IP Flow Information Accounting and Export Benchmarking Methodology http:tools'ietf'orgiddraftnovakbm

1
IP Flow Information Accounting and Export
Benchmarking Methodologyhttp//tools.ietf.org/id
/draft-novak-bmwg-ipflow-meth-00.txtJan
NovakCisco Systems ScotlandPresenting to BMWG
IPFIX _at_ IETF72
2

• IP Flow Monitoring subject of the IPFIX WG
• RFCs 3917 - Requirements for IP Flow Information
  Export (IPFIX)
• 5101 - Specification of the IP Flow
  Information Export
• (IPFIX) Protocol
  for the Exchange of IP Traffic Flow
• Information
• 5102 - Information Model for IP Flow
  Information Export
• Cisco specific RFC 3954 - Cisco Systems NetFlow
  Services
• 
  Export Version 9

3

• Motivation for this work
• Q Why are we doing this?
• Numerous customer requests over a period of last
  3-4 years and wide confusion about what to
  measure and how to measure it.

4

• Aims
• What we want to achieve
• provoke discussion
• WG adoption
• definition and standardisation of metrics

5

• Scope of this work
• Performance implications of IP flow monitoring
  and flow information export on network devices
• 1) CPU utilisation
• 2) RFC2544 throughput with IP flow monitoring
• Does not cover
• IP Flow monitoring accuracy
• Performance of flow export collectors
• Probes and other non-forwarding monitoring
  devices
• Note RFC2544 Benchmarking Methodology for
  Network Interconnect Devices

6

• IP Flow Monitoring Functions

IP flow database - cache
Cache maintenance - updates
Flow aging
Flow export
7

• Laboratory CPU utilisation metrics
• unrealistic in real life scenario, used to catch
  trivial implementation errors
• and develop understanding of setting up Flow
  Monitoring environment to certain set of
  parameters

8

• Laboratory CPU utilisation metrics
• Cache States Maintenance
• Populate the DUT cache, leave it alone with no
  other traffic and check the CPU usage just for
  holding a large cache (300k to 1M entries
  depending on available memory)

9

• Laboratory CPU utilisation metrics
• Cache States Update
• Populate the DUT cache, do not expire any flows,
  just update Flow counters like packets, bytes

10

• True CPU metrics
• (attempting to simulate life network device)
• Flow Expiration Rate
• Flow Export Rate
• Two possible situations
• constant flow number
• 2) cache overflow

11

• Flow Expiration Rate Constant Flow number
• Populate DUT cache below the available cache
  size, keep the number of flows constant but let
  them expire at certain rate
• Achieved keeping low inactive timeout

12

• Flow Expiration Rate Cache overflow
• Populate DUT cache below the available cache
  size, keep the number of flows always higher than
  available cache size
• Achieved large inactive timeout

13

• Flow Export Rate
• Same as Flow Expiration Rate just with configured
  Flow Export

14
RFC2544 Throughput

• Define exact traffic conditions for the test in
  the presence of IP flow monitoring to create
  controlled test environment
• Note RFC2544 Benchmarking Methodology for
  Network Interconnect Devices

15
RFC2544 Throughput

• 1) Single Traffic Component
• Use traffic definitions of this draft
• Replicate packets with same Key Fields
  definitions to achieve high packet rates
• Drawback the traffic generators might not have
  this ability

16
RFC2544 Throughput

• 2) Two Traffic Components
• Component 1 Use exact traffic definitions of
  this draft to generate Flow Monitoring cache as
  needed
• Component 2 Use RFC2544 traffic to load the DUT
  with traffic, this traffic MUST represent just
  one Flow

17

• QUICK CPU LOAD ESTIMATES
• Using Internet stats from CAIDA or traffic
  analysis from the network where Flow Monitoring
  is to be applied
• Example
• Average Packet size 350 bytes
• Packets per IP flow 20
• Expected data rate 1 Gbit/s
• The Network Device CPU needs to handle
• 1 Gb/s / (8 350 bytes 20) 18 000 flows / s

18

• Questions
• ?

19

• Next steps
• ?