1 BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt.

Slides:

Advertisements

Similar presentations

Basic BGP Data Plane Convergence Benchmarking -Rajiv Papneja - Mohan Nanduri -Bhavani Parise - Eric Brendel -Susan Hares - Jay Karthik.

Advertisements

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University

Basic BGP Data Plane Convergence Benchmarking draft-papneja-bgp-basic-dp-convergence-01 Rajiv Papneja, Susan Hares, Bhavani Parise, Mohan Nanduri, Jay.

Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.

69th IETF Chicago IETF BMWG WLAN Switch Benchmarking Tarunesh Ahuja, Tom Alexander, Scott Bradner, Sanjay Hooda, Jerry Perser, Muninder Sambi.

Securing the Router Chris Cunningham.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. Cisco 7500 High Availability.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Benchmarking Methodology WG (bmwg) 60th IETF – San Diego, CA Thursday, August 5, 2004, Chairs: –Kevin Dubray –Al Morton.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc Presented by Changchun Zou.

Sub-IP Layer Protection Mechanism Performance Benchmarking draft-ietf-bmwg-protection-term-05 draft-ietf-bmwg-protection-meth-04 November 17, 2008 Rajiv.

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD

1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.

1 © 2002, Cisco Systems, Inc. All rights reserved. Protocol /IPSec Securing Routing/Signaling Protocols w/ IPSec David Ward

TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.

Juniper ESCR Tesco Day 2. Overview Day #1 Maintenance and monitoring Routing protocols Lab Day #2 Introduction to Juniper devices Junos CLI System and.

1 Benchmarking Methodology WG (bmwg) 70th IETF – Vancouver, Canada Thursday, December 6, 2007, 9:00-11:30 (Oak) Chairs: –Al Morton If.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.

Reliable Routing for the Internet Avici Company Confidential Scott Poretsky Avici Systems, Inc. June 3, 2002 Core Router Testing for High Availability.

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Lucy Yong Susan Hares September 20, 2012 Boston

1 Proposal for BENCHMARKING SIP NETWORKING DEVICES draft-poretsky-sip-bench-term-01.txt draft-poretsky-sip-bench-meth-00.txt Co-authors are Scott Poretsky.

Automatic VPN Client Recovery from IPsec Pass-through Failures Dr. José Brustoloni Dept. Computer Science, University of Pittsburgh 210 S. Bouquet St.

1 Authors: Scott Poretsky, Quarry Technologies Shankar Rao, Qwest Communications Ray Piatt, Cable and Wireless 58th IETF Meeting – Minneapolis Accelerated.

Proposal for new Working Group Item: Core Router Software Accelerated Life Testing (draft-poretsky-routersalt-term-00.txt) Authors: Scott Poretsky, Avici.

1 BENCHMARKING IGP DATA PLANE ROUTE CONVERGENCE draft-ietf-bmwg-igp-dataplane-conv-app-08.txt draft-ietf-bmwg-igp-dataplane-conv-term-08.txt draft-ietf-bmwg-igp-dataplane-conv-meth-08.txt.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

IGP Data Plane Convergence draft-ietf-bmwg-dataplane-conv-meth-14.txt draft-ietf-bmwg-dataplane-conv-term-14.txt draft-ietf-bmwg-dataplane-conv-app-14.txt.

SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-02 draft-ietf-bmwg-sip-bench-meth-02 July 24, 2010 Prof. Carol Davids, Illinois Inst. of Tech.

Inter AS option D (draft-mapathak-interas-option-d-00) Manu Pathak Keyur Patel Arjun Sreekantiah November 2012.

Device Reset Characterization draft-ietf-bmwg-reset-02 Rajiv Asati Carlos Pignataro Fernando Calabria Cesar Olvera Presented by Andrew.

1 SIP Performance Benchmarking draft-poretsky-sip-bench-term-04.txt draft-poretsky-bmwg-sip-bench-meth-02.txt BMWG, IETF-70 Vancouver Dec 2007 Davids IIT.

Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.

IETF BMWG Work Items 65th IETF Meeting Dallas, TX Tuesday 3/21/06.

SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-01 draft-ietf-bmwg-sip-bench-meth-01 March 22, 2010 Prof. Carol Davids, Illinois Inst. of Tech.

1 SIP Performance Benchmarking draft-poretsky-sip-bench-term-03.txt draft-poretsky-bmwg-sip-bench-meth-01.txt BMWG, IETF-69 Chicago July 2007 Poretsky,

1 Benchmarking Methodology WG (bmwg) 64th IETF – Vancouver, Canada Monday, November 7, 2005, 15:10-17:10 (Oak) Chairs: –Kevin Dubray

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

1 Benchmarking Methodology WG (bmwg) 67th IETF – San Diego CA, USA Tuesday, November 7, 2006, 13:00-15:00 (Spinnaker) Chairs: –Al Morton

IGP Data Plane Convergence draft-ietf-bmwg-dataplane-conv-meth-15.txt draft-ietf-bmwg-dataplane-conv-term-15.txt draft-ietf-bmwg-dataplane-conv-app-15.txt.

Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.

1 Benchmarking Methodology WG (bmwg) 66th IETF – Montreal, Canada Thursday, June 13, 2006, 13:00-15:00 (519A) Chairs: –Al Morton – If.

1 IGP Data Plane Convergence Benchmarking draft-ietf-bmwg-igp-dataplane-conv-app-01.txt draft-ietf-bmwg-igp-dataplane-conv-term-01.txt draft -ietf-bmwg-igp-dataplane-conv-meth-01.txt.

1 Scott Poretsky, Quarry Technologies Shankar Rao, Qwest Communications Jean-Louis Le Roux, France Telecom Rajiv Papneja, Isocore Rajesh Khanna, Avici.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 Authors: Scott Poretsky, Reef Point Systems Shankar Rao, Qwest Communications 64th IETF Meeting – Vancouver Accelerated Stress Benchmarking draft-ietf-bmwg-acc-bench-term-07.txt.

1 Benchmarking Methodology WG (bmwg) 71st IETF – Philadelphia, PA USA Monday, March 10, 2008, 13:00-15:00 (Salon J) Chairs: –Al Morton

28 July BGP Data-Plane Benchmarking Applicable to Modern Routers Ilya Varlashkin Rajiv Papneja Bhavani Parise presented by Grégory CAUCHIE.

Benchmarking Methodology WG (bmwg) 57th IETF – Vienna, Austria Tuesday, July 15, 2003, and Chairs: –Kevin Dubray

23Mar BGP Data-Plane Benchmarking Applicable to Modern Routers Rajiv Papneja Ilya Varlashkin Bhavani Parise Dean Lee Sue Hares.

1 IGP Data Plane Convergence Benchmarking draft-ietf-bmwg-igp-dataplane-conv-app-00.txt draft-ietf-bmwg-igp-dataplane-conv-term-00.txt draft -ietf-bmwg-igp-dataplane-conv-meth-00.txt.

RADIUS attributes commonly used in fixed networks draft-klammorrissette-radext-very-common-vsas-00 Devasena Morrissette, Frederic Klamm, Lionel Morand.

© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.

 Killtest offers real Huawei H ENU exam questions, which contain the real and original questions and answers. With the actual exam guide, you can.

Sub-IP Layer Protection Mechanism Performance Benchmarking draft-ietf-bmwg-protection-term-03.txt draft-ietf-bmwg-protection-meth-02.txt BMWG, IETF-70.

Sub-IP Layer Protection Mechanism Performance Benchmarking draft-ietf-bmwg-protection-term-04.txt draft-ietf-bmwg-protection-meth-03.txt BMWG, IETF-71.

1 Benchmarking Methodology WG (bmwg) 73rd IETF – Minneapolis, MN USA Monday, November 17, 2008, Afternoon Session I (Rochester) Chairs: –Al Morton.

1 Authors: Scott Poretsky, Quarry Technologies Shankar Rao, Qwest Communications 60th IETF Meeting – San Diego Accelerated Stress Benchmarking draft-ietf-bmwg-acc-bench-term-03.txt.

Authors: Scott Poretsky, Quarry Technologies Brent Imhoff, LightCore

How to pass Cisco Exam in first attempt?

PCNSE7 Palo Alto Networks Certified Network Security Engineer

Jian Wu (University of Michigan)

Authors: Scott Poretsky, Quarry Technologies Brent Imhoff, LightCore

Accelerated Stress Benchmarking

Presentation transcript:

1 BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt draft-ietf-bmwg-acc-bench-meth-opsec-00.txt Co-authors are Scott Poretsky of Reef Point and Shankar Rao of Qwest 64th IETF Meeting – Vancouver

2 Document Structure Terminology EBGP Peering Methodology … General Methodology Operational Security Methodology –General Methodology has controlled scope –Additional technology specific methodologies can be added

3 Current Status (1 of 2) Terminology –draft-ietf-bmwg-acc-bench-term-07.txt, Terminology for Accelerated Stress Benchmarking –-07 changes ->  Resolves numerous I-D Nits  Incorporates comment from Jay Karthik for wording of MPLS tunnels General Methodology –draft-ietf-bmwg-acc-bench-meth-04.txt, Methodology Guidelines for Accelerated Stress Benchmarking –-04 changes ->  Resolves numerous I-D Nits

4 Current Status (2 of 2) EBGP Peering Methodology –draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt, Methodology for Benchmarking Accelerated Stress with Operational EBGP Instabilities Operational Security Methodology –draft-ietf-bmwg-acc-bench-meth-opsec-00.txt, Methodology for Benchmarking Accelerated Stress with Operational Security EBGP Peering Stress Test Cases 4.1 Failed Primary EBGP Peer 4.2 Establish New EBGP Peer 4.3 BGP Route Explosion 4.4 BGP Policy Configuration 4.5 Persistent BGP Flapping 4.6 BGP Route Flap Dampening 4.7 Nested Convergence Events Operational Security Stress Test Cases 4.1 Restart Under Load 4.2 Destination Control Processor 4.3 Destination Control Processor with Rate-Limiting 4.4 Destination Interfaces 4.5 DoS Attack

5 Control Plane 30 BGP Peers (2 EBGP, 28 IBGP) 28 OSPF Adjacencies 400K route instances 175K routes in FIB MPLS Disabled Multicast Protocols Disabled 16K IPsec Tunnels 32K IPsec SAs 16K IKE SAs IPsec SA Lifetime = 8 hours IKEv2 SA Lifetime = 8 hours DPD Disabled Example Stress Test – Configuration Set Security Plane 100K Stateful Firewall Sessions 64K Firewall Rules DOS-Protection Enabled Management Plane 20 SSH Sessions 4 RADIUS Servers with round-robin Logging enabled SysLog enabled Statistics enabled Data Plane Interfaces = qty 4 GigE Data Rate = 4 Gbps Packet Size = 1500 bytes QoS Disabled

6 Startup Conditions (as configured on Tester*) BGP and OSPF pre-configured and negotiation starts immediately 50 IPsec Tunnels established per second 1500 Stateful Firewall Sessions established per second Instability Conditions (as configured on Tester*) 1 Interface Shut/No Shut per minute 1 OSPF Interface Cost Change per hour 100 IPsec Tunnels flapped (setup/teardown) per second 20 IKEv2/IPsec Rekeys per second RADIUS Server lost every 30 minutes Continuous DOS Attacks (using Nessus) Close/Open 1 SSH session per minute Enter SHOW, Config, and Errored commands for every open session 1 SNMP GET per second 1 FTP File Transer of 100Mb every second * Tester is Test Device or System of Test Devices Example Stress Test – Test Conditions

7 DEVICE #1 1. Configuration Sets achieved 2. Startup Phase Benchmarks Stable Aggregate forwarding Rate = 4Gbps Stable Latency = 110 usec Stable Session Count = 30 BGP Peers 28 OSPF Adjacencies 16K IPsec Tunnels 3. Apply Instability Conditions 4. Instability Phase Benchmarks* Unstable Aggregate Forwarding Rate = 3.5Gbps Degraded Aggregate Forwarding Rate = 0.5Gbps Unstable Latency = 110usec Unstable Uncontrolled Sessions Lost = 126 *These are averages. It is recommended to record these values at 1 second interval 5. Stop applying Instability Conditions after X hours (24 for this test) 6. Recover Phase Benchmarks Recovery Time = 22 seconds Recovered Aggregate Forwarding Rate = 4Gbps Recovered Latency = 110usec Recovered Uncontrolled Sessions Lost = 0 Example Stress Test – Benchmarks DEVICE #2 1. Configuration Sets achieved 2. Startup Phase Benchmarks Stable Aggregate forwarding Rate = 4Gbps Stable Latency = 150 usec Stable Session Count = 30 BGP Peers 28 OSPF Adjacencies 16K IPsec Tunnels 3. Apply Instability Conditions 4. Instability Phase Benchmarks* Unstable Aggregate Forwarding Rate=3.3Gbps Degraded Aggregate Forwarding Rate= 0.7Gbps Unstable Latency = 170usec Unstable Uncontrolled Sessions Lost = 4000 *These are averages. It is recommended to record these values at 1 second interval 5. Stop applying Instability Conditions after X hours (24 for this test) 6. Recover Phase Benchmarks Recovery Time= Infinite Recovered Aggregate Forwarding Rate = 3.9Gbps Recovered Latency = 150usec Recovered Uncontrolled Sessions Lost = 97 Configuration Set in this test was reduced from a previous test because Device #2 crashed at 20 hours Test was repeated with 3 rd Configuration Set to obtain a Recovery Time for Device #2

8 Next Steps Is Terminology and Methodology ready for WGLC? Incorporate mailing list comments from BMWG and OpSec Identify and Add more test cases to EBGP Peering and Operational Security Methodologies Suggestions posted on Mailing List for new Methodologies: MPLS-TE network specific test cases LDP over RSVP-TE specific test cases