draft-ietf-bmwg-ipflow-meth-00.txt   draft-ietf-bmwg-ipflow-meth-01.txt 
Internet Engineering Task Force Jan Novak Internet Engineering Task Force Jan Novak
Internet-Draft Cisco Systems, Inc. Internet-Draft Cisco Systems, Inc.
Intended status: Informational Intended status: Informational
Expires: 13 June, 2011 13 December 2010 Expires: 15 October, 2011 15 April 2011
IP Flow Information Accounting and Export Benchmarking IP Flow Information Accounting and Export Benchmarking
Methodology Methodology
draft-ietf-bmwg-ipflow-meth-00.txt draft-ietf-bmwg-ipflow-meth-01.txt
Abstract Abstract
This document provides methodology and framework for quantifying This document provides methodology and framework for quantifying
performance impact of monitoring of IP flows on a network device and performance impact of monitoring of IP flows on a network device and
export of this information to a collector. It identifies the rate at export of this information to a collector. It identifies the rate at
which the IP flows are created, expired and exported as the which the IP flows are created, expired and successfully exported as
performance metric. The metric is only applicable to the devices a new performance metric in combination with traditional throughput.
compliant with the Architecture for IP Flow Information Export The metric is only applicable to the devices compliant with the
[RFC5470]. Architecture for IP Flow Information Export [RFC5470].
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in as reference material or to cite them other than as "work in
progress." progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on 13 June, 2011. This Internet-Draft will expire on 15 October, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Novak Expires June, 2011 Novak Expires October, 2011
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described "OPTIONAL" in this document are to be interpreted as described
in RFC 2119 [RFC2119]. in RFC 2119 [RFC2119].
Table of Contents Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Existing Terminology. . . . . . . . . . . . . . . . . . . 4 2.1 Existing Terminology. . . . . . . . . . . . . . . . . . . 4
2.2 New Terminology . . . . . . . . . . . . . . . . . . . . . 4 2.2 New Terminology . . . . . . . . . . . . . . . . . . . . . 4
3. Flow Monitoring Performance Metric. . . . . . . . . . . . . . 6 3. Flow Monitoring Performance Metric. . . . . . . . . . . . . . 6
3.1 The Definition. . . . . . . . . . . . . . . . . . . . . . 6 3.1 The Definition. . . . . . . . . . . . . . . . . . . . . . 6
3.2 Device Applicability. . . . . . . . . . . . . . . . . . . 6 3.2 Device Applicability. . . . . . . . . . . . . . . . . . . 6
3.3 Measurement Concept . . . . . . . . . . . . . . . . . . . 7 3.3 Measurement Concept . . . . . . . . . . . . . . . . . . . 7
3.4 The Measurement Procedure Overview. . . . . . . . . . . . 8 3.4 The Measurement Procedure Overview. . . . . . . . . . . . 8
3.5 Software Platforms. . . . . . . . . . . . . . . . . . . . 9 4. Measurement Set Up. . . . . . . . . . . . . . . . . . . . . . 9
3.6 Hardware Platforms. . . . . . . . . . . . . . . . . . . . 9 4.1 Measurement Topology. . . . . . . . . . . . . . . . . . . 9
4. Measurement Set Up . . . . . . . . . . . . . . . . . . . . . 10 4.2 Base DUT Set Up. . . . . . . . . . . . . . . . . . . . . 10
4.1 Measurement Topology . . . . . . . . . . . . . . . . . . 10
4.2 Base DUT Set Up. . . . . . . . . . . . . . . . . . . . . 11
4.3 Flow Monitoring Configuration. . . . . . . . . . . . . . 11 4.3 Flow Monitoring Configuration. . . . . . . . . . . . . . 11
4.4 Collector. . . . . . . . . . . . . . . . . . . . . . . . 15 4.4 Collector. . . . . . . . . . . . . . . . . . . . . . . . 14
4.5 Packet Sampling. . . . . . . . . . . . . . . . . . . . . 15 4.5 Packet Sampling. . . . . . . . . . . . . . . . . . . . . 15
4.6 Frame Formats. . . . . . . . . . . . . . . . . . . . . . 16 4.6 Frame Formats. . . . . . . . . . . . . . . . . . . . . . 15
4.7 Frame Sizes. . . . . . . . . . . . . . . . . . . . . . . 16 4.7 Frame Sizes. . . . . . . . . . . . . . . . . . . . . . . 16
4.8 Illustrative Test Set-up Examples. . . . . . . . . . . . 17 4.8 Flow Export Data Packet Sizes. . . . . . . . . . . . . . 16
4.9 Illustrative Test Set-up Examples. . . . . . . . . . . . 16
5. Flow Monitoring Throughput Measurement Methodology . . . . . 18 5. Flow Monitoring Throughput Measurement Methodology . . . . . 18
5.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 18 5.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 18
5.2 Traffic Configuration. . . . . . . . . . . . . . . . . . 19 5.2 Traffic Configuration. . . . . . . . . . . . . . . . . . 19
5.3 Cache Population . . . . . . . . . . . . . . . . . . . . 20 5.3 Cache Population . . . . . . . . . . . . . . . . . . . . 19
5.4 Measurement Time Interval. . . . . . . . . . . . . . . . 20 5.4 Measurement Time Interval. . . . . . . . . . . . . . . . 20
5.5 Flow Export Rate Measurement . . . . . . . . . . . . . . 21 5.5 Flow Export Rate Measurement . . . . . . . . . . . . . . 21
5.6 The Measurement Procedure. . . . . . . . . . . . . . . . 22 5.6 The Measurement Procedure. . . . . . . . . . . . . . . . 21
6. RFC2544 Measurements . . . . . . . . . . . . . . . . . . . . 22 6. RFC2544 Measurements . . . . . . . . . . . . . . . . . . . . 22
6.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 23 6.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 23
6.2 Measurements With the Flow Monitoring Throughput Set-up. 24 6.2 Measurements With the Flow Monitoring Throughput Set-up. 23
6.3 Measurements With Fixed Flow Expiration Rate . . . . . . 24 6.3 Measurements With Fixed Flow Expiration Rate . . . . . . 23
6.4 Measurements With Single Traffic Component . . . . . . . 24 6.4 Measurements With Single Traffic Component . . . . . . . 24
6.5 Measurements With Two Traffic Components . . . . . . . . 25 6.5 Measurements With Two Traffic Components . . . . . . . . 24
7. Flow Monitoring Accuracy . . . . . . . . . . . . . . . . . . 25 7. Flow Monitoring Accuracy . . . . . . . . . . . . . . . . . . 25
8. Evaluating Flow Monitoring Applicability . . . . . . . . . . 26 8. Evaluating Flow Monitoring Applicability . . . . . . . . . . 25
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . 27 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . 26
11. Security Considerations . . . . . . . . . . . . . . . . . . 27 11. Security Considerations . . . . . . . . . . . . . . . . . . 26
12. References. . . . . . . . . . . . . . . . . . . . . . . . . 27 12. References. . . . . . . . . . . . . . . . . . . . . . . . . 26
12.1 Normative References. . . . . . . . . . . . . . . . . . 27 12.1 Normative References. . . . . . . . . . . . . . . . . . 26
12.2 Informative References. . . . . . . . . . . . . . . . . 27 12.2 Informative References. . . . . . . . . . . . . . . . . 27
Appendix A: Report Format . . . . . . . . . . . . . . . . . . . 30 Appendix A: Recommended Report Format . . . . . . . . . . . . . 28
Novak Expires June, 2011 Novak Expires October, 2011
Appendix B: Miscellaneous Tests . . . . . . . . . . . . . . . . 31 Appendix B: Miscellaneous Tests . . . . . . . . . . . . . . . . 29
B.1 DUT Under Traffic Load . . . . . . . . . . . . . . . . . 31 B.1 DUT Under Traffic Load . . . . . . . . . . . . . . . . . 29
B.2 In-band Flow Export. . . . . . . . . . . . . . . . . . . 31 B.2 In-band Flow Export. . . . . . . . . . . . . . . . . . . 29
B.3 Variable Packet Rate . . . . . . . . . . . . . . . . . . 32 B.3 Variable Packet Rate . . . . . . . . . . . . . . . . . . 30
B.4 Bursty Traffic . . . . . . . . . . . . . . . . . . . . . 32 B.4 Bursty Traffic . . . . . . . . . . . . . . . . . . . . . 30
B.5 Various Flow Monitoring Configurations . . . . . . . . . 32 B.5 Various Flow Monitoring Configurations . . . . . . . . . 30
B.6 Tests With Bidirectional Traffic . . . . . . . . . . . . 33 B.6 Tests With Bidirectional Traffic . . . . . . . . . . . . 31
B.7 Instantaneous Flow Export Rate . . . . . . . . . . . . . 33 B.7 Instantaneous Flow Export Rate . . . . . . . . . . . . . 31
1. Introduction 1. Introduction
Monitoring of IP flows (Flow monitoring) on network devices is a Monitoring of IP flows (Flow monitoring) on network devices is a
widely used application that has numerous uses in both service widely deployed application that has numerous uses in both service
provider and enterprise segments as detailed in the Requirements for provider and enterprise segments as detailed in the Requirements for
IP Flow Information Export [RFC3917]. This document intends to IP Flow Information Export [RFC3917]. This document provides a
provide a methodology for measuring Flow monitoring performance and methodology for measuring Flow monitoring performance so that
provide network operators a framework for considering its impact to network operators have a framework for considering measurement
the network and network equipment. impact on the network and network equipment.
Flow monitoring is defined in the Architecture for IP Flow Flow monitoring is defined in the Architecture for IP Flow
Information Export [RFC5470] and related IPFIX documents. Information Export [RFC5470] and related IPFIX documents.
What is the cost of enabling the IP Flow monitoring and export to a What is the cost of enabling the IP Flow monitoring and export to a
collector is a basic question that this document tries to answer. collector ? This is the basic question that this methodology is
This document goal is a series of methodology specifications for the designed to answer.
monitoring of Flow monitoring performance, in a way that is
comparable amongst various implementations, various platforms, and
vendors.
Since Flow monitoring will in most cases run on network devices This document goal is a series of methodology specifications for
forwarding packets, methodology for RFC2544 measurements (with IPv6 the measurement of Flow monitoring performance, in a way that is
and MPLS specifics defined in [RFC5180] and [RFC5695] respectively) comparable amongst various implementations, platforms, and
in the presence of Flow monitoring is also proposed here. vendor's devices.
The most significant parameter in terms of performance, is the rate Since Flow monitoring will in most cases run on network devices also
at which IP flows are created and expired in the network devices forwarding packets, the methodology for RFC2544 measurements (with
memory and exported to a collector. Therefore, this document focuses IPv6 and MPLS specifics defined in [RFC5180] and [RFC5695]
on a methodology on how to measure the maximum IP flow rate that a respectively) in the presence of Flow monitoring is also employed
here.
The most significant performance parameter is the rate at which IP
flows are created and expired in the network devices memory and
exported to a collector. Therefore, this document focuses on a
methodology on how to measure the maximum IP flow rate that a
network device can sustain without impacting the forwarding plane, network device can sustain without impacting the forwarding plane,
without losing any IP flow information, and without compromising the without losing any IP flow information, and without compromising the
IP flow accuracy. IP flow accuracy.
[RFC2544], [RFC5180] and [RFC5695] specify benchmarking of network [RFC2544], [RFC5180] and [RFC5695] specify benchmarking of network
devices forwarding IPv4, IPv6 and MPLS [RFC3031] traffic, devices forwarding IPv4, IPv6 and MPLS [RFC3031] traffic,
respectively. Even if this document specifies the Flow monitoring respectively. The methodology specified here stays the same for any
methodology for network devices forwarding IPv4, IPv6, and MPLS, the traffic type. The only restriction is the actual Flow monitoring
methodology stays the same for any traffic type. The only support for the particular traffic type.
restriction is the actual Flow monitoring support for the particular
traffic type.
A variety of different network device architectures exist that are A variety of different network device architectures exist that are
capable of Flow monitoring support. As such, this document does not capable of Flow monitoring and export. As such, this document does
Novak Expires October, 2011
Novak Expires June, 2011 not attempt to list the various white box variables (CPU load,
attempt to list the various white box variables (CPU load, memory memory utilization, TCAM utilization etc) that could be gathered as
utilization, TCAM utilization etc) that could be gathered as they do they do always help in comparison evaluations. A more complete
always help in comparison evaluations. A better understanding of the understanding of the stress points of a particular device can be
stress points of a particular device can be attained by this deeper attained using this internal information and the tester MAY choose
information gathering and a tester may choose to gather additional to gather this information during the measurement iterations.
information during the measurement iterations.
2. Terminology 2. Terminology
The terminology used in this document is mostly based on [RFC5470], The terminology used in this document is mostly based on [RFC5470],
[RFC2285] and [RFC1242] as summarised in the section 2.1. The only [RFC2285] and [RFC1242] as summarised in the section 2.1. The only
new terms needed by this document are defined in the following new terms needed for this methodology are defined in the following
section 2.2. section 2.2.
2.1 Existing Terminology 2.1 Existing Terminology
Device Under Test (DUT) [RFC2285, section 3.1.1] Device Under Test (DUT) [RFC2285, section 3.1.1]
Flow [RFC5470, section 2] Flow [RFC5470, section 2]
Flow Key [RFC5470, section 2] Flow Key [RFC5470, section 2]
skipping to change at page 4, line 57 skipping to change at page 4, line 57
Packet Sampling [RFC5476, section 2] Packet Sampling [RFC5476, section 2]
2.2 New Terminology 2.2 New Terminology
2.2.1 Cache 2.2.1 Cache
Definition: Definition:
Memory area held and dedicated by the DUT to store Flow Record Memory area held and dedicated by the DUT to store Flow Record
information prior Flow Expiration information prior Flow Expiration
Novak Expires June, 2011 Novak Expires October, 2011
2.2.2 Cache Size 2.2.2 Cache Size
Definition: Definition:
The size of the Cache in terms of how many entries of Flow The size of the Cache in terms of how many entries of Flow
Records the Cache can hold Records the Cache can hold
Discussion: Discussion:
This term is typically represented as a configurable option in This term is typically represented as a configurable option in
the particular Flow monitoring implementation. Its highest value the particular Flow monitoring implementation. Its highest value
will depend on the memory available in the network device. will depend on the memory available in the network device.
Measurement units: Measurement units:
Number of Flow Records Number of Flow Records
2.2.3 Active Timeout 2.2.3 Active Timeout
Definition: Definition:
For long-running Flows, the time interval after which the Metering For long-running Flows, the time interval after which the Metering
Process expires a Flow Record from the Cache so that regular Flow Process expires a Flow Record from the Cache so that only regular
updates are exported. Flow updates are exported.
Discussion: Discussion:
This term is typically represented as a configurable option in the This term is typically represented as a configurable option in the
particular Flow monitoring implementation. See section 5.1.1 of particular Flow monitoring implementation. See section 5.1.1 of
[RFC5470] for more detailed discussion. [RFC5470] for more detailed discussion.
As long-running are considered Flows which last longer than Flows are considered long-running when they last longer than
several multiples of the Active Timeout or contain larger amount several multiples of the Active Timeout or contain larger amount
of packets (in the case of Active Timeout is zero) than usual for of packets (in the case of Active Timeout is zero) than usual for
a single transaction based Flows, in the order of tens and a single transaction based Flows, in the order of tens of packets
higher. and higher.
Measurement units: Measurement units:
Seconds Seconds
2.2.4 Inactive Timeout 2.2.4 Inactive Timeout
Definition: Definition:
The time interval after which the Metering Process expires a Flow The time interval used by the Metering Process to expire a Flow
Record from the Cache if no more packets belonging to that Record from the Cache, when no more packets belonging to that
specific Flow are seen. specific Flow are observed during the interval.
Discussion: Discussion:
This term is typically represented as a configurable option in the This term is typically represented as a configurable option in the
particular Flow monitoring implementation. See section 5.1.1 of particular Flow monitoring implementation. See section 5.1.1 of
[RFC5470] for more detailed discussion. [RFC5470] for more detailed discussion.
Measurement units: Measurement units:
Seconds Seconds
Novak Expires June, 2011 Novak Expires October, 2011
2.2.5 Flow Export Rate 2.2.5 Flow Export Rate
Definition: Definition:
Number of Flow Records that expire from the Cache (as defined by Number of Flow Records that expire from the Cache (as defined by
the Flow Expiration term) and are exported to the Collector within the Flow Expiration term) and are exported to the Collector within
a time interval. a measurement time interval.
The measured Flow Export Rate MUST include BOTH the Data Stream The measured Flow Export Rate MUST include BOTH the Data Stream
and the Control Information, as defined in section 2 of [RFC5470]. and the Control Information, as defined in section 2 of [RFC5470].
Discussion: Discussion:
The Flow Export Rate is measured using Flow Export data observed The Flow Export Rate is measured using Flow Export data observed
at the Collector by counting the exported Flow Records during the at the Collector by counting the exported Flow Records during the
measurement time interval (see section 5.4). The value obtained is measurement time interval (see section 5.4). The value obtained is
an average of the instantaneous export rates observed during the an average of the instantaneous export rates observed during the
measurement time interval. The smallest possible measurement measurement time interval. The smallest possible measurement
interval (if attempting to measure rather instantaneous export interval (if attempting to measure nearly instantaneous export
rate rather than average export rate on the DUT) is limited by the rate rather than average export rate on the DUT) is limited by the
export capabilities of the particular Flow monitoring export capabilities of the particular Flow monitoring
implementation. implementation.
Measurement units: Measurement units:
Number of Flow Records per second Number of Flow Records per second
3. Flow Monitoring Performance Metric 3. Flow Monitoring Performance Metric
3.1 The Definition 3.1 The Definition
Flow Monitoring Throughput Flow Monitoring Throughput
Definition: Definition:
The maximum Flow Export Rate the DUT can sustain without losing a The maximum Flow Export Rate the DUT can sustain without losing a
single Flow Record expired from the Cache and without dropping any single Flow Record expired from the Cache. Additionally, for the
packets in the Forwarding Plane (see Figure 1). packet forwarding devices, also the maximum Flow Export Rate the
DUT can sustain without dropping packets in the Forwarding Plane
(see Figure 1).
Measurement units: Measurement units:
Number of Flow Records per second Number of Flow Records per second
3.2 Device Applicability 3.2 Device Applicability
The Flow monitoring performance metric is applicable to network The Flow monitoring performance metric is applicable to network
devices that implement RFC5470 [RFC5470] architecture. These devices devices that implement RFC5470 [RFC5470] architecture. These devices
can be network packet forwarding devices or appliances which analyse can be network packet forwarding devices or appliances which analyze
the traffic but do not forward traffic (probes, sniffers, the traffic but do not forward traffic (probes, sniffers,
replicators). replicators).
The Flow monitoring performance metric is not applicable to the The Collector performance is out of scope of this document.
Collector since it does not implement the RFC5470 architecture.
Novak Expires June, 2011 Novak Expires October, 2011
3.3 Measurement Concept 3.3 Measurement Concept
The traffic in the Figure 1 represents the test traffic sent to the The traffic in the Figure 1 represents the test traffic sent to the
DUT and forwarded by the DUT. When testing devices which do not act DUT and forwarded by the DUT. When testing devices which do not act
as network devices (appliances - probes, sniffers, replicators) the as network packet forwarding devices (appliances - probes, sniffers,
forwarding plane is simply an Observation Point as defined in section replicators) the forwarding plane is simply an Observation Point as
2 of [RFC5470]. defined in section 2 of [RFC5470]. The RFC2544 Throughput of such
devices will simply be always zero and the only applicable
performance metrics is Flow Monitoring Throughput.
The Flow monitoring enabled (see section 4.3) on the DUT (and The Flow monitoring enabled (see section 4.3) on the DUT (and
represented in the Figure 1 by the Flow Monitoring Plane) uses the represented in the Figure 1 by the Flow Monitoring Plane) uses the
traffic information provided by the Forwarding Plane and configured traffic information provided by the Forwarding Plane and configured
Flow Keys to create the Flow Records representing the traffic Flow Keys to create the Flow Records representing the traffic
forwarded (or observed) by the DUT. The Flow Records are stored in forwarded (or observed) by the DUT. The Flow Records are stored in
the Flow monitoring Cache and expired from there depending on the the Flow monitoring Cache and expired from there depending on the
Cache configuration (Active and Inactive Timeouts, number of Flow Cache configuration (Active and Inactive Timeouts, number of Flow
Records and the Cache Size) and the traffic pattern. The expired Flow Records and the Cache Size) and the traffic pattern. The expired Flow
Records are exported from the DUT to the Collector (see Figure 2 in Records are exported from the DUT to the Collector (see Figure 2 in
section 4). section 4).
+--------------------------+ +------------------------- +
|IPFIX|Sflow|Netflow|Others| | IPFIX | Netflow | Others |
+--------------------------+ +------------------------- +
| ^ | | ^ |
| ^ | | ^ |
| Flow Export | | Flow Export |
| ^ | | ^ |
| ^ | | ^ |
| +-------------+ | | +-------------+ |
| | Flow | | | | Flow | |
| | Monitoring | | | | Monitoring | |
| | Plane | | | | Plane | |
| +-------------+ | | +-------------+ |
skipping to change at page 7, line 48 skipping to change at page 7, line 50
| traffic information | | traffic information |
| ^ | | ^ |
| ^ | | ^ |
| +-------------+ | | +-------------+ |
| | | | | | | |
traffic ---|---->| Forwarding |------|----> traffic ---|---->| Forwarding |------|---->
| | Plane | | | | Plane | |
| +-------------+ | | +-------------+ |
| | | |
| DUT | | DUT |
+--------------------------+ +------------------------- +
Figure 1. The functional block diagram of the DUT Figure 1. The functional block diagram of the DUT
The Forwarding Plane and Flow Monitoring Plane represent two separate The Forwarding Plane and Flow Monitoring Plane represent two separate
functional blocks, each with it's own performance capability. The functional blocks, each with it's own performance capability. The
Forwarding Plane handles user data packets and is fully characterised Forwarding Plane handles user data packets and is fully characterised
by the metrics defined by [RFC2544]. by the metrics defined by [RFC2544].
Novak Expires October, 2011
Novak Expires June, 2011
The Flow Monitoring Plane handles Flow Records which reflect the The Flow Monitoring Plane handles Flow Records which reflect the
forwarded traffic. The metric that measures the Flow Monitoring Plane forwarded traffic. The metric that measures the Flow Monitoring Plane
performance is Flow Export Rate. performance is Flow Export Rate, and the benchmark is the Flow
Monitoring Throughput.
3.4 The Measurement Procedure Overview 3.4 The Measurement Procedure Overview
The measurement procedure is fully specified in sections 4, 5 and 6. The measurement procedure is fully specified in sections 4, 5 and 6.
This section provides an overview of principles for the measurements. This section provides an overview of principles for the measurements.
The basic measurement procedure of performance characteristics of a The basic measurement procedure of performance characteristics of a
DUT with Flow monitoring enabled is a conventional Throughput DUT with Flow monitoring enabled is a conventional Throughput
measurement using a search algorithm to determine the maximum packet measurement using a search algorithm to determine the maximum packet
rate at which none of the offered packets and corresponding Flow rate at which none of the offered packets and corresponding Flow
Record are dropped by the DUT as described in [RFC1242] and section Records are dropped by the DUT as described in [RFC1242] and section
26.1 of [RFC2544]. 26.1 of [RFC2544].
DUT with Flow monitoring enabled contains two functional blocks which The Device Under Test (DUT) with Flow monitoring enabled contains two
need to be measured using characteristics applicable to one or the functional blocks which need to be measured using characteristics
other block (see Figure 1). See sections 3.4.1 and 3.4.2 for applicable to one or both blocks (see Figure 1). See sections 3.4.1
further discussion. and 3.4.2 for further discussion.
On one hand the Flow Monitoring Plane and Forwarding Plane (see On one hand the Flow Monitoring Plane and Forwarding Plane (see
Figure 1) need to be looked at as two independent blocks (and the Figure 1) need to be looked at as two independent blocks (and the
performance of each of them measured independently) but on the other performance of each of them measured independently) but on the other
hand when measuring the performance of one of them the status and hand when measuring the performance of one of them the status and
conditions of the other one must be known and monitored. performance of the other MUST be known and benchmarked when both are
present.
3.4.1 Flow Monitoring Plane Performance Measurement 3.4.1 Flow Monitoring Plane Performance Measurement
The Flow Monitoring Throughput MUST be (and can only be) measured The Flow Monitoring Throughput MUST be (and can only be) measured
with one packet per Flow as specified in the section 5. This traffic with one packet per Flow as specified in the section 5. This traffic
type represents the most aggressive traffic from the Flow monitoring type represents the most demanding traffic from the Flow monitoring
point of view and will exercise the Flow Monitoring Plane (see Figure point of view and will exercise the Flow Monitoring Plane (see Figure
1) of the DUT most. The exit criteria for the Flow Monitoring 1) of the DUT most. The exit criteria for the Flow Monitoring
Throughput measurement are one of the following (e.g. if any of the Throughput measurement are one of the following (e.g. if any of the
conditions is reached): conditions is reached):
a. The Flow Export Rate at which the DUT starts to drop Flow a. The Flow Export Rate at which the DUT starts to drop Flow Records
Records or the Flow information gets corrupted or the Flow information gets corrupted
b. The Flow Export Rate at which the Forwarding Plane starts to drop
b. The Flow Export Rate at which the Forwarding Plane starts to or corrupt packets (if the Forwarding Plane is present)
drop or corrupt packets
3.4.2 Forwarding Plane Performance Measurement 3.4.2 Forwarding Plane Performance Measurement
The Forwarding Plane (see Figure 1) performance metrics are fully The Forwarding Plane (see Figure 1) performance metrics are fully
specified by [RFC2544] and MUST be measured accordingly. A detailed specified by [RFC2544] and MUST be measured accordingly. A detailed
traffic analysis (see below) with relation to Flow monitoring MUST be traffic analysis (see below) with relation to Flow monitoring MUST be
performed prior of any RFC2544 measurements. Mainly the Flow Export performed prior of any RFC2544 measurements. Mainly the Flow Export
Rate caused by the test traffic during an RFC2544 measurement MUST Rate caused by the test traffic during an RFC2544 measurement MUST
be known and noted. be known and reported.
Novak Expires June, 2011 Novak Expires October, 2011
The required traffic analysis mainly involves the following: The required traffic analysis mainly involves the following:
a. Which packet header parameters are incremented or changed during a. Which packet header parameters are incremented or changed during
traffic generation traffic generation
b. Which Flow Keys the Flow monitoring configuration uses to generate
b. Which Flow Keys the Flow monitoring configuration uses to generate Flow Records
Flow Records
The RFC2544 performance metrics can be measured in one of the two The RFC2544 performance metrics can be measured in one of the three
modes: modes:
a. At certain level of Flow monitoring activity specified by a Flow a. As a baseline of forwarding performance without Flow monitoring
Expiration Rate lower than Flow Monitoring Throughput b. At certain level of Flow monitoring activity specified by a Flow
Expiration Rate lower than Flow Monitoring Throughput
b. At the maximum of Flow monitoring performance, e.g. using traffic c. At the maximum of Flow monitoring performance, e.g. using traffic
conditions representing a measurement of Flow Monitoring conditions representing a measurement of Flow Monitoring
Throughput Throughput
The details how to setup the above mentioned measurement modes are in
the section 6.
3.5 Software Platforms
On purely software based DUTs with no hardware assisted
functionalities, the measured Flow Monitoring Throughput will be
numerically equal to the RFC2544 Throughput. This is due to the fact
that the DUT resources are fully shared between the two functional
blocks (see Figure 1). At the maximum point of the performance
measurement the DUT will become short of resources to process packets
and since every packet represents in the Flow Monitoring Throughput
measurement also one Flow, at the moment one packet is lost, one Flow
is lost.
On a software platform the Flow Monitoring Plane and Forwarding Plane
are functionally independent but their performance is coupled
together due to the shared resources for packet and Flow Record
processing.
3.6 Hardware Platforms
On a hardware based DUT, where packet forwarding and possibly other
functions are assisted by specialised hardware, the Flow Monitoring
Plane and Forwarding Plane may not only be functionally but also
performance wise independent (if the two functional blocks do not
share any resources).
The possible architectures of hardware based DUTs can be so diverse
which makes it impossible to provide any advice on expected DUT
behaviour. The Flow Monitoring Plane and Forwarding Plane must be
treated as two independent blocks and measured independently. The
most typical outcome of a measurement here will be totally
independent values of Flow Monitoring Throughput and RFC2544.
Novak Expires June, 2011 The above mentioned measurement mode in point a. represents an
Throughput depending on which part of the functionality is ordinary Throughput measurement specified in RFC2544. The details how
implemented in hardware and which in software. to setup the measurements in points b. and c. are in the section 6.
4. Measurement Set Up 4. Measurement Set Up
This section concentrates on the set-up of all components necessary This section concentrates on the set-up of all components necessary
to perform Flow monitoring performance measuring. to perform Flow monitoring performance measurement. The recommended
reporting format can be found in Appendix A.
4.1 Measurement Topology 4.1 Measurement Topology
The measurement topology described in this section is applicable only The measurement topology described in this section is applicable only
to the measurements with packet forwarding network devices. The to the measurements with packet forwarding network devices. The
possible architectures and implementation of the traffic monitoring possible architectures and implementation of the traffic monitoring
appliances (see section 3.2) are too various to be covered in this appliances (see section 3.2) are too various to be covered in this
document. Generally, those appliances instead of the Forwarding Plane document. Generally, those appliances instead of the Forwarding Plane
will have some kind of feed (an optical splitter, an interface will have some kind of feed (an optical splitter, an interface
sniffing traffic on a shared media or an internal channel on the DUT sniffing traffic on a shared media or an internal channel on the DUT
providing a copy of the traffic) providing the information about the providing a copy of the traffic) providing the information about the
traffic necessary for Flow monitoring analysis. The measurement traffic necessary for Flow monitoring analysis. The measurement
topology then needs to be adjusted to the appliance architecture. topology then needs to be adjusted to the appliance architecture.
The measurement set-up is identical to the one used by [RFC2544], The measurement set-up is identical to the one used by [RFC2544],
with the addition of a Collector to analyse the Flow Export: with the addition of a Collector to analyze the Flow Export (see
Figure 2).
In the measurement topology with unidirectional traffic, the traffic
is generated from the sender to the receiver, where the received
traffic is analyzed to check it is identical to the generated
traffic.
The ideal way to implement the measurement is using one traffic
generator (device providing the sender and receiver capabilities)
with a sending port and a receiving port. This allows for an easy
check if all the traffic sent by the sender was transmitted by the
DUT and received at the receiver.
Novak Expires October, 2011
+-----------+ +-----------+
| | | |
| Collector | | Collector |
| | | |
|Flow Record| |Flow Record|
| analysis | | analysis |
| | | |
+-----------+ +-----------+
^ ^
| Flow Export | Flow Export
skipping to change at page 10, line 50 skipping to change at page 10, line 26
+--------+ +-------------+ +----------+ +--------+ +-------------+ +----------+
| | | | | | | | | | | |
| | (*)| | | receiver | | | (*)| | | receiver |
| sender |-------->| DUT |--------->| | | sender |-------->| DUT |--------->| |
| | | | | traffic | | | | | | traffic |
| | | | | analysis | | | | | | analysis |
+--------+ +-------------+ +----------+ +--------+ +-------------+ +----------+
Figure 2 Measurement topology with unidirectional traffic Figure 2 Measurement topology with unidirectional traffic
In the measurement topology with unidirectional traffic, the traffic
is generated from the sender to the receiver, where the received
traffic is analyzed to check it is identical to the generated
traffic.
Novak Expires June, 2011
The ideal way to implement the measurement is using one traffic
generator (device providing the sender and receiver capabilities)
with a sending port and a receiving port. This allows for an easy
check if all the traffic sent by the sender was transmitted by the
DUT and received at the receiver.
The export interface (connecting the Collector) MUST NOT be used for The export interface (connecting the Collector) MUST NOT be used for
forwarding the test traffic but only for the Flow Export data forwarding the test traffic but only for the Flow Export data
containing the Flow Records. In all measurements, the export containing the Flow Records. In all measurements, the export
interface MUST have enough bandwidth to transmit Flow Export data interface MUST have enough bandwidth to transmit Flow Export data
without congestion. In other words, the export interface MUST NOT be without congestion. In other words, the export interface MUST NOT be
a bottleneck during the measurement. a bottleneck during the measurement.
Note that more complex topologies might be required. For example, if Note that more complex topologies might be required. For example, if
the effects of enabling Flow monitoring on several interfaces are of the effects of enabling Flow monitoring on several interfaces are of
concern or the media maximum speed is less than the DUT throughput, concern or the media maximum speed is less than the DUT throughput,
the topology can be expanded with several input and output ports. the topology can be expanded with several input and output ports.
However, the topology MUST be clearly written in the measurement However, the topology MUST be clearly written in the measurement
report. report.
4.2 Base DUT Set Up 4.2 Baseline DUT Set Up
The base DUT set-up and the way the set-up is reported in the The baseline DUT set-up and the way the set-up is reported in the
measurement results is fully specified in Section 7 of [RFC2544]. measurement results is fully specified in Section 7 of [RFC2544].
The base DUT configuration might include other features like packet The base DUT configuration might include other features like packet
filters or quality of service on the input and/or output interfaces filters or quality of service on the input and/or output interfaces
if there is the need to study Flow monitoring in the presence of if there is the need to study Flow monitoring in the presence of
those features. The Flow monitoring measurement procedures do not those features. The Flow monitoring measurement procedures do not
change in this case. Consideration needs to be made when evaluating change in this case. Consideration needs to be made when evaluating
measurements results to take into account the possible change of measurements results to take into account the possible change of
packets rates offered to the DUT and Flow monitoring after packets rates offered to the DUT and Flow monitoring after
application of the features to the configuration. Any such feature application of the features to the configuration. Any such feature
configuration MUST be part of the measurement report. configuration MUST be part of the measurement report.
The DUT export interface (see Figure 2) MUST be configured with
sufficient output buffers to avoid dropping the Flow Export data due
to a simple lack of resources in the interface hardware.
Novak Expires October, 2011
4.3 Flow Monitoring Configuration 4.3 Flow Monitoring Configuration
This section covers all the aspects of the Flow monitoring This section covers all the aspects of the Flow monitoring
configuration necessary on the DUT in order to perform Flow configuration necessary on the DUT in order to perform Flow
monitoring performance measurement. The necessary configuration has monitoring performance measurement. The necessary configuration has
number of components (see [RFC5470]), namely Observation Points, number of components (see [RFC5470]), namely Observation Points,
Metering Process and Exporting Process as detailed below. Metering Process and Exporting Process as detailed below.
The DUT MUST support Flow monitoring architecture as specified by The DUT MUST support Flow monitoring architecture as specified by
[RFC5470]. The DUT SHOULD support IPFIX [RFC5101] for easier results [RFC5470]. The DUT SHOULD support IPFIX [RFC5101] for easier results
comparison. comparison.
The DUT configuration and any existing Cache MUST be erased before The DUT configuration and any existing Cache MUST be erased before
application of any new configuration for the currently executed application of any new configuration for the currently executed
measurement. measurement.
Novak Expires June, 2011
4.3.1 Observation Points 4.3.1 Observation Points
The Observation Points specify the interfaces and direction where The Observation Points specify the interfaces and direction where
the Flow monitoring traffic analysis is performed. the Flow monitoring traffic analysis is performed.
The (*) in Figure 2 designates the Observation Points in the The (*) in Figure 2 designates the Observation Points in the
default configuration. Other DUT Observation Points might be default configuration. Other DUT Observation Points might be
configured depending on the specific measurement needs as follows: configured depending on the specific measurement needs as follows:
a. ingress port/ports(s) only a. ingress port/ports(s) only
skipping to change at page 12, line 39 skipping to change at page 11, line 55
If more than one Observation Point for one direction is defined on If more than one Observation Point for one direction is defined on
the DUT the traffic passing through each of the Observation Points the DUT the traffic passing through each of the Observation Points
MUST be configured in such a way that it creates Flows and Flow MUST be configured in such a way that it creates Flows and Flow
Records which do not overlap, e.g. each packet (or set of packets Records which do not overlap, e.g. each packet (or set of packets
if measuring with more than one packet per Flow) sent to the DUT if measuring with more than one packet per Flow) sent to the DUT
on different ports still creates one unique Flow Record. on different ports still creates one unique Flow Record.
The specific Observation Points and associated monitoring The specific Observation Points and associated monitoring
direction MUST be included as part of the report of the results. direction MUST be included as part of the report of the results.
Novak Expires October, 2011
4.3.2 Metering Process 4.3.2 Metering Process
Metering Process MUST be enabled in order to create the Cache in Metering Process MUST be enabled in order to create the Cache in
the DUT and configure the Cache related parameters. the DUT and configure the Cache related parameters.
Cache Size available to the DUT operation MUST be known and taken Cache Size available to the DUT operation MUST be known and taken
into account when designing the measurement as specified in the into account when designing the measurement as specified in the
section 5. section 5.
Inactive and Active Timeouts MUST be known and taken into account Inactive and Active Timeouts MUST be known and taken into account
when designing the measurement as specified in the section 5. when designing the measurement as specified in the section 5.
The Cache Size, the Inactive and Active Timeouts, and if present, The Cache Size, the Inactive and Active Timeouts, and if present,
the specific Packet Sampling techniques and associated parameters the specific Packet Sampling techniques and associated parameters
MUST be included as part of the results report. MUST be included as part of the results report.
Novak Expires June, 2011
4.3.3 Exporting Process 4.3.3 Exporting Process
Exporting Process MUST be configured in order to export the Flow Exporting Process MUST be configured in order to export the Flow
Record data to the Collector. Record data to the Collector.
Exporting Process MUST be configured in such a way that all Flow Exporting Process MUST be configured in such a way that all Flow
Records from all configured Observation Points are exported Records from all configured Observation Points are exported
towards the Collector, after the expiration policy composed of towards the Collector, after the expiration policy composed of
the Inactive and Active Timeouts and Cache Size. the Inactive and Active Timeouts and Cache Size.
The Exporting Process SHOULD be configured with IPFIX [RFC5101] as The Exporting Process SHOULD be configured with IPFIX [RFC5101] as
the protocol to use to format the Flow Export data. If the Flow the protocol to use to format the Flow Export data. If the Flow
monitoring implementation does not support it, proprietary monitoring implementation does not support it, proprietary
protocols MAY be used. protocols MAY be used.
Various Flow monitoring implementations might use different Various Flow monitoring implementations might use different
default values regarding the export of Control Information. The default values regarding the export of Control Information. The
Flow Export corresponding to Control Information SHOULD be Flow Export corresponding to Control Information SHOULD be
analysed and reported as a separate item on the measurement analyzed and reported as a separate item on the measurement
report. Preferably, the export of Control Information SHOULD report. Preferably, the export of Control Information SHOULD
always be configured same. always be configured same.
IPFIX documents [RFC5101] in section 10 and [RFC5470] in section IPFIX documents [RFC5101] in section 10 and [RFC5470] in section
8.1 discuss the possibility to deploy various transport layer 8.1 discuss the possibility to deploy various transport layer
protocols to deliver Flow Export data from the DUT to the protocols to deliver Flow Export data from the DUT to the
Collector. The selected protocol MUST be included in the Collector. The selected protocol MUST be included in the
measurement report. Only benchmarks with same transport layer measurement report. Only benchmarks with same transport layer
protocol SHOULD be compared. If the Flow monitoring implementation protocol SHOULD be compared. If the Flow monitoring implementation
allows to use all of UDP, TCP and SCTP as the transport layer allows to use all of UDP, TCP and SCTP as the transport layer
protocols, each of the protocols SHOULD be measured in a separate protocols, each of the protocols SHOULD be measured in a separate
measurement run. measurement run.
If reliable transport protocol is used for the transmission of the
Flow Export data from DUT, the configuration of the transport
session MUST allow for non-blocking data transmission. An example
of parameters to look at would be TCP window size or maximum
segment size (MSS).
Novak Expires October, 2011
4.3.4 Flow Records 4.3.4 Flow Records
Flow Record defines the traffic parameters which Flow monitoring Flow Record defines the traffic parameters which Flow monitoring
uses to analyse the traffic and MUST be configured in order to uses to analyze the traffic and MUST be configured in order to
perform the analysis. The Flow Key fields of the Flow Record perform the analysis. The Flow Key fields of the Flow Record
define the traffic parameters which will be used to create new define the traffic parameters which will be used to create new
Flow Records in the DUT Cache. Flow Records in the DUT Cache.
The Flow Record definition is implementation specific. A Flow The Flow Record definition is implementation specific. A Flow
monitoring implementation might allow for only fixed Flow Record monitoring implementation might allow for only fixed Flow Record
definition, based on the most common IP parameters in the IPv4 or definition, based on the most common IP parameters in the IPv4 or
IPv6 headers - like source and destination IP addresses, IP IPv6 headers - like source and destination IP addresses, IP
protocol numbers or transport level port numbers. Another protocol numbers or transport level port numbers. Another
implementation might allow the user to actually define his own implementation might allow the user to actually define his own
completely arbitrary Flow Record to monitor the traffic. The completely arbitrary Flow Record to monitor the traffic. The
requirement for the measurements defined in this document is only requirement for the measurements defined in this document is only
the need for a large number of Flow Records in the Cache. The Flow the need for a large number of Flow Records in the Cache. The Flow
Keys needed to achieve that will typically be source and Keys needed to achieve that will typically be source and
destinations IP addresses and transport level port numbers. destinations IP addresses and transport level port numbers.
Novak Expires June, 2011
Recommended full IPv4, IPv6 or MPLS Flow Record: Recommended full IPv4, IPv6 or MPLS Flow Record:
Flow Keys Flow Keys
Source IP address Source IP address
Destination IP address Destination IP address
MPLS label (for MPLS traffic type only) MPLS label (for MPLS traffic type only)
Transport layer source port Transport layer source port
Transport layer destination port Transport layer destination port
IP protocol number (IPv6 next header) IP protocol number (IPv6 next header)
IP type of service (IPv6 traffic class) IP type of service (IPv6 traffic class)
skipping to change at page 14, line 38 skipping to change at page 13, line 58
or: or:
Flow Key fields Flow Key fields
Transport layer source port Transport layer source port
Transport layer destination port Transport layer destination port
Other fields Other fields
Packet counter Packet counter
Novak Expires October, 2011
The Flow Record configuration MUST be clearly noted in the The Flow Record configuration MUST be clearly noted in the
measurement report. The Flow Monitoring Throughput measurements on measurement report. The Flow Monitoring Throughput measurements on
different DUTs or different Flow monitoring implementations can different DUTs or different Flow monitoring implementations can
and MUST be compared only for exactly same Flow Record and MUST be compared only for exactly same Flow Record
configuration. configuration.
4.3.5 MPLS Measurement Specifics 4.3.5 MPLS Measurement Specifics
The Flow Record configuration for measurements with MPLS The Flow Record configuration for measurements with MPLS
encapsulated traffic SHOULD contain MPLS label or any other field encapsulated traffic SHOULD contain MPLS label or any other field
which is part of the MPLS header. which is part of the MPLS header.
The DUT Cache SHOULD be checked prior the performance measurement to The DUT Cache SHOULD be checked prior the performance measurement to
contain the correct MPLS related information. contain the correct MPLS related information.
The captured export data at the Collector SHOULD be checked for the The captured export data at the Collector SHOULD be checked for the
presence of MPLS labels or the monitored MPLS parameters. MPLS presence of MPLS labels or the monitored MPLS parameters. MPLS
forwarding performance document [RFC5695] specifies number of forwarding performance document [RFC5695] specifies number of
Novak Expires June, 2011
possible MPLS label operations to test. The Observation Points possible MPLS label operations to test. The Observation Points
SHOULD be placed on all the DUT test interfaces where the particular SHOULD be placed on all the DUT test interfaces where the particular
MPLS label operation takes place. The performance measurements MPLS label operation takes place. The performance measurements
SHOULD be performed with only one MPLS label operation at the time. SHOULD be performed with only one MPLS label operation at the time.
The DUT SHOULD be configured in such a way, that all the traffic is The DUT SHOULD be configured in such a way, that all the traffic is
subject of the measured MPLS label operation. subject of the measured MPLS label operation.
4.4 Collector 4.4 Collector
skipping to change at page 15, line 28 skipping to change at page 14, line 46
just hexadecimal format of the Flow Export data. In such a case it just hexadecimal format of the Flow Export data. In such a case it
does not need to have any additional Flow Export decoding does not need to have any additional Flow Export decoding
capabilities. capabilities.
However if the Collector is also used to decode the Flow Export data However if the Collector is also used to decode the Flow Export data
then it SHOULD support IPFIX [RFC5101] for easier results analysis. then it SHOULD support IPFIX [RFC5101] for easier results analysis.
If proprietary Flow Export is deployed, the Collector MUST support it If proprietary Flow Export is deployed, the Collector MUST support it
otherwise the Flow Export data analysis is not possible. otherwise the Flow Export data analysis is not possible.
The Collector MUST be capable to capture at the full rate the export The Collector MUST be capable to capture at the full rate the export
packets are sent from the DUT without losing any of them. packets sent from the DUT without losing any of them. In the case of
the use of reliable transport protocols (see also section 4.3.3) to
transmit Flow Export data, the Collector MUST have sufficient
resources to guarantee non-blocking data transmission on the
transport layer session.
During the analysis, the Flow Export data needs to be decoded and the During the analysis, the Flow Export data needs to be decoded and the
received Flow Records counted. received Flow Records counted.
The Collector SHOULD support Ethernet type of interface to connect to The Collector SHOULD support Ethernet type of interface to connect to
the DUT but any media which allows data capturing and analysis can be the DUT but any media which allows data capturing and analysis can be
used. used.
Novak Expires October, 2011
The capture buffer MUST be cleared at the beginning of each The capture buffer MUST be cleared at the beginning of each
measurement. measurement.
4.5 Packet Sampling 4.5 Packet Sampling
A Flow monitoring implementation might provide the capability to A Flow monitoring implementation might provide the capability to
analyse the Flows after Packet Sampling is performed. The possible analyze the Flows after Packet Sampling is performed. The possible
procedures and ways of Packet Sampling are described in [RFC5476] procedures and ways of Packet Sampling are described in [RFC5476]
and [RFC5475] and only those SHOULD be used for measurements. and [RFC5475] and only those SHOULD be used for measurements.
If the DUT is configured with one of the sampling techniques as If the DUT is configured with one of the sampling techniques as
specified in [RFC5475] the measurement report MUST include this specified in [RFC5475] the measurement report MUST include this
sampling technique along with its parameters. The presence of the sampling technique along with its parameters. The presence of the
configured sampling technique on the DUT and its parameters SHOULD be configured sampling technique on the DUT and its parameters SHOULD be
verified in the Flow Export data as received on the Collector. verified in the Flow Export data as received on the Collector.
Packet Sampling will affect the measured Flow Export Rate. If Packet Sampling will affect the measured Flow Export Rate. If
systematic sampling (see section 6.5 of [RFC5476]) is in use, the systematic sampling (see section 6.5 of [RFC5476]) is in use, the
Flow Export Rate can be derived from the packet rates (see section 5 Flow Export Rate can be derived from the packet rates (see section 5
Novak Expires June, 2011
of this document) using the configured sampling parameters. If random of this document) using the configured sampling parameters. If random
sampling is in use the Flow Export Rate can be derived from the sampling is in use the Flow Export Rate can be derived from the
traffic rates as obtained on the receiver side of the traffic traffic rates as obtained on the receiver side of the traffic
generator, provided that packet losses can be excluded by monitoring generator, provided that packet losses can be excluded by monitoring
the DUT forwarding statistics. the DUT forwarding statistics.
If measurements are performed with Flows containing more than one If measurements are performed with Flows containing more than one
packet per Flow (see section 6.4 of this document) the sampling ratio packet per Flow (see section 6.4 of this document) the sampling ratio
SHOULD always be higher than the number of packets in the Flows (for SHOULD always be higher than the number of packets in the Flows (for
small number of packets per Flow). This significantly decreases the small number of packets per Flow). This significantly decreases the
skipping to change at page 16, line 36 skipping to change at page 15, line 55
to take into account the change of packet rates offered to the DUT to take into account the change of packet rates offered to the DUT
and especially to Flow monitoring after Packet Sampling is applied. and especially to Flow monitoring after Packet Sampling is applied.
4.6 Frame Formats 4.6 Frame Formats
Flow monitoring itself is not dependent in any way on the media used Flow monitoring itself is not dependent in any way on the media used
on the input and output ports. Any media can be used as supported by on the input and output ports. Any media can be used as supported by
the DUT and the test equipment. the DUT and the test equipment.
The most common transmission media and corresponding frame formats The most common transmission media and corresponding frame formats
(Ethernet, Packet over Sonet) for IPv4, IPv6 and MPLS traffic are (Ethernet, Packet over SONET) for IPv4, IPv6 and MPLS traffic are
specified within [RFC2544], [RFC5180] and [RFC5695]. specified within [RFC2544], [RFC5180] and [RFC5695].
Novak Expires October, 2011
4.7 Frame Sizes 4.7 Frame Sizes
Frame sizes to use are specified in [RFC2544] section 9 for Ethernet Frame sizes of the traffic analyzed by the to use are specified in
type interfaces (64, 128, 256, 1024, 1280, 1518 bytes) and in [RFC2544] section 9 for Ethernet type interfaces (64, 128, 256, 1024,
[RFC5180] section 5 for Packet over Sonet interfaces (47, 64, 128, 1280, 1518 bytes) and in [RFC5180] section 5 for Packet over SONET
256, 1024, 1280, 1518, 2048, 4096 bytes). interfaces (47, 64, 128, 256, 1024, 1280, 1518, 2048, 4096 bytes).
When measuring with large frame sizes care needs to be taken to avoid When measuring with large frame sizes care needs to be taken to avoid
any packet fragmentation on the DUT interfaces which could negatively any packet fragmentation on the DUT interfaces which could negatively
affect measured performance values. affect measured performance values.
4.8 Illustrative Test Set-up Examples 4.8 Flow Export Data Packet Sizes
The Flow monitoring performance will be affected by the packet size
the particular implementation uses to transmit Flow Export data to
the Collector. The used packet size SHOULD be part of the test report
and only measurements with same packet sizes SHOULD be compared.
The DUT export interface (see Figure 2) maximum transmission unit
(MTU) SHOULD be configured to the media largest available value.
4.9 Illustrative Test Set-up Examples
The below examples represent only hypothetical test set-up to clarify The below examples represent only hypothetical test set-up to clarify
the use of Flow monitoring parameters and configuration together with the use of Flow monitoring parameters and configuration together with
traffic parameters to test Flow monitoring. The actual benchmarking traffic parameters to test Flow monitoring. The actual benchmarking
specifications are in the sections 5 and 6. specifications are in the sections 5 and 6.
Novak Expires June, 2011 4.9.1 Example 1 - Inactive Timeout Flow Expiration
4.8.1 Example 1 - Inactive Timeout Flow Expiration
The traffic generator sends 1000 packets per second in 10000 defined The traffic generator sends 1000 packets per second in 10000 defined
streams, each stream identified by an unique destination IP address. streams, each stream identified by an unique destination IP address.
Each stream has then packet rate 0.1 packets per second. The packets Each stream has then packet rate 0.1 packets per second. The packets
are sent in a round robin fashion (stream 1 to 10000) while are sent in a round robin fashion (stream 1 to 10000) while
incrementing the destination IP address with each sent packet. incrementing the destination IP address with each sent packet.
The configured Cache Size is 20000 Flow Records. The configured The configured Cache Size is 20000 Flow Records. The configured
Active Timeout is 100 seconds, the Inactive Timeout is 5 seconds. Active Timeout is 100 seconds, the Inactive Timeout is 5 seconds.
skipping to change at page 17, line 29 skipping to change at page 16, line 57
seconds, so it means that the Flow Record is refreshed in the Cache seconds, so it means that the Flow Record is refreshed in the Cache
every 10 seconds, while the Inactive Timeout is 5 seconds. In this every 10 seconds, while the Inactive Timeout is 5 seconds. In this
case the Flow Records will expire from the Cache due to the Inactive case the Flow Records will expire from the Cache due to the Inactive
Timeout and when a new packet is sent with the same IP address A it Timeout and when a new packet is sent with the same IP address A it
will create a new Flow Record in the Cache. will create a new Flow Record in the Cache.
The measured Flow Export Rate in this case will be 1000 Flow The measured Flow Export Rate in this case will be 1000 Flow
Records per second since every single sent packet will always Records per second since every single sent packet will always
create a new Flow Record and we send 1000 packets per second. create a new Flow Record and we send 1000 packets per second.
Novak Expires October, 2011
The expected number of Flow Record entries in the Cache during the The expected number of Flow Record entries in the Cache during the
whole measurement is around 5000. It corresponds to the Inactive whole measurement is around 5000. It corresponds to the Inactive
Timeout being 5 seconds and during those five seconds 5000 entries Timeout being 5 seconds and during those five seconds 5000 entries
are created. This expectation might change in real measurement are created. This expectation might change in real measurement
set-ups witch large Cache Sizes and high packet rates where the set-ups witch large Cache Sizes and high packet rates where the
export rate might be limited and lower than the offered Flow Export export rate might be limited and lower than the offered Flow Export
Rate. This behaviour is entirely implementation specific. Rate. This behaviour is entirely implementation specific.
4.8.2 Example 2 - Active Timeout Flow Expiration 4.9.2 Example 2 - Active Timeout Flow Expiration
The traffic generator sends 1000 packets per second in 100 defined The traffic generator sends 1000 packets per second in 100 defined
streams, each stream identified by an unique destination IP address. streams, each stream identified by an unique destination IP address.
Each stream has then packet rate 10 packets per second. The packets Each stream has then packet rate 10 packets per second. The packets
are sent in a round robin fashion while incrementing (stream 1 to are sent in a round robin fashion while incrementing (stream 1 to
100) the destination IP address with each sent packet. 100) the destination IP address with each sent packet.
The configured Cache Size is 1000 Flow Records. The configured The configured Cache Size is 1000 Flow Records. The configured
Active Timeout is 100 seconds, the Inactive Timeout is 10 seconds. Active Timeout is 100 seconds, the Inactive Timeout is 10 seconds.
Flow monitoring on the DUT uses as Flow Key the destination IP Flow monitoring on the DUT uses as Flow Key the destination IP
address. address.
After first 100 packets sent, 100 Flow Records are created and placed After first 100 packets sent, 100 Flow Records are created and placed
in the Flow monitoring Cache. The subsequent packets will be counted in the Flow monitoring Cache. The subsequent packets will be counted
against the already created Flow Records since the destination IP against the already created Flow Records since the destination IP
address (Flow Key) has already been seen by the DUT (provided the address (Flow Key) has already been seen by the DUT (provided the
Flow Record did not expire yet as described below). Flow Record did not expire yet as described below).
Novak Expires June, 2011
A packet with destination IP address equal to A is sent every 0.1 A packet with destination IP address equal to A is sent every 0.1
second, so it means that the Flow Record is refreshed in the Cache second, so it means that the Flow Record is refreshed in the Cache
every 0.1 second, while the Inactive Timeout is 10 seconds. In this every 0.1 second, while the Inactive Timeout is 10 seconds. In this
case the Flow Records will not expire from the Cache until the Active case the Flow Records will not expire from the Cache until the Active
Timeout, e.g. they will expire every 100 seconds and then the Flow Timeout, e.g. they will expire every 100 seconds and then the Flow
Records will be created again. Records will be created again.
If the test measurement time is 50 seconds from the start of the If the test measurement time is 50 seconds from the start of the
traffic generator then the measured Flow Export Rate is 0 since traffic generator then the measured Flow Export Rate is 0 since
during this period no Flow Records expired from the Cache. during this period no Flow Records expired from the Cache.
If the test measurement time is 100 seconds from the start of the If the test measurement time is 100 seconds from the start of the
traffic generator then the measured Flow Export Rate is 1 Flow Record traffic generator then the measured Flow Export Rate is 1 Flow Record
per second. per second.
If the test measurement time is 290 seconds from the start of the If the test measurement time is 290 seconds from the start of the
traffic generator then the measured Flow Export Rate is 2/3 of Flow traffic generator then the measured Flow Export Rate is 2/3 of Flow
Record per second since during the 290 seconds period we expired 2 Record per second since during the 290 seconds period we expired 2
times the same 100 of Flows. times the same 100 of Flows.
Novak Expires October, 2011
5. Flow Monitoring Throughput Measurement Methodology 5. Flow Monitoring Throughput Measurement Methodology
Objective: Objective:
To measure the Flow monitoring performance in a manner comparable To measure the Flow monitoring performance in a manner comparable
between different Flow monitoring implementations. between different Flow monitoring implementations.
Metric definition: Metric definition:
Flow Monitoring Throughput - see section 3. Flow Monitoring Throughput - see section 3.
skipping to change at page 18, line 46 skipping to change at page 18, line 26
The Flow monitoring implementations might chose to handle The Flow monitoring implementations might chose to handle
differently Flow Export from a partially empty Cache or in the differently Flow Export from a partially empty Cache or in the
situation when the Cache is fully occupied by the Flow Records. situation when the Cache is fully occupied by the Flow Records.
Similarly software and hardware based DUTs can handle the same Similarly software and hardware based DUTs can handle the same
situation as stated above differently. The purpose of the situation as stated above differently. The purpose of the
benchmark measurement in this section is to abstract from all the benchmark measurement in this section is to abstract from all the
possible behaviours and define one measurement procedure covering possible behaviours and define one measurement procedure covering
all the possibilities. The only criteria is to measure as defined all the possibilities. The only criteria is to measure as defined
here until Flow Record or packet losses are seen. The decision here until Flow Record or packet losses are seen. The decision
whether to dive deeper into the conditions under which the drops whether to dive deeper into the conditions under which the packet
happen is left to the tester. losses happen is left to the tester.
5.1 Flow Monitoring Configuration 5.1 Flow Monitoring Configuration
Cache Size Cache Size
Cache Size configuration is dictated by the expected position of Cache Size configuration is dictated by the expected position of
the DUT in the network and by the chosen Flow Keys of the Flow the DUT in the network and by the chosen Flow Keys of the Flow
Record. The number of unique Flow Keys sets that the traffic Record. The number of unique Flow Keys sets that the traffic
generator (sender) provides should be multiple times larger than generator (sender) provides should be multiple times larger than
Novak Expires June, 2011
the Cache Size. This way the Flow Records in the Cache never get the Cache Size. This way the Flow Records in the Cache never get
updated before Flow Expiration and Flow Export. The Cache Size updated before Flow Expiration and Flow Export. The Cache Size
MUST be known in order to define the measurements circumstances MUST be known in order to define the measurements circumstances
properly. properly.
Inactive Timeout Inactive Timeout
Inactive Timeout is set (if configurable) to the minimum possible Inactive Timeout is set (if configurable) to the minimum possible
value on the network device. This makes sure the Flow Records are value on the network device. This makes sure the Flow Records are
expired as soon as possible and exported out of the DUT Cache. It expired as soon as possible and exported out of the DUT Cache. It
MUST be known in order to define the measurements circumstances MUST be known in order to define the measurements circumstances
properly. completely and equally across implementations.
Active Timeout Active Timeout
Active Timeout is set (if configurable) to equal or higher value Active Timeout is set (if configurable) to equal or higher value
than the Inactive Timeout. It MUST be known in order to define the than the Inactive Timeout. It MUST be known in order to define the
measurements circumstances properly. measurements circumstances completely and equally across
implementations.
Novak Expires October, 2011
Flow Keys Definition: Flow Keys Definition:
Needs to allow for large numbers of unique Flow Records to be Needs to allow for large numbers of unique Flow Records to be
created in the Cache by incrementing values of one or several Flow created in the Cache by incrementing values of one or several Flow
Keys. The number of unique combinations of Flow Keys values SHOULD Keys. The number of unique combinations of Flow Keys values SHOULD
be several times larger than the DUT Cache Size. This makes sure be several times larger than the DUT Cache Size. This makes sure
that any incoming packet will never refresh any already existing that any incoming packet will never refresh any already existing
Flow Record in the Cache. Flow Record in the Cache.
5.2 Traffic Configuration 5.2 Traffic Configuration
skipping to change at page 19, line 56 skipping to change at page 19, line 39
due to the input buffers shortage during the burst or due to the due to the input buffers shortage during the burst or due to the
limits in the Flow Monitoring performance. limits in the Flow Monitoring performance.
Measurement Duration Measurement Duration
The measurement duration MUST be at least two times longer than The measurement duration MUST be at least two times longer than
the Inactive Timeout otherwise no Flow Export would be seen. The the Inactive Timeout otherwise no Flow Export would be seen. The
measurement duration SHOULD guarantee that the number of Flow measurement duration SHOULD guarantee that the number of Flow
Records created during the measurement exceeds the available Cache Records created during the measurement exceeds the available Cache
Size on the DUT. Size on the DUT.
Novak Expires June, 2011
5.3 Cache Population 5.3 Cache Population
The product of Inactive Timeout and the packet rate offered to the The product of Inactive Timeout and the packet rate offered to the
DUT (cache population) during the measurements determines the total DUT (cache population) during the measurements determines the total
number of Flow Record entries in the DUT Cache during one particular number of Flow Record entries in the DUT Cache during one particular
measurement (while taking into account some margin for dynamic measurement (while taking into account some margin for dynamic
behaviour during high DUT loads when processing the Flows). behaviour during high DUT loads when processing the Flows).
The Flow monitoring implementation might behave differently The Flow monitoring implementation might behave differently
depending on the relation of cache population to the available Cache depending on the relation of cache population to the available Cache
Size during the measurement. This behaviour is fully implementation Size during the measurement. This behaviour is fully implementation
specific and will also be influenced if the DUT is software based or specific and will also be influenced if the DUT is software based or
hardware based architecture. hardware based architecture.
The cache population (if it is lower than the available Cache Size The cache population (if it is lower than the available Cache Size
or higher than the available Cache Size) during a particular or higher than the available Cache Size) during a particular
benchmark measurement SHOULD be noted and mainly only measurements benchmark measurement SHOULD be noted and mainly only measurements
with same cache population SHOULD be compared. with same cache population SHOULD be compared.
Novak Expires October, 2011
5.4 Measurement Time Interval 5.4 Measurement Time Interval
The measurement time interval is the time value which is used to The measurement time interval is the time value which is used to
calculate the measured Flow Expiration Rate from the captured Flow calculate the measured Flow Expiration Rate from the captured Flow
Export data. It is obtained as specified below. Export data. It is obtained as specified below.
RFC2544 specifies with the precision of the packet beginning and end RFC2544 specifies with the precision of the packet beginning and end
the time intervals to be used to measure the DUT time the time intervals to be used to measure the DUT time
characteristics. In the case of a Flow Monitoring Throughput characteristics. In the case of a Flow Monitoring Throughput
measurement the start and stop time needs to be clearly defined but measurement the start and stop time needs to be clearly defined but
skipping to change at page 20, line 46 skipping to change at page 20, line 27
the variance in transmission delay from the generator to the DUT is the variance in transmission delay from the generator to the DUT is
negligible as compared to the total time of traffic generation. negligible as compared to the total time of traffic generation.
The measurement start time: the time when the traffic generator is The measurement start time: the time when the traffic generator is
started started
The measurement stop time: the time when the traffic generator is The measurement stop time: the time when the traffic generator is
stopped stopped
The measurement time interval is then calculated as the difference The measurement time interval is then calculated as the difference
(stop time) - (start time) - Inactive Timeout. (stop time) - (start time) - (Inactive Timeout).
This supposes that the Cache Size is large enough so that the time to This supposes that the Cache Size is large enough so that the time to
fill it up with Flow Records is longer than Inactive Timeout. fill it up with Flow Records is longer than Inactive Timeout.
Otherwise the time to fill up the Cache needs to be used for Otherwise the time to fill up the Cache needs to be used for
calculation of the measurement time interval in the place of the calculation of the measurement time interval in the place of the
Inactive Timeout. Inactive Timeout.
Novak Expires June, 2011
Instead of measuring the absolute values of stop and start time it is Instead of measuring the absolute values of stop and start time it is
possible to setup the traffic generator to send traffic for certain possible to setup the traffic generator to send traffic for certain
pre-defined time interval which is then used in the above definition pre-defined time interval which is then used in the above definition
instead of the difference (stop time) - (start time). instead of the difference (stop time) - (start time).
The Collector MUST stop collecting the Flow Export data at the The Collector MUST stop collecting the Flow Export data at the
measurement stop time. measurement stop time.
The Inactive Timeout causes delay of the Flow Export data behind the The Inactive Timeout (or the time needed to fill up the Cache) causes
test traffic which is forwarded by the DUT. E.g. if the traffic delay of the Flow Export data behind the test traffic which is
starts at time point X Flow Export will start only at the time point forwarded by the DUT. E.g. if the traffic starts at time point X Flow
X + Inactive Timeout. Since Flow Export capture needs to stop with Export will start only at the time point X + Inactive Timeout (or X +
the traffic (because that's when the DUT stops to process the Flow time to fill up the Cache). Since Flow Export capture needs to stop
Records at the given rate) the time interval during which the DUT with the traffic (because that's when the DUT stops to process the
kept exporting data is by Inactive Timeout shorter than the time Flow Records at the given rate) the time interval during which the
DUT kept exporting data is by Inactive Timeout shorter than the time
interval when the test traffic was sent from the traffic generator to interval when the test traffic was sent from the traffic generator to
the DUT. the DUT.
Novak Expires October, 2011
5.5 Flow Export Rate Measurement 5.5 Flow Export Rate Measurement
The Flow Export Rate needs to be measured in two consequent steps. The Flow Export Rate needs to be measured in two consequent steps.
The purpose of the first step (point a. below) is to gain the actual The purpose of the first step (point a. below) is to gain the actual
value for the rate, the second step (point b. below) needs to be done value for the rate, the second step (point b. below) needs to be done
in order to verify Flow Record drops during the measurement: in order to verify Flow Record drops during the measurement:
a. In the first step the captured Flow Export data MUST be analysed a. In the first step the captured Flow Export data MUST be analyzed
only for the capturing interval (measurement time interval) as only for the capturing interval (measurement time interval) as
specified in section 5.4. During this period the DUT is forced specified in section 5.4. During this period the DUT is forced to
to process Flow Records at the rate the packets are sent. When process Flow Records at the rate the packets are sent. When
traffic generation finishes, the behaviour when emptying the traffic generation finishes, the behaviour when emptying the Cache
Cache is completely implementation specific and the Flow Export is completely implementation specific and the Flow Export data from
data from this period cannot be therefore used for the this period cannot be therefore used for the benchmarking.
benchmarking. b. In the second step all the Flow Export data from the DUT MUST be
captured in order to be capable to determine the Flow Record losses.
b. In the second step all the Flow Export data from the DUT MUST be It needs to be taken into account that especially when large Cache
captured in order to be capable to determine the Flow Record Sizes (in order of magnitude of hundreds of thousands and higher)
losses. It needs to be taken into account that especially when are in use the Flow Export can take many multiples of Inactive
large Cache Sizes (in order of magnitude of hundreds of thousands Timeout to empty the Cache after the measurement. This behaviour is
and higher) are in use the Flow Export can take many multiples of completely implementation specific.
Inactive Timeout to empty the Cache after the measurement. This
behaviour is completely implementation specific.
If the Collector has the capability to redirect the Flow Export data If the Collector has the capability to redirect the Flow Export data
after the measurement time interval into different capture buffer (or after the measurement time interval into different capture buffer (or
time stamp the received Flow Export data after that) this can be done in time stamp the received Flow Export data after that) this can be done
one step. Otherwise each Flow Monitoring Throughput measurement at in one step. Otherwise each Flow Monitoring Throughput measurement at
certain packet rate needs to be executed twice - once to capture the certain packet rate needs to be executed twice - once to capture the
Flow Export data just for the measurement time interval (to determine Flow Export data just for the measurement time interval (to determine
the actual Flow Expiration Rate) and second time to capture all Flow the actual Flow Expiration Rate) and second time to capture all Flow
Export data in order to determine Flow Record losses at that packet Export data in order to determine Flow Record losses at that packet
rate. rate.
Novak Expires June, 2011
This Flow Export Rate procedure is fully applicable to all This Flow Export Rate procedure is fully applicable to all
measurement set-ups but can be simplified for the cases with high measurement set-ups but can be simplified for the cases with high
cache population (see section 5.3) when the Cache is filled up with cache population (see section 5.3) when the Cache is filled up with
Flow Records within first few seconds of the measurement. In such a Flow Records within first few seconds of the measurement. In such a
case the DUT has no choice but to process all the Flows at the case the DUT has no choice but to process all the Flows at the
incoming packet rate and the Flow Export Rate is incoming packet rate and the Flow Export Rate is
numerically equal to the packet rate. Thus only step b. really needs numerically equal to the packet rate. Thus only step b. really needs
to be performed. to be performed.
5.6 The Measurement Procedure 5.6 The Measurement Procedure
The measurement procedure is same as the Throughput measurement in The measurement procedure is same as the Throughput measurement in
the section 26.1 of [RFC2544] for the traffic sending side. The DUT the section 26.1 of [RFC2544] for the traffic sending side. The DUT
output analysis is done on the traffic generator receiving side for output analysis is done on the traffic generator receiving side for
the test traffic the same way as for RFC2544 measurements. the test traffic the same way as for RFC2544 measurements.
An additional analysis is performed using data captured by the An additional analysis is performed using data captured by the
Collector. The purpose of this analysis is to establish the value of Collector. The purpose of this analysis is to establish the value of
Flow Export Rate during the current measurement step and to verify Flow Export Rate during the current measurement step and to verify
Novak Expires October, 2011
that no Flow Records were dropped during the measurement. The that no Flow Records were dropped during the measurement. The
procedure to measure Flow Export Rate is described in the section procedure to measure Flow Export Rate is described in the section
5.5. 5.5.
The Flow Export performance can be significantly affected by the way The Flow Export performance can be significantly affected by the way
the Flow monitoring implementation formats the Flow Records into the the Flow monitoring implementation formats the Flow Records into the
Flow Export packets in terms of ordering and frequency of Control Flow Export packets in terms of ordering and frequency of Control
Information export and mainly the number of Flow Records in one Flow Information export and mainly the number of Flow Records in one Flow
Export packet. The worst case scenario here is just one Flow Record in Export packet. The worst case scenario here is just one Flow Record in
every Flow Export packet. every Flow Export packet.
Flow Export data should be sanity checked during the benchmark Flow Export data should be sanity checked during the benchmark
measurement for: measurement for:
a. the number of Flow Records per packet by simply calculating the a. the number of Flow Records per packet by simply calculating the
ratio of exported Flow Records and the number of Flow Export ratio of exported Flow Records and the number of Flow Export
packets captured during the measurement (which should be packets captured during the measurement (which should be available
available as a counter on the Collector capture buffer). as a counter on the Collector capture buffer)
b. the number of Control Information Flow Records per Flow Export
b. the number of Control Information Flow Records per Flow Export packet (calculated as the ratio of the total number of such Flow
packet (calculated as the ratio of the total number of such Flow Records in the Flow Export data and the number of Flow Export
Records in the Flow Export data and the number of Flow Export packets). It should be several orders of magnitude less than one
packets). It should be several orders of magnitude less than one Flow Record per Flow Export packet or at most in some special
Flow Record per Flow Export packet or at most in some special configuration one unique set of Control Data in each Flow Export
configuration one set unique of Control Data in each Flow Export packet.
packet.
6. RFC2544 Measurements 6. RFC2544 Measurements
RFC2544 measurements can be performed under two Flow Monitoring set- RFC2544 measurements can be performed under two Flow Monitoring set-
ups (see also section 3.4.2). This section details both of them and ups (see also section 3.4.2). This section details both of them and
specifies the ways how to construct the test traffic so that RFC2544 specifies the ways how to construct the test traffic so that RFC2544
measurements can be performed in a controlled environment also from measurements can be performed in a controlled environment also from
Novak Expires June, 2011
the Flow monitoring point of view. Controlled Flow monitoring the Flow monitoring point of view. Controlled Flow monitoring
environment here basically means that the tester always knows what environment means that the tester always knows what Flow monitoring
Flow monitoring activity (Flow Export Rate) the traffic offered to activity (Flow Export Rate) the traffic offered to the DUT causes.
the DUT causes.
This section is applicable mainly for the RFC2544 throughput (RFC2544 This section is applicable mainly for the RFC2544 throughput (RFC2544
section 26.1) and latency (RFC2544 section 26.2 )measurement. It section 26.1) and latency (RFC2544 section 26.2 )measurement. It
could be used also to measure frame loss rate (RFC2544 section 26.3) could be used also to measure frame loss rate (RFC2544 section 26.3)
and back-to-back frames (RFC2544 section 26.4). It is irrelevant for and back-to-back frames (RFC2544 section 26.4). It is irrelevant for
the rest of RFC2544 network interconnect devices characteristics. the rest of RFC2544 network interconnect devices characteristics.
Objective: Objective:
Provide RFC2544 network device characteristics in the presence of Provide RFC2544 network device characteristics in the presence of
Flow monitoring on the DUT. The RFC2544 studies numerous Flow monitoring on the DUT. The RFC2544 studies numerous
characteristics of network devices. The DUT forwarding and time characteristics of network devices. The DUT forwarding and time
characteristics without Flow monitoring present on the DUT can characteristics without Flow monitoring present on the DUT can
significantly vary when Flow monitoring starts to be deployed on vary significantly when Flow monitoring starts to be deployed on
the network device. the network device.
Novak Expires October, 2011
Metric definition: Metric definition:
Metric as specified in [RFC2544]. Metric as specified in [RFC2544].
The measured RFC2544 Throughput MUST NOT include the packet rate The measured RFC2544 Throughput MUST NOT include the packet rate
corresponding to the Flow Export data. It is control type traffic, corresponding to the Flow Export data, because it is control type
generated by the DUT as a result of enabling Flow monitoring and it traffic, generated by the DUT as a result of enabling Flow monitoring
does not contribute to the test traffic which the DUT can handle. On and does not contribute to the test traffic which the DUT can handle.
contrary it requires DUT resources to be generated and transmitted It requires DUT resources to be generated and transmitted and
and therefore the RFC2544 Throughput will be in most cases much lower therefore the RFC2544 Throughput will be in most cases much lower
in the presence of Flow monitoring on the DUT. when Flow monitoring is enabled on the DUT than without it.
6.1 Flow Monitoring Configuration 6.1 Flow Monitoring Configuration
Flow monitoring configuration (as detailed in the section 4.3) needs Flow monitoring configuration (as detailed in the section 4.3) needs
to be applied the same way as discussed in the section 5 with the to be applied the same way as discussed in the section 5 with the
exception of Active Timeout configuration. exception of Active Timeout configuration.
The Active Timeout SHOULD be configured to exceed several times the The Active Timeout SHOULD be configured to exceed several times the
measurement time interval (see section 5.4). This makes sure that if measurement time interval (see section 5.4). This makes sure that if
the measurements with two traffic components are performed (see the measurements with two traffic components are performed (see
section 6.5) there is no Flow monitoring activity related to the section 6.5) there is no Flow monitoring activity related to the
second traffic component. second traffic component.
The Flow monitoring configuration does not change in any other way The Flow monitoring configuration does not change in any other way
for the measurement performed in this section, what changes and makes for the measurement performed in this section, what changes and makes
the difference is the traffic configurations as specified in the the difference is the traffic configurations as specified in the
sections below. sections below.
Novak Expires June, 2011 6.2 Measurements with the Flow Monitoring Throughput Set-up
6.2 Measurements With the Flow Monitoring Throughput Set-up
The major requirement to perform a measurement with Flow Monitoring The major requirement to perform a measurement with Flow Monitoring
Throughput set-up is that the traffic and Flow monitoring is Throughput set-up is that the traffic and Flow monitoring is
configured in such a way that each sent packet creates one Flow configured in such a way that each sent packet creates one Flow
Record in the DUT Cache. This restricts the possible set-ups only to Record in the DUT Cache. This restricts the possible set-ups only to
the measurement with two traffic components as specified in the the measurement with two traffic components as specified in the
section 6.5. section 6.5.
Note that for software based platforms (as already discussed in Note that for software based platforms (as already discussed in
Section 3.5) the two traffic components set-up might not be Section 3.5) the two traffic components set-up might not be
skipping to change at page 24, line 29 skipping to change at page 23, line 58
6.3 Measurements With Fixed Flow Expiration Rate 6.3 Measurements With Fixed Flow Expiration Rate
This section covers the measurements where the RFC2544 metrics need This section covers the measurements where the RFC2544 metrics need
to be measured with Flow monitoring enabled but at certain Flow to be measured with Flow monitoring enabled but at certain Flow
Export Rate lower than Flow Monitoring Throughput. Export Rate lower than Flow Monitoring Throughput.
The tester here has both options as specified in the section 6.4 and The tester here has both options as specified in the section 6.4 and
6.5. 6.5.
Novak Expires October, 2011
6.4 Measurements With Single Traffic Component 6.4 Measurements With Single Traffic Component
Section 12 of [RFC2544] discusses the use of protocol source and Section 12 of [RFC2544] discusses the use of protocol source and
destination addresses for defined measurements. To perform all the destination addresses for defined measurements. To perform all the
RFC2544 type measurements with Flow monitoring enabled the defined RFC2544 type measurements with Flow monitoring enabled the defined
Flow Keys SHOULD contain IP source and destination address. The Flow Keys SHOULD contain IP source and destination address. The
RFC2544 type measurements with Flow monitoring enabled then can be RFC2544 type measurements with Flow monitoring enabled then can be
executed under these additional conditions: executed under these additional conditions:
a. the test traffic is not limited to single unique pair of source a. the test traffic is not limited to single unique pair of source
and destination address and destination address
b. the traffic generator defines test traffic as follows:
b. the traffic generator defines test traffic as follows: allow for a parameter to say send N (where N is an integer number
starting at 1 and incremented in small steps) packets with source
allow for a parameter to say send N (where N is an integer IP address A and destination IP address B before changing both IP
number starting at 1 and incremented in small steps) packets addresses to the next value
with IP addresses A and B before changing both IP addresses to
the next value
This test traffic definition allows execution of the Flow monitoring This test traffic definition allows execution of the Flow monitoring
measurements with fixed Flow Export Rate while measuring the DUT measurements with fixed Flow Export Rate while measuring the DUT
RFC2544 characteristics. This set-up is the better option since it RFC2544 characteristics. This set-up is the better option since it
best simulates the live network traffic scenario with Flows best simulates the live network traffic scenario with Flows
containing more than just one packet. containing more than just one packet.
Novak Expires June, 2011
The initial packet rate at N equal to 1 defines the Flow Expiration The initial packet rate at N equal to 1 defines the Flow Expiration
Rate for the whole measurement procedure. The consequent increases Rate for the whole measurement procedure. The consequent increases
of N will not change Flow Expiration Rate as the time and Cache of N will not change Flow Expiration Rate as the time and Cache
characteristics of the test traffic stay the same. This set-up is characteristics of the test traffic stay the same. This set-up is
suitable for measurements with Flow Export Rates below the Flow suitable for measurements with Flow Export Rates below the Flow
Monitoring Throughput. Monitoring Throughput.
6.5 Measurements With Two Traffic Components 6.5 Measurements With Two Traffic Components
The test traffic set-up in the section 6.2 might be difficult to The test traffic set-up in the section 6.4 might be difficult to
achieve with commercial traffic generators or the granularity of the achieve with commercial traffic generators or the granularity of the
traffic rates as defined by the initial packet rate at N equal to 1 traffic rates as defined by the initial packet rate at N equal to 1
might not be suitable for the required measurement. An alternate might not be suitable for the required measurement. An alternate
mechanism is to define two traffic components in the test traffic. mechanism is to define two traffic components in the test traffic.
One to populate Flow monitoring Cache and the second one to execute One to populate Flow monitoring Cache and the second one to execute
the RFC2544 measurements. the RFC2544 measurements.
a. Flow monitoring test traffic component - the exact traffic a. Flow monitoring test traffic component - the exact traffic
definition as specified in the section 5.2. definition as specified in the section 5.2.
b. RFC2544 Test Traffic Component - test traffic as specified by
b. RFC2544 Test Traffic Component - test traffic as specified by RFC2544 MUST create just one Flow Record in the DUT Cache. In
[RFC2544] MUST create just one Flow Record in the DUT Cache. In the particular set-up discussed here this would mean a traffic
the particular set-up discussed here this would mean a traffic stream with just one pair of unique source and destination IP
stream with just one pair of unique source and destination IP addresses (but could be avoided if Flow Keys were for example
addresses (but could be avoided if Flow Keys were for example UDP/TCP source and destination ports and Flow Keys did not contain
UDP/TCP source and destination ports and Flow Keys did not the addresses).
contain the addresses).
The Flow monitoring traffic component will exercise the DUT in terms The Flow monitoring traffic component will exercise the DUT in terms
of Flow activity while the second traffic component will measure the of Flow activity while the second traffic component will measure the
RFC2544 characteristics. The traffic rates to be reported as RFC2544 characteristics.
Throughput are the sum of rates of both components. The RFC2544
metrics do not need any other change.
Novak Expires October, 2011
The measured RFC2544 Throughput is the sum of the packet rates of The measured RFC2544 Throughput is the sum of the packet rates of
both traffic components, the definition of other RFC2544 metrics both traffic components, the definition of other RFC2544 metrics
remains unchanged. remains unchanged.
7. Flow Monitoring Accuracy 7. Flow Monitoring Accuracy
The pure Flow monitoring measurement in section 5 provides the The pure Flow monitoring measurement in section 5 provides the
capability to verify the Flow monitoring accuracy in terms of the capability to verify the Flow monitoring accuracy in terms of the
exported Flow Record data. Since every Flow Record created in the exported Flow Record data. Since every Flow Record created in the
Cache is populated by just one packet, the full set of captured data Cache is populated by just one packet, the full set of captured data
on the Collector can be parsed (e.g. providing the values of all Flow on the Collector can be parsed (e.g. providing the values of all Flow
Keys and other Flow Record fields not only the overall Flow Record Keys and other Flow Record fields not only the overall Flow Record
count in the exported data) and each set of parameters from each Flow count in the exported data) and each set of parameters from each Flow
Record can be checked against the parameters as configured on the Record can be checked against the parameters as configured on the
traffic generator and set in packet sent to the DUT. The exported traffic generator and set in packet sent to the DUT. The exported
Flow Record is considered accurate if: Flow Record is considered accurate if:
a. all the Flow Record fields are present in each exported Flow a. all the Flow Record fields are present in each exported Flow
Record Record
Novak Expires June, 2011 b. all the Flow Record fields values match the value ranges as set by
b. all the Flow Record fields values match the value ranges the traffic generator (for example an IP address falls within the
as set by the traffic generator (for example an IP address range of the IP addresses increments on the traffic generator)
falls within the range of the IP addresses increments on the c. all the possible Flow Record fields values as defined at the
traffic generator) traffic generator have been found in the captured export data
c. all the possible Flow Record fields values as defined at the on the Collector. This check needs to be offset to potential
traffic generator have been found in the captured export data detected packet losses at the DUT during the measurement
on the Collector. This check needs to be offset to potential
detected packet losses at the DUT during the measurement
If Packet Sampling is deployed then only verifications in point a. If Packet Sampling is deployed then only verifications in point a.
and b. above can be performed. and b. above can be performed.
8. Evaluating Flow Monitoring Applicability 8. Evaluating Flow Monitoring Applicability
The measurement results as discussed in this document and obtained The measurement results as discussed in this document and obtained
for certain DUTs allow for a preliminary analysis of a Flow for certain DUTs allow for a preliminary analysis of a Flow
monitoring deployment based on the traffic analysis data from the monitoring deployment based on the traffic analysis data from the
providers network. providers network.
skipping to change at page 26, line 40 skipping to change at page 25, line 58
Number of packets per IP Flow: 20 Number of packets per IP Flow: 20
Expected data rate on the network device: 1 Gbit/s Expected data rate on the network device: 1 Gbit/s
This results in: This results in:
Expected packet rate: 357 000 pps Expected packet rate: 357 000 pps
being (1 Gbit/s divided by 350 bytes/packet) being (1 Gbit/s divided by 350 bytes/packet)
Novak Expires October, 2011
Flows per second: 18 000 Flows per second: 18 000
being (packet rate 357 000 pps divided by 20 packets per IP Flow) being (packet rate 357 000 pps divided by 20 packets per IP Flow)
It needs to be kept in mind that the above is a very rough and It needs to be kept in mind that the above is a very rough and
averaged Flow activity estimate which cannot account for traffic averaged Flow activity estimate which cannot account for traffic
anomalies like large number of for example DNS request packets which anomalies like large number of for example DNS request packets which
are typically small packets coming from many different sources and are typically small packets coming from many different sources and
represent mostly just one packet per Flow. represent mostly just one packet per Flow.
9. Acknowledgements 9. Acknowledgements
This work could have been performed thanks to the patience and This work could have been performed thanks to the patience and
support of Cisco Systems Netflow development team, namely Paul support of Cisco Systems Netflow development team, namely Paul
Aitken, Paul Atkins and Andrew Johnson. Thanks belong to Benoit Aitken, Paul Atkins and Andrew Johnson. Thanks belong to Benoit
Claise for numerous detailed reviews and presentations of the Claise for numerous detailed reviews and presentations of the
document and Aamer Akhter for initiating this work. document and Aamer Akhter for initiating this work.
Novak Expires June, 2011
10. IANA Considerations 10. IANA Considerations
This document requires no IANA considerations. This document makes no requests of IANA.
11. Security Considerations 11. Security Considerations
Documents of this type do not directly affect the security of Documents of this type do not directly affect the security of
the Internet or corporate networks as long as benchmarking the Internet or corporate networks as long as benchmarking
is not performed on devices or systems connected to operating is not performed on devices or systems connected to operating
networks. networks.
Benchmarking activities as described in this memo are limited to Benchmarking activities as described in this memo are limited to
technology characterization using controlled stimuli in a laboratory technology characterization using controlled stimuli in a laboratory
skipping to change at page 27, line 40 skipping to change at page 26, line 58
from the DUT SHOULD be identical in the lab and in production from the DUT SHOULD be identical in the lab and in production
networks. networks.
12. References 12. References
12.1. Normative References 12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, April 1997 Requirement Levels", BCP 14, RFC 2119, April 1997
Novak Expires October, 2011
[RFC2544] Bradner, S., "Benchmarking Methodology for Network [RFC2544] Bradner, S., "Benchmarking Methodology for Network
Interconnect Devices", Informational, RFC 2544, April 1999 Interconnect Devices", Informational, RFC 2544, April 1999
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, [RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
"Architecture Model for IP Flow Information Export", "Architecture Model for IP Flow Information Export",
RFC 5470, December 2010 RFC 5470, April 2011
12.2. Informative References 12.2. Informative References
[RFC1242] Bradner, S., "Benchmarking Terminology for Network [RFC1242] Bradner, S., "Benchmarking Terminology for Network
Interconnection Devices", RFC 1242, July 1991 Interconnection Devices", RFC 1242, July 1991
[RFC2285] Mandeville R., "Benchmarking Terminology for LAN Switching [RFC2285] Mandeville R., "Benchmarking Terminology for LAN Switching
Devices", Informational, RFC 2285, November 1998 Devices", Informational, RFC 2285, November 1998
Novak Expires June, 2011
[RFC3031] E. Rosen, A. Viswanathan, R. Callon, "Multiprotocol Label [RFC3031] E. Rosen, A. Viswanathan, R. Callon, "Multiprotocol Label
Switching Architecture", Standards Track, RFC 3031, Switching Architecture", Standards Track, RFC 3031,
January 2001 January 2001
[RFC3917] Quittek J., "Requirements for IP Flow Information Export [RFC3917] Quittek J., "Requirements for IP Flow Information Export
(IPFIX)", Informational, RFC 3917, October 2004. (IPFIX)", Informational, RFC 3917, October 2004.
[RFC5101] Claise B., "Specification of the IP Flow Information [RFC5101] Claise B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", Standards Track, RFC 5101, January 2008 Flow Information", Standards Track, RFC 5101, January 2008
[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and
J. Meyer, "Information Model for IP Flow Information
Export", RFC 5102, January 2008
[RFC5180] C. Popoviciu, A. Hamza, D. Dugatkin, G. Van de Velde, [RFC5180] C. Popoviciu, A. Hamza, D. Dugatkin, G. Van de Velde,
"IPv6 Benchmarking Methodology for Network Interconnect "IPv6 Benchmarking Methodology for Network Interconnect
Devices", Informational, RFC 5180, May 2008 Devices", Informational, RFC 5180, May 2008
[RFC5472] Zseby, T., Boschi, E., Brownlee, N., Claise, B.,
"IP Flow Information Export (IPFIX) Applicability",
RFC 5472, December 2010
[RFC5474] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M.
Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan,
"A Framework for Passive Packet Measurement" RFC 5474,
December 2010
[RFC5475] T. Zseby, M. Molina, N. Duffield, F. Raspall, "Sampling [RFC5475] T. Zseby, M. Molina, N. Duffield, F. Raspall, "Sampling
and Filtering Techniques for IP Packet Selection" and Filtering Techniques for IP Packet Selection"
RFC 5475, December 2010 RFC 5475, March 2009
[RFC5476] Claise, B., Quittek, J., and A. Johnson, "Packet [RFC5476] Claise, B., Quittek, J., and A. Johnson, "Packet
Sampling (PSAMP) Protocol Specifications", RFC 5476, Sampling (PSAMP) Protocol Specifications", RFC 5476,
December 2010 March 2009
[RFC5477] T. Dietz, F. Dressler, G. Carle, B. Claise,
"Information Model for Packet Sampling Exports", RFC 5477,
December 2010
[PSAMP-MIB] Dietz, T., Claise, B. "Definitions of Managed
Objects for Packet Sampling", Internet-Draft work in
progress, June 2006
[RFC5695] Akhter A. "MPLS Forwarding Benchmarking Methodology", [RFC5695] Akhter A. "MPLS Forwarding Benchmarking Methodology",
RFC 5695, November 2009 RFC 5695, November 2009
[CAIDA] Claffy, K., "The nature of the beast: recent traffic [CAIDA] Claffy, K., "The nature of the beast: recent traffic
measurements from an Internet backbone", measurements from an Internet backbone",
http://www.caida.org/publications/papers/1998/Inet98/ http://www.caida.org/publications/papers/1998/Inet98/
Inet98.html Inet98.html
Novak Expires June, 2011
Author's Addresses Author's Addresses
Jan Novak (editor) Jan Novak (editor)
Cisco Systems Cisco Systems
Edinburgh, Edinburgh,
United Kingdom United Kingdom
Email: janovak@cisco.com Email: janovak@cisco.com
Novak Expires June, 2011 Novak Expires October, 2011
Appendix A: Report Format Appendix A: Recommended Report Format
Parameter Units Parameter Units
----------------------------------- ------------------------------------ ----------------------------------- ------------------------------------
Test Case test case name (section 5 and 6) Test Case test case name (section 5 and 6)
Test Topology Figure 2, other Test Topology Figure 2, other
Traffic Type IPv4, IPV6, MPLS, other Traffic Type IPv4, IPv6, MPLS, other
Test Results Test Results
Flow Monitoring Throughput Flow Records per second or Not Flow Monitoring Throughput Flow Records per second or Not
Applicable Applicable
Flow Export Rate Flow Records per second or Not Flow Export Rate Flow Records per second or Not
Applicable Applicable
Control Information Export Rate Flow Records per second Control Information Export Rate Flow Records per second
RFC2544 Throughput packets per second RFC2544 Throughput packets per second
(Other RFC2544 Metrics) (as appropriate) (Other RFC2544 Metrics) (as appropriate)
skipping to change at page 30, line 46 skipping to change at page 28, line 46
Flow monitoring Specifications Flow monitoring Specifications
Direction ingress, egress, both Direction ingress, egress, both
Observation Points DUT interface names Observation Points DUT interface names
Cache Size number of entries Cache Size number of entries
Active Timeout seconds Active Timeout seconds
Inactive Timeout seconds Inactive Timeout seconds
Flow Keys list of fields Flow Keys list of fields
Flow Record Fields total number of fields Flow Record Fields total number of fields
Number of Flows Created number of entries Number of Flows Created number of entries
Flow Export Transport Protocol UDP, TCP, SCTP, other Flow Export Transport Protocol UDP, TCP, SCTP, other
Flow Export Protocol IPFIX, Sflow, Netflow, other Flow Export Protocol IPFIX, Netflow, other
Flow Export data packet size bytes
Packet Sampling Specifications Packet Sampling Specifications
Sampling Method [RFC5475] systematic, random or none Sampling Method [RFC5475] systematic, random or none
Sampling Interval milliseconds or not applicable Sampling Interval milliseconds or not applicable
Sampling Rate number of packets or not applicable Sampling Rate number of packets or not applicable
MPLS Specifications (for traffic type MPLS only) MPLS Specifications (for traffic type MPLS only)
Tested Label Operation imposition, swap, disposition Tested Label Operation imposition, swap, disposition
Novak Expires June, 2011 Novak Expires October, 2011
Appendix B: Miscellaneous Tests Appendix B: Miscellaneous Tests
This section lists the tests which could be useful to asses a proper This section lists the tests which could be useful to asses a proper
Flow monitoring operation under various operational or stress Flow monitoring operation under various operational or stress
conditions. These tests are not deemed suitable for any benchmarking conditions. These tests are not deemed suitable for any benchmarking
for various reasons. for various reasons.
B.1 DUT Under Traffic Load B.1 DUT Under Traffic Load
skipping to change at page 31, line 42 skipping to change at page 29, line 42
conditions for the benchmark measurement. conditions for the benchmark measurement.
The real network deployment of Flow monitoring might not allow The real network deployment of Flow monitoring might not allow
for such a luxury - for example on a very geographically large for such a luxury - for example on a very geographically large
network. In such a case, Flow Export will use an ordinary traffic network. In such a case, Flow Export will use an ordinary traffic
forwarding interface e.g. in-band Flow Export. forwarding interface e.g. in-band Flow Export.
The Flow monitoring operation should be verified with in-band The Flow monitoring operation should be verified with in-band
Flow Export configuration while following these test steps: Flow Export configuration while following these test steps:
a. Perform benchmark test as specified in section 5 a. Perform benchmark test as specified in section 5
b. One of the results will be how much bandwidth Flow Export b. One of the results will be how much bandwidth Flow Export
used on the dedicated Flow Export interface used on the dedicated Flow Export interface
c. Change Flow Export configuration to use the test interface c. Change Flow Export configuration to use the test interface
d. Repeat the benchmark test while the receiver filters out the d. Repeat the benchmark test while the receiver filters out the
Flow Export data from analysis Flow Export data from analysis
The expected result is that the RFC2544 Throughput achieved in The expected result is that the RFC2544 Throughput achieved in
step a. is same as the Throughput achieved in step d. provided step a. is same as the Throughput achieved in step d. provided
that the bandwidth of the output DUT interface is not the that the bandwidth of the output DUT interface is not the
bottleneck (in other words it must have enough capacity to bottleneck (in other words it must have enough capacity to
forward both test and Flow Export traffic). forward both test and Flow Export traffic).
Novak Expires June, 2011 Novak Expires October, 2011
B.3 Variable Packet Size B.3 Variable Packet Size
The Flow monitoring measurements specified in this document would The Flow monitoring measurements specified in this document would
be interesting to repeat with variable packet sizes within one be interesting to repeat with variable packet sizes within one
particular test (e.g. test traffic containing mix of packet particular test (e.g. test traffic containing mix of packet
sizes). The packet forwarding tests specified mainly in [RFC2544] sizes). The packet forwarding tests specified mainly in [RFC2544]
do not recommend and perform such tests. Flow monitoring is not do not recommend and perform such tests. Flow monitoring is not
dependent on packet sizes so such a test could be performed during dependent on packet sizes so such a test could be performed during
the Flow Monitoring Throughput measurement and verify its value the Flow Monitoring Throughput measurement and verify its value
does not depend on the offered traffic packet sizes. The tests does not depend on the offered traffic packet sizes. The tests
skipping to change at page 32, line 28 skipping to change at page 30, line 28
B.4 Bursty Traffic B.4 Bursty Traffic
RFC2544 section 21 discusses and defines the use of bursty RFC2544 section 21 discusses and defines the use of bursty
traffic. It can be used for Flow monitoring testing as well to traffic. It can be used for Flow monitoring testing as well to
gauge some short term overload DUT capabilities in terms of Flow gauge some short term overload DUT capabilities in terms of Flow
monitoring. The tests benchmark here would not be the Flow monitoring. The tests benchmark here would not be the Flow
Expiration Rate the DUT can sustain but the absolute number of Expiration Rate the DUT can sustain but the absolute number of
Flow Records the DUT can process without dropping any single Flow Flow Records the DUT can process without dropping any single Flow
Record. The traffic set-up to be used for this test is as follows: Record. The traffic set-up to be used for this test is as follows:
a. each sent packet creates a new Flow Record a. each sent packet creates a new Flow Record
b. the packet rate is set to the maximum transmission speed of the
b. the packet rate is set to the maximum transmission speed of DUT interface used for the test
the DUT interface used for the test
B.5 Various Flow Monitoring Configurations B.5 Various Flow Monitoring Configurations
This section translates the terminology used in the IPFIX This section translates the terminology used in the IPFIX
documents [RFC5470], [RFC5101] and others into the terminology documents [RFC5470], [RFC5101] and others into the terminology
used in this document. Section B.5.2 proposes another measurement used in this document. Section B.5.2 proposes another measurement
which is not possible to verify in a black box test manner. which is not possible to verify in a black box test manner.
B.5.1 RFC2544 Throughput without Metering Process B.5.1 RFC2544 Throughput without Metering Process
skipping to change at page 32, line 54 skipping to change at page 30, line 53
performance measurement of the DUT in such a case is just pure performance measurement of the DUT in such a case is just pure
[RFC2544] measurement. [RFC2544] measurement.
B.5.2 RFC2544 Throughput with Metering Process B.5.2 RFC2544 Throughput with Metering Process
If only Metering Process is enabled it means that Flow analysis If only Metering Process is enabled it means that Flow analysis
on the DUT is enabled and operational but no Flow Export happens. on the DUT is enabled and operational but no Flow Export happens.
The performance measurement of a DUT in such a configuration The performance measurement of a DUT in such a configuration
represents an useful test of the DUT capabilities (this represents an useful test of the DUT capabilities (this
corresponds to the case when the network operator uses Flow corresponds to the case when the network operator uses Flow
Monitoring for example for manual denial of service attacks Monitoring for example for manual denial of service attacks
detection and does not wish to use Flow Export). detection and does not wish to use Flow Export).
Novak Expires June, 2011 Novak Expires October, 2011
The performance testing on this DUT can be performed as discussed The performance testing on this DUT can be performed as discussed
in this document but it is not possible to verify the operation in this document but it is not possible to verify the operation
and results without interrogating the DUT. and results without interrogating the DUT.
B.5.3 RFC2544 Throughput with Metering and Exporting Process B.5.3 RFC2544 Throughput with Metering and Exporting Process
This test represents the performance testing as discussed in This test represents the performance testing as discussed in
section 6. section 6.
B.6 Tests With Bidirectional Traffic B.6 Tests With Bidirectional Traffic
The test topology on Figure 2 can be expanded to verify Flow The test topology on Figure 2 can be expanded to verify Flow
monitoring functionality with bidirectional traffic in two possible monitoring functionality with bidirectional traffic in two possible
ways: ways:
a. use two sets of interfaces, one for Flow monitoring for ingress a. use two sets of interfaces, one for Flow monitoring for ingress
traffic and one for Flow monitoring egress traffic traffic and one for Flow monitoring egress traffic
b. use exactly same set-up as in Figure 2 but use the interfaces in
b. use exactly same set-up as in Figure 2 but use the interfaces full duplex mode e.g. sending and receiving simultaneously on each
in full duplex mode e.g. sending and receiving simultaneously of them
on each of them
The set-up in point a. above is in fact equivalent to the set-up with The set-up in point a. above is in fact equivalent to the set-up with
several Observation Points as already discussed in the section 4.1 several Observation Points as already discussed in the section 4.1
and 4.3.1. and 4.3.1.
For the set-up in point b. same rules should be applied (as per For the set-up in point b. same rules should be applied (as per
section 4.1 and 4.3.1) - traffic passing through each Observation section 4.1 and 4.3.1) - traffic passing through each Observation
Point SHOULD always create a new Flow Record in the Cache e.g. the Point SHOULD always create a new Flow Record in the Cache e.g. the
same traffic SHOULD NOT be just looped back on the receiving same traffic SHOULD NOT be just looped back on the receiving
interfaces to create the bidirectional traffic flow. interfaces to create the bidirectional traffic flow.
B.7 Instantaneous Flow Export Rate B.7 Instantaneous Flow Export Rate
An additional useful information when analysing the Flow Export data An additional useful information when analysing the Flow Export data
for the Flow Expiration Rate is the time distribution of the for the Flow Expiration Rate is the time distribution of the
instantaneous Flow Export Rate. It can be derived during the instantaneous Flow Export Rate. It can be derived during the
measurements in two ways: measurements in two ways:
a. The Collector might provide the capability to decode Flow a. The Collector might provide the capability to decode Flow Export
Export during capturing and at the same time counting the Flow during capturing and at the same time counting the Flow Records
Records and provide the instantaneous (or simply an average over and provide the instantaneous (or simply an average over shorter
shorter time interval than specified in the section 5.4) Flow time interval than specified in the section 5.4) Flow Export Rate
Export Rate b. The Flow Export protocol (like IPFIX [RFC5101]) can provide time
stamps in the Flow Export packets which would allow time based
b. The Flow Export protocol (like IPFIX [RFC5101]) can provide time analysis and calculate the Flow Export Rate as an average over
stamps in the Flow Export packets which would allow time based much shorter time interval than specified in the section 5.4
analysis and calculate the Flow Export Rate as an average over
much shorter time interval than specified in the section 5.4
The accuracy and shortest time average will always be limited by the The accuracy and shortest time average will always be limited by the
precision of the time stamps (1 second for IPFIX) or by the precision of the time stamps (1 second for IPFIX) or by the
capabilities of the DUT and the Collector. capabilities of the DUT and the Collector.
Novak Expires June, 2011 Novak Expires October, 2011
 End of changes. 138 change blocks. 
361 lines changed or deleted 311 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/