Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt.

Published byHerbert Flowers Modified over 9 years ago

Similar presentations

Presentation on theme: "1 BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt."— Presentation transcript:

1 1 BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt draft-ietf-bmwg-acc-bench-meth-opsec-00.txt Co-authors are Scott Poretsky of Reef Point and Shankar Rao of Qwest 64th IETF Meeting – Vancouver

2 2 Document Structure Terminology EBGP Peering Methodology … General Methodology Operational Security Methodology –General Methodology has controlled scope –Additional technology specific methodologies can be added

3 3 Current Status (1 of 2) Terminology –draft-ietf-bmwg-acc-bench-term-07.txt, Terminology for Accelerated Stress Benchmarking –-07 changes ->  Resolves numerous I-D Nits  Incorporates comment from Jay Karthik for wording of MPLS tunnels General Methodology –draft-ietf-bmwg-acc-bench-meth-04.txt, Methodology Guidelines for Accelerated Stress Benchmarking –-04 changes ->  Resolves numerous I-D Nits

4 4 Current Status (2 of 2) EBGP Peering Methodology –draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt, Methodology for Benchmarking Accelerated Stress with Operational EBGP Instabilities Operational Security Methodology –draft-ietf-bmwg-acc-bench-meth-opsec-00.txt, Methodology for Benchmarking Accelerated Stress with Operational Security EBGP Peering Stress Test Cases 4.1 Failed Primary EBGP Peer 4.2 Establish New EBGP Peer 4.3 BGP Route Explosion 4.4 BGP Policy Configuration 4.5 Persistent BGP Flapping 4.6 BGP Route Flap Dampening 4.7 Nested Convergence Events Operational Security Stress Test Cases 4.1 Restart Under Load 4.2 Destination Control Processor 4.3 Destination Control Processor with Rate-Limiting 4.4 Destination Interfaces 4.5 DoS Attack

5 5 Control Plane 30 BGP Peers (2 EBGP, 28 IBGP) 28 OSPF Adjacencies 400K route instances 175K routes in FIB MPLS Disabled Multicast Protocols Disabled 16K IPsec Tunnels 32K IPsec SAs 16K IKE SAs IPsec SA Lifetime = 8 hours IKEv2 SA Lifetime = 8 hours DPD Disabled Example Stress Test – Configuration Set Security Plane 100K Stateful Firewall Sessions 64K Firewall Rules DOS-Protection Enabled Management Plane 20 SSH Sessions 4 RADIUS Servers with round-robin Logging enabled SysLog enabled Statistics enabled Data Plane Interfaces = qty 4 GigE Data Rate = 4 Gbps Packet Size = 1500 bytes QoS Disabled

6 6 Startup Conditions (as configured on Tester*) BGP and OSPF pre-configured and negotiation starts immediately 50 IPsec Tunnels established per second 1500 Stateful Firewall Sessions established per second Instability Conditions (as configured on Tester*) 1 Interface Shut/No Shut per minute 1 OSPF Interface Cost Change per hour 100 IPsec Tunnels flapped (setup/teardown) per second 20 IKEv2/IPsec Rekeys per second RADIUS Server lost every 30 minutes Continuous DOS Attacks (using Nessus) Close/Open 1 SSH session per minute Enter SHOW, Config, and Errored commands for every open session 1 SNMP GET per second 1 FTP File Transer of 100Mb every second * Tester is Test Device or System of Test Devices Example Stress Test – Test Conditions

7 7 DEVICE #1 1. Configuration Sets achieved 2. Startup Phase Benchmarks Stable Aggregate forwarding Rate = 4Gbps Stable Latency = 110 usec Stable Session Count = 30 BGP Peers 28 OSPF Adjacencies 16K IPsec Tunnels 3. Apply Instability Conditions 4. Instability Phase Benchmarks* Unstable Aggregate Forwarding Rate = 3.5Gbps Degraded Aggregate Forwarding Rate = 0.5Gbps Unstable Latency = 110usec Unstable Uncontrolled Sessions Lost = 126 *These are averages. It is recommended to record these values at 1 second interval 5. Stop applying Instability Conditions after X hours (24 for this test) 6. Recover Phase Benchmarks Recovery Time = 22 seconds Recovered Aggregate Forwarding Rate = 4Gbps Recovered Latency = 110usec Recovered Uncontrolled Sessions Lost = 0 Example Stress Test – Benchmarks DEVICE #2 1. Configuration Sets achieved 2. Startup Phase Benchmarks Stable Aggregate forwarding Rate = 4Gbps Stable Latency = 150 usec Stable Session Count = 30 BGP Peers 28 OSPF Adjacencies 16K IPsec Tunnels 3. Apply Instability Conditions 4. Instability Phase Benchmarks* Unstable Aggregate Forwarding Rate=3.3Gbps Degraded Aggregate Forwarding Rate= 0.7Gbps Unstable Latency = 170usec Unstable Uncontrolled Sessions Lost = 4000 *These are averages. It is recommended to record these values at 1 second interval 5. Stop applying Instability Conditions after X hours (24 for this test) 6. Recover Phase Benchmarks Recovery Time= Infinite Recovered Aggregate Forwarding Rate = 3.9Gbps Recovered Latency = 150usec Recovered Uncontrolled Sessions Lost = 97 Configuration Set in this test was reduced from a previous test because Device #2 crashed at 20 hours Test was repeated with 3 rd Configuration Set to obtain a Recovery Time for Device #2

8 8 Next Steps Is Terminology and Methodology ready for WGLC? Incorporate mailing list comments from BMWG and OpSec Identify and Add more test cases to EBGP Peering and Operational Security Methodologies Suggestions posted on Mailing List for new Methodologies: MPLS-TE network specific test cases LDP over RSVP-TE specific test cases

Download ppt "1 BENCHMARKING NETWORK DEVICES UNDER ACCLERATED STRESS draft-ietf-bmwg-acc-bench-term-07.txt draft-ietf-bmwg-acc-bench-meth-04.txt draft-ietf-bmwg-acc-bench-meth-ebgp-00.txt."

Similar presentations

Basic BGP Data Plane Convergence Benchmarking -Rajiv Papneja - Mohan Nanduri -Bhavani Parise - Eric Brendel -Susan Hares - Jay Karthik.

Basic BGP Data Plane Convergence Benchmarking -Rajiv Papneja - Mohan Nanduri -Bhavani Parise - Eric Brendel -Susan Hares - Jay Karthik.
APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
Basic BGP Data Plane Convergence Benchmarking draft-papneja-bgp-basic-dp-convergence-01 Rajiv Papneja, Susan Hares, Bhavani Parise, Mohan Nanduri, Jay.

Basic BGP Data Plane Convergence Benchmarking draft-papneja-bgp-basic-dp-convergence-01 Rajiv Papneja, Susan Hares, Bhavani Parise, Mohan Nanduri, Jay.
Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.

Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.
69th IETF Chicago IETF BMWG WLAN Switch Benchmarking Tarunesh Ahuja, Tom Alexander, Scott Bradner, Sanjay Hooda, Jerry Perser, Muninder Sambi.

69th IETF Chicago IETF BMWG WLAN Switch Benchmarking Tarunesh Ahuja, Tom Alexander, Scott Bradner, Sanjay Hooda, Jerry Perser, Muninder Sambi.
Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. Cisco 7500 High Availability.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. Cisco 7500 High Availability.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
Benchmarking Methodology WG (bmwg) 60th IETF – San Diego, CA Thursday, August 5, 2004, 1300-1500 Chairs: –Kevin Dubray –Al Morton.

Benchmarking Methodology WG (bmwg) 60th IETF – San Diego, CA Thursday, August 5, 2004, Chairs: –Kevin Dubray –Al Morton.
CS 672 1 Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc. 1998. Presented by Changchun Zou.

1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc Presented by Changchun Zou.
Sub-IP Layer Protection Mechanism Performance Benchmarking draft-ietf-bmwg-protection-term-05 draft-ietf-bmwg-protection-meth-04 November 17, 2008 Rajiv.

Sub-IP Layer Protection Mechanism Performance Benchmarking draft-ietf-bmwg-protection-term-05 draft-ietf-bmwg-protection-meth-04 November 17, 2008 Rajiv.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD

June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD
1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson 035-167575

1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.

IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.
1 © 2002, Cisco Systems, Inc. All rights reserved. Protocol /IPSec Securing Routing/Signaling Protocols w/ IPSec David Ward

1 © 2002, Cisco Systems, Inc. All rights reserved. Protocol /IPSec Securing Routing/Signaling Protocols w/ IPSec David Ward
TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.

TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.

Similar presentations

Ads by Google