draft-ietf-bmwg-ipflow-meth-04.txt   draft-ietf-bmwg-ipflow-meth-05.txt 
Internet Engineering Task Force Jan Novak Internet Engineering Task Force Jan Novak
Internet-Draft Cisco Systems, Inc. Internet-Draft Cisco Systems, Inc.
Intended status: Informational Intended status: Informational
Expires: 2 April, 2012 2 October 2011 Expires: 7 June, 2012 6 December 2011
IP Flow Information Accounting and Export Benchmarking IP Flow Information Accounting and Export Benchmarking
Methodology Methodology
draft-ietf-bmwg-ipflow-meth-04.txt draft-ietf-bmwg-ipflow-meth-05.txt
Abstract Abstract
This document provides a methodology and framework for quantifying This document provides a methodology and framework for quantifying
the performance impact of monitoring of IP flows on a network device the performance impact of monitoring of IP flows on a network device
and export of this information to a collector. It identifies the rate and export of this information to a collector. It identifies the rate
at which the IP flows are created, expired, and successfully exported at which the IP flows are created, expired, and successfully exported
as a new performance metric in combination with traditional as a new performance metric in combination with traditional
throughput. The metric is only applicable to the devices compliant throughput. The metric is only applicable to the devices compliant
with the Architecture for IP Flow Information Export [RFC5470]. with the Architecture for IP Flow Information Export [RFC5470].
skipping to change at page 1, line 56 skipping to change at page 1, line 56
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Novak Expires April, 2012 Novak Expires June, 2012
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described "OPTIONAL" in this document are to be interpreted as described
in RFC 2119 [RFC2119]. in RFC 2119 [RFC2119].
Table of Contents Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3
skipping to change at page 2, line 55 skipping to change at page 2, line 55
7. Flow Monitoring Accuracy . . . . . . . . . . . . . . . . . . 25 7. Flow Monitoring Accuracy . . . . . . . . . . . . . . . . . . 25
8. Evaluating Flow Monitoring Applicability . . . . . . . . . . 25 8. Evaluating Flow Monitoring Applicability . . . . . . . . . . 25
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26
10. Security Considerations . . . . . . . . . . . . . . . . . . 26 10. Security Considerations . . . . . . . . . . . . . . . . . . 26
11. IANA Consierations. . . . . . . . . . . . . . . . . . . . . 26 11. IANA Consierations. . . . . . . . . . . . . . . . . . . . . 26
12. References. . . . . . . . . . . . . . . . . . . . . . . . . 26 12. References. . . . . . . . . . . . . . . . . . . . . . . . . 26
12.1 Normative References. . . . . . . . . . . . . . . . . . 26 12.1 Normative References. . . . . . . . . . . . . . . . . . 26
12.2 Informative References. . . . . . . . . . . . . . . . . 27 12.2 Informative References. . . . . . . . . . . . . . . . . 27
Appendix A: Recommended Report Format . . . . . . . . . . . . . 28 Appendix A: Recommended Report Format . . . . . . . . . . . . . 28
Novak Expires April, 2012 Novak Expires June, 2012
Appendix B: Miscellaneous Tests . . . . . . . . . . . . . . . . 29 Appendix B: Miscellaneous Tests . . . . . . . . . . . . . . . . 29
B.1 DUT Under Traffic Load . . . . . . . . . . . . . . . . . 29 B.1 DUT Under Traffic Load . . . . . . . . . . . . . . . . . 29
B.2 In-band Flow Export. . . . . . . . . . . . . . . . . . . 29 B.2 In-band Flow Export. . . . . . . . . . . . . . . . . . . 29
B.3 Variable Packet Rate . . . . . . . . . . . . . . . . . . 30 B.3 Variable Packet Rate . . . . . . . . . . . . . . . . . . 30
B.4 Bursty Traffic . . . . . . . . . . . . . . . . . . . . . 30 B.4 Bursty Traffic . . . . . . . . . . . . . . . . . . . . . 30
B.5 Various Flow Monitoring Configurations . . . . . . . . . 30 B.5 Various Flow Monitoring Configurations . . . . . . . . . 30
B.6 Tests With Bidirectional Traffic . . . . . . . . . . . . 31 B.6 Tests With Bidirectional Traffic . . . . . . . . . . . . 31
B.7 Instantaneous Flow Export Rate . . . . . . . . . . . . . 31 B.7 Instantaneous Flow Export Rate . . . . . . . . . . . . . 31
1. Introduction 1. Introduction
skipping to change at page 3, line 58 skipping to change at page 3, line 58
device can sustain without impacting the forwarding plane, without device can sustain without impacting the forwarding plane, without
losing any IP flow information, and without compromising the IP flow losing any IP flow information, and without compromising the IP flow
accuracy (see section 7 for details). accuracy (see section 7 for details).
[RFC2544], [RFC5180] and [RFC5695] specify benchmarking of network [RFC2544], [RFC5180] and [RFC5695] specify benchmarking of network
devices forwarding IPv4, IPv6 and MPLS [RFC3031] traffic, devices forwarding IPv4, IPv6 and MPLS [RFC3031] traffic,
respectively. The methodology specified in this document stays the respectively. The methodology specified in this document stays the
same for any traffic type. The only restriction may be the DUT's same for any traffic type. The only restriction may be the DUT's
lack of support for Flow monitoring of the particular traffic type. lack of support for Flow monitoring of the particular traffic type.
Novak Expires April, 2012 Novak Expires June, 2012
A variety of different network device architectures exist that are A variety of different network device architectures exist that are
capable of Flow monitoring and export. As such, this document does capable of Flow monitoring and export. As such, this document does
not attempt to list the various white box variables (CPU load, not attempt to list the various white box variables (CPU load,
memory utilization, hardware resources utilization etc) that could memory utilization, hardware resources utilization etc) that could
be gathered as they always help in comparison evaluations. A more be gathered as they always help in comparison evaluations. A more
complete understanding of the stress points of a particular device complete understanding of the stress points of a particular device
can be attained using this internal information and the tester MAY can be attained using this internal information and the tester MAY
choose to gather this information during the measurement iterations. choose to gather this information during the measurement iterations.
2. Terminology 2. Terminology
skipping to change at page 4, line 57 skipping to change at page 4, line 57
Throughput [RFC1242, section 3.17] Throughput [RFC1242, section 3.17]
2.2 New Terminology 2.2 New Terminology
2.2.1 Cache 2.2.1 Cache
Definition: Definition:
Memory area held and dedicated by the DUT to store Flow Memory area held and dedicated by the DUT to store Flow
information prior to the Flow Expiration. information prior to the Flow Expiration.
Novak Expires April, 2012 Novak Expires June, 2012
2.2.2 Cache Size 2.2.2 Cache Size
Definition: Definition:
The size of the Cache in terms of how many entries the Cache can The size of the Cache in terms of how many entries the Cache can
hold. hold.
Discussion: Discussion:
This term is typically represented as a configurable option in This term is typically represented as a configurable option in
the particular Flow monitoring implementation. Its highest value the particular Flow monitoring implementation. Its highest value
will depend on the memory available in the network device. will depend on the memory available in the network device.
skipping to change at page 5, line 53 skipping to change at page 5, line 53
Cache entry have been observed during the interval. Cache entry have been observed during the interval.
Discussion: Discussion:
This term is typically represented as a configurable option in the This term is typically represented as a configurable option in the
particular Flow monitoring implementation. See section 5.1.1 of particular Flow monitoring implementation. See section 5.1.1 of
[RFC5470] for more detailed discussion. [RFC5470] for more detailed discussion.
Measurement units: Measurement units:
Seconds Seconds
Novak Expires April, 2012 Novak Expires June, 2012
2.2.5 Flow Export Rate 2.2.5 Flow Export Rate
Definition: Definition:
The number of Cache entries that expire from the Cache (as defined The number of Cache entries that expire from the Cache (as defined
by the Flow Expiration term) and are exported to the Collector by the Flow Expiration term) and are exported to the Collector
within a measurement time interval. There SHOULD NOT be any export within a measurement time interval. There SHOULD NOT be any export
filtering, so that all the expired cache entries are exported. If filtering, so that all the expired cache entries are exported. If
there is export filtering and it can't be disabled, this needs to there is export filtering and it can't be disabled, this needs to
be noted. be noted.
skipping to change at page 6, line 61 skipping to change at page 6, line 61
to process Flow Export data. The physical layer issues, like to process Flow Export data. The physical layer issues, like
insufficient bandwidth from the DUT to the Collector or lack of insufficient bandwidth from the DUT to the Collector or lack of
Collector resources MUST be excluded as detailed in section 4. Collector resources MUST be excluded as detailed in section 4.
3.2 Device Applicability 3.2 Device Applicability
The Flow monitoring performance metric is applicable to network The Flow monitoring performance metric is applicable to network
devices that implement [RFC5470] architecture. These devices can be devices that implement [RFC5470] architecture. These devices can be
network packet forwarding devices or appliances which analyze network packet forwarding devices or appliances which analyze
Novak Expires April, 2012 Novak Expires June, 2012
the traffic but do not forward traffic (probes, sniffers, the traffic but do not forward traffic (probes, sniffers,
replicators). replicators).
This document does not intend to measure Collector performance, it This document does not intend to measure Collector performance, it
only requires sufficient Collector resources (as specified in section only requires sufficient Collector resources (as specified in section
4.4) in order to measure the DUT characteristics. 4.4) in order to measure the DUT characteristics.
3.3 Measurement Concept 3.3 Measurement Concept
Figure 1 below presents the functional block diagram of the DUT. The Figure 1 below presents the functional block diagram of the DUT. The
traffic in the figure represents the test traffic sent to the traffic in the figure represents the test traffic sent to the
skipping to change at page 7, line 57 skipping to change at page 7, line 57
Figure 1. The functional block diagram of the DUT Figure 1. The functional block diagram of the DUT
The Flow monitoring enabled (see section 4.3) on the DUT and The Flow monitoring enabled (see section 4.3) on the DUT and
represented in the figure 1 by the Monitoring Plane uses the represented in the figure 1 by the Monitoring Plane uses the
traffic information provided by the Forwarding Plane and configured traffic information provided by the Forwarding Plane and configured
Flow Keys to create Cache entries representing the traffic Flow Keys to create Cache entries representing the traffic
forwarded (or observed) by the DUT in the DUT Cache. The Cache forwarded (or observed) by the DUT in the DUT Cache. The Cache
entries are expired from the Cache depending on the Cache entries are expired from the Cache depending on the Cache
configuration (ie, the Active and Inactive Timeouts, number of Cache configuration (ie, the Active and Inactive Timeouts, number of Cache
Novak Expires April, 2012 Novak Expires June, 2012
entries and the Cache Size) and the traffic pattern. The Cache entries and the Cache Size) and the traffic pattern. The Cache
entries are used by the Exporting Process to format the Flow Records entries are used by the Exporting Process to format the Flow Records
which are then exported from the DUT to the Collector (see figure 2 which are then exported from the DUT to the Collector (see figure 2
in section 4). in section 4).
The Forwarding Plane and Monitoring Plane represent two separate The Forwarding Plane and Monitoring Plane represent two separate
functional blocks, each with it's own performance capability. The functional blocks, each with it's own performance capability. The
Forwarding Plane handles user data packets and is fully characterised Forwarding Plane handles user data packets and is fully characterised
by the metrics defined by [RFC2544]. by the metrics defined by [RFC2544].
skipping to change at page 8, line 55 skipping to change at page 8, line 55
with one packet per Flow as specified in section 5. This traffic with one packet per Flow as specified in section 5. This traffic
type represents the most demanding traffic from the Flow monitoring type represents the most demanding traffic from the Flow monitoring
point of view and will exercise the Monitoring Plane (see figure 1) point of view and will exercise the Monitoring Plane (see figure 1)
of the DUT most. In this scenario every packet seen by DUT creates a of the DUT most. In this scenario every packet seen by DUT creates a
new Cache entry and forces the DUT to fill the Cache instead of just new Cache entry and forces the DUT to fill the Cache instead of just
updating packet and byte counters of an already existing Cache entry. updating packet and byte counters of an already existing Cache entry.
The exit criteria for the Flow Monitoring Throughput measurement are The exit criteria for the Flow Monitoring Throughput measurement are
one of the following (e.g. if any of the conditions is reached): one of the following (e.g. if any of the conditions is reached):
Novak Expires April, 2012 Novak Expires June, 2012
a. The Flow Export Rate at which the DUT starts to lose Flow a. The Flow Export Rate at which the DUT starts to lose Flow
information or the Flow information gets corrupted information or the Flow information gets corrupted
b. The Flow Export Rate at which the Forwarding Plane starts to drop b. The Flow Export Rate at which the Forwarding Plane starts to drop
or corrupt packets (if the Forwarding Plane is present) or corrupt packets (if the Forwarding Plane is present)
A corrupted packet here means the packet header corruption (resulting A corrupted packet here means the packet header corruption (resulting
in the cyclic redundancy check failure on the transmission level and in the cyclic redundancy check failure on the transmission level and
consequent packet drop) or the packet payload corruption leading to consequent packet drop) or the packet payload corruption leading to
the lost application level data. the lost application level data.
skipping to change at page 9, line 56 skipping to change at page 9, line 56
to perform Flow monitoring performance measurement. The recommended to perform Flow monitoring performance measurement. The recommended
reporting format can be found in Appendix A. reporting format can be found in Appendix A.
4.1 Measurement Topology 4.1 Measurement Topology
The measurement topology described in this section is applicable only The measurement topology described in this section is applicable only
to the measurements with packet forwarding network devices. The to the measurements with packet forwarding network devices. The
possible architectures and implementation of the traffic monitoring possible architectures and implementation of the traffic monitoring
appliances (see section 3.2) are too various to be covered in this appliances (see section 3.2) are too various to be covered in this
Novak Expires April, 2012 Novak Expires June, 2012
document. Instead of the Forwarding Plane, these appliances generally document. Instead of the Forwarding Plane, these appliances generally
have some kind of feed (an optical splitter, an interface sniffing have some kind of feed (an optical splitter, an interface sniffing
traffic on a shared media or an internal channel on the DUT providing traffic on a shared media or an internal channel on the DUT providing
a copy of the traffic) providing the information about the traffic a copy of the traffic) providing the information about the traffic
necessary for Flow monitoring analysis. The measurement topology then necessary for Flow monitoring analysis. The measurement topology then
needs to be adjusted to the appliance architecture, and MUST be part needs to be adjusted to the appliance architecture, and MUST be part
of the measurement report. of the measurement report.
The measurement set-up is identical to that used by [RFC2544], with The measurement set-up is identical to that used by [RFC2544], with
the addition of a Collector to analyze the Flow Export(see figure 2). the addition of a Collector to analyze the Flow Export(see figure 2).
skipping to change at page 10, line 55 skipping to change at page 10, line 55
Figure 2 Measurement topology with unidirectional traffic Figure 2 Measurement topology with unidirectional traffic
The DUT's export interface (connecting the Collector) MUST NOT be The DUT's export interface (connecting the Collector) MUST NOT be
used for forwarding the test traffic but only for the Flow Export used for forwarding the test traffic but only for the Flow Export
data containing the Flow Records. In all measurements, the export data containing the Flow Records. In all measurements, the export
interface MUST have enough bandwidth to transmit Flow Export data interface MUST have enough bandwidth to transmit Flow Export data
without congestion. In other words, the export interface MUST NOT be without congestion. In other words, the export interface MUST NOT be
a bottleneck during the measurement. a bottleneck during the measurement.
The traffic receiver MUST have sufficient resources to measure all
test traffic transferred successfully by the DUT, and this may be
checked through measurements with and without the DUT.
Note that more complex topologies might be required. For example, if Note that more complex topologies might be required. For example, if
the effects of enabling Flow monitoring on several interfaces are of the effects of enabling Flow monitoring on several interfaces are of
concern or the media maximum speed is less than the DUT throughput, concern or the media maximum speed is less than the DUT throughput,
Novak Expires April, 2012 Novak Expires June, 2012
the topology can be expanded with several input and output ports. the topology can be expanded with several input and output ports.
However, the topology MUST be clearly written in the measurement However, the topology MUST be clearly written in the measurement
report. report.
4.2 Baseline DUT Set Up 4.2 Baseline DUT Set Up
The baseline DUT set-up and the way the set-up is reported in the The baseline DUT set-up and the way the set-up is reported in the
measurement results is fully specified in section 7 of [RFC2544]. measurement results is fully specified in section 7 of [RFC2544].
The baseline DUT configuration might include other features like The baseline DUT configuration might include other features like
packet filters or quality of service on the input and/or output packet filters or quality of service on the input and/or output
interfaces if there is the need to study Flow monitoring in the interfaces if there is the need to study Flow monitoring in the
presence of those features. The Flow monitoring measurement presence of those features. The Flow monitoring measurement
procedures do not change in this case. Consideration needs to be made procedures do not change in this case. Consideration needs to be made
when evaluating measurement results to take into account the when evaluating measurement results to take into account the
possible change of packet rates offered to the DUT and Flow possible change of packet rates offered to the DUT and Flow
monitoring after application of the features to the configuration. monitoring after application of the features to the configuration.
Any such feature configuration MUST be part of the measurement Any such feature configuration MUST be part of the measurement
report. report.
The DUT export interface (see figure 2) MUST be configured with The DUT export interface (see figure 2) SHOULD be configured with
sufficient output buffers to avoid dropping the Flow Export data due sufficient output buffers to avoid dropping the Flow Export data due
to a simple lack of resources in the interface hardware. The applied to a simple lack of resources in the interface hardware. The applied
configuration MUST be part of the measurement report. configuration MUST be part of the measurement report.
The test designer has the freedom to run tests in multiple
configurations. It is therefore possible to run both laboratory and
real deployment configurations, according to the needs of the
tester. All configurations MUST be fully documented.
4.3 Flow Monitoring Configuration 4.3 Flow Monitoring Configuration
This section covers all the aspects of the Flow monitoring This section covers all the aspects of the Flow monitoring
configuration necessary on the DUT in order to perform the Flow configuration necessary on the DUT in order to perform the Flow
monitoring performance measurement. The necessary configuration has monitoring performance measurement. The necessary configuration has
a number of components (see [RFC5470]), namely Observation Points, a number of components (see [RFC5470]), namely Observation Points,
Metering Process and Exporting Process as detailed below. Metering Process and Exporting Process as detailed below.
The DUT MUST support the Flow monitoring architecture as specified by The DUT MUST support the Flow monitoring architecture as specified by
[RFC5470]. The DUT SHOULD support IPFIX [RFC5101]. [RFC5470]. The DUT SHOULD support IPFIX [RFC5101] to allow easier
results comparison due to identical export protocol architecture when
using a standard.
The DUT configuration and any existing Cache MUST be erased before The DUT configuration and any existing Cache MUST be erased before
application of any new configuration for the currently executed application of any new configuration for the currently executed
measurement. measurement.
4.3.1 Observation Points 4.3.1 Observation Points
The Observation Points specify the interfaces and direction where The Observation Points specify the interfaces and direction where
the Flow monitoring traffic analysis is to be performed. the Flow monitoring traffic analysis is to be performed.
The (*) in Figure 2 designates the Observation Points in the The (*) in Figure 2 designates the Observation Points in the
default configuration. Other DUT Observation Points might be default configuration. Other DUT Observation Points might be
configured depending on the specific measurement needs as follows: configured depending on the specific measurement needs as follows:
a. ingress port/ports(s) only a. ingress port/ports(s) only
b. egress port(s) /ports only b. egress port(s) /ports only
c. both ingress and egress c. both ingress and egress
Novak Expires April, 2012 Novak Expires June, 2012
Generally, the placement of Observation Points depends upon the Generally, the placement of Observation Points depends upon the
position of the DUT in the deployed network and the purpose of position of the DUT in the deployed network and the purpose of
Flow monitoring. See [RFC3917] for detailed discussion. The Flow monitoring. See [RFC3917] for detailed discussion. The
measurement procedures are otherwise the same for all these measurement procedures are otherwise the same for all these
possible configurations. possible configurations.
In the case when both ingress and egress Flow monitoring is In the case when both ingress and egress Flow monitoring is
enabled on one DUT the results analysis needs to take into account enabled on one DUT the results analysis needs to take into account
that each Flow will be represented in the DUT Cache by two Flow that each Flow will be represented in the DUT Cache by two Flow
Records (one for each direction) and therefore also the Flow Records (one for each direction) and therefore also the Flow
skipping to change at page 12, line 35 skipping to change at page 12, line 35
direction MUST be included as part of the report of the results. direction MUST be included as part of the report of the results.
4.3.2 Metering Process 4.3.2 Metering Process
The Metering Process MUST be enabled in order to create the Cache The Metering Process MUST be enabled in order to create the Cache
in the DUT and configure the Cache related parameters. in the DUT and configure the Cache related parameters.
The Cache Size available to the DUT MUST be known and taken into The Cache Size available to the DUT MUST be known and taken into
account when designing the measurement as specified in section 5. account when designing the measurement as specified in section 5.
The Cache's Inactive and Active Timeouts MUST be known and taken The configuration of the Metering Process MUST be reported. For
into account when designing the measurement as specified in example, when a Flow monitoring implementation uses timeouts to
section 5. If the Flow monitoring implementation allows only expire entries from the Cache, the Cache's Inactive and Active
timeouts zero (e.g. immediate timeout or non-existent Cache) then Timeouts MUST be known and taken into account when designing the
the measurement conditions in section 5 are fulfilled measurement as specified in section 5. If the Flow monitoring
inherently without any additional configuration. The DUT simply implementation allows only timeouts equal zero (e.g. immediate
instantly exports information about every single packet. timeout or non-existent Cache) then the measurement conditions in
the section 5 are fulfilled inherently without any additional
configuration. The DUT simply exports information about every
packet immediately.
If the Flow monitoring implementation allows to configure multiple If the Flow monitoring implementation allows to configure multiple
Metering Processes on a single DUT, the exact configuration of Metering Processes on a single DUT, the exact configuration of
each process MUST be included in the results report. Only each process MUST be included in the results report. Only
measurements with the same number of Metering Processes can be measurements with the same number of Metering Processes can be
compared. compared.
The Cache Size, the Inactive and Active Timeouts MUST be included The Cache Size, the Inactive and Active Timeouts MUST be included
as part of the results report. as part of the results report.
4.3.3 Exporting Process 4.3.3 Exporting Process
The Exporting Process MUST be configured in order to export the The Exporting Process MUST be configured in order to export the
Flow Record data to the Collector. Flow Record data to the Collector.
The Exporting Process MUST be configured in such a way that all The Exporting Process MUST be configured in such a way that all
Flow Records from all configured Observation Points are exported Flow Records from all configured Observation Points are exported
towards the Collector, after the expiration policy composed of towards the Collector, after the expiration policy composed of
the Inactive and Active Timeouts and Cache Size. the Inactive and Active Timeouts and Cache Size.
Novak Expires April, 2012 Novak Expires June, 2012
The Exporting Process SHOULD be configured with IPFIX [RFC5101] as The Exporting Process SHOULD be configured with IPFIX [RFC5101] as
the protocol to use to format the Flow Export data. If the Flow the protocol to use to format the Flow Export data. If the Flow
monitoring implementation does not support it, proprietary monitoring implementation does not support it, proprietary
protocols MAY be used. Only measurements with same export protocol protocols MAY be used. Only measurements with same export protocol
SHOULD be compared since the protocols may differ in their SHOULD be compared since the protocols may differ in their
export efficiency. export efficiency.
Various Flow monitoring implementations might use different Various Flow monitoring implementations might use different
default values regarding the export of Control Information default values regarding the export of Control Information
[RFC5470] and therefore Flow Export corresponding to Control [RFC5470] and therefore Flow Export corresponding to Control
skipping to change at page 13, line 62 skipping to change at page 13, line 62
implementation might allow the user to define their own arbitrary implementation might allow the user to define their own arbitrary
Flow Record to monitor the traffic. The requirement for the Flow Record to monitor the traffic. The requirement for the
measurements defined in this document is only the need for a large measurements defined in this document is only the need for a large
number of Cache entries in the Cache. The Flow Keys needed to number of Cache entries in the Cache. The Flow Keys needed to
achieve that will typically be source and destination IP addresses achieve that will typically be source and destination IP addresses
and transport level port numbers. and transport level port numbers.
The recommended full IPv4, IPv6 or MPLS Flow Record is shown The recommended full IPv4, IPv6 or MPLS Flow Record is shown
below: below:
Novak Expires April, 2012 Novak Expires June, 2012
Flow Keys: Flow Keys:
Source IP address Source IP address
Destination IP address Destination IP address
MPLS label (for MPLS traffic type only) MPLS label (for MPLS traffic type only)
Transport layer source port Transport layer source port
Transport layer destination port Transport layer destination port
IP protocol number (IPv6 next header) IP protocol number (IPv6 next header)
IP type of service (IPv6 traffic class) IP type of service (IPv6 traffic class)
skipping to change at page 14, line 57 skipping to change at page 14, line 57
4.3.5 Flow Monitoring With Multiple Configurations 4.3.5 Flow Monitoring With Multiple Configurations
The Flow monitoring architecture as specified in [RFC5470] allows The Flow monitoring architecture as specified in [RFC5470] allows
for more complicated configurations with multiple Metering and for more complicated configurations with multiple Metering and
Exporting Processes on a single DUT. Depending on the particular Exporting Processes on a single DUT. Depending on the particular
Flow monitoring implementation it might affect the measured DUT Flow monitoring implementation it might affect the measured DUT
performance. The test report should therefore contain information performance. The test report should therefore contain information
containing how many Metering and Exporting processes were containing how many Metering and Exporting processes were
configured on the DUT for the selected Observation Points. configured on the DUT for the selected Observation Points.
Novak Expires April, 2012 Novak Expires June, 2012
The examples of such possible configurations are: The examples of such possible configurations are:
a. Several Observation Points with a single Metering Process and a a. Several Observation Points with a single Metering Process and a
single Exporting Process single Exporting Process
b. Several Observation Points, each with one Metering Process but b. Several Observation Points, each with one Metering Process but
all using just one instance of Exporting Process all using just one instance of Exporting Process
c. Several Observation Points with per Observation Point Metering c. Several Observation Points with per Observation Point Metering
Process and Exporting Process Process and Exporting Process
4.3.6 MPLS Measurement Specifics 4.3.6 MPLS Measurement Specifics
skipping to change at page 15, line 57 skipping to change at page 15, line 57
4.3.3) to transmit Flow Export data, the Collector MUST have 4.3.3) to transmit Flow Export data, the Collector MUST have
sufficient resources to guarantee non-blocking data transmission on sufficient resources to guarantee non-blocking data transmission on
the transport layer session. the transport layer session.
During the analysis, the Flow Export data needs to be decoded and the During the analysis, the Flow Export data needs to be decoded and the
received Flow Records counted. received Flow Records counted.
The capture buffer MUST be cleared at the beginning of each The capture buffer MUST be cleared at the beginning of each
measurement. measurement.
Novak Expires April, 2012 Novak Expires June, 2012
4.5 Sampling 4.5 Sampling
Packet sampling and flow sampling is out of scope of this document. Packet sampling and flow sampling is out of scope of this document.
This document applies to situations without packet or flow sampling. This document applies to situations without packet or flow sampling.
4.6 Frame Formats 4.6 Frame Formats
Flow monitoring itself is not dependent in any way on the media used Flow monitoring itself is not dependent in any way on the media used
on the input and output ports. Any media can be used as supported by on the input and output ports. Any media can be used as supported by
the DUT and the test equipment. the DUT and the test equipment.
skipping to change at page 16, line 59 skipping to change at page 16, line 59
the use of Flow monitoring parameters and configuration, together the use of Flow monitoring parameters and configuration, together
with traffic parameters to test Flow monitoring. The actual with traffic parameters to test Flow monitoring. The actual
benchmarking specifications are in sections 5 and 6. benchmarking specifications are in sections 5 and 6.
4.9.1 Example 1 - Inactive Timeout Flow Expiration 4.9.1 Example 1 - Inactive Timeout Flow Expiration
The traffic generator sends 1000 packets per second in 10000 defined The traffic generator sends 1000 packets per second in 10000 defined
streams, each stream identified by an unique destination IP address. streams, each stream identified by an unique destination IP address.
Therefore each stream has a packet rate of 0.1 packets per second. Therefore each stream has a packet rate of 0.1 packets per second.
Novak Expires April, 2012 Novak Expires June, 2012
The packets are sent in a round robin fashion (stream 1 to 10000) The packets are sent in a round robin fashion (stream 1 to 10000)
while incrementing the destination IP address for each sent packet. while incrementing the destination IP address for each sent packet.
The configured Cache Size is 20000 Flow Records. The configured The configured Cache Size is 20000 Flow Records. The configured
Active Timeout is 100 seconds, the Inactive Timeout is 5 seconds. Active Timeout is 100 seconds, the Inactive Timeout is 5 seconds.
Flow monitoring on the DUT uses the destination IP address as the Flow monitoring on the DUT uses the destination IP address as the
Flow Key. Flow Key.
A packet with destination IP address equal to A is sent every 10 A packet with destination IP address equal to A is sent every 10
skipping to change at page 17, line 59 skipping to change at page 17, line 59
After the first 100 packets are sent, 100 Cache entries will have After the first 100 packets are sent, 100 Cache entries will have
been created in the Flow monitoring Cache. The subsequent packets been created in the Flow monitoring Cache. The subsequent packets
will be counted against the already created Cache entries since the will be counted against the already created Cache entries since the
destination IP address (Flow Key) has already been seen by the DUT destination IP address (Flow Key) has already been seen by the DUT
(provided the Cache entries did not expire yet as described below). (provided the Cache entries did not expire yet as described below).
A packet with destination IP address equal to A is sent every 0.1 A packet with destination IP address equal to A is sent every 0.1
second, so the Cache entry is refreshed in the Cache every 0.1 second, so the Cache entry is refreshed in the Cache every 0.1
second, while the Inactive Timeout is 10 seconds. In this case the second, while the Inactive Timeout is 10 seconds. In this case the
Novak Expires April, 2012 Novak Expires June, 2012
Cache entries will not expire until the Active Timeout, e.g. they Cache entries will not expire until the Active Timeout, e.g. they
will expire every 100 seconds and then the Cache entries will be will expire every 100 seconds and then the Cache entries will be
created again. created again.
If the test measurement time is 50 seconds from the start of the If the test measurement time is 50 seconds from the start of the
traffic generator then the measured Flow Export Rate is 0 since traffic generator then the measured Flow Export Rate is 0 since
during this period nothing expired from the Cache. during this period nothing expired from the Cache.
If the test measurement time is 100 seconds from the start of the If the test measurement time is 100 seconds from the start of the
traffic generator then the measured Flow Export Rate is 1 Flow Record traffic generator then the measured Flow Export Rate is 1 Flow Record
skipping to change at page 18, line 58 skipping to change at page 18, line 58
Cache Size Cache Size
Cache Size configuration is dictated by the expected position of Cache Size configuration is dictated by the expected position of
the DUT in the network and by the chosen Flow Keys of the Flow the DUT in the network and by the chosen Flow Keys of the Flow
Record. The number of unique Flow Keys sets that the traffic Record. The number of unique Flow Keys sets that the traffic
generator (sender) provides should be multiple times larger than generator (sender) provides should be multiple times larger than
the Cache Size, to ensure that the existing Cache entries are the Cache Size, to ensure that the existing Cache entries are
never updated before Flow Expiration and Flow Export. The Cache never updated before Flow Expiration and Flow Export. The Cache
Size MUST be known in order to define the measurement Size MUST be known in order to define the measurement
circumstances properly. circumstances properly.
Novak Expires April, 2012 Novak Expires June, 2012
Inactive Timeout Inactive Timeout
Inactive Timeout is set (if configurable) to the minimum possible Inactive Timeout is set (if configurable) to the minimum possible
value on the DUT. This ensures that the Cache entries are expired value on the DUT. This ensures that the Cache entries are expired
as soon as possible and exported out of the DUT Cache. It MUST be as soon as possible and exported out of the DUT Cache. It MUST be
known in order to define the measurement circumstances completely known in order to define the measurement circumstances completely
and equally across implementations. and equally across implementations.
Active Timeout Active Timeout
Active Timeout is set (if configurable) to a value equal to or Active Timeout is set (if configurable) to a value equal to or
higher than the Inactive Timeout. It MUST be known in order to higher than the Inactive Timeout. It MUST be known in order to
skipping to change at page 19, line 66 skipping to change at page 19, line 66
during the measurement exceeds the available Cache Size. during the measurement exceeds the available Cache Size.
5.3 Cache Population 5.3 Cache Population
The product of Inactive Timeout and the packet rate offered to the The product of Inactive Timeout and the packet rate offered to the
DUT (cache population) during the measurements determines the total DUT (cache population) during the measurements determines the total
number of Cache entries in the DUT Cache during one particular number of Cache entries in the DUT Cache during one particular
measurement (while taking into account some margin for dynamic measurement (while taking into account some margin for dynamic
behaviour during high DUT loads when processing the Flows). behaviour during high DUT loads when processing the Flows).
Novak Expires April, 2012 Novak Expires June, 2012
The Flow monitoring implementation might behave differently The Flow monitoring implementation might behave differently
depending on the relation of cache population to the available Cache depending on the relation of cache population to the available Cache
Size during the measurement. This behaviour is fully implementation Size during the measurement. This behaviour is fully implementation
specific and will also be influenced if the DUT is software based or specific and will also be influenced if the DUT is software based or
hardware based architecture. hardware based architecture.
The cache population (if it is lower or higher than the available The cache population (if it is lower or higher than the available
Cache Size) during a particular benchmark measurement SHOULD be Cache Size) during a particular benchmark measurement SHOULD be
noted and mainly only measurements with same cache population SHOULD noted and mainly only measurements with same cache population SHOULD
be compared. be compared.
skipping to change at page 20, line 58 skipping to change at page 20, line 58
pre-defined time interval which is then used in the above definition pre-defined time interval which is then used in the above definition
instead of the difference (stop time) - (start time). instead of the difference (stop time) - (start time).
The Collector MUST stop collecting the Flow Export data at the The Collector MUST stop collecting the Flow Export data at the
measurement stop time. measurement stop time.
The Inactive Timeout (or the time needed to fill up the Cache) causes The Inactive Timeout (or the time needed to fill up the Cache) causes
delay of the Flow Export data behind the test traffic which is delay of the Flow Export data behind the test traffic which is
analysed by the DUT. E.g. if the traffic starts at time point X Flow analysed by the DUT. E.g. if the traffic starts at time point X Flow
Novak Expires April, 2012 Novak Expires June, 2012
Export will start only at the time point X + Inactive Timeout (or X + Export will start only at the time point X + Inactive Timeout (or X +
time to fill up the Cache). Since Flow Export capture needs to stop time to fill up the Cache). Since Flow Export capture needs to stop
with the traffic (because that's when the DUT stops processing the with the traffic (because that's when the DUT stops processing the
Flows at the given rate) the time interval during which the DUT kept Flows at the given rate) the time interval during which the DUT kept
exporting data is shorter by the Inactive Timeout than the Time exporting data is shorter by the Inactive Timeout than the Time
interval when the test traffic was sent from the traffic generator to interval when the test traffic was sent from the traffic generator to
the DUT. the DUT.
5.5 Flow Export Rate Measurement 5.5 Flow Export Rate Measurement
skipping to change at page 21, line 58 skipping to change at page 21, line 58
This imprecision can be mitigated by large amounts of Flow Records This imprecision can be mitigated by large amounts of Flow Records
used during the measurement (so that the few Flow Records in one used during the measurement (so that the few Flow Records in one
export packet can be ignored) or by use of timestamps exported with export packet can be ignored) or by use of timestamps exported with
the Flow Records. the Flow Records.
5.6 The Measurement Procedure 5.6 The Measurement Procedure
The measurement procedure is same as the Throughput measurement in The measurement procedure is same as the Throughput measurement in
section 26.1 of [RFC2544] for the traffic sending side. The DUT section 26.1 of [RFC2544] for the traffic sending side. The DUT
Novak Expires April, 2012 Novak Expires June, 2012
output analysis is done on the traffic generator receiving side for output analysis is done on the traffic generator receiving side for
the test traffic the same way as for RFC2544 measurements. the test traffic the same way as for RFC2544 measurements.
An additional analysis is performed using data captured by the An additional analysis is performed using data captured by the
Collector. The purpose of this analysis is to establish the value of Collector. The purpose of this analysis is to establish the value of
the Flow Export Rate during the current measurement step and to verify the Flow Export Rate during the current measurement step and to verify
that no Flow Records were dropped during the measurement. The that no Flow Records were dropped during the measurement. The
procedure to measure Flow Export Rate is described in section 5.5. procedure to measure Flow Export Rate is described in section 5.5.
skipping to change at page 22, line 58 skipping to change at page 22, line 58
Objective: Objective:
Provide RFC2544 network device characteristics in the presence of Provide RFC2544 network device characteristics in the presence of
Flow monitoring on the DUT. RFC2544 studies numerous Flow monitoring on the DUT. RFC2544 studies numerous
characteristics of network devices. The DUT forwarding and time characteristics of network devices. The DUT forwarding and time
characteristics without Flow monitoring present on the DUT can characteristics without Flow monitoring present on the DUT can
vary significantly when Flow monitoring is deployed on the network vary significantly when Flow monitoring is deployed on the network
device. device.
Novak Expires April, 2012 Novak Expires June, 2012
Metric definition: Metric definition:
Metric as specified in [RFC2544]. Metric as specified in [RFC2544].
The measured RFC2544 Throughput MUST NOT include the packet rate The measured RFC2544 Throughput MUST NOT include the packet rate
corresponding to the Flow Export data, because it is control type corresponding to the Flow Export data, because it is control type
traffic, generated by the DUT as a result of enabling Flow monitoring traffic, generated by the DUT as a result of enabling Flow monitoring
and does not contribute to the test traffic which the DUT can handle. and does not contribute to the test traffic which the DUT can handle.
It requires DUT resources to be generated and transmitted and It requires DUT resources to be generated and transmitted and
therefore the RFC2544 Throughput in most cases will be much lower therefore the RFC2544 Throughput in most cases will be much lower
skipping to change at page 23, line 57 skipping to change at page 23, line 57
The tester here has both options as specified in section 6.4 and The tester here has both options as specified in section 6.4 and
6.5. 6.5.
6.4 Measurements With Single Traffic Component 6.4 Measurements With Single Traffic Component
Section 12 of [RFC2544] discusses the use of protocol source and Section 12 of [RFC2544] discusses the use of protocol source and
destination addresses for defined measurements. To perform all the destination addresses for defined measurements. To perform all the
RFC2544 type measurements with Flow monitoring enabled the defined RFC2544 type measurements with Flow monitoring enabled the defined
Novak Expires April, 2012 Novak Expires June, 2012
Flow Keys SHOULD contain IP source and destination address. The Flow Keys SHOULD contain IP source and destination address. The
RFC2544 type measurements with Flow monitoring enabled then can be RFC2544 type measurements with Flow monitoring enabled then can be
executed under these additional conditions: executed under these additional conditions:
a. the test traffic is not limited to single unique pair of source a. the test traffic is not limited to single unique pair of source
and destination addresses and destination addresses
b. the traffic generator defines test traffic as follows: b. the traffic generator defines test traffic as follows:
allow for a parameter to send N (where N is an integer number allow for a parameter to send N (where N is an integer number
starting at 1 and incremented in small steps) packets with source starting at 1 and incremented in small steps) packets with source
IP address A and destination IP address B before changing both IP IP address A and destination IP address B before changing both IP
skipping to change at page 24, line 57 skipping to change at page 24, line 57
addresses). addresses).
The Flow monitoring traffic component will exercise the DUT in terms The Flow monitoring traffic component will exercise the DUT in terms
of Flow activity while the second traffic component will measure the of Flow activity while the second traffic component will measure the
RFC2544 characteristics. RFC2544 characteristics.
The measured RFC2544 Throughput is the sum of the packet rates of The measured RFC2544 Throughput is the sum of the packet rates of
both traffic components. The definition of other RFC2544 metrics both traffic components. The definition of other RFC2544 metrics
remains unchanged. remains unchanged.
Novak Expires April, 2012 Novak Expires June, 2012
7. Flow Monitoring Accuracy 7. Flow Monitoring Accuracy
The pure Flow Monitoring Throughput measurement in section 5 provides The pure Flow Monitoring Throughput measurement in section 5 provides
the capability to verify the Flow monitoring accuracy in terms of the the capability to verify the Flow monitoring accuracy in terms of the
exported Flow Record data. Since every Cache entry created in the exported Flow Record data. Since every Cache entry created in the
Cache is populated by just one packet, the full set of captured data Cache is populated by just one packet, the full set of captured data
on the Collector can be parsed (e.g. providing the values of all Flow on the Collector can be parsed (e.g. providing the values of all Flow
Keys and other Flow Record fields, not only the overall Flow Record Keys and other Flow Record fields, not only the overall Flow Record
count in the exported data) and each set of parameters from each Flow count in the exported data) and each set of parameters from each Flow
Record can be checked against the parameters as configured on the Record can be checked against the parameters as configured on the
skipping to change at page 25, line 56 skipping to change at page 25, line 56
Expected packet rate Expected packet rate
Flows per second = -------------------- Flows per second = --------------------
Packet per flow Packet per flow
When using the example values given above, the network device would When using the example values given above, the network device would
Be required to process 18 000 Flows per second. By executing the Be required to process 18 000 Flows per second. By executing the
benchmarking as specified in this document a platform capable of this benchmarking as specified in this document a platform capable of this
processing can be determined for the deployment in that particular processing can be determined for the deployment in that particular
part of the user network. part of the user network.
Novak Expires April, 2012 Novak Expires June, 2012
It needs to be kept in mind that the above is a very rough and It needs to be kept in mind that the above is a very rough and
averaged Flow activity estimate which cannot account for traffic averaged Flow activity estimate which cannot account for traffic
anomalies, for example a large number of DNS request packets which anomalies, for example a large number of DNS request packets which
are typically small packets coming from many different sources and are typically small packets coming from many different sources and
represent mostly just one packet per Flow. represent mostly just one packet per Flow.
9. Acknowledgements 9. Acknowledgements
This work could have been performed thanks to the patience and This work could have been performed thanks to the patience and
support of Cisco Systems NetFlow development team, namely Paul support of Cisco Systems NetFlow development team, namely Paul
skipping to change at page 26, line 57 skipping to change at page 26, line 57
11. IANA Considerations 11. IANA Considerations
This memo makes no requests of the IANA. This memo makes no requests of the IANA.
12. References 12. References
12.1. Normative References 12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, April 1997 Requirement Levels", BCP 14, RFC 2119, April 1997
Novak Expires April, 2012 Novak Expires June, 2012
[RFC2544] Bradner, S., "Benchmarking Methodology for Network [RFC2544] Bradner, S., "Benchmarking Methodology for Network
Interconnect Devices", Informational, RFC 2544, April 1999 Interconnect Devices", Informational, RFC 2544, April 1999
12.2. Informative References 12.2. Informative References
[RFC1242] Bradner, S., "Benchmarking Terminology for Network [RFC1242] Bradner, S., "Benchmarking Terminology for Network
Interconnection Devices", RFC 1242, July 1991 Interconnection Devices", RFC 1242, July 1991
[RFC2285] Mandeville R., "Benchmarking Terminology for LAN Switching [RFC2285] Mandeville R., "Benchmarking Terminology for LAN Switching
skipping to change at page 27, line 55 skipping to change at page 27, line 55
draft-ietf-ipfix-configuration-model-10 draft-ietf-ipfix-configuration-model-10
Author's Addresses Author's Addresses
Jan Novak (editor) Jan Novak (editor)
Cisco Systems Cisco Systems
Edinburgh, Edinburgh,
United Kingdom United Kingdom
Email: janovak@cisco.com Email: janovak@cisco.com
Novak Expires April, 2012 Novak Expires June, 2012
Appendix A: Recommended Report Format Appendix A: Recommended Report Format
Parameter Units Parameter Units
----------------------------------- ------------------------------------ ----------------------------------- ------------------------------------
Test Case test case name (section 5 and 6) Test Case test case name (section 5 and 6)
Test Topology Figure 2, other Test Topology Figure 2, other
Traffic Type IPv4, IPv6, MPLS, other Traffic Type IPv4, IPv6, MPLS, other
Test Results Test Results
Flow Monitoring Throughput Flow Records per second or Not Flow Monitoring Throughput Flow Records per second or Not
Applicable Applicable
skipping to change at page 28, line 52 skipping to change at page 28, line 52
Flow Keys list of fields Flow Keys list of fields
Flow Record Fields total number of fields Flow Record Fields total number of fields
Number of Flows Created number of entries Number of Flows Created number of entries
Flow Export Transport Protocol UDP, TCP, SCTP, other Flow Export Transport Protocol UDP, TCP, SCTP, other
Flow Export Protocol IPFIX, NetFlow, other Flow Export Protocol IPFIX, NetFlow, other
Flow Export data packet size bytes Flow Export data packet size bytes
MPLS Specifications (for traffic type MPLS only) MPLS Specifications (for traffic type MPLS only)
Tested Label Operation imposition, swap, disposition Tested Label Operation imposition, swap, disposition
Novak Expires April, 2012 Novak Expires June, 2012
Appendix B: Miscellaneous Tests Appendix B: Miscellaneous Tests
This section lists the tests which could be useful to asses a proper This section lists the tests which could be useful to asses a proper
Flow monitoring operation under various operational or stress Flow monitoring operation under various operational or stress
conditions. These tests are not deemed suitable for any benchmarking conditions. These tests are not deemed suitable for any benchmarking
for various reasons. for various reasons.
B.1 DUT Under Traffic Load B.1 DUT Under Traffic Load
The Flow Monitoring Throughput SHOULD be measured under different The Flow Monitoring Throughput SHOULD be measured under different
skipping to change at page 29, line 58 skipping to change at page 29, line 58
The expected result is that the RFC2544 Throughput achieved in The expected result is that the RFC2544 Throughput achieved in
step a. is same as the Throughput achieved in step d. provided step a. is same as the Throughput achieved in step d. provided
that the bandwidth of the output DUT interface is not the that the bandwidth of the output DUT interface is not the
bottleneck (in other words it must have enough capacity to bottleneck (in other words it must have enough capacity to
forward both test and Flow Export traffic). forward both test and Flow Export traffic).
B.3 Variable Packet Size B.3 Variable Packet Size
The Flow monitoring measurements specified in this document would The Flow monitoring measurements specified in this document would
be interesting to repeat with variable packet sizes within one be interesting to repeat with variable packet sizes within one
Novak Expires April, 2012 Novak Expires June, 2012
particular test (e.g. test traffic containing mix of packet particular test (e.g. test traffic containing mix of packet
sizes). The packet forwarding tests specified mainly in [RFC2544] sizes). The packet forwarding tests specified mainly in [RFC2544]
do not recommend and perform such tests. Flow monitoring is not do not recommend and perform such tests. Flow monitoring is not
dependent on packet sizes so such a test could be performed during dependent on packet sizes so such a test could be performed during
the Flow Monitoring Throughput measurement and verify its value the Flow Monitoring Throughput measurement and verify its value
does not depend on the offered traffic packet sizes. The tests does not depend on the offered traffic packet sizes. The tests
must be carefully designed in order to avoid measurement errors must be carefully designed in order to avoid measurement errors
due to the physical bandwidth limitations and changes of the base due to the physical bandwidth limitations and changes of the base
forwarding performance with packet size. forwarding performance with packet size.
skipping to change at page 30, line 56 skipping to change at page 30, line 56
The performance measurement of a DUT in such a configuration The performance measurement of a DUT in such a configuration
represents an useful test of the DUT capabilities (this represents an useful test of the DUT capabilities (this
corresponds to the case when the network operator uses Flow corresponds to the case when the network operator uses Flow
monitoring for example for manual denial of service attacks monitoring for example for manual denial of service attacks
detection and does not wish to use Flow Export). detection and does not wish to use Flow Export).
The performance testing on this DUT can be performed as discussed The performance testing on this DUT can be performed as discussed
in this document but it is not possible to verify the operation in this document but it is not possible to verify the operation
and results without interrogating the DUT. and results without interrogating the DUT.
Novak Expires April, 2012 Novak Expires June, 2012
B.5.3 RFC2544 Throughput with Metering and Exporting Process B.5.3 RFC2544 Throughput with Metering and Exporting Process
This test represents the performance testing as discussed in This test represents the performance testing as discussed in
section 6. section 6.
B.6 Tests With Bidirectional Traffic B.6 Tests With Bidirectional Traffic
The test topology on figure 2 can be expanded to verify Flow The test topology on figure 2 can be expanded to verify Flow
monitoring functionality with bidirectional traffic in two possible monitoring functionality with bidirectional traffic in two possible
ways: ways:
skipping to change at page 31, line 50 skipping to change at page 31, line 50
time interval than specified in section 5.4) Flow Export Rate time interval than specified in section 5.4) Flow Export Rate
b. The Flow Export protocol (like IPFIX [RFC5101]) can provide time b. The Flow Export protocol (like IPFIX [RFC5101]) can provide time
stamps in the Flow Export packets which would allow time based stamps in the Flow Export packets which would allow time based
analysis and calculate the Flow Export Rate as an average over analysis and calculate the Flow Export Rate as an average over
much shorter time interval than specified in section 5.4 much shorter time interval than specified in section 5.4
The accuracy and shortest time average will always be limited by the The accuracy and shortest time average will always be limited by the
precision of the time stamps (1 second for IPFIX) or by the precision of the time stamps (1 second for IPFIX) or by the
capabilities of the DUT and the Collector. capabilities of the DUT and the Collector.
Novak Expires April, 2012 Novak Expires June, 2012
 End of changes. 38 change blocks. 
41 lines changed or deleted 55 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/