DPACC IPSEC Performance Testing

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP Dubai IPv6 Forum Summit – February 2001.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

DHCPv6 class based prefix (draft-bhandari-dhc-class-based-prefix-00) IETF 82, November 2011 Authors: Shwetha Bhandari (Cisco) Sri Gundavelli(Cisco) Gaurav.

Vancouver, BC July 27-30, 2015 Birds of a Feather Carrier Ethernet Services over LTE Rami Yaron, Telco Systems Glenn Parsons, Ericsson Rami Yaron, Telco.

IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.

NetComm Wireless VPN Functionality Feature Spotlight.

LTE roaming – a whole new world Acme Packet 3 Session Border Control (SBC) category creator and leader with over 60% market share Mission: enable delivery.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

RE © 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. FNS 1.0— © 2003, Cisco Systems, Inc. All rights reserved.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Sponsored by the National Science Foundation1GEC 23 – 17 June 2015www.geni.net Applying GENI Principles to LTE Networks Abhimanyu Gosain and Ivan Seskar.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Sponsored by the National Science Foundation Using GENI Wireless Resources Vic Thomas GENI Project Office.

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.

Virtual Private Networking Irfan Khan Myo Thein Nick Merante.

C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

LTE Architecture KANNAN M JTO(3G).

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Network Security David Lazăr.

1 SAE architecture harmonization R RAN2/3, SA2 Drafting Group.

FreeS/WAN & VPN Cory Petkovsek VPN: Virtual Private Network – a secure tunnel through untrusted networks. IP Security (IPSec): a standardized set of authentication.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

Virtio-IPsec-LA PoC Implementation

Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.

Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

By Suman(1RV12LDC29).  Long Term Evolution (LTE) promises higher data rates, 100Mbps in the downlink and 50Mbps in the uplink in LTE’s first phase, and.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

WELCOME LAN TO LAN VPN LAN to LAN VPN also known as Site to Site VPN is the most basic and the most simplest of all the VPN’s used on CISCO devices. It.

Chapter 3 LTE Network.

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter Twelve Network Security.

Automating Wireless IP Network And Virtualized Mobile Core Functions HetnetIP: Wireless IP Backhaul Management Automation and Multi-tenant Portal.

CSCI 465 Data Communications and Networks Lecture 26

Module 4: Configuring Site to Site VPN with Pre-shared keys

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

LTE Long Term Evolution

Internet and Intranet Fundamentals

VPN: Virtual Private Network

LTE Long Term Evolution

Server-to-Client Remote Access and DirectAccess

Network Virtualization

Security Protocols in the Internet

VPN: Virtual Private Network

Update Summary of DPACC docs

Virtual Private Network

Flow Processing for Fast Path & Inline Acceleration

Latest Update DPACC Use-cases

Presentation transcript:

DPACC IPSEC Performance Testing Srinivasa Addepalli (Intel) Lingli Deng (China Mobile) Bose Perumal (Dell)

Use case : IPSec between vRAN and vEPC Wireless MME HSS PCRF AAA eNB VM IPSec VM IPSEC Tunnels IPSec SGW PGW Firewall eNB VM IPSec VM SGW eNB VM IPSec PGW IPS/DPI PGW IPS/DPI Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Compute nodes Compute nodes vRAN Sites EPC Openstack VIM Openstack VIM Orchestrator

Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Test Setup Test Controller Bring Up IPSec VMs using NOVA Configure IPSec Policies using VPN-as-a-Service Horizon Dashboard Openstack VIM & VPN-as-a-Service IPSec VM IPSEC Tunnels IPSec VM Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Encrypted Traffic IXIA/Spirent Configure IXIA to start the traffic and measure the returned traffic Clear Traffic

Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Use case : IPSec GW for small cells UE SmallCell BackhaulNetwork Internet SmallCell GW EPC SeGW SmGW SeGW SmGW Authentication: realize mutual authentication between small cell and GW. Security Protection: establish IPSec tunnels between small cell and GW. QoS Inheritance: copies the inner IP ToS/DSCP tags onto the outerIP header during encapsulation. Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Signaling Routing: selects a proper MME for an attaching UE. Signaling Pooling: pools the interfaces to MME for a large group of small cells. Optional Compute node

Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Test Setup Test Controller Bring Up IPSec VMs using NOVA Configure IPSec Policies using VPN-as-a-Service Horizon Dashboard Openstack VIM & VPN-as-a-Service SeGW emulated eNBs SeGW VM IPSEC Tunnels SeGW VM Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Encrypted Traffic IXIA/Spirent Configure IXIA to start the traffic and measure the returned traffic Clear Traffic

Performance Expectations on EPC SecGw (Based on inputs from China Mobile) Parameters Low End Medium End High end Bandwidth 10Gbps 20Gbps 40Gbps Single Tunnel Bandwidth 4Gbps IPSec Tunnels 5000 20000 40000 Tunnel Setup Rate/second 1000 2000 4000 AES-128 and SHA-1, AES-256 and SHA-2 algorithm Certificate Authentication (RSA certificates with 2048 key size) on both sides, IKEv2 Packet Size : 512 bytes. Also take measurements for 1024, 1400, 2048, 4K packet sizes

Performance Measurements Packet Size Algorithm Tunnels Number of cores dedicated to Guest Number of cores dedicated to Host Burstiness Throughput Jitter (Min/Max/Avg) Latency (Min, Max, Avg) % of out-of-order packets on the flows 64 512 1K 2K 4K Tunnel Mode, AES-128, SHA-1 Tunnel Mode AES-128, SHA-2 Transport Mode AES-128 and SHA-1 Tunnel mode AES-GCM Tunnel mode AES-256 and SHA-2 1 5000 20000 40000 2 4 8 16 10 Measurement for various combination of above need to be recorded. Packet Size Algorithm Tunnels Number of cores dedicated to Guest Number of cores dedicated to Host Burstiness Throughput Jitter (Min/Max/Avg) Latency (Min, Max, Avg) % of out-of-order packets on the flows 512 4K Tunnel Mode, AES-128, SHA-1 1 2 Minimal combinations

DUT - Config DUT Instantiation OpenStack Commands Interface Config ? Interface Config IPSec Config Commands