From Packet Blasting to Application and Service Awareness Testing

Transcription

1 : From Packet Blasting to Application and Service Awareness Testing Chih-Hong LIN Dec. 4th, 2007 Berne Insert Presenter Photo Here 100 x 120 pixel in JPEG or BMP format Page 1

2 Agenda Market and Internet Traffic Trends Technology Backgrounder: TCP and P2P TCP & P2P Test Challenges TCP & P2P Test Scenarios and Test Results Conclusions Page 2

3 Internet Traffic Trends Internet traffic mix is changing Peer-to-peer (P2P) file sharing Real-time applications: VoIP, video, online games, instant messaging Triple Play will change this again: rising IPTV and VoD (RTSP) traffic Attacks that target applications Eavesdropping; RTP insertion Noticeable flow peaks on carrier backbones due to DDoS attacks Spam and DoS Zombies 70% of attacks originate from the inside DDoS flood detected by flow analysis Source: CAIDA Page 3

4 Internet Traffic Trends Peer-to-Peer (P2P) is the single largest bandwidth consumer on ISP networks P2P traffic significantly outweighs Web traffic P2P traffic is continuing to grow Other TCP Other UDP Games DNS Streaming ? FTP Not TCP/UDP File Sharing Web Source: Sprint IPMon project, % 80% 60% 40% 20% Other HTTP Other P2P Gnutella, FastTrack, edonkey, BitTorrent 0% Europe UK USA Asia Source: CacheLogic, Jun 2004 P2P Dominates the Internet! Accounts for 65% - 80% of overall traffic volume! Page 4

5 Tomorrow s N-Play Networks Tomorrow s networks will be responsible for supporting a mix of: Various services including voice, video and data. Various devices Various subscriber behaviors Subscriber Behaviours Devices Services Softswitch IMS/Media Server IPTV Video Head-end Application Server VoIP Data Other Services Page 5 IP Core & Access Network

6 Test in N-Play networks Therefore, the test solution for the network of tomorrow must be able to: 1. Emulate a. A set of devices (IP phones, STBs, PCs, etc.) b. A set of services supported by those devices (VoIP calls, IPTV channel changes, peer-to-peer sessions) c. A set of user behaviours to drive the services on those devices through time 2. Measure a. The performance of the control plane (e.g. IGMP channel changing) b. The performance of the data plane c. User quality of experience (QoE) Softswitch IMS/Media Server Simulate 1000s of IPTV clients/stbs N2X Port GbE Router SUT IPTV GbE N2X Port IP/MPLS Core Application Server Simulate 1000s of SIP endpoints/ IP-Phones VoIP Simulate 1000s of SIP endpoints/ IP-Phones Page 6 Simulate 1000s of data clients/pcs Data Simulate 1000s of data servers

7 Pain Points in N-Play Networks Ethernet & IP Traffic Blasting Scalable Traffic & Routing Performance Test Early / Present Day Broadband Aggregation Access Protocol Emulation & CTS 10/100M to 40G Eth, ATM, POS Interface Test Routing, MPLS & VPN Emulation & CTS Simultaneous IPTV, VoIP, Access Emulation and Stateful Application Traffic Blasting Scalable to 16K subs/csa Robust, Reliable Carrier Ethernet DPI, Policy Engine, Stateful TCP, SIP Proxies Security/FW IMS End-to-end Application Server Testing Per-subscriber, per-service QoS/QoE 10GE client side Content/ Application Server (VoD, FW, Security, etc) Next Gen Ethernet and IP-based Broadband Services and Aggregation Page 7

8 Agenda Market and Internet Traffic Trends Technology Backgrounder: TCP and P2P TCP & P2P Test Challenges TCP & P2P Test Scenarios and Test Results Conclusions Page 8

9 TCP in brief TCP State Transitions The 7-Layer OSI Model Application Presentation Session Transport Network Link Physical many, e.g. FTP, HTTP, etc. many, e.g. JPEG, GIF, MIDI many, e.g. SIP TCP or UDP IP Ethernet, ATM, of FR Ethernet or SONET time Dynamic Windowing Fast Re-transmit Mechanism Congestion Avoidance: Linear window size Slow-start: Exponential Page 9

10 A vital TCP metric: Goodput Goodput is the number of bits transmitted to the destination minus any bits lost or re-transmitted. Goodput does not include bits transmitted as part of the TCP header, IP header, Ethernet header, etc. In simple terms, goodput is the USEFUL amount of data transmitted by the network. Customers are telling us more and more that they are moving away from a L2 and L3 traffic-blasting characterization of networks, and are moving towards a L4 goodput model. Page 10

11 Peer-to-Peer Protocols and Applications P2P protocols are proprietary and constantly evolving to avoid detection, filtering and bandwidth control Use dynamic or variable port numbers Masquerade as legitimate Internet applications to defeat firewalls Use Web or Mail port numbers 80 (http), 25 (SMTP) Use HTTP protocol for file transfers Use encryption IPSec and SSL Common P2P applications and networks BitTorrent, edonkey, KaZaa, Gnutella account for majority of traffic volume Morpheus, imesh, AudioGalaxy, DirectConnect, MP2P, Winny, SoulSeek Skype Page 11

12 Peer-to-Peer Security P2P traffic is a network security nightmare Used by hackers to distribute viruses, worms, Trojans embedded in attractive files Exposes and leaks private and corporate confidential information and files Carries illegal content stolen software, movies, music P2P bandwidth abuse P2P applications use all available bandwidth starving mission-critical applications such as distributed databases P2P traffic is symmetric causes congestion on DSL networks last mile segment Page 12

13 Agenda Market and Internet Traffic Trends Technology Backgrounder: TCP and P2P TCP & P2P Test Challenges TCP & P2P Test Scenarios and Test Results Conclusions Page 13

14 Device Under Test Forwarding devices (N2X stateful TCP) Application intelligent devices (NetworkTester) Routers Switches Router Switch BSR BSA High-end Firewall High-end IPS/IDS Router/BNG SBC High-end Standalone Security Routers with int d high-end security and deep application intelligence Subscriber Management Low-end Security (typically int d into some routers) BNG (=BRAS) Simple Firewall Simple IPS/IDS Web Server SLB Mail Server Content Switch VoD Server Servers and Services things that help servers Page 14

15 Forwarding Moves up the Stack Testing needs to migrate away from stateless traffic blasting at layers 2 and 3, and towards stateful forwarding performance at layer 4. 85% of traffic on the Internet is (stateful) TCP. Therefore, realistic testing of forwarding performance should use a stateful traffic model to truly characterize the end-users experience. Services affect one another, especially P2P (like BitTorrent) affects VoIP and IPTV. Testing all three (voice, video, data) together on one interface is critical to know revenue-generating services are protected. Stateful TCP is also very useful to stress basic router functionality (queuing mechanisms) and even switching functionality (bandwidth control algorithms) dominant model L2 Forwarding Performance (Ethernet, ATM) L3 Forwarding Performance (IP) L4 Forwarding Performance (TCP) Page 15

16 Stateful TCP Test Challenges Characterizing L4 forwarding performance: Determine how well switch/router forwards packets when traffic includes stateful TCP flows, as 85% of real Internet traffic is. Evaluate queuing mechanisms such as WRED (weighted random early discard) to prioritize certain packets over other packets Testing application of policy in service aware routers: Test VoIP, IPTV and data simultaneously on same port Validate that policy is enforced properly, e.g. IPTV and VoIP are prioritized over peer-to-peer traffic Measure QoE Page 16

17 P2P Test Challenges Capacity planning, network design Characterize system performance and stability with expected and future number of users Need to verify application performance under expected real-world load Device scalability and benchmarking Measure application-aware security and bandwidth management devices Need to compare performance under realistic stress, including attacks Protocol interactions, prioritization, QoS Test unwanted interactions between H.323 and SIP protocols Need to verify traffic classification and prioritization under load: real-time VoIP, video > web > P2P Proprietary protocol management Proprietary application traffic is difficult to simulate: P2P, IM, Games Need to performance-test devices that filter or rate-limit these applications Page 17

18 Agenda Market and Internet Traffic Trends Technology Backgrounder: TCP and P2P TCP & P2P Test Challenges TCP & P2P Test Scenarios and Test Results Conclusions Page 18

19 Agilent s Data Centric TCP Test Solution Agilent N2X stateful TCP test solution emulates a carrier-serving area of 10s of 1000s of data subscribers, using an integrated test paradigm with a hardware-based implementation for unprecedented scale, repeatability and realism. App. Traffic App. Traffic TCP state Router TCP state TCP Sessions GbE SUT GbE time N2X Port N2X Port Page 19

20 TCP Test Scenario #1: Stateful TCP Traffic Blasting Load the pipe with stateful TCP traffic! Characterize forwarding performance of stateful layer-4 traffic Test at scale statefully and with re-transmissions! TCP state Router TCP state GbE N2X Port SUT GbE N2X Port Find the breaking point of your router with stateful TCP traffic! bandwidth Control stateful TCP traffic load dynamically in real-time (on the fly)!! time Page 20

21 TCP Test Scenario #2: Policy Testing Customers want to verify that their device or network is prioritizing traffic correctly according to policy, i.e. that the higher priority traffic such as IPTV and VoIP are not dropped in the presence of bandwidth-hogging peer-to-peer traffic P2P, HTTP, FTP P2P, HTTP, FTP Egress ports are oversubscribed causing congestion and packet dropping. TCP state N2X Port 1 GbE Router GbE SUT TCP state N2X Port 2 N2X Port 3 N2X Port 4 IPTV IPTV Clients Servers VoIP Clients VoIP Clients Customers ultimately want to perform QoE and QoS measurements on the IPTV and VoIP, and see clearly that bulk traffic such as P2P, FTP and HTTP is being dropped. Page 21

22 Proof that this makes sense! With stateless TCP traffic - 0 packet loss - latency=350us With stateful TCP traffic - packet loss 1 to 2% - (max) latency=2400us N2X Port 1000Mb/s Input Traffic VoIP Traffic: 71Mb/s, DSCP=EF Stateful background traffic: 32 TCP connections, MSS=1640 3Mb/s, DSCP=default switch (popular model) 100Mb/s Policing Applied in Switch TCP policed to <25% (25Mb/s) Varying Stateful TCP Bandwidth affects VoIP latency!! N2X Port Output Traffic 96% of line rate (=71Mb/s + 25Mb/s) Not over-subscribed But packets are dropped! Delay added! The only way to test the real impact of Data on IPTV and VoIP is to use Stateful Page 22 Application traffic.

23 Product Glance Measurement transmit traffic with no re-tx Simulate dropped packets simulate delayed packets turn on fast re-tx This demonstration highlights the need to support re-transmit when testing with stateful TCP. with re-transmit without re-transmit Page 23

24 P2P Test Scenarios Test requirements are to generate stateful P2P traffic (connecting, searching, file transfers) and to simulate P2P networks (many users, many P2P protocols, and download/upload characteristics of file transfers) Need to validate DUT ability to manage (filter, rate-limit, analyze) P2P traffic Measure impact of P2P on Voice, Video and Data applications in Service Provider networks Page 24

25 AppMix Test Methodology 1. Generate Real-word application mix: Web, Mail, VoD, H.323, SIP, DNS 2. Measure real-world performance: System capacity and scalability limits VoIP and video performance 3. Increase load and repeat Step 2. Retest with added: Access protocols (DHCP, IPsec, 802.1x, PPPoE) IPv6 clients & servers Proprietary applications (P2P) SNMP management traffic load DoS attacks, malicious exploits Page 25

26 Agilent Unique AppMix Real-World Test Library Repository of state-of-the-art, ready-to-run test methodologies for real-world performance testing Triple-Play traffic - VoIP, streaming video, P2P, Internet applications Protocol and transaction distributions based on statistical analysis of real-world traffic Save hundreds of man-hours in test development! Page 26

27 Example Test Plan POP3 SMTP HTTPS HTTP RTSP SIP answer Clients H.323 call SIP call H.323 answer DoS clients (optional ) Web, mail, RTSP Servers RTSP POP3 HTTPS DoS VoIP SMTP HTTP NetworkTester Device under test firewall, router, B-RAS NetworkTester Mail client profiles POP3 and SMTP Web client profiles HTTP and HTTPS Video client profiles RTSP VoIP client profiles H.323 and SIP Callers and answerers Servers: Mail, web and video Page 27

28 Baseline test results no firewall Throughput (Mbit/s) RTSP: 11 Mb/s HTTP 1.0: 7+ Mb/s H.323: 4.5 Mb/s SIP: 2.7 Mb/s Page 28

29 Actual test results with firewall Throughput (Mbit/s) HTTP 1.0 traffic oscillates when firewall session limit exceeded RTSP throughput is lower HTTP 1.0: 4.5 Mb/s RTSP: 5 Mb/s H.323: 2 Mb/s SIP: 1 Mb/s Page 29 VoIP throughput is lower

30 Agenda Market and Internet Traffic Trends Technology Backgrounder: TCP and P2P TCP & P2P Test Challenges TCP & P2P Test Scenarios and Test Results Conclusions Page 30

31 Conclusion TCP and P2P traffic dominates in the network Forwarding devices (e.g. routers and switches) now need to be tested with simulated stateful TCP in order to get a true goodput measure Application-aware devices (firewalls, clients, servers) need to be tested with P2P traffic In all cases, the traffic must be able to simulate a realistic mix Page 31

32 Thank you!!! Questions? Chih-Hong LIN Tel: Mobile: Page 32