Presentation is loading. Please wait.

Presentation is loading. Please wait.

DPACC IPSEC Performance Testing

Published byGervais Ellis Modified over 9 years ago

Similar presentations

Presentation on theme: "DPACC IPSEC Performance Testing"— Presentation transcript:

1 DPACC IPSEC Performance Testing
Srinivasa Addepalli (Intel) Lingli Deng (China Mobile) Bose Perumal (Dell)

2 Use case : IPSec between vRAN and vEPC
Wireless MME HSS PCRF AAA eNB VM IPSec VM IPSEC Tunnels IPSec SGW PGW Firewall eNB VM IPSec VM SGW eNB VM IPSec PGW IPS/DPI PGW IPS/DPI Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Compute nodes Compute nodes vRAN Sites EPC Openstack VIM Openstack VIM Orchestrator

3 Host Linux (vSwitch acceleration + IPSEC-LA acceleration)
Test Setup Test Controller Bring Up IPSec VMs using NOVA Configure IPSec Policies using VPN-as-a-Service Horizon Dashboard Openstack VIM & VPN-as-a-Service IPSec VM IPSEC Tunnels IPSec VM Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Encrypted Traffic IXIA/Spirent Configure IXIA to start the traffic and measure the returned traffic Clear Traffic

4 Host Linux (vSwitch Acceleration + IPSEC-LA acceleration)
Use case : IPSec GW for small cells UE SmallCell BackhaulNetwork Internet SmallCell GW EPC SeGW SmGW SeGW SmGW Authentication: realize mutual authentication between small cell and GW. Security Protection: establish IPSec tunnels between small cell and GW. QoS Inheritance: copies the inner IP ToS/DSCP tags onto the outerIP header during encapsulation. Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Signaling Routing: selects a proper MME for an attaching UE. Signaling Pooling: pools the interfaces to MME for a large group of small cells. Optional Compute node

5 Host Linux (vSwitch acceleration + IPSEC-LA acceleration)
Test Setup Test Controller Bring Up IPSec VMs using NOVA Configure IPSec Policies using VPN-as-a-Service Horizon Dashboard Openstack VIM & VPN-as-a-Service SeGW emulated eNBs SeGW VM IPSEC Tunnels SeGW VM Host Linux (vSwitch Acceleration + IPSEC-LA acceleration) Host Linux (vSwitch acceleration + IPSEC-LA acceleration) Encrypted Traffic IXIA/Spirent Configure IXIA to start the traffic and measure the returned traffic Clear Traffic

6 Performance Expectations on EPC SecGw (Based on inputs from China Mobile)
Parameters Low End Medium End High end Bandwidth 10Gbps 20Gbps 40Gbps Single Tunnel Bandwidth 4Gbps IPSec Tunnels 5000 20000 40000 Tunnel Setup Rate/second 1000 2000 4000 AES-128 and SHA-1, AES-256 and SHA-2 algorithm Certificate Authentication (RSA certificates with 2048 key size) on both sides, IKEv2 Packet Size : 512 bytes. Also take measurements for 1024, 1400, 2048, 4K packet sizes

7 Performance Measurements
Packet Size Algorithm Tunnels Number of cores dedicated to Guest Number of cores dedicated to Host Burstiness Throughput Jitter (Min/Max/Avg) Latency (Min, Max, Avg) % of out-of-order packets on the flows 64 512 1K 2K 4K Tunnel Mode, AES-128, SHA-1 Tunnel Mode AES-128, SHA-2 Transport Mode AES-128 and SHA-1 Tunnel mode AES-GCM Tunnel mode AES-256 and SHA-2 1 5000 20000 40000 2 4 8 16 10 Measurement for various combination of above need to be recorded. Packet Size Algorithm Tunnels Number of cores dedicated to Guest Number of cores dedicated to Host Burstiness Throughput Jitter (Min/Max/Avg) Latency (Min, Max, Avg) % of out-of-order packets on the flows 512 4K Tunnel Mode, AES-128, SHA-1 1 2 Minimal combinations

8 DUT - Config DUT Instantiation OpenStack Commands Interface Config
? Interface Config IPSec Config Commands

Download ppt "DPACC IPSEC Performance Testing"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP www.6wind.com Dubai IPv6 Forum Summit – February 2001.

IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP Dubai IPv6 Forum Summit – February 2001.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,

LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
DHCPv6 class based prefix (draft-bhandari-dhc-class-based-prefix-00) IETF 82, November 2011 Authors: Shwetha Bhandari (Cisco) Sri Gundavelli(Cisco) Gaurav.

DHCPv6 class based prefix (draft-bhandari-dhc-class-based-prefix-00) IETF 82, November 2011 Authors: Shwetha Bhandari (Cisco) Sri Gundavelli(Cisco) Gaurav.
Vancouver, BC July 27-30, 2015 Birds of a Feather Carrier Ethernet Services over LTE Rami Yaron, Telco Systems Glenn Parsons, Ericsson Rami Yaron, Telco.

Vancouver, BC July 27-30, 2015 Birds of a Feather Carrier Ethernet Services over LTE Rami Yaron, Telco Systems Glenn Parsons, Ericsson Rami Yaron, Telco.
IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.

IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
LTE roaming – a whole new world Acme Packet 3 Session Border Control (SBC) category creator and leader with over 60% market share Mission: enable delivery.

LTE roaming – a whole new world Acme Packet 3 Session Border Control (SBC) category creator and leader with over 60% market share Mission: enable delivery.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

Similar presentations

Ads by Google