Networking

Each GFN rig has three dedicated network interfaces, each serving a different traffic type.

Network Interfaces

From the rig's networkdata.txt:

Interface	ID	Purpose	IP Example	MTU
`net1`	STORAGE	Storage traffic (game installs, saves)	`[REDACTED_CIDR]`	9000 (jumbo)
`net2`	STREAM	Streaming traffic to clients	`[REDACTED_CIDR]`	1500
`eth0`	APP	Application traffic (internet, API calls)	`[REDACTED_CIDR]`	1500

Routing

STORAGE: [REDACTED_CIDR] via [REDACTED_IP]
STREAM:  [REDACTED_CIDR] via [REDACTED_IP]
         [REDACTED_CIDR] via [REDACTED_IP]
APP:     0.0.0.0/0 via [REDACTED_IP] (default gateway)

DNS

APP interface: [REDACTED_IP] (internal resolver)
STORAGE/STREAM: 8.8.8.8, 8.8.4.4 (Google DNS)
DNS Cache Endpoints: [REDACTED_IP]

Key Service Endpoints

Service	Address	Port	Protocol
Provision Manager (PM)	`[REDACTED_IP]` + 4 others	3000 (cmd), 3301 (secure)	TLS
Game Seat Gateway (GSG)	`gsg.[REDACTED_ZONE].svc.cluster.local`	443	gRPC/TLS
Logging Server	`[REDACTED_IP]`	514	UDP (syslog)
KMS Server	`consumerkms.nvidiangn.net`	1688	KMS
Storage Servers	`[REDACTED_IP]`, `[REDACTED_IP]`, `[REDACTED_IP]`	—	SMB/NFS
Scratch Storage	`[REDACTED_IP]`, `[REDACTED_IP]`, `[REDACTED_IP]`	—	SMB/NFS
OpenTelemetry	`[REDACTED_OTEL_HOST]`	8282	HTTPS
OpenTracing	`ls.dtrace.nvidia.com`	443	HTTPS
MessageBus	localhost	65000	TCP
State DB (Redis)	varies	6399	Redis

Provision Manager (PM) Connection

The PM manages seat allocation and session lifecycle. Communication is TLS-encrypted:

Cipher List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:
             ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
             ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384

Server Cert CN: pm.[REDACTED_ZONE].svc.cluster.local
Issuer: GFN PM - API Server Zone [REDACTED_ZONE] CA 02

Features:

Auth enabled with nonce-based challenge
CRL caching (720 minutes)
Network interfaces restricted to APP

Game Seat Gateway (GSG)

gRPC-based communication with the scheduler:

json

{
  "connectionTimeoutMs": 5000,
  "keepAliveIntervalMs": 3000,
  "keepAliveTimeoutMs": 3000,
  "heartbeatPeriodMs": 60000,
  "loadBalancingPolicy": "pick_first",
  "enableSeatHeartbeat": true,
  "enableSessionHeartbeat": true,
  "apiKeyRefreshPeriodSec": 300
}

Retry settings:

Initial backoff: 100ms
Max backoff: 1000ms
Backoff multiplier: 1.6
Total retries: 5
Retryable statuses: UNKNOWN, UNAVAILABLE, DEADLINE_EXCEEDED

Packet Capture

Rigs can capture network traffic for debugging:

json

{
  "filePath": "C:\\Asgard\\logs\\pcap\\game-seat.pcap",
  "tsharkPath": "c:\\asgard\\Wireshark\\tshark.exe",
  "networkInterface": "APP",
  "filesCount": 2,
  "fileSizeKb": 102400
}

Network Data Capture (NDC)

Traffic analysis configuration for detecting abuse:

json

{
  "NetworkConfig": {
    "MaxPacketSize": 28,
    "ProtocolAllowList": ["UDP"],
    "TrafficType": "IGW",
    "PortAllowRange": { "Upper": 65000, "Lower": 1 }
  },
  "ConditionConfig": {
    "Percentage": 50,
    "SessionTimeRange": { "Upper": 600, "Lower": 0 }
  }
}

QoS / Traffic Marking

GameStream supports QoS downlink marking:

aqos.qosTrafficType = 0|1 (disabled/enabled)
vqos[0].qosTrafficType = 0|1

Enabled conditionally on NGN Platform v2.0.5 and v2.1 with platform metadata key ngn-platform-version.

Networking ​

Network Interfaces ​

Routing ​

DNS ​

Key Service Endpoints ​

Provision Manager (PM) Connection ​

Game Seat Gateway (GSG) ​

Packet Capture ​

Network Data Capture (NDC) ​

QoS / Traffic Marking ​

Networking

Network Interfaces

Routing

DNS

Key Service Endpoints

Provision Manager (PM) Connection

Game Seat Gateway (GSG)

Packet Capture

Network Data Capture (NDC)

QoS / Traffic Marking