key ngn-platform-version.