Metaswitch engaged Miercom for an evaluation of the Perimeta

Similar documents
Sonus Networks engaged Miercom to evaluate the call handling

Sonus Networks submitted their SBC 5100 Session Border

Summary. Controller. Product. Category: Vendor Tested: a rate. Sonus Network while. Report scenarios. uses 48VDC NBS9000.

WildPackets TimeLine network recorder featuring the OmniPeek

Aruba Networks engaged Miercom to provide an independent

SESSION BORDER CONTROLLERS

Huawei Technologies engaged Miercom to evaluate several series

Cisco engaged Miercom to verify the performance and advanced

Huawei Technologies requested Miercom evaluate the

Huawei Technologies engaged Miercom to evaluate the S2700-EI

CSince XenDesktop 4 Enterprise and Platinum editions offer many other

Summary SBC. May. VSXi. Product. Category: Vendor Tested: ~ MST3 Media. Report. Report B. Ss server. Both, affordable, the Linux-

Lab Testing Summary Report

Lab Testing Summary Report

Lab Testing Summary Report

Huawei Technologies engaged Miercom to conduct an evaluation

Huawei Technologies engaged Miercom to evaluate the S12700

Lab Testing Summary Report

Huawei Technologies engaged Miercom to conduct an

Red Condor had. during. testing. Vx Technology high availability. AntiSpam,

Dialogic Session Border Controller Performance Validation

Dell Networking S6000

Brochure. Dialogic BorderNet Session Border Controller Solutions

Hbusiness enabling green benefits that the A G SI offers to its

QA-604 QualityAssurer NEXT-GENERATION NETWORK TEST PLATFORM

3all environmental impact and business enabling green benefits that

Huawei Technologies engaged Miercom to evaluate the S9300

Never Drop a Call With TecInfo SIP Proxy White Paper

H3C S5800 Series and S5820X Switches were evaluated by

Hewlett-Packard s ProCurve 2520 Series Switches were evaluated

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Lab Testing Summary Report

Hewlett-Packard* A5800 Series and A5820 Switches were

Lab Testing Summary Report

Allstream NGNSIP Security Recommendations

Hewlett Packard s ProCurve 5406zl switch was evaluated by

Hewlett-Packard s ProCurve 1810 Series Switches were evaluated

LabTest Report. Cisco Nexus 3064

ORACLE ENTERPRISE COMMUNICATIONS BROKER

Session Border Controller

Hewlett-Packard* E4800G 24-Port and 48-Port switches were

Intel Security Advanced Threat Defense Threat Detection Testing

IxChariot. Predict Device and System Performance Under Realistic Load Conditions

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

Technical Overview. Mitel MiCloud Telepo for Service Providers 4.0. Key Features

ABC SBC: Securing the Enterprise. FRAFOS GmbH. Bismarckstr CHIC offices Berlin. Germany.

Dell Networking S6000

3Com Switch 4800G/H3C 5500-EI 24-Port and 48-Port switches

SIP Flex Test Suite. Highlights. IMS and VoIP Network Element and Service Testing

Dell Networking S6000

let your network blossom Orchid One Security Features

Dialogic BorderNet Virtualized Session Border Controller

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Firepower Threat Defense Site-to-site VPNs

Hewlett-Packard* A7506 Ethernet Switch was evaluated by

VPN-1 Power/UTM. Administration guide Version NGX R

Configuring Hosted NAT Traversal for Session Border Controller

ABC SBC: Secure Peering. FRAFOS GmbH

Validation of Cisco SCE8000

Firewalls for Secure Unified Communications

Oracle Communications Session Router

RUGE. Rugged IP load generator (Ruge) Ruge gives your network a serious beating. Just to make sure it does not fail when it is time to go live.

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

HP AllianceONE Services zl Module for Avaya Aura Session Border Controller powered by Acme Packet

Application Notes for Configuring SIP Trunking between CenturyLink SIP Trunk (Legacy Qwest) Service and Avaya IP Office R8.0 (16) Issue 1.

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Application Note. Microsoft OCS 2007 Configuration Guide

Performance & Interoperability Dell Networking 7000 and 8100 Switch Series

Analyzing the Internal Processing of IMS-based and traditional VoIP systems

Wireless Mesh Test Suite

Spirent Landslide VoLTE

10 Reasons to Choose AudioCodes Enterprise SBC

Cisco Webex Cloud Connected Audio

Oracle Communications WebRTC Session Controller

Technical White Paper for NAT Traversal

HIGH DENSITY MEDIA GATEWAY WITH MODULAR INTERFACES AND SBC. Comparative table for call capacities of the KMG SBC 750:

Performance Testing for Multicast Services Using TeraVM Application Note. The most important thing we build is trust

Application Note Asterisk BE with SIP Trunking - Configuration Guide

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Netaxis Solutions SIGMA

Sonus Networks Cloud Link Performance and Security Assessment

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

SESSION BORDER CONTROL IN IMS AN ANALYSIS OF THE REQUIREMENTS FOR SESSION BORDER CONTROL IN IMS NETWORKS

Avaya ExpertNet Lite Assessment Tool

Dialogic BorderNet 4000 Session Border Controller

Implementing SBC Firewall Traversal and NAT

Corrigendum 3. Tender Number: 10/ dated

Firewall Control Proxy

3Com Switch 7906E/H3C S7506E was evaluated by Miercom under

IMS, NFV and Cloud-based Services BUILDING INTEGRATED CLOUD COMMUNICATION SERVICES

AT&T Collaborate TM. Network Assessment Tool

Patton Electronics Co Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: fax:

Real-time Communications Security and SDN

Networked Multimedia and Internet Video. Colin Perkins

Application Notes for Packet One SIP Trunk System Version 3.1 Interoperability with Avaya Software Communication System Release Issue 1.

Loss. August 2017 DR170421C. Miercom

2.- Adapt SIP protocol to Internet of the future

Performance Characterization of the Dell Flexible Computing On-Demand Desktop Streaming Solution

Juniper SRX Services Gateway Performance Testing

Secure Communications on VoIP Networks

Transcription:

Lab Testing Summary Report May 2013 Report 130425 Product Category: Carrier Class SBC Vendor Tested: Products Tested: Session Border Controller Key findings and conclusions: software maintained a call rate of over 2,000 calls per second (cps). It also supported 1.4 million concurrent signaling sessions and 50,000 concurrent media sessions on a 1U COTS server successfully processed over 54 million calls at a rate of 1,000 cps during a 15-hour DoS attack without dropping any calls In a registration burst test, successfully registered more than 1 million endpoints in 6 minutes at a rate of 3,000 registrations per second (rps) while simultaneously processing calls at 1,000 cps is scalable can handle up to 4 million concurrent subscriber registrations depending on hardware capacity While overloaded with 4,000 cps, successfully processed calls at a rate of 2,034 cps Metaswitch engaged Miercom for an evaluation of the Session Border Controller (SBC) for performance, scalability, reliability and security in various usage scenarios and deployment modes. The SBC serves as an interconnection point between wireless or wireline peering carriers (Interconnect SBC or I-SBC) or between a carrier s core infrastructure and the access network (Access SBC or A-SBC). It can be deployed in a nextgeneration network (NGN) or an IP Multimedia Subsystem (IMS), including VoLTE, IPX and RCS deployments. The primary functionality of the SBC includes security, traffic management and accessibility. Its security functions include network perimeter defense (blacklisting and rate limiting), topology hiding and privacy. Traffic management functions include overload protection and adaptive QoS. Accessibility functions include NAT traversal and protocol repairing. is the first carrier-class SBC tested by Miercom that runs on Commercial Off-the-Shelf (COTS) servers. Figure 1: Metaswitch SBC Call Overload Performance in ISC Configuration Metaswitch SBC achieves over 2,300 cps handling capability.

Miercom testing focused on performance, scalability, capacity and security of various deployment models of the SBC. It covered both the I-SBC and A-SBC usage scenarios. Specifically, the SBC was tested for: Figure 2: SBC - Authenticated and Unauthenticated Registrations System throughput including calls, subscriber registrations and notifications for SIP traffic System capacity for simultaneously active calls, registrations and media sessions System high availability (HA) and resilience of operation under overload, various kinds of security attacks and other adverse network conditions The SBC, featuring a software-centric design, runs on general-purpose hardware, including COTS servers and the Metaswitch ATCA appliance. The SBC architecture consists of distinct and independently scalable signaling and media processing software elements that can be integrated, co-located or geographically distributed depending on the scale and the topology of the network. The architecture has two distinct components: a Signaling Session Controller (SSC) and a Media Session Controller (MSC), allowing for independent scaling of signaling and media control. Built for distributed operation, the SSC and MSC may be either co-located or geographically dispersed around the network. Combining both SSC and MSC functionality on discrete processor instances, the Integrated Session Controller (ISC) provides a consolidated solution for smaller deployments. The SBC was tested in a HA configuration on a pair of Dell R620 servers (64 GB RAM and 2 CPUs 2.9GHz with 16 physical cores) as well as on dedicated Metaswitch ATCA hardware servers functioning in a high-availability 1:1 server pair. The Test Bed Diagram on page 6 shows a high-level view of the test environment the different tools used, along with the various deployments of SBC that were tested. Registration Performance The SBC in an A-SBC role is the proxy to the registrar in a SIP network. The SBC is responsible for accepting and maintaining subscriber registrations. The test results of subscriber registration traffic throughput and registration session capacity are summarized in the following subsections. SBC subjected to authenticated and unauthenticated subscriber registrations. Registration Throughput Three different configurations of the SBC were tested for subscriber registration traffic throughput for authenticated and unauthenticated SIP registration requests. Results are shown in the diagram above. Table 1 summarizes the test results for various platform types. Overall, the system showed high throughput with extremely low latency in response times when handling subscriber registrations. Table 1: Performance for Authenticated and Unauthenticated Registrations Platform Type Authenticated Regs/Sec Registration Capacity and Longevity Unauthenticated Regs/Sec ISC COTS 2,800 4,500 ISC ATCA 950 1,900 SSC+MSC ATCA 2,000 4,000 Performance for authenticated and unauthenticated registrations on different platforms. The SBC was tested for the number of simultaneous subscriber registration entries the system can hold and maintain successfully over a period of time. The duration of this test was chosen to be long enough so that the system experienced multiple registration refresh cycles. Notably, in a COTS ISC configuration, demonstrated the ability to accept 4 million simultaneously registered subscribers in a longevity Copyright 2013 Miercom Metaswitch Session Border Controller Page 2

test that last several hours. Subscribers were accepted and authenticated at a sustained rate of 2,200 rps with refresh occurring every 30 minutes. Table 2 summarizes registration capacities for various platform types. Table 2: Registration Capacity Platform Type No. of Simulated Regs Registration Refresh ISC COTS 4,000,000 30 min ISC ATCA 200,000 30 min SSC+MSC ATCA 1,600,000 30 min subsections summarize the various call handling performance results. Standard SIP Call Performance A standard point-to-point SIP call involves seven SIP messages per call leg (a total of 14 SIP messages if both the legs of a SIP B2BUA call are counted) as shown in Figure 3. Figure 3: SBC Handling Standard SIP Call Flow registration capacity with refresh rates on different platforms and configuration options. Registration Storm To investigate performance in a realistic stress scenario, Miercom simulated a registration storm after a power outage with 1 million phones coming back online at once and registering with. This is a critical test to verify 99.999% reliability. Poor performance in this test could mean a considerable service outage due to circumstances outside the operator s control. demonstrated exceptional performance. took 6 minutes to re-register 1 million subscribers, while processing calls at a constant load of 1,000 cps. This is equivalent to approximately 18,000 SIP messages per second passing through. Fast Registrations The A-SBC deployments of typically involve NAT traversal to establish and maintain IP connections when the SBC is subjected to a high volume of registration refresh traffic. The access network s SIP end points rely on frequent registration refreshes (for example, at 30-second intervals) to keep the intermediary NAT pinholes open. The was able to successfully handle 1 million registered subscribers while refreshing every 30 seconds. This is a common topology in real-life access networks. To be a credible choice for a real-life deployment, the SBC must have great support for this topology. s ability to support 1 million subscribers demonstrates that it has been engineered with an operator s deployment plans in mind. Call Performance Different hardware configurations of the SBC were subjected to various I-SBC and A-SBC call scenarios in a test environment. The following SBC handling a standard SIP call flow with seven SIP messages per call leg. Table 3: Throughput Performance Platform ATCA ISC ATCA SSC+MSC COTS ISC Peak Call Rate Supported 529 calls/second 1,413 calls/second 2,399 calls/second The software running on COTS servers was able to support in excess of 2,000 CPS using this profile. To test system capacity, the scripts were adjusted so that calls were kept active indefinitely. Results showed that the software on COTS servers sustained 1.4 million signaling sessions concurrently. Standard SIP Call Overload Performance The SBC was subjected to a call overload test in which SIP call traffic rates higher than specified capacity were progressively injected into Copyright 2013 Miercom Metaswitch Session Border Controller Page 3

Figure 4: Call Overload Performance on Different Platforms 3000 Handled Calls (Calls/Second) 2500 2000 1500 1000 500 0 0 0 900 500 600 700 800 400 200 300 400 500 532 539 537 523 100 300 200 503 482 465 446 100 2200 2100 2000 1900 1800 1700 1600 1500 1400 1200 1300 1100 1000 2399 2301 2203 2106 2080 2014 2034 0 100 200 300 400 500 600 700 800 900 1000 1100 1200 1300 1400 1500 1600 1700 1800 1900 2000 2100 2200 2400 2600 2800 3200 3400 3600 4000 Offered Load (Calls/Second) COTS Dell ISC ATCA ISC Metaswitch software solution and appliance cps handling capability. the system. The graph in Figure 4 shows s gradual tail-off saturation curve. Offered call rates are compared with the successfully handled call rates on various hardware platforms, including COTS-based ISC and ATCA-based ISC. It is important to note that the successfully sustained its rated call-handling throughput even when it was subjected to significant overload conditions. This ability of to sustain rated call loads even in an overload state is unusual and allows operators to rely on that level of throughput even in extreme circumstances. IMS/VoLTE SIP Call Performance A typical IMS/VoLTE call flow involves 20 SIP messages per call as shown in Figure 5. The SBC running as an ISC on COTS hardware demonstrated its linearity by successfully handling IMS/VoLTE calls at 750 cps. Increasing the messages per call has a proportional impact on the cps that can be supported. Linearity is highly useful for traffic engineering planning. Fragmented SIP INVITE Call-Handling Performance In the fragmented SIP INVITE test, the size of the SIP message (including the SDP payload) was made large enough so that the INVITE messages were fragmented in the network. The size was typically larger than the network MTU. When subjected to fragmented packets, the SBC is responsible for assembling them to construct full SIP messages for further processing. The fact that the SBC demonstrated the ability to successfully handle 1,500 CPS when subjected to fragmented SIP INVITEs is Figure 5: SBC IMS Call Flow SBC handling an IMS call flow with 20 SIP messages per call log. Copyright 2013 Miercom Metaswitch Session Border Controller Page 4

noteworthy. Thus, Metaswitch has addressed a traditional issue for SBCs -- the inability to support a high rate of fragmented packets, which can create a potential Denial of Service (DoS) attack vector against a VoIP network. Security Testing The SBC was also subjected to a variety of DoS and DDoS (Distributed Denial of Service) attacks while simultaneously handling normal traffic. As shown in the Security Test Bed Diagram on page 6, the was subjected to the following security attacks spurious invites, ICMP echo packets, junk UDP messages and IP fragment overruns and overlaps, handling loads of up to 849 megabits per second. The SBC demonstrated high resilience against all four security attacks by successfully handling 100% of calls at 1,000 cps. Media Capacity and QoS Performance The media-handling capacity and QoS performance of the ISC were measured using the EXFO QA-604 test tool. As shown in Figure 6, a single SIP/RTP call from EXFO was spiraled 4 times through the, thereby quadrupling the media load. The successfully handled 50,000 simultaneous G.729 calls with end-to-end media packet loss of, at most, 0.001%. During the test, the SBC had no measurable detrimental effect on the voice quality of the media streams. The test results verify that the SBC has a negligible impact on the media quality since it introduces negligible packet loss or delay into the media stream. Table 4 summarizes the call capacity of various configurations. Figure 6: SBC Media Handling and QoS Testing 12,500 active calls originated by EXFO SBC (ISC) 50,000 active calls in as each EXFO call is spiraled 4 times. SIP and RTP Flows EXFO QA-604 VoIP, IMS Tester SBC (ISC) SBC media handling and QoS testing using EXFO test equipment. Table 4: SIP Call Capacity Platform Type Active Calls Failed Calls ISC COTS 50,000 0 ISC ATCA 15,000 0 SSC+MSC ATCA 16,000 0 SIP call capacity on different platforms. SIP Message Manipulation Performance The SBC -- via its Protocol Repairing functionality -- is capable of manipulating SIP headers as SIP call messages are processed. In a test involving SIP header message manipulation, the SBC was configured with the following rules: Delete a P-Unused-Header field (a header present in all SIP messages in the test) Delete a P-Not-Present field (a header absent in all SIP messages in the test) Add a P-Added-Header field with a dummy value Replace the value of a P-Replace-Me header with a dummy value Replace the value of a P-Also-Replace-Me header with a dummy value With these manipulation rules in place, the SBC did not exhibit any marked difference in normal SIP call-processing performance and successfully handled 2,000 cps. This is a critical result due to the role the SBC plays in normalizing different SIP flows at the edge of the network. Traditionally, SBCs have taken a significant mainline performance hit when performing message manipulation. The demonstrated no mainline performance drop, indicating that it is flexible to specific deployment requirements of an operator. Bottom Line The Metaswitch either as software running on COTS servers or as a complete hardware appliance offers exceptional scalability, performance and security for service-provider and carrier-class SBC applications. It maintained resilience and superior performance in two high-duress scenarios, prolonged DoS attack load and when pushed to the limit for call handling and concurrent call load. software running on either COTS servers or as a complete hardware appliance compared well with competitive SBC products Miercom has tested. It achieved higher capacity in many metrics and met performance levels in others. Copyright 2013 Miercom Metaswitch Session Border Controller Page 5

Security Test Bed Diagram Test Tools Systems Under Test SIPp SIP UA Simulation Tool ISC on COTS Dell R620 Hardware EXFO QA 604 VoIP, IMS Communication Network Tester ISC on ATCA Hardware SSC on ATCA Hardware 10,000 Device Botnet Security Attack Simulation MSC on ATCA Hardware How We Did It The Metaswitch Session Border Controller was evaluated for performance and security as well as its special features and capabilities. Testing focused on the call capacity, call rate, registration capacity and registration rate. The testing environment included DoS and DDoS to determine the SBC s effectiveness in thwarting such attacks. Testing was conducted on Version 3.4 running on Commercial Off-The-Shelf (COTS) servers and on Version 3.3 running on the Metaswitch ATCA appliance. SIPp, Scapy and Mausezahn are open source tools. Each can be downloaded for free from its Website. SIPp is a call load-generator tool that is installed onto a server. The SIPp test script can be configured to perform many different types of SIP call traffic. SIPp was used to test the s call capacity and call rate. SIPp was also specifically configured to send INVITE DoS to the SBC. Scapy and Mausezahn also were used in the DoS attacks and message manipulations tests. Scapy is an open-source tool that can interactively manipulate packets. Scapy was used to send fragmented SIP packets out-of-order through the to test whether or not the could reorder the fragments and reassemble the packets correctly. Scapy attempts to stress the SBC and helps verify the effectiveness of the at processing calls while under attack. Mausezahn generates network traffic load to test network devices for performance and security. Specifically, Mausezahn was used for all DoS and DDoS attacks to determine whether the SBC could sustain high levels of INVITE, REGISTERS, ICMP messages and UDP packets. The EXFO QA-604 VoIP and IMS test tool was used to load SIP media traffic through the SBC on COTS and Metaswitch ATCA hardware. The entry level, 2U rack mounted, QA-604 platform provides scalability, stress and emulation performance of more than 2 million IMS subscribers or 1 million subscribers with 128K RTP streams. The tests in this report are intended to be reproducible for current or prospective customers who wish to recreate them with the appropriate test and measurement equipment. Current or prospective customers interested in repeating these results may contact reviews@miercom.com for details on the configurations applied to the Device Under Test and test tools used in this evaluation. Miercom recommends that current and prospective customers conduct their own needs analysis study and test specifically for the expected environment for product deployment before making a product selection. Copyright 2013 Miercom Metaswitch Session Border Controller Page 6

Miercom Performance Verified We are very pleased to present Metaswitch with the Miercom Performance Verified Certification for the SBC. Metaswitch SBC products demonstrated truly exceptional call-processing performance and capacity based on Miercom hands-on testing validation. Both the hardware and software SBC solutions achieved high call-handling rates and remained stable even while subjected to a wide range of aggressive and realistic DoS and DDoS attacks. The software solution performed admirably in performance, security and failover tests while running on Dell R620 Commercial Off-The-Shelf servers and the Metaswitch ATCA appliance all-in-one solution. Metaswitch Session Border Controller Metaswitch Networks 201 Potrero Avenue San Francisco, CA 1-415-513-1500 www.metaswitch.com About Miercom s Product Testing Services Miercom has hundreds of product-comparison analyses published over the years in leading network trade periodicals including Network World, Business Communications Review, Tech Web - NoJitter, Communications News, xchange, Internet Telephony and other leading publications. Miercom s reputation as the leading, independent product test center is unquestioned. Miercom s private test services include competitive product analyses, as well as individual product evaluations. Miercom features comprehensive certification and test programs including: Certified Interoperable, Certified Reliable, Certified Secure and Certified Green. Products may also be evaluated under the NetWORKS As Advertised program, the industry s most thorough and trusted assessment for product usability and performance. Report 130425 reviews@miercom.com www.miercom.com Before printing, please consider electronic distribution Product names or services mentioned in this report are registered trademarks of their respective owners. Miercom makes every effort to ensure that information contained within our reports is accurate and complete, but is not liable for any errors, inaccuracies or omissions. Miercom is not liable for damages arising out of or related to the information contained within this report. Consult with professional services such as Miercom Consulting for specific customer needs analysis. Copyright 2013 Miercom Metaswitch Session Border Controller Page 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback