BENCHMARKING NETWORK DEVICES - PowerPoint PPT Presentation

About This Presentation
Title:

BENCHMARKING NETWORK DEVICES

Description:

Continuous DOS Attacks (using Nessus) Close/Open 1 SSH session per minute. Enter SHOW, Config, and Errored commands for every open session. 1 SNMP GET per second ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 9
Provided by: scottpo
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: BENCHMARKING NETWORK DEVICES


1
  • BENCHMARKING NETWORK DEVICES
  • UNDER ACCLERATED STRESS
  • draft-ietf-bmwg-acc-bench-term-07.txt
  • draft-ietf-bmwg-acc-bench-meth-04.txt
  • draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt
  • draft-ietf-bmwg-acc-bench-meth-opsec-00.txt
  • Co-authors are Scott Poretsky of Reef Point and
    Shankar Rao of Qwest

64th IETF Meeting Vancouver
2
Document Structure
Terminology
General Methodology

EBGP Peering Methodology
Operational Security Methodology
  • General Methodology has controlled scope
  • Additional technology specific methodologies can
    be added

3
Current Status (1 of 2)
  • Terminology
  • draft-ietf-bmwg-acc-bench-term-07.txt,
    Terminology for Accelerated Stress Benchmarking
  • -07 changes -gt
  • Resolves numerous I-D Nits
  • Incorporates comment from Jay Karthik for wording
    of MPLS tunnels
  • General Methodology
  • draft-ietf-bmwg-acc-bench-meth-04.txt,
    Methodology Guidelines for Accelerated Stress
    Benchmarking
  • -04 changes -gt
  • Resolves numerous I-D Nits

4
Current Status (2 of 2)
  • EBGP Peering Methodology
  • draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt,
    Methodology for Benchmarking Accelerated Stress
    with Operational EBGP Instabilities
  • Operational Security Methodology
  • draft-ietf-bmwg-acc-bench-meth-opsec-00.txt,
    Methodology for Benchmarking Accelerated Stress
    with Operational Security

EBGP Peering Stress Test Cases 4.1 Failed Primary
EBGP Peer 4.2 Establish New EBGP Peer 4.3 BGP
Route Explosion 4.4 BGP Policy Configuration 4.5
Persistent BGP Flapping 4.6 BGP Route Flap
Dampening 4.7 Nested Convergence Events
Operational Security Stress Test Cases 4.1
Restart Under Load 4.2 Destination Control
Processor 4.3 Destination Control Processor with
Rate-Limiting 4.4 Destination Interfaces 4.5 DoS
Attack
5
Example Stress Test Configuration Set
Control Plane 30 BGP Peers (2 EBGP, 28
IBGP) 28 OSPF Adjacencies 400K route
instances 175K routes in FIB MPLS
Disabled Multicast Protocols Disabled 16K IPsec
Tunnels 32K IPsec SAs 16K IKE SAs IPsec SA
Lifetime 8 hours IKEv2 SA Lifetime 8
hours DPD Disabled
Security Plane 100K Stateful Firewall
Sessions 64K Firewall Rules DOS-Protection
Enabled Management Plane 20 SSH Sessions 4
RADIUS Servers with round-robin Logging
enabled SysLog enabled Statistics
enabled Data Plane Interfaces qty 4
GigE Data Rate 4 Gbps Packet Size 1500
bytes QoS Disabled
6
Example Stress Test Test Conditions
  • Startup Conditions (as configured on Tester)
  • BGP and OSPF pre-configured and negotiation
    starts immediately
  • 50 IPsec Tunnels established per second
  • 1500 Stateful Firewall Sessions established per
    second
  •  
  • Instability Conditions (as configured on Tester)
  • 1 Interface Shut/No Shut per minute
  • 1 OSPF Interface Cost Change per hour
  • 100 IPsec Tunnels flapped (setup/teardown) per
    second
  • 20 IKEv2/IPsec Rekeys per second
  • RADIUS Server lost every 30 minutes
  • Continuous DOS Attacks (using Nessus)
  • Close/Open 1 SSH session per minute
  • Enter SHOW, Config, and Errored commands for
    every open session
  • 1 SNMP GET per second
  • 1 FTP File Transer of 100Mb every second
  • Tester is Test Device or System of Test Devices


7
Example Stress Test Benchmarks
  • DEVICE 1
  • 1. Configuration Sets achieved
  • 2. Startup Phase Benchmarks
  • Stable Aggregate forwarding Rate 4Gbps
  • Stable Latency 110 usec
  • Stable Session Count
  • 30 BGP Peers
  • 28 OSPF Adjacencies
  • 16K IPsec Tunnels
  • 3. Apply Instability Conditions
  • 4. Instability Phase Benchmarks
  • Unstable Aggregate Forwarding Rate 3.5Gbps
  • Degraded Aggregate Forwarding Rate 0.5Gbps
  • Unstable Latency 110usec
  • Unstable Uncontrolled Sessions Lost 126
  • DEVICE 2
  • 1. Configuration Sets achieved
  • 2. Startup Phase Benchmarks
  • Stable Aggregate forwarding Rate 4Gbps
  • Stable Latency 150 usec
  • Stable Session Count
  • 30 BGP Peers
  • 28 OSPF Adjacencies
  • 16K IPsec Tunnels
  • 3. Apply Instability Conditions
  • 4. Instability Phase Benchmarks
  • Unstable Aggregate Forwarding Rate3.3Gbps
  • Degraded Aggregate Forwarding Rate 0.7Gbps
  • Unstable Latency 170usec
  • Unstable Uncontrolled Sessions Lost 4000

  • Configuration Set in this test was reduced from a
    previous test because Device 2 crashed at 20
    hours
  • Test was repeated with 3rd Configuration Set to
    obtain a Recovery Time for Device 2

8
Next Steps
  • Is Terminology and Methodology ready for WGLC?
  • Incorporate mailing list comments from BMWG and
    OpSec
  • Identify and Add more test cases to EBGP Peering
    and Operational Security Methodologies
  • Suggestions posted on Mailing List for new
    Methodologies
  • MPLS-TE network specific test cases
  • LDP over RSVP-TE specific test cases
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "BENCHMARKING NETWORK DEVICES" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!