1 / 8

BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt

BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt draft-ietf-bmwg-acc-bench-meth-opsec-00.txt Co-authors are Scott Poretsky of Reef Point and Shankar Rao of Qwest.

dung
Download Presentation

BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt draft-ietf-bmwg-acc-bench-meth-opsec-00.txt Co-authors are Scott Poretsky of Reef Point and Shankar Rao of Qwest 64th IETF Meeting – Vancouver

  2. Document Structure Terminology General Methodology … EBGP Peering Methodology Operational Security Methodology • General Methodology has controlled scope • Additional technology specific methodologies can be added

  3. Terminology draft-ietf-bmwg-acc-bench-term-07.txt, Terminology for Accelerated Stress Benchmarking -07 changes -> Resolves numerous I-D Nits Incorporates comment from Jay Karthik for wording of MPLS tunnels General Methodology draft-ietf-bmwg-acc-bench-meth-04.txt, Methodology Guidelines for Accelerated Stress Benchmarking -04 changes -> Resolves numerous I-D Nits Current Status (1 of 2)

  4. EBGP Peering Methodology draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt, Methodology for Benchmarking Accelerated Stress with Operational EBGP Instabilities Operational Security Methodology draft-ietf-bmwg-acc-bench-meth-opsec-00.txt, Methodology for Benchmarking Accelerated Stress with Operational Security Current Status (2 of 2) EBGP Peering Stress Test Cases 4.1 Failed Primary EBGP Peer 4.2 Establish New EBGP Peer 4.3 BGP Route Explosion 4.4 BGP Policy Configuration 4.5 Persistent BGP Flapping 4.6 BGP Route Flap Dampening 4.7 Nested Convergence Events Operational Security Stress Test Cases 4.1 Restart Under Load 4.2 Destination Control Processor 4.3 Destination Control Processor with Rate-Limiting 4.4 Destination Interfaces 4.5 DoS Attack

  5. Example Stress Test – Configuration Set Control Plane 30 BGP Peers (2 EBGP, 28 IBGP) 28 OSPF Adjacencies 400K route instances 175K routes in FIB MPLS Disabled Multicast Protocols Disabled 16K IPsec Tunnels 32K IPsec SAs 16K IKE SAs IPsec SA Lifetime = 8 hours IKEv2 SA Lifetime = 8 hours DPD Disabled Security Plane 100K Stateful Firewall Sessions 64K Firewall Rules DOS-Protection Enabled Management Plane 20 SSH Sessions 4 RADIUS Servers with round-robin Logging enabled SysLog enabled Statistics enabled Data Plane Interfaces = qty 4 GigE Data Rate = 4 Gbps Packet Size = 1500 bytes QoS Disabled

  6. Example Stress Test – Test Conditions • Startup Conditions (as configured on Tester*) • BGP and OSPF pre-configured and negotiation starts immediately • 50 IPsec Tunnels established per second • 1500 Stateful Firewall Sessions established per second • Instability Conditions (as configured on Tester*) • 1 Interface Shut/No Shut per minute • 1 OSPF Interface Cost Change per hour • 100 IPsec Tunnels flapped (setup/teardown) per second • 20 IKEv2/IPsec Rekeys per second • RADIUS Server lost every 30 minutes • Continuous DOS Attacks (using Nessus) • Close/Open 1 SSH session per minute • Enter SHOW, Config, and Errored commands for every open session • 1 SNMP GET per second • 1 FTP File Transer of 100Mb every second • * Tester is Test Device or System of Test Devices

  7. Example Stress Test – Benchmarks • DEVICE #1 • 1. Configuration Sets achieved • 2. Startup Phase Benchmarks • Stable Aggregate forwarding Rate = 4Gbps • Stable Latency = 110 usec • Stable Session Count = • 30 BGP Peers • 28 OSPF Adjacencies • 16K IPsec Tunnels • 3. Apply Instability Conditions • 4. Instability Phase Benchmarks* • Unstable Aggregate Forwarding Rate = 3.5Gbps • Degraded Aggregate Forwarding Rate = 0.5Gbps • Unstable Latency = 110usec • Unstable Uncontrolled Sessions Lost = 126 • *These are averages. It is recommended to record these values at 1 second interval • 5. Stop applying Instability Conditions after X hours (24 for this test) • 6. Recover Phase Benchmarks • Recovery Time = 22 seconds • Recovered Aggregate Forwarding Rate = 4Gbps • Recovered Latency = 110usec • Recovered Uncontrolled Sessions Lost = 0 • DEVICE #2 • 1. Configuration Sets achieved • 2. Startup Phase Benchmarks • Stable Aggregate forwarding Rate = 4Gbps • Stable Latency = 150 usec • Stable Session Count = • 30 BGP Peers • 28 OSPF Adjacencies • 16K IPsec Tunnels • 3. Apply Instability Conditions • 4. Instability Phase Benchmarks* • Unstable Aggregate Forwarding Rate=3.3Gbps • Degraded Aggregate Forwarding Rate= 0.7Gbps • Unstable Latency = 170usec • Unstable Uncontrolled Sessions Lost = 4000 • *These are averages. It is recommended to record these values at 1 second interval • 5. Stop applying Instability Conditions after X hours (24 for this test) • 6. Recover Phase Benchmarks • Recovery Time= Infinite • Recovered Aggregate Forwarding Rate = 3.9Gbps • Recovered Latency = 150usec • Recovered Uncontrolled Sessions Lost = 97 • Configuration Set in this test was reduced from a previous test because Device #2 crashed at 20 hours • Test was repeated with 3rd Configuration Set to obtain a Recovery Time for Device #2

  8. Is Terminology and Methodology ready for WGLC? Incorporate mailing list comments from BMWG and OpSec Identify and Add more test cases to EBGP Peering and Operational Security Methodologies Suggestions posted on Mailing List for new Methodologies: MPLS-TE network specific test cases LDP over RSVP-TE specific test cases Next Steps

More Related