draft-ietf-bmwg-ipflow-meth-07.txt   draft-ietf-bmwg-ipflow-meth-08.txt 
Internet Engineering Task Force Jan Novak Internet Engineering Task Force Jan Novak
Internet-Draft Cisco Systems, Inc. Internet-Draft Cisco Systems, Inc.
Intended status: Informational Intended status: Informational
Expires: 31 July, 2012 31 January 2012 Expires: 9 September, 2012 9 March 2012
IP Flow Information Accounting and Export Benchmarking IP Flow Information Accounting and Export Benchmarking
Methodology Methodology
draft-ietf-bmwg-ipflow-meth-07.txt draft-ietf-bmwg-ipflow-meth-08.txt
Abstract Abstract
This document provides a methodology and framework for quantifying This document provides a methodology and framework for quantifying
the performance impact of monitoring of IP flows on a network device the performance impact of monitoring of IP flows on a network device
and export of this information to a collector. It identifies the rate and export of this information to a collector. It identifies the rate
at which the IP flows are created, expired, and successfully exported at which the IP flows are created, expired, and successfully exported
as a new performance metric in combination with traditional as a new performance metric in combination with traditional
throughput. The metric is only applicable to the devices compliant throughput. The metric is only applicable to the devices compliant
with the Architecture for IP Flow Information Export [RFC5470]. with the Architecture for IP Flow Information Export [RFC5470].
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in as reference material or to cite them other than as "work in
progress." progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on 31 July, 2012. This Internet-Draft will expire on 9 September, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Novak Expires July, 2012 Novak Expires September, 2012
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described "OPTIONAL" in this document are to be interpreted as described
in RFC 2119 [RFC2119]. in RFC 2119 [RFC2119].
Table of Contents Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Existing Terminology. . . . . . . . . . . . . . . . . . . 4 2.1 Existing Terminology. . . . . . . . . . . . . . . . . . . 4
2.2 New Terminology . . . . . . . . . . . . . . . . . . . . . 4 2.2 New Terminology . . . . . . . . . . . . . . . . . . . . . 4
3. Flow Monitoring Performance Benchmark . . . . . . . . . . . . 6 3. Flow Monitoring Performance Benchmark . . . . . . . . . . . . 6
3.1 Definition. . . . . . . . . . . . . . . . . . . . . . . . 6 3.1 Definition. . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Device Applicability. . . . . . . . . . . . . . . . . . . 7 3.2 Device Applicability. . . . . . . . . . . . . . . . . . . 6
3.3 Measurement Concept . . . . . . . . . . . . . . . . . . . 7 3.3 Measurement Concept . . . . . . . . . . . . . . . . . . . 7
3.4 The Measurement Procedure Overview. . . . . . . . . . . . 8 3.4 The Measurement Procedure Overview. . . . . . . . . . . . 8
4. Measurement Set Up. . . . . . . . . . . . . . . . . . . . . . 9 4. Measurement Set-Up. . . . . . . . . . . . . . . . . . . . . . 9
4.1 Measurement Topology. . . . . . . . . . . . . . . . . . . 9 4.1 Measurement Topology. . . . . . . . . . . . . . . . . . . 9
4.2 Base DUT Set Up. . . . . . . . . . . . . . . . . . . . . 11 4.2 Base DUT Set Up. . . . . . . . . . . . . . . . . . . . . 11
4.3 Flow Monitoring Configuration. . . . . . . . . . . . . . 11 4.3 Flow Monitoring Configuration. . . . . . . . . . . . . . 11
4.4 Collector. . . . . . . . . . . . . . . . . . . . . . . . 16 4.4 Collector. . . . . . . . . . . . . . . . . . . . . . . . 16
4.5 Sampling . . . . . . . . . . . . . . . . . . . . . . . . 16 4.5 Sampling . . . . . . . . . . . . . . . . . . . . . . . . 16
4.6 Frame Formats. . . . . . . . . . . . . . . . . . . . . . 16 4.6 Frame Formats. . . . . . . . . . . . . . . . . . . . . . 16
4.7 Frame Sizes. . . . . . . . . . . . . . . . . . . . . . . 16 4.7 Frame Sizes. . . . . . . . . . . . . . . . . . . . . . . 16
4.8 Flow Export Data Packet Sizes. . . . . . . . . . . . . . 17 4.8 Flow Export Data Packet Sizes. . . . . . . . . . . . . . 16
4.9 Illustrative Test Set-up Examples. . . . . . . . . . . . 17 4.9 Illustrative Test Set-up Examples. . . . . . . . . . . . 17
5. Flow Monitoring Throughput Measurement Methodology . . . . . 18 5. Flow Monitoring Throughput Measurement Methodology . . . . . 18
5.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 19 5.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 19
5.2 Traffic Configuration. . . . . . . . . . . . . . . . . . 20 5.2 Traffic Configuration. . . . . . . . . . . . . . . . . . 20
5.3 Cache Population . . . . . . . . . . . . . . . . . . . . 20 5.3 Cache Population . . . . . . . . . . . . . . . . . . . . 20
5.4 Measurement Time Interval. . . . . . . . . . . . . . . . 20 5.4 Measurement Time Interval. . . . . . . . . . . . . . . . 20
5.5 Flow Export Rate Measurement . . . . . . . . . . . . . . 21 5.5 Flow Export Rate Measurement . . . . . . . . . . . . . . 21
5.6 The Measurement Procedure. . . . . . . . . . . . . . . . 22 5.6 The Measurement Procedure. . . . . . . . . . . . . . . . 22
6. RFC2544 Measurements . . . . . . . . . . . . . . . . . . . . 23 6. RFC2544 Measurements . . . . . . . . . . . . . . . . . . . . 23
6.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 24 6.1 Flow Monitoring Configuration. . . . . . . . . . . . . . 23
6.2 Measurements With the Flow Monitoring Throughput Set-up. 24 6.2 Measurements With the Flow Monitoring Throughput Set-up. 24
6.3 Measurements With Fixed Flow Export Rate . . . . . . . . 24 6.3 Measurements With Fixed Flow Export Rate . . . . . . . . 24
6.4 Measurements With Single Traffic Component . . . . . . . 24
6.5 Measurements With Two Traffic Components . . . . . . . . 25
7. Flow Monitoring Accuracy . . . . . . . . . . . . . . . . . . 25 7. Flow Monitoring Accuracy . . . . . . . . . . . . . . . . . . 25
8. Evaluating Flow Monitoring Applicability . . . . . . . . . . 26 8. Evaluating Flow Monitoring Applicability . . . . . . . . . . 26
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26
10. Security Considerations . . . . . . . . . . . . . . . . . . 27 10. Security Considerations . . . . . . . . . . . . . . . . . . 27
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 27 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 27
12. References. . . . . . . . . . . . . . . . . . . . . . . . . 27 12. References. . . . . . . . . . . . . . . . . . . . . . . . . 27
12.1 Normative References. . . . . . . . . . . . . . . . . . 27 12.1 Normative References. . . . . . . . . . . . . . . . . . 27
12.2 Informative References. . . . . . . . . . . . . . . . . 27 12.2 Informative References. . . . . . . . . . . . . . . . . 27
Appendix A: Recommended Report Format . . . . . . . . . . . . . 29 Appendix A: Recommended Report Format . . . . . . . . . . . . . 29
Novak Expires July, 2012
Appendix B: Miscellaneous Tests . . . . . . . . . . . . . . . . 30 Appendix B: Miscellaneous Tests . . . . . . . . . . . . . . . . 30
B.1 DUT Under Traffic Load . . . . . . . . . . . . . . . . . 30 B.1 DUT Under Traffic Load . . . . . . . . . . . . . . . . . 30
B.2 In-band Flow Export. . . . . . . . . . . . . . . . . . . 30 B.2 In-band Flow Export. . . . . . . . . . . . . . . . . . . 30
B.3 Variable Packet Rate . . . . . . . . . . . . . . . . . . 30 B.3 Variable Packet Rate . . . . . . . . . . . . . . . . . . 30
B.4 Bursty Traffic . . . . . . . . . . . . . . . . . . . . . 31 B.4 Bursty Traffic . . . . . . . . . . . . . . . . . . . . . 31
Novak Expires September, 2012
B.5 Various Flow Monitoring Configurations . . . . . . . . . 31 B.5 Various Flow Monitoring Configurations . . . . . . . . . 31
B.6 Tests With Bidirectional Traffic . . . . . . . . . . . . 32 B.6 Tests With Bidirectional Traffic . . . . . . . . . . . . 32
B.7 Instantaneous Flow Export Rate . . . . . . . . . . . . . 32 B.7 Instantaneous Flow Export Rate . . . . . . . . . . . . . 32
1. Introduction 1. Introduction
Monitoring of IP flows (Flow monitoring) is defined in the Monitoring of IP flows (Flow monitoring) is defined in the
Architecture for IP Flow Information Export [RFC5470] and related Architecture for IP Flow Information Export [RFC5470] and related
IPFIX documents. It analyses the traffic using predefined fields IPFIX documents. It analyses the traffic using predefined fields
from the packet header as keys and stores the traffic and from the packet header as keys and stores the traffic and
skipping to change at page 3, line 30 skipping to change at page 3, line 25
This cached flow information is then formatted into records (see This cached flow information is then formatted into records (see
section 2.1 for term definitions) and exported from the DUT to an section 2.1 for term definitions) and exported from the DUT to an
external data collector for analysis. More details on the external data collector for analysis. More details on the
measurement architecture is provided in section 3.3. measurement architecture is provided in section 3.3.
Flow monitoring on network devices is widely deployed and has Flow monitoring on network devices is widely deployed and has
numerous uses in both service provider and enterprise segments as numerous uses in both service provider and enterprise segments as
detailed in the Requirements for IP Flow Information Export detailed in the Requirements for IP Flow Information Export
[RFC3917]. This document provides a methodology for measuring Flow [RFC3917]. This document provides a methodology for measuring Flow
monitoring performance so that network operators have a framework monitoring performance so that network operators have a framework
for considering measurement impact on the network and network for measurements of impact on the network and network equipment.
equipment.
This document's goal is a series of methodology specifications for This document's goal is a series of methodology specifications for
the measurement of Flow monitoring performance, in a way that is the measurement of Flow monitoring performance, in a way that is
comparable amongst various implementations, platforms, and comparable amongst various implementations, platforms, and
vendor's devices. vendor's devices.
Since Flow monitoring will in most cases run on network devices also Flow monitoring is in most cases run on network devices also
forwarding packets, the methodology for [RFC2544] measurements (with forwarding packets. This document therefore provides also the
IPv6 and MPLS specifics defined in [RFC5180] and [RFC5695] methodology for [RFC2544] measurements in the presence of Flow
respectively) in the presence of Flow monitoring is also employed monitoring. It is applicable to IPv6 and MPLS traffic with their
here. specifics defined in [RFC5180] and [RFC5695] respectively.
The most significant performance parameter is the rate at which IP The most significant performance parameter is the rate at which IP
flows are created and expired in the network device's memory and flows are created and expired in the network device's memory and
exported to a collector. Therefore, this document specifies a exported to a collector. Therefore, this document specifies a
methodology to measure the maximum IP flow rate that a network methodology to measure the maximum IP flow rate that a network
device can sustain without impacting the forwarding plane, without device can sustain without impacting the forwarding plane, without
losing any IP flow information, and without compromising the IP flow losing any IP flow information, and without compromising the IP flow
accuracy (see section 7 for details). accuracy (see section 7 for details).
[RFC2544], [RFC5180] and [RFC5695] specify benchmarking of network [RFC2544], [RFC5180] and [RFC5695] specify benchmarking of network
devices forwarding IPv4, IPv6 and MPLS [RFC3031] traffic, devices forwarding IPv4, IPv6 and MPLS [RFC3031] traffic,
respectively. The methodology specified in this document stays the respectively. The methodology specified in this document stays the
same for any traffic type. The only restriction may be the DUT's same for any traffic type. The only restriction may be the DUT's
lack of support for Flow monitoring of the particular traffic type. lack of support for Flow monitoring of the particular traffic type.
Novak Expires July, 2012
A variety of different network device architectures exist that are A variety of different network device architectures exist that are
capable of Flow monitoring and export. As such, this document does capable of Flow monitoring and export. As such, this document does
not attempt to list the various white box variables (CPU load, not attempt to list the various white box variables (CPU load,
memory utilization, hardware resources utilization etc) that could memory utilization, hardware resources utilization etc) that could
be gathered as they always help in comparison evaluations. A more be gathered as they always help in comparison evaluations. A more
Novak Expires September, 2012
complete understanding of the stress points of a particular device complete understanding of the stress points of a particular device
can be attained using this internal information and the tester MAY can be attained using this internal information and the tester MAY
choose to gather this information during the measurement iterations. choose to gather this information during the measurement iterations.
2. Terminology 2. Terminology
The terminology used in this document is based on [RFC5470], The terminology used in this document is based on [RFC5470],
[RFC2285] and [RFC1242] as summarised in section 2.1. The only new [RFC2285] and [RFC1242] as summarised in section 2.1. The only new
terms needed for this methodology are defined in section 2.2. terms needed for this methodology are defined in section 2.2.
skipping to change at page 4, line 57 skipping to change at page 4, line 52
Throughput [RFC1242, section 3.17] Throughput [RFC1242, section 3.17]
2.2 New Terminology 2.2 New Terminology
2.2.1 Cache 2.2.1 Cache
Definition: Definition:
Memory area held and dedicated by the DUT to store Flow Memory area held and dedicated by the DUT to store Flow
information prior to the Flow Expiration. information prior to the Flow Expiration.
Novak Expires July, 2012
2.2.2 Cache Size 2.2.2 Cache Size
Definition: Definition:
The size of the Cache in terms of how many entries the Cache can The size of the Cache in terms of how many entries the Cache can
hold. hold.
Novak Expires September, 2012
Discussion: Discussion:
This term is typically represented as a configurable option in This term is typically represented as a configurable option in
the particular Flow monitoring implementation. Its highest value the particular Flow monitoring implementation. Its highest value
will depend on the memory available in the network device. will depend on the memory available in the network device.
Measurement units: Measurement units:
Number of Cache entries Number of Cache entries
2.2.3 Active Timeout 2.2.3 Active Timeout
skipping to change at page 5, line 30 skipping to change at page 5, line 25
For long-running Flows, the time interval after which the Metering For long-running Flows, the time interval after which the Metering
Process expires a Cache entry to ensure Flow data is regularly Process expires a Cache entry to ensure Flow data is regularly
updated updated
Discussion: Discussion:
This term is typically presented as a configurable option in the This term is typically presented as a configurable option in the
particular Flow monitoring implementation. See section 5.1.1 of particular Flow monitoring implementation. See section 5.1.1 of
[RFC5470] for more detailed discussion. [RFC5470] for more detailed discussion.
Flows are considered long-running when they last longer than Flows are considered long-running when they last longer than
several multiples of the Active Timeout or when the Active Timeout several multiples of the Active Timeout. When the Active Timeout
is zero, contain a larger number of packets than usual for a is zero Flows are long-running if they contain a larger number of
single transaction based Flows, in the order of tens of packets packets than usual for a single transaction based Flows, in the
and higher. order of tens of packets and higher.
Measurement units: Measurement units:
Seconds Seconds
2.2.4 Inactive Timeout 2.2.4 Inactive Timeout
Definition: Definition:
The time interval used by the Metering Process to expire an entry The time interval used by the Metering Process to expire an entry
from the Cache, when no more packets belonging to that specific from the Cache, when no more packets belonging to that specific
Cache entry have been observed during the interval. Cache entry have been observed during the interval.
Discussion: Discussion:
This term is typically represented as a configurable option in the This term is typically represented as a configurable option in the
particular Flow monitoring implementation. See section 5.1.1 of particular Flow monitoring implementation. See section 5.1.1 of
[RFC5470] for more detailed discussion. [RFC5470] for more detailed discussion.
Measurement units: Measurement units:
Seconds Seconds
Novak Expires July, 2012
2.2.5 Flow Export Rate 2.2.5 Flow Export Rate
Definition: Definition:
The number of Cache entries that expire from the Cache (as defined The number of Cache entries that expire from the Cache (as defined
by the Flow Expiration term) and are exported to the Collector by the Flow Expiration term) and are exported to the Collector
within a measurement time interval. There SHOULD NOT be any export within a measurement time interval. There SHOULD NOT be any export
filtering, so that all the expired cache entries are exported. If filtering, so that all the expired cache entries are exported. If
there is export filtering and it can't be disabled, this needs to there is export filtering and it can't be disabled, this needs to
be noted. be noted.
Novak Expires September, 2012
The measured Flow Export Rate MUST include both the Data Stream The measured Flow Export Rate MUST include both the Data Stream
and the Control Information, as defined in section 2 of [RFC5470]. and the Control Information, as defined in section 2 of [RFC5470].
Discussion: Discussion:
The Flow Export Rate is measured using Flow Export data observed The Flow Export Rate is measured using Flow Export data observed
at the Collector by counting the exported Flow Records during the at the Collector by counting the exported Flow Records during the
measurement time interval (see section 5.4). The value obtained is measurement time interval (see section 5.4). The value obtained is
an average of the instantaneous export rates observed during the an average of the instantaneous export rates observed during the
measurement time interval. The smallest possible measurement measurement time interval. The smallest possible measurement
interval (if attempting to measure nearly instantaneous export interval (if attempting to measure nearly instantaneous export
skipping to change at page 6, line 55 skipping to change at page 6, line 45
Number of Flow Records per second Number of Flow Records per second
Discussion: Discussion:
The losses of Cache entries or forwarded packets in this The losses of Cache entries or forwarded packets in this
definition are assumed to happen due to the lack of DUT resources definition are assumed to happen due to the lack of DUT resources
to process any additional traffic information or lack of resources to process any additional traffic information or lack of resources
to process Flow Export data. The physical layer issues, like to process Flow Export data. The physical layer issues, like
insufficient bandwidth from the DUT to the Collector or lack of insufficient bandwidth from the DUT to the Collector or lack of
Collector resources MUST be excluded as detailed in section 4. Collector resources MUST be excluded as detailed in section 4.
Novak Expires July, 2012
3.2 Device Applicability 3.2 Device Applicability
The Flow monitoring performance metric is applicable to network The Flow monitoring performance metric is applicable to network
devices that implement [RFC5470] architecture. These devices can be devices that implement [RFC5470] architecture. These devices can be
network packet forwarding devices or appliances which analyze the network packet forwarding devices or appliances which analyze the
traffic but do not forward traffic (probes, sniffers, replicators). traffic but do not forward traffic (probes, sniffers, replicators).
This document does not intend to measure Collector performance, it This document does not intend to measure Collector performance, it
only requires sufficient Collector resources (as specified in section only requires sufficient Collector resources (as specified in section
4.4) in order to measure the DUT characteristics. 4.4) in order to measure the DUT characteristics.
Novak Expires September, 2012
3.3 Measurement Concept 3.3 Measurement Concept
Figure 1 below presents the functional block diagram of the DUT. The Figure 1 below presents the functional block diagram of the DUT. The
traffic in the figure represents the test traffic sent to the traffic in the figure represents the test traffic sent to the
DUT and forwarded by the DUT, if possible. When testing devices which DUT and forwarded by the DUT, if possible. When testing devices which
do not act as network packet forwarding devices (such as probes, do not act as network packet forwarding devices (such as probes,
sniffers and replicators) the forwarding plane is simply an sniffers and replicators) the forwarding plane is simply an
Observation Point as defined in section 2 of [RFC5470]. The [RFC2544] Observation Point as defined in section 2 of [RFC5470]. The [RFC2544]
Throughput of such devices will always be zero and the only Throughput of such devices will always be zero and the only
applicable performance metric is the Flow Monitoring Throughput. applicable performance metric is the Flow Monitoring Throughput.
skipping to change at page 7, line 50 skipping to change at page 7, line 39
| | | | | | | |
traffic ---|---->| Forwarding |------|----> traffic ---|---->| Forwarding |------|---->
| | Plane | | | | Plane | |
| +-------------+ | | +-------------+ |
| | | |
| DUT | | DUT |
+------------------------- + +------------------------- +
Figure 1. The functional block diagram of the DUT Figure 1. The functional block diagram of the DUT
The Flow monitoring enabled (see section 4.3) on the DUT and Flow monitoring is represented in the figure 1 by the Monitoring
represented in the figure 1 by the Monitoring Plane uses the Plane. It is enabled as specified in section 4.3. It uses the
traffic information provided by the Forwarding Plane and configured traffic information provided by the Forwarding Plane and configured
Flow Keys to create Cache entries representing the traffic Flow Keys to create Cache entries representing the traffic
forwarded (or observed) by the DUT in the DUT Cache. The Cache forwarded (or observed) by the DUT in the DUT Cache. The Cache
entries are expired from the Cache depending on the Cache entries are expired from the Cache depending on the Cache
configuration (ie, the Active and Inactive Timeouts, number of Cache configuration (ie, the Active and Inactive Timeouts, number of Cache
Novak Expires July, 2012
entries and the Cache Size) and the traffic pattern. The Cache entries and the Cache Size) and the traffic pattern. The Cache
entries are used by the Exporting Process to format the Flow Records entries are used by the Exporting Process to format the Flow Records
which are then exported from the DUT to the Collector (see figure 2 which are then exported from the DUT to the Collector (see figure 2
in section 4). in section 4).
The Forwarding Plane and Monitoring Plane represent two separate The Forwarding Plane and Monitoring Plane represent two separate
functional blocks, each with it's own performance capability. The functional blocks, each with its own performance capability. The
Forwarding Plane handles user data packets and is fully characterised Forwarding Plane handles user data packets and is fully characterised
by the metrics defined by [RFC2544]. by the metrics defined by [RFC2544].
Novak Expires September, 2012
The Monitoring Plane handles Flows which reflect the analysed The Monitoring Plane handles Flows which reflect the analysed
traffic. The metric for Monitoring Plane performance is Flow Export traffic. The metric for Monitoring Plane performance is Flow Export
Rate, and the benchmark is the Flow Monitoring Throughput. Rate, and the benchmark is the Flow Monitoring Throughput.
3.4 The Measurement Procedure Overview 3.4 The Measurement Procedure Overview
The measurement procedure is fully specified in sections 4, 5 and 6. The measurement procedure is fully specified in sections 4, 5 and 6.
This section provides an overview of principles for the measurements. This section provides an overview of principles for the measurements.
The basic measurement procedure of performance characteristics of a The basic measurement procedure of performance characteristics of a
DUT with Flow monitoring enabled is a conventional Throughput DUT with Flow monitoring enabled is a conventional Throughput
measurement using a search algorithm to determine the maximum packet measurement using a search algorithm to determine the maximum packet
rate at which none of the offered packets and corresponding Flow rate at which none of the offered packets and corresponding Flow
Records are dropped by the DUT as described in [RFC1242] and section Records are dropped by the DUT as described in [RFC1242] and section
26.1 of [RFC2544]. 26.1 of [RFC2544].
The Device Under Test (DUT) with Flow monitoring enabled contains two The DUT with Flow monitoring enabled contains two functional blocks
functional blocks which need to be measured using characteristics which need to be measured using characteristics applicable to one or
applicable to one or both blocks (see figure 1). See sections 3.4.1 both blocks (see figure 1). See sections 3.4.1 and 3.4.2 for further
and 3.4.2 for further discussion. discussion.
On one hand the Monitoring Plane and Forwarding Plane (see On one hand the Monitoring Plane and Forwarding Plane (see
figure 1) need to be looked at as two independent blocks, and the figure 1) need to be looked at as two independent blocks, and the
performance of each of them measured independently. But on the other performance of each of them measured independently. But on the other
hand when measuring the performance of one of them, the status and hand when measuring the performance of one of them, the status and
performance of the other MUST be known and benchmarked when both are performance of the other MUST be known and benchmarked when both are
present. present.
3.4.1 Monitoring Plane Performance Measurement 3.4.1 Monitoring Plane Performance Measurement
skipping to change at page 8, line 57 skipping to change at page 8, line 47
point of view and will exercise the Monitoring Plane (see figure 1) point of view and will exercise the Monitoring Plane (see figure 1)
of the DUT most. In this scenario every packet seen by DUT creates a of the DUT most. In this scenario every packet seen by DUT creates a
new Cache entry and forces the DUT to fill the Cache instead of just new Cache entry and forces the DUT to fill the Cache instead of just
updating packet and byte counters of an already existing Cache entry. updating packet and byte counters of an already existing Cache entry.
The exit criteria for the Flow Monitoring Throughput measurement are The exit criteria for the Flow Monitoring Throughput measurement are
one of the following (e.g. if any of the conditions is reached): one of the following (e.g. if any of the conditions is reached):
a. The Flow Export Rate at which the DUT starts to lose Flow a. The Flow Export Rate at which the DUT starts to lose Flow
information or the Flow information gets corrupted information or the Flow information gets corrupted
Novak Expires July, 2012
b. The Flow Export Rate at which the Forwarding Plane starts to drop b. The Flow Export Rate at which the Forwarding Plane starts to drop
or corrupt packets (if the Forwarding Plane is present) or corrupt packets (if the Forwarding Plane is present)
A corrupted packet here means the packet header corruption (resulting A corrupted packet here means the packet header corruption (resulting
in the cyclic redundancy check failure on the transmission level and in the cyclic redundancy check failure on the transmission level and
consequent packet drop) or the packet payload corruption leading to consequent packet drop) or the packet payload corruption leading to
the lost application level data. the lost application level data.
Novak Expires September, 2012
3.4.2 Forwarding Plane Performance Measurement 3.4.2 Forwarding Plane Performance Measurement
The Forwarding Plane (see figure 1) performance metrics are fully The Forwarding Plane (see figure 1) performance metrics are fully
specified by [RFC2544] and MUST be measured accordingly. A detailed specified by [RFC2544] and MUST be measured accordingly. A detailed
traffic analysis (see below) with relation to Flow monitoring MUST be traffic analysis (see below) with relation to Flow monitoring MUST be
performed prior of any [RFC2544] measurements. Mainly the Flow Export performed prior of any [RFC2544] measurements. Mainly the Flow Export
Rate caused by the test traffic during an [RFC2544] measurement MUST Rate caused by the test traffic during an [RFC2544] measurement MUST
be known and reported. be known and reported.
The required test traffic analysis mainly involves the following: The required test traffic analysis mainly involves the following:
skipping to change at page 9, line 39 skipping to change at page 9, line 31
modes: modes:
a. As a baseline of forwarding performance without Flow monitoring a. As a baseline of forwarding performance without Flow monitoring
b. At a certain level of Flow monitoring activity specified by a Flow b. At a certain level of Flow monitoring activity specified by a Flow
Export Rate lower than the Flow Monitoring Throughput Export Rate lower than the Flow Monitoring Throughput
c. At the maximum level of Flow monitoring performance, e.g. using c. At the maximum level of Flow monitoring performance, e.g. using
traffic conditions representing a measurement of Flow Monitoring traffic conditions representing a measurement of Flow Monitoring
Throughput Throughput
The above mentioned measurement mode in point a. represents an The above mentioned measurement mode in point a. represents an
ordinary Throughput measurement specified in RFC2544. The details how ordinary Throughput measurement specified in RFC2544. The details of
to setup the measurements in points b. and c. are given in section 6. how to setup the measurements in points b. and c. are given in
section 6.
4. Measurement Set Up 4. Measurement Set-Up
This section concentrates on the set-up of all components necessary This section concentrates on the set-up of all components necessary
to perform Flow monitoring performance measurement. The recommended to perform Flow monitoring performance measurement. The recommended
reporting format can be found in Appendix A. reporting format can be found in Appendix A.
4.1 Measurement Topology 4.1 Measurement Topology
The measurement topology described in this section is applicable only The measurement topology described in this section is applicable only
to the measurements with packet forwarding network devices. The to the measurements with packet forwarding network devices. The
possible architectures and implementation of the traffic monitoring possible architectures and implementation of the traffic monitoring
appliances (see section 3.2) are too various to be covered in this appliances (see section 3.2) are too various to be covered in this
document. Instead of the Forwarding Plane, these appliances generally document. Instead of the Forwarding Plane, these appliances generally
have some kind of feed (an optical splitter, an interface sniffing have some kind of feed (an optical splitter, an interface sniffing
traffic on a shared media or an internal channel on the DUT providing traffic on a shared media or an internal channel on the DUT providing
Novak Expires July, 2012
a copy of the traffic) providing the information about the traffic a copy of the traffic) providing the information about the traffic
necessary for Flow monitoring analysis. The measurement topology then necessary for Flow monitoring analysis. The measurement topology then
needs to be adjusted to the appliance architecture, and MUST be part needs to be adjusted to the appliance architecture, and MUST be part
of the measurement report. of the measurement report.
The measurement set-up is identical to that used by [RFC2544], with The measurement set-up is identical to that used by [RFC2544], with
the addition of a Collector to analyze the Flow Export(see figure 2). the addition of a Collector to analyze the Flow Export(see figure 2).
Novak Expires September, 2012
In the measurement topology with unidirectional traffic, the traffic In the measurement topology with unidirectional traffic, the traffic
is transmitted from the sender to the receiver through the DUT. The is transmitted from the sender to the receiver through the DUT. The
received traffic is analyzed to check it is identical to the received traffic is analyzed to check it is identical to the
generated traffic. generated traffic.
The ideal way to implement the measurement is by using a single The ideal way to implement the measurement is by using a single
device to provide the sender and receiver capabilities with a sending device to provide the sender and receiver capabilities with one
port and a receiving port. This allows for an easy check whether all sending port and one receiving port. This allows for an easy check
the traffic sent by the sender was re-transmitted by the DUT and whether all the traffic sent by the sender was re-transmitted by the
received at the receiver. DUT and received at the receiver.
+-----------+ +-----------+
| | | |
| Collector | | Collector |
| | | |
|Flow Record| |Flow Record|
| analysis | | analysis |
| | | |
+-----------+ +-----------+
^ ^
skipping to change at page 10, line 53 skipping to change at page 10, line 45
Figure 2 Measurement topology with unidirectional traffic Figure 2 Measurement topology with unidirectional traffic
The DUT's export interface (connecting the Collector) MUST NOT be The DUT's export interface (connecting the Collector) MUST NOT be
used for forwarding the test traffic but only for the Flow Export used for forwarding the test traffic but only for the Flow Export
data containing the Flow Records. In all measurements, the export data containing the Flow Records. In all measurements, the export
interface MUST have enough bandwidth to transmit Flow Export data interface MUST have enough bandwidth to transmit Flow Export data
without congestion. In other words, the export interface MUST NOT be without congestion. In other words, the export interface MUST NOT be
a bottleneck during the measurement. a bottleneck during the measurement.
The traffic receiver MUST have sufficient resources to measure all The traffic receiver MUST have sufficient resources to measure all
test traffic transferred successfully by the DUT, and this may be test traffic transferred successfully by the DUT. This may be
checked through measurements with and without the DUT. checked through measurements with and without the DUT.
Note that more complex topologies might be required. For example, if Note that more complex topologies might be required. For example, if
Novak Expires July, 2012
the effects of enabling Flow monitoring on several interfaces are of the effects of enabling Flow monitoring on several interfaces are of
concern or the media maximum speed is less than the DUT throughput, concern or the media maximum speed is less than the DUT throughput,
the topology can be expanded with several input and output ports. the topology can be expanded with several input and output ports.
However, the topology MUST be clearly written in the measurement However, the topology MUST be clearly written in the measurement
report. report.
Novak Expires September, 2012
4.2 Baseline DUT Set Up 4.2 Baseline DUT Set Up
The baseline DUT set-up and the way the set-up is reported in the The baseline DUT set-up and the way the set-up is reported in the
measurement results is fully specified in section 7 of [RFC2544]. measurement results is fully specified in section 7 of [RFC2544].
The baseline DUT configuration might include other features like The baseline DUT configuration might include other features like
packet filters or quality of service on the input and/or output packet filters or quality of service on the input and/or output
interfaces if there is the need to study Flow monitoring in the interfaces if there is the need to study Flow monitoring in the
presence of those features. The Flow monitoring measurement presence of those features. The Flow monitoring measurement
procedures do not change in this case. Consideration needs to be made procedures do not change in this case. Consideration needs to be made
skipping to change at page 11, line 32 skipping to change at page 11, line 26
monitoring after application of the features to the configuration. monitoring after application of the features to the configuration.
Any such feature configuration MUST be part of the measurement Any such feature configuration MUST be part of the measurement
report. report.
The DUT export interface (see figure 2) SHOULD be configured with The DUT export interface (see figure 2) SHOULD be configured with
sufficient output buffers to avoid dropping the Flow Export data due sufficient output buffers to avoid dropping the Flow Export data due
to a simple lack of resources in the interface hardware. The applied to a simple lack of resources in the interface hardware. The applied
configuration MUST be part of the measurement report. configuration MUST be part of the measurement report.
The test designer has the freedom to run tests in multiple The test designer has the freedom to run tests in multiple
configurations. It is therefore possible to run both laboratory and configurations. It is therefore possible to run both non-production
real deployment configurations, according to the needs of the and real deployment configurations in the laboratory, according to
tester. All configurations MUST be fully documented. the needs of the tester. All configurations MUST be fully documented.
4.3 Flow Monitoring Configuration 4.3 Flow Monitoring Configuration
This section covers all the aspects of the Flow monitoring This section covers all the aspects of the Flow monitoring
configuration necessary on the DUT in order to perform the Flow configuration necessary on the DUT in order to perform the Flow
monitoring performance measurement. The necessary configuration has monitoring performance measurement. The necessary configuration has
a number of components (see [RFC5470]), namely Observation Points, a number of components (see [RFC5470]), namely Observation Points,
Metering Process and Exporting Process as detailed below. Metering Process and Exporting Process as detailed below.
The DUT MUST support the Flow monitoring architecture as specified by The DUT MUST support the Flow monitoring architecture as specified by
[RFC5470]. The DUT SHOULD support IPFIX [RFC5101] to allow meaningful [RFC5470]. The DUT SHOULD support IPFIX [RFC5101] to allow meaningful
results comparison due to the standard export protocol results comparison due to the standardized export protocol.
The DUT configuration and any existing Cache MUST be erased before The DUT configuration and any existing Cache MUST be erased before
application of any new configuration for the currently executed application of any new configuration for the currently executed
measurement. measurement.
4.3.1 Observation Points 4.3.1 Observation Points
The Observation Points specify the interfaces and direction where
the Flow monitoring traffic analysis is to be performed.
Novak Expires July, 2012
The (*) in Figure 2 designates the Observation Points in the
default configuration. Other DUT Observation Points might be
configured depending on the specific measurement needs as follows:
a. ingress port/ports(s) only
b. egress port(s) /ports only
c. both ingress and egress
Generally, the placement of Observation Points depends upon the The Observation Points specify the interfaces and direction where the
position of the DUT in the deployed network and the purpose of Flow monitoring traffic analysis is to be performed.
Flow monitoring. See [RFC3917] for detailed discussion. The
measurement procedures are otherwise the same for all these
possible configurations.
In the case when both ingress and egress Flow monitoring is The (*) in Figure 2 designates the Observation Points in the default
enabled on one DUT the results analysis needs to take into account configuration. Other DUT Observation Points might be configured
that each Flow will be represented in the DUT Cache by two Flow depending on the specific measurement needs as follows:
Records (one for each direction) and therefore also the Flow
Export will contain those two Flow Records.
If more than one Observation Point for one direction is defined on a. ingress port/ports only
the DUT the traffic passing through each of the Observation Points b. egress port/ports only
MUST be configured in such a way that it creates Flows and Flow c. both ingress and egress
Records which do not overlap, e.g. each packet (or set of packets Novak Expires September, 2012
if measuring with more than one packet per Flow - see section 6.4) Generally, the placement of Observation Points depends upon the
sent to the DUT on different ports still creates one unique Flow position of the DUT in the deployed network and the purpose of Flow
Record. monitoring. See [RFC3917] for detailed discussion. The measurement
procedures are otherwise the same for all these possible
configurations.
The specific Observation Points and associated monitoring In the case when both ingress and egress Flow monitoring is enabled
direction MUST be included as part of the report of the results. on one DUT the results analysis needs to take into account that each
Flow will be represented in the DUT Cache by two Flow Records (one
for each direction). Therefore also the Flow Export will contain
those two Flow Records.
4.3.2 Metering Process If more than one Observation Point for one direction is defined on
the DUT the traffic passing through each of the Observation Points
MUST be configured in such a way that it creates Flows and Flow
Records which do not overlap. Each packet (or set of packets if
measuring with more than one packet per Flow - see section 6.3.1)
sent to the DUT on different ports still creates one unique Flow
Record.
The Metering Process MUST be enabled in order to create the Cache The specific Observation Points and associated monitoring direction
in the DUT and configure the Cache related parameters. MUST be included as part of the measurement report.
The Cache Size available to the DUT MUST be known and taken into 4.3.2 Metering Process
account when designing the measurement as specified in section 5.
The configuration of the Metering Process MUST be recorded. For The Metering Process MUST be enabled in order to create the Cache in
example, when a Flow monitoring implementation uses timeouts to the DUT and configure the Cache related parameters.
expire entries from the Cache, the Cache's Inactive and Active
Timeouts MUST be known and taken into account when designing the
measurement as specified in section 5. If the Flow monitoring
implementation allows only timeouts equal to zero (e.g. immediate
timeout or non-existent Cache) then the measurement conditions in
section 5 are fulfilled inherently without any additional
configuration. The DUT simply exports information about every
packet immediately, subject to the flow Export Rate definition in
section 2.2.5 and the assumptions about sampling in section 4.5.
If the Flow monitoring implementation allows configuration of The Cache Size available to the DUT MUST be known and taken into
multiple Metering Processes on a single DUT, the exact account when designing the measurement as specified in section 5.
Novak Expires July, 2012 The configuration of the Metering Process MUST be recorded. For
configuration of each process MUST be included in the results example, when a Flow monitoring implementation uses timeouts to
report. Only measurements with the same number of Metering expire entries from the Cache, the Cache's Inactive and Active
Processes can be compared. Timeouts MUST be known and taken into account when designing the
measurement as specified in section 5. If the Flow monitoring
implementation allows only timeouts equal to zero (e.g. immediate
timeout or non-existent Cache) then the measurement conditions in
section 5 are fulfilled inherently without any additional
configuration. The DUT simply exports information about every packet
immediately, subject to the Flow Export Rate definition in section
2.2.5.
The Cache Size, the Inactive and Active Timeouts MUST be included If the Flow monitoring implementation allows configuration of
as part of the results report. multiple Metering Processes on a single DUT, the exact configuration
of each process MUST be included in the measurement report. Only
measurements with the same number of Metering Processes can be
compared.
4.3.3 Exporting Process The Cache Size, the Inactive and Active Timeouts MUST be included in
the measurement report.
The Exporting Process MUST be configured in order to export the Novak Expires September, 2012
Flow Record data to the Collector. 4.3.3 Exporting Process
The Exporting Process MUST be configured in such a way that all The Exporting Process MUST be configured in order to export the Flow
Flow Records from all configured Observation Points are exported Record data to the Collector.
towards the Collector, after the expiration policy composed of
the Inactive and Active Timeouts and Cache Size.
The Exporting Process SHOULD be configured with IPFIX [RFC5101] as The Exporting Process MUST be configured in such a way that all Flow
the protocol to use to format the Flow Export data. If the Flow Records from all configured Observation Points are exported towards
monitoring implementation does not support IPFIX, proprietary the Collector, after the expiration policy composed of the Inactive
protocols MAY be used. Only measurements with same export protocol and Active Timeouts and Cache Size.
SHOULD be compared since the protocols may differ in their
export efficiency. The export efficiency might also be influenced
by used template layout and ordering of the individual export
fields within the template. The templates used by the tested
implementations SHOULD be analysed and reported as part of the
test report. Ideally only tests with same templates layout should
be compared.
Various Flow monitoring implementations might use different The Exporting Process SHOULD be configured with IPFIX [RFC5101] as
default values regarding the export of Control Information the protocol to use to format the Flow Export data. If the Flow
[RFC5470] and therefore Flow Export corresponding to Control monitoring implementation does not support IPFIX, proprietary
Information SHOULD be analyzed and reported as a separate item on protocols MAY be used. Only measurements with same export protocol
the measurement report. Preferably, the export of Control SHOULD be compared since the protocols may differ in their export
Information SHOULD always be configured consistently across all efficiency. The export efficiency might also be influenced by used
testing and configured to the minimal possible value - ideally template layout and ordering of the individual export fields within
just one exported set of Control Information during each the template. The templates used by the tested implementations SHOULD
measurement. Note that Control Information includes IPFIX Options be analysed and reported as part of the measurement report. Ideally
and Templates [RFC5101]. only tests with same templates layout should be compared.
Section 10 of [RFC5101] and section 8.1 of [RFC5470] discuss the Various Flow monitoring implementations might use different default
possibility of deploying various transport layer protocols to values regarding the export of Control Information [RFC5470] and
deliver Flow Export data from the DUT to the Collector. The therefore Flow Export corresponding to Control Information SHOULD
selected protocol MUST be included in the measurement report. Only be analyzed and reported as a separate item on the measurement
benchmarks with the same transport layer protocol should be report. The export of Control Information SHOULD always be
compared. If the Flow monitoring implementation allows the use of configured consistently across all testing and configured to the
multiple the transport layer protocols, each of the protocols minimal possible value. Ideally just one set of Control Information
SHOULD be measured in a separate measurement run and the results should be exported during each measurement. Note that Control
reported independently in the report. Information includes IPFIX Options and Templates [RFC5101].
If a reliable transport protocol is used for the transmission of Section 10 of [RFC5101] and section 8.1 of [RFC5470] discuss the
the Flow Export data from the DUT, the configuration of the possibility of deploying various transport layer protocols to deliver
Transport session MUST allow for non-blocking data transmission. Flow Export data from the DUT to the Collector. The selected protocol
MUST be included in the measurement report. Only benchmarks with the
same transport layer protocol should be compared. If the Flow
monitoring implementation allows the use of multiple the transport
layer protocols, each of the protocols SHOULD be measured in a
separate measurement run and the results reported independently in
the measurement report.
Novak Expires July, 2012 If a reliable transport protocol is used for the transmission of
An example of parameters to look at would be TCP window size and the Flow Export data from the DUT, the configuration of the
maximum segment size (MSS). The most substantial transport layer Transport session MUST allow for non-blocking data transmission.
parameters should be included in the report. An example of parameters to look at would be TCP window size and
maximum segment size (MSS). The most substantial transport layer
parameters should be included in the measurement report.
4.3.4 Flow Records 4.3.4 Flow Records
A Flow Record contains information about a specific Flow that was A Flow Record contains information about a specific Flow that was
observed at an Observation Point. A Flow Record contains measured observed at an Observation Point. A Flow Record contains measured
properties of the Flow (e.g., the total number of bytes for all properties of the Flow (e.g., the total number of bytes for all the
the Flow's packets) and usually characteristic properties of the
Flow (e.g., source IP address).
The Flow Record definition is implementation specific. A Flow Novak Expires September, 2012
monitoring implementation might allow for only a fixed Flow Record Flow packets) and usually characteristic properties of the Flow
definition, based on the most common IP parameters in the IPv4 or (e.g., source IP address).
IPv6 headers - for example source and destination IP addresses, IP
protocol numbers or transport level port numbers. Another
implementation might allow the user to define their own arbitrary
Flow Record to monitor the traffic. The requirement for the
measurements defined in this document is only the need for a large
number of Cache entries in the Cache. The Flow Keys needed to
achieve that will typically be source and destination IP addresses
and transport level port numbers.
The recommended full IPv4, IPv6 or MPLS Flow Record is shown The Flow Record definition is implementation specific. A Flow
below: monitoring implementation might allow for only a fixed Flow Record
definition, based on the most common IP parameters in the IPv4 or
IPv6 headers - for example source and destination IP addresses, IP
protocol numbers or transport level port numbers. Another
implementation might allow the user to define their own arbitrary
Flow Record to monitor the traffic. The requirement for the
measurements defined in this document is only the need for a large
number of Cache entries in the Cache. The Flow Keys needed to
achieve that will typically be source and destination IP addresses
and transport level port numbers.
Flow Keys: The recommended full IPv4, IPv6 or MPLS Flow Record is shown
Source IP address below:
Destination IP address
MPLS label (for MPLS traffic type only)
Transport layer source port
Transport layer destination port Flow Keys:
IP protocol number (IPv6 next header) Source IP address
IP type of service (IPv6 traffic class) Destination IP address
MPLS label (for MPLS traffic type only)
Transport layer source port
Transport layer destination port
IP protocol number (IPv6 next header)
IP type of service (IPv6 traffic class)
Other fields: Other fields:
Packet counter Packet counter
Byte counter Byte counter
Table 1: Recommended Configuration Table 1: Recommended Configuration
If the Flow monitoring allows for user defined Flow Records, the If the Flow monitoring allows for user defined Flow Records, the
minimal Flow Record configurations allowing large numbers of Cache minimal Flow Record configurations allowing large numbers of Cache
entries for example are: entries are for example:
Flow Keys: Flow Keys:
Source IP address Source IP address
Destination IP address Destination IP address
Other fields: Other fields:
Packet counter Packet counter
Novak Expires July, 2012
or:
Flow Key fields or:
Transport layer source port
Transport layer destination port
Other fields Flow Keys:
Packet counter Transport layer source port
Transport layer destination port
Table 2: User-defined Configuration Other fields:
Packet counter
The Flow Record configuration MUST be clearly noted in the Table 2: User-defined Configuration
measurement report. The Flow Monitoring Throughput measurements on Novak Expires September, 2012
different DUTs or different Flow monitoring implementations MUST The Flow Record configuration MUST be clearly noted in the
be compared only for exactly the same Flow Record configuration. measurement report. The Flow Monitoring Throughput measurements on
different DUTs or different Flow monitoring implementations MUST be
compared only for exactly same Flow Record configuration.
4.3.5 Flow Monitoring With Multiple Configurations 4.3.5 Flow Monitoring With Multiple Configurations
The Flow monitoring architecture as specified in [RFC5470] allows The Flow monitoring architecture as specified in [RFC5470] allows for
for more complicated configurations with multiple Metering and more complicated configurations with multiple Metering and Exporting
Exporting Processes on a single DUT. Depending on the particular Processes on a single DUT. Depending on the particular Flow
Flow monitoring implementation it might affect the measured DUT monitoring implementation it might affect the measured DUT
performance. The test report should therefore contain information performance. The measurement report should therefore contain
containing how many Metering and Exporting processes were information about how many Metering and Exporting processes were
configured on the DUT for the selected Observation Points. configured on the DUT for the selected Observation Points.
The examples of such possible configurations are: The examples of such possible configurations are:
a. Several Observation Points with a single Metering Process and a
single Exporting Process a. Several Observation Points with a single Metering Process and a
b. Several Observation Points, each with one Metering Process but single Exporting Process
all using just one instance of Exporting Process b. Several Observation Points, each with one Metering Process but
c. Several Observation Points with per Observation Point Metering all using just one instance of Exporting Process
Process and Exporting Process c. Several Observation Points with per Observation Point Metering
Process and Exporting Process
4.3.6 MPLS Measurement Specifics 4.3.6 MPLS Measurement Specifics
The Flow Record configuration for measurements with MPLS The Flow Record configuration for measurements with MPLS encapsulated
encapsulated traffic SHOULD contain the MPLS label. traffic SHOULD contain the MPLS label.
The tester SHOULD ensure that the data received by the Collector The tester SHOULD ensure that the data received by the Collector
contains the expected MPLS labels. contains the expected MPLS labels.
The MPLS forwarding performance document [RFC5695] specifies a The MPLS forwarding performance document [RFC5695] specifies a number
number of possible MPLS label operations to test. The Observation of possible MPLS label operations to test. The Observation Points
Points MUST be placed on all the DUT test interfaces where the MUST be placed on all the DUT test interfaces where the particular
particular MPLS label operation takes place. The performance MPLS label operation takes place. The performance measurements SHOULD
measurements SHOULD be performed with only one MPLS label operation be performed with only one MPLS label operation at the time.
at the time.
The DUT MUST be configured in such a way that all the traffic is The DUT MUST be configured in such a way that all the traffic is
subject to the measured MPLS label operation. subject to the measured MPLS label operation.
Novak Expires July, 2012
4.4 Collector 4.4 Collector
The Collector is needed in order to capture the Flow Export data The Collector is needed in order to capture the Flow Export data
which allows the Flow Monitoring Throughput to be measured. which allows the Flow Monitoring Throughput to be measured.
The Collector can be used as exclusively capture device providing The Collector can be used as exclusively capture device providing
just hexadecimal format of the Flow Export data. In such a case it just hexadecimal format of the Flow Export data. In such a case it
does not need to have any additional Flow Export decoding does not need to have any additional Flow Export decoding
capabilities and all the decoding is done off line. capabilities and all the decoding is done off line.
However if the Collector is also used to decode the Flow Export data However if the Collector is also used to decode the Flow Export data
then it SHOULD support IPFIX [RFC5101] for meaningful results then it SHOULD support IPFIX [RFC5101] for meaningful results
Novak Expires September, 2012
analysis. If proprietary Flow Export is deployed, the Collector MUST analysis. If proprietary Flow Export is deployed, the Collector MUST
support it otherwise the Flow Export data analysis is not possible. support it otherwise the Flow Export data analysis is not possible.
The Collector MUST be capable of capturing at the full rate the The Collector MUST be capable of capturing the export packets sent
export packets sent from the DUT without losing any of them. In the from the DUT at the full rate without losing any of them. In the
case of the use of reliable transport protocols (see also section case of the use of reliable transport protocols (see also section
4.3.3) to transmit Flow Export data, the Collector MUST have 4.3.3) to transmit Flow Export data, the Collector MUST have
sufficient resources to guarantee non-blocking data transmission on sufficient resources to guarantee non-blocking data transmission on
the transport layer session. the transport layer session.
During the analysis, the Flow Export data needs to be decoded and the During the analysis, the Flow Export data needs to be decoded and the
received Flow Records counted. received Flow Records counted.
The capture buffer MUST be cleared at the beginning of each The capture buffer MUST be cleared at the beginning of each
measurement. measurement.
skipping to change at page 16, line 49 skipping to change at page 16, line 37
Flow monitoring itself is not dependent in any way on the media used Flow monitoring itself is not dependent in any way on the media used
on the input and output ports. Any media can be used as supported by on the input and output ports. Any media can be used as supported by
the DUT and the test equipment. the DUT and the test equipment.
At the time of writing the most common transmission media and At the time of writing the most common transmission media and
corresponding frame formats (Ethernet, Packet over SONET) for IPv4, corresponding frame formats (Ethernet, Packet over SONET) for IPv4,
IPv6 and MPLS traffic are specified within [RFC2544], [RFC5180] and IPv6 and MPLS traffic are specified within [RFC2544], [RFC5180] and
[RFC5695]. [RFC5695].
The presented frame formats MUST be recorded in the report. The presented frame formats MUST be recorded in the measurement
report.
4.7 Frame Sizes 4.7 Frame Sizes
Frame sizes of the traffic to be analyzed by the DUT are specified in Frame sizes of the traffic to be analyzed by the DUT are specified in
[RFC2544] section 9 for Ethernet type interfaces (64, 128, 256, 1024, [RFC2544] section 9 for Ethernet type interfaces (64, 128, 256, 1024,
1280, 1518 bytes) and in [RFC5180] section 5 for Packet over SONET 1280, 1518 bytes) and in [RFC5180] section 5 for Packet over SONET
interfaces (47, 64, 128, 256, 1024, 1280, 1518, 2048, 4096 bytes). interfaces (47, 64, 128, 256, 1024, 1280, 1518, 2048, 4096 bytes).
Novak Expires July, 2012
When measuring with large frame sizes, care needs to be taken to When measuring with large frame sizes, care needs to be taken to
avoid any packet fragmentation on the DUT interfaces which could avoid any packet fragmentation on the DUT interfaces which could
negatively affect measured performance values. negatively affect measured performance values.
The presented frame sizes MUST be recorded in the report. The presented frame sizes MUST be recorded in the measurement report.
4.8 Flow Export Data Packet Sizes 4.8 Flow Export Data Packet Sizes
The Flow monitoring performance will be affected by the packet size The Flow monitoring performance will be affected by the packet size
the particular implementation uses to transmit Flow Export data to the particular implementation uses to transmit Flow Export data to
the Collector. The used packet size SHOULD be part of the test report
and only measurements with same packet sizes SHOULD be compared. Novak Expires September, 2012
the Collector. The used packet size SHOULD be part of the measurement
report and only measurements with same packet sizes SHOULD be
compared.
The DUT export interface (see figure 2) maximum transmission unit The DUT export interface (see figure 2) maximum transmission unit
(MTU) SHOULD be configured to the largest available value for the (MTU) SHOULD be configured to the largest available value for the
media. The MTU MUST be recorded in the report. media. The Flow Export MTU MUST be recorded in the measurement
report.
4.9 Illustrative Test Set-up Examples 4.9 Illustrative Test Set-up Examples
The below examples represent a hypothetical test set-up to clarify The below examples represent a hypothetical test set-up to clarify
the use of Flow monitoring parameters and configuration, together the use of Flow monitoring parameters and configuration, together
with traffic parameters to test Flow monitoring. The actual with traffic parameters to test Flow monitoring. The actual
benchmarking specifications are in sections 5 and 6. benchmarking specifications are in sections 5 and 6.
4.9.1 Example 1 - Inactive Timeout Flow Expiration 4.9.1 Example 1 - Inactive Timeout Flow Expiration
skipping to change at page 17, line 54 skipping to change at page 17, line 46
seconds, so the Cache entry would be refreshed in the Cache every 10 seconds, so the Cache entry would be refreshed in the Cache every 10
seconds. However, the Inactive Timeout is 5 seconds, so the Cache seconds. However, the Inactive Timeout is 5 seconds, so the Cache
entries will expire from the Cache due to the Inactive Timeout and entries will expire from the Cache due to the Inactive Timeout and
when a new packet is sent with the same IP address A it will create a when a new packet is sent with the same IP address A it will create a
new entry in the Cache. This behaviour depends upon the design an new entry in the Cache. This behaviour depends upon the design an
efficiency of the cache ager, and incidences of multi-packet flows efficiency of the cache ager, and incidences of multi-packet flows
observed during this test should be noted. observed during this test should be noted.
The measured Flow Export Rate in this case will be 1000 Flow The measured Flow Export Rate in this case will be 1000 Flow
Records per second since every single sent packet will always Records per second since every single sent packet will always
create a new Cache entry and we send 1000 packets per second. create a new Cache entry and 1000 packets per second is sent.
The expected number of Cache entries in the Cache during the whole The expected number of Cache entries in the Cache during the whole
Novak Expires July, 2012
measurement is around 5000. It corresponds to the Inactive Timeout measurement is around 5000. It corresponds to the Inactive Timeout
being 5 seconds and during those five seconds 5000 entries are being 5 seconds and during those five seconds 5000 entries are
created. This expectation might change in real measurement set-ups created. This expectation might change in real measurement set-ups
with large Cache Sizes and high packet rate where the DUT's actual with large Cache Sizes and high packet rate where the DUT's actual
export rate might be limited and lower than the Flow Expiration export rate might be limited and lower than the Flow Expiration
activity caused by the traffic offered to the DUT. This behaviour is activity caused by the traffic offered to the DUT. This behaviour is
entirely implementation specific. entirely implementation specific.
Novak Expires September, 2012
4.9.2 Example 2 - Active Timeout Flow Expiration 4.9.2 Example 2 - Active Timeout Flow Expiration
The traffic generator sends 1000 packets per second in 100 defined The traffic generator sends 1000 packets per second in 100 defined
streams, each stream identified by an unique destination IP address. streams, each stream identified by an unique destination IP address.
So each stream has a packet rate of 10 packets per second. The Each stream has a packet rate of 10 packets per second. The packets
packets are sent in a round robin fashion (stream 1 to 100) while are sent in a round robin fashion (stream 1 to 100) while
incrementing the destination IP address for each sent packet. incrementing the destination IP address for each sent packet.
The configured Cache Size is 1000 Flow Records. The configured The configured Cache Size is 1000 Flow Records. The configured
Active Timeout is 100 seconds. The Inactive Timeout is 10 seconds. Active Timeout is 100 seconds. The Inactive Timeout is 10 seconds.
Flow monitoring on the DUT uses the destination IP address as the Flow monitoring on the DUT uses the destination IP address as the
Flow Key. Flow Key.
After the first 100 packets are sent, 100 Cache entries will have After the first 100 packets are sent, 100 Cache entries will have
been created in the Flow monitoring Cache. The subsequent packets been created in the Flow monitoring Cache. The subsequent packets
skipping to change at page 18, line 49 skipping to change at page 18, line 41
If the test measurement time is 50 seconds from the start of the If the test measurement time is 50 seconds from the start of the
traffic generator then the measured Flow Export Rate is 0 since traffic generator then the measured Flow Export Rate is 0 since
during this period nothing expired from the Cache. during this period nothing expired from the Cache.
If the test measurement time is 100 seconds from the start of the If the test measurement time is 100 seconds from the start of the
traffic generator then the measured Flow Export Rate is 1 Flow Record traffic generator then the measured Flow Export Rate is 1 Flow Record
per second. per second.
If the test measurement time is 290 seconds from the start of the If the test measurement time is 290 seconds from the start of the
traffic generator then the measured Flow Export Rate is 2/3 of Flow traffic generator then the measured Flow Export Rate is 2/3 of Flow
Record per second since during the 290 seconds period we expired the Record per second since during the 290 seconds period the Cache
same 100 of Flows twice. expired same number of Flows twice (100).
5. Flow Monitoring Throughput Measurement Methodology 5. Flow Monitoring Throughput Measurement Methodology
Objective: Objective:
To measure the Flow monitoring performance in a manner comparable To measure the Flow monitoring performance in a manner comparable
between different Flow monitoring implementations. between different Flow monitoring implementations.
Novak Expires July, 2012
Metric definition: Metric definition:
Flow Monitoring Throughput - see section 3. Flow Monitoring Throughput - see section 3.
Novak Expires September, 2012
Discussion: Discussion:
Different Flow monitoring implementations might chose to handle Different Flow monitoring implementations might chose to handle
Flow Export from a partially empty Cache differently than in the Flow Export from a partially empty Cache differently than in the
case when the Cache fully occupied. Similarly software and case when the Cache is fully occupied. Similarly software and
hardware based DUTs can handle the same situation as stated above hardware based DUTs can handle the same situation as stated above
differently. The purpose of the benchmark measurement in this differently. The purpose of the benchmark measurement in this
section is to abstract from all the possible behaviours and define section is to abstract from all the possible behaviours and define
one measurement procedure covering all the possibilities. The only one measurement procedure covering all the possibilities. The only
criteria is to measure as defined here until Flow Record or packet criteria is to measure as defined here until Flow Record or packet
losses are seen. The decision whether to dive deeper into the losses are seen. The decision whether to dive deeper into the
conditions under which the packet losses happen is left to the conditions under which the packet losses happen is left to the
tester. tester.
5.1 Flow Monitoring Configuration 5.1 Flow Monitoring Configuration
Cache Size Cache Size
Cache Size configuration is dictated by the expected position of Cache Size configuration is dictated by the expected position of
the DUT in the network and by the chosen Flow Keys of the Flow the DUT in the network and by the chosen Flow Keys of the Flow
Record. The number of unique Flow Keys sets that the traffic Record. The number of unique Flow Keys sets that the traffic
generator (sender) provides should be multiple times larger than generator (sender) provides should be multiple times larger than
the Cache Size, to ensure that the existing Cache entries are the Cache Size. This ensures that the existing Cache entries are
never updated before Flow Expiration and Flow Export. The Cache never updated before Flow Expiration and Flow Export. The Cache
Size MUST be known in order to define the measurement Size MUST be known in order to define the measurement
circumstances properly. circumstances properly.
Inactive Timeout Inactive Timeout
Inactive Timeout is set (if configurable) to the minimum possible Inactive Timeout is set (if configurable) to the minimum possible
value on the DUT. This ensures that the Cache entries are expired value on the DUT. This ensures that the Cache entries are expired
as soon as possible and exported out of the DUT Cache. It MUST be as soon as possible and exported out of the DUT Cache. It MUST be
known in order to define the measurement circumstances completely known in order to define the measurement circumstances completely
and equally across implementations. and equally across implementations.
skipping to change at page 19, line 57 skipping to change at page 19, line 53
Flow Keys Definition: Flow Keys Definition:
The test needs large numbers of unique Cache entries to be created The test needs large numbers of unique Cache entries to be created
by incrementing values of one or several Flow Keys. The number of by incrementing values of one or several Flow Keys. The number of
unique combinations of Flow Keys values SHOULD be several times unique combinations of Flow Keys values SHOULD be several times
larger than the DUT Cache Size. This makes sure that any incoming larger than the DUT Cache Size. This makes sure that any incoming
packet will never refresh any already existing Cache entry. packet will never refresh any already existing Cache entry.
The availability of Cache Size, Inactive Timeout, Active Timeout as The availability of Cache Size, Inactive Timeout, Active Timeout as
configuration parameters is implementation specific. If the Flow configuration parameters is implementation specific. If the Flow
monitoring implementation does not support these parameters, the test monitoring implementation does not support these parameters, the test
Novak Expires July, 2012
possibilities as specified by this document are restricted. Some possibilities as specified by this document are restricted. Some
testing might be viable if the implementation follows the testing might be viable if the implementation follows the
[IPFIX-CONFIG] document and needs to be considered on the case by [IPFIX-CONFIG] document and needs to be considered on the case by
by case basis. by case basis.
Novak Expires September, 2012
5.2 Traffic Configuration 5.2 Traffic Configuration
Traffic Generation Traffic Generation
The traffic generator needs to increment the Flow Keys values with The traffic generator needs to increment the Flow Keys values with
each sent packet, this way each packet represents one Cache entry each sent packet. This way each packet represents one Cache entry
in the DUT Cache. in the DUT Cache.
If the test traffic rate is below the maximum media rate for If the test traffic rate is below the maximum media rate for
the particular packet size the traffic generator MUST send the the particular packet size the traffic generator MUST send the
packets in equidistant time intervals. Traffic generators which do packets in equidistant time intervals. Traffic generators which do
not fulfil this condition MUST NOT and cannot be used for the Flow not fulfil this condition MUST NOT and cannot be used for the Flow
Monitoring Throughput measurement. An example of this behaviour is Monitoring Throughput measurement. An example of this behaviour is
if the test traffic rate is one half of the media rate and the if the test traffic rate is one half of the media rate and the
traffic generator achieves this by sending each half of the second traffic generator achieves this by sending each half of the second
at the full media rate and then sending nothing for the second at the full media rate and then sending nothing for the second
skipping to change at page 20, line 38 skipping to change at page 20, line 33
Measurement Duration Measurement Duration
The measurement duration (e.g. how long the test traffic is sent The measurement duration (e.g. how long the test traffic is sent
to the DUT) MUST be at least two times longer than the Inactive to the DUT) MUST be at least two times longer than the Inactive
Timeout otherwise no Flow Export would be seen. The measurement Timeout otherwise no Flow Export would be seen. The measurement
duration SHOULD guarantee that the number of Cache entries created duration SHOULD guarantee that the number of Cache entries created
during the measurement exceeds the available Cache Size. during the measurement exceeds the available Cache Size.
5.3 Cache Population 5.3 Cache Population
The product of Inactive Timeout and the packet rate offered to the The product of Inactive Timeout and the packet rate offered to the
DUT (cache population) during the measurements determines the total DUT (cache population) during one measurement determines the total
number of Cache entries in the DUT Cache during one particular number of Cache entries in the DUT Cache during the measurement
measurement (while taking into account some margin for dynamic (while taking into account some margin for dynamic behaviour during
behaviour during high DUT loads when processing the Flows). high DUT loads when processing the Flows).
The Flow monitoring implementation might behave differently The Flow monitoring implementation might behave differently depending
depending on the relation of cache population to the available Cache on the relation of cache population to the available Cache Size
Size during the measurement. This behaviour is fully implementation during the measurement. This behaviour is fully implementation
specific and will also be influenced if the DUT is software based or specific and will also be influenced if the DUT is software based or
hardware based architecture. hardware based architecture.
The cache population (if it is lower or higher than the available The cache population (if it is lower or higher than the available
Cache Size) during a particular benchmark measurement SHOULD be Cache Size) during a particular benchmark measurement SHOULD be
noted and mainly only measurements with same cache population SHOULD noted and mainly only measurements with same cache population SHOULD
be compared. be compared.
5.4 Measurement Time Interval 5.4 Measurement Time Interval
The measurement time interval is the time value which is used to The measurement time interval is the time value which is used to
Novak Expires July, 2012 calculate the measured Flow Export Rate from the captured Flow Export
calculate the measured Flow Export Rate from the captured Flow data. It is obtained as specified below.
Export data. It is obtained as specified below.
RFC2544 specifies with the precision of the packet beginning and end RFC2544 specifies with the precision of the packet beginning and end
Novak Expires September, 2012
the time intervals to be used to measure the DUT time the time intervals to be used to measure the DUT time
characteristics. In the case of a Flow Monitoring Throughput characteristics. In the case of a Flow Monitoring Throughput
measurement the start and stop time needs to be clearly defined but measurement the start and stop time needs to be clearly defined but
the granularity of this definition can be limited to just marking the the granularity of this definition can be limited to just marking the
start and stop time with the start and stop of the traffic generator. start and stop time with the start and stop of the traffic generator.
This assumes that the traffic generator and DUT are collocated and This assumes that the traffic generator and DUT are collocated and
the variance in transmission delay from the generator to the DUT is the variance in transmission delay from the generator to the DUT is
negligible as compared to the total time of traffic generation. negligible as compared to the total time of traffic generation.
The measurement start time: the time when the traffic generator is The measurement start time: the time when the traffic generator is
skipping to change at page 21, line 58 skipping to change at page 21, line 54
interval when the test traffic was sent from the traffic generator to interval when the test traffic was sent from the traffic generator to
the DUT. the DUT.
5.5 Flow Export Rate Measurement 5.5 Flow Export Rate Measurement
The Flow Export Rate needs to be measured in two consequent steps. The Flow Export Rate needs to be measured in two consequent steps.
The purpose of the first step (point a. below) is to gain the actual The purpose of the first step (point a. below) is to gain the actual
value for the rate, the second step (point b. below) needs to be done value for the rate, the second step (point b. below) needs to be done
in order to verify Flow Record drops during the measurement: in order to verify Flow Record drops during the measurement:
Novak Expires July, 2012
a. In the first step the captured Flow Export data MUST be analyzed a. In the first step the captured Flow Export data MUST be analyzed
only for the capturing interval (measurement time interval) as only for the capturing interval (measurement time interval) as
specified in section 5.4. During this period the DUT is forced to specified in section 5.4. During this period the DUT is forced to
Novak Expires September, 2012
process Cache entries at the rate the packets are sent. When process Cache entries at the rate the packets are sent. When
traffic generation finishes, the behaviour when emptying the Cache traffic generation finishes, the behaviour when emptying the Cache
is completely implementation specific and the Flow Export data is completely implementation specific and the Flow Export data
from this period cannot be therefore used for the benchmarking. from this period cannot be therefore used for the benchmarking.
b. In the second step all the Flow Export data from the DUT MUST be b. In the second step all the Flow Export data from the DUT MUST be
captured in order to be capable to determine the Flow Record captured in order to be capable to determine the Flow Record
losses. It needs to be taken into account that especially when losses. It needs to be taken into account that especially when
large Cache Sizes (in order of magnitude of hundreds of thousands large Cache Sizes (in order of magnitude of hundreds of thousands
of entries and higher) are in use the Flow Export can take many of entries and higher) are in use the Flow Export can take many
multiples of Inactive Timeout to empty the Cache after the multiples of Inactive Timeout to empty the Cache after the
skipping to change at page 22, line 31 skipping to change at page 22, line 28
(or time stamp the received Flow Export data after that) this can be (or time stamp the received Flow Export data after that) this can be
done in one step. Otherwise each Flow Monitoring Throughput done in one step. Otherwise each Flow Monitoring Throughput
measurement at certain packet rate needs to be executed twice - once measurement at certain packet rate needs to be executed twice - once
to capture the Flow Export data just for the measurement time to capture the Flow Export data just for the measurement time
interval (to determine the actual Flow Export Rate) and second time interval (to determine the actual Flow Export Rate) and second time
to capture all Flow Export data in order to determine Flow Record to capture all Flow Export data in order to determine Flow Record
losses at that packet rate. losses at that packet rate.
At the end of the measurement time interval the DUT might still be At the end of the measurement time interval the DUT might still be
processing Cache entries which belong to the Flows expired from the processing Cache entries which belong to the Flows expired from the
Cache before the end of the interval while they will appear in an Cache before the end of the interval. These Flow records might
export packet sent only after the end of the measurement interval. appear in an export packet sent only after the end of the
This imprecision can be mitigated by large amounts of Flow Records measurement interval. This imprecision can be mitigated by large
used during the measurement (so that the few Flow Records in one amounts of Flow Records used during the measurement (so that the
export packet can be ignored) or by use of timestamps exported with few Flow Records in one export packet can be ignored) or by use of
the Flow Records. timestamps exported with the Flow Records.
5.6 The Measurement Procedure 5.6 The Measurement Procedure
The measurement procedure is same as the Throughput measurement in The measurement procedure is same as the Throughput measurement in
section 26.1 of [RFC2544] for the traffic sending side. The DUT section 26.1 of [RFC2544] for the traffic sending side. The DUT
output analysis is done on the traffic generator receiving side for output analysis is done on the traffic generator receiving side for
the test traffic the same way as for RFC2544 measurements. the test traffic the same way as for RFC2544 measurements.
An additional analysis is performed using data captured by the An additional analysis is performed using data captured by the
Collector. The purpose of this analysis is to establish the value of Collector. The purpose of this analysis is to establish the value of
skipping to change at page 22, line 48 skipping to change at page 22, line 45
5.6 The Measurement Procedure 5.6 The Measurement Procedure
The measurement procedure is same as the Throughput measurement in The measurement procedure is same as the Throughput measurement in
section 26.1 of [RFC2544] for the traffic sending side. The DUT section 26.1 of [RFC2544] for the traffic sending side. The DUT
output analysis is done on the traffic generator receiving side for output analysis is done on the traffic generator receiving side for
the test traffic the same way as for RFC2544 measurements. the test traffic the same way as for RFC2544 measurements.
An additional analysis is performed using data captured by the An additional analysis is performed using data captured by the
Collector. The purpose of this analysis is to establish the value of Collector. The purpose of this analysis is to establish the value of
the Flow Export Rate during the current measurement step and to verify the Flow Export Rate during the current measurement step and to verify
that no Flow Records were dropped during the measurement. The that no Flow Records were dropped during the measurement. The
procedure to measure Flow Export Rate is described in section 5.5. procedure to measure Flow Export Rate is described in section 5.5.
The Flow Export performance can be significantly affected by the way The Flow Export performance can be significantly affected by the way
the Flow monitoring implementation formats the Flow Records into the the Flow monitoring implementation formats the Flow Records into the
Flow Export packets in terms of ordering and frequency of Control Flow Export packets. The ordering and frequency of Control Information
Information export and mainly the number of Flow Records in one Flow export and mainly the number of Flow Records in one Flow Export packet
Export packet. The worst case scenario here is just one Flow Record in is of interest. The worst case scenario here is just one Flow Record
in every Flow Export packet.
Novak Expires July, 2012
every Flow Export packet.
Flow Export data should be sanity checked during the benchmark Flow Export data should be sanity checked during the benchmark
measurement for: measurement for:
Novak Expires September, 2012
a. the number of Flow Records per packet, by simply calculating the a. the number of Flow Records per packet, by simply calculating the
ratio of exported Flow Records to the number of Flow Export ratio of exported Flow Records to the number of Flow Export
packets captured during the measurement (which should be available packets captured during the measurement (which should be available
as a counter on the Collector capture buffer) as a counter on the Collector capture buffer)
b. the number Flow Records corresponding to the export of Control b. the number of Flow Records corresponding to the export of Control
Information per Flow Export packet (calculated as the ratio of the Information per Flow Export packet (calculated as the ratio of the
total number of such Flow Records in the Flow Export data and the total number of such Flow Records in the Flow Export data and the
number of Flow Export packets). number of Flow Export packets).
6. RFC2544 Measurements 6. RFC2544 Measurements
RFC2544 measurements can be performed under two Flow Monitoring set- RFC2544 measurements can be performed under two Flow Monitoring set-
ups (see also section 3.4.2). This section details both of them and ups (see also section 3.4.2). This section details both of them and
specifies ways to construct the test traffic so that RFC2544 specifies ways to construct the test traffic so that RFC2544
measurements can be performed in a controlled environment from the measurements can be performed in a controlled environment from the
skipping to change at page 23, line 49 skipping to change at page 23, line 44
characteristics without Flow monitoring present on the DUT can characteristics without Flow monitoring present on the DUT can
vary significantly when Flow monitoring is deployed on the network vary significantly when Flow monitoring is deployed on the network
device. device.
Metric definition: Metric definition:
Metric as specified in [RFC2544]. Metric as specified in [RFC2544].
The measured RFC2544 Throughput MUST NOT include the packet rate The measured RFC2544 Throughput MUST NOT include the packet rate
corresponding to the Flow Export data, because it is control type corresponding to the Flow Export data, because it is control type
traffic, generated by the DUT as a result of enabling Flow monitoring traffic. It is generated by the DUT as a result of enabling Flow
and does not contribute to the test traffic which the DUT can handle. monitoring and does not contribute to the test traffic which the DUT
It requires DUT resources to be generated and transmitted and can handle. Flow Export requires DUT resources to be generated and
therefore the RFC2544 Throughput in most cases will be much lower transmitted and therefore the RFC2544 Throughput in most cases will
when Flow monitoring is enabled on the DUT than without it. be much lower when Flow monitoring is enabled on the DUT than without
it.
Novak Expires July, 2012
6.1 Flow Monitoring Configuration 6.1 Flow Monitoring Configuration
Flow monitoring configuration (as detailed in section 4.3) needs Flow monitoring configuration (as detailed in section 4.3) needs
to be applied the same way as discussed in section 5 with the to be applied the same way as discussed in section 5 with the
exception of the Active Timeout configuration. exception of the Active Timeout configuration.
Novak Expires September, 2012
The Active Timeout SHOULD be configured to exceed several times the The Active Timeout SHOULD be configured to exceed several times the
measurement time interval (see section 5.4). This makes sure that if measurement time interval (see section 5.4). This makes sure that if
measurements with two traffic components are performed (see section measurements with two traffic components are performed (see section
6.5) there is no Flow monitoring activity related to the second 6.3.2) there is no Flow monitoring activity related to the second
traffic component. traffic component.
The Flow monitoring configuration does not change in any other way The Flow monitoring configuration does not change in any other way
for the measurement performed in this section. What changes and makes for the measurement performed in this section. What changes and makes
the difference is the traffic configurations as specified in the the difference is the traffic configurations as specified in the
sections below. sections below.
6.2 Measurements with the Flow Monitoring Throughput Set-up 6.2 Measurements with the Flow Monitoring Throughput Set-up
The major requirement to perform a measurement with Flow Monitoring The major requirement to perform a measurement with Flow Monitoring
Throughput set-up is that the traffic and Flow monitoring is Throughput set-up is that the traffic and Flow monitoring is
configured in such a way that each sent packet creates one entry in configured in such a way that each sent packet creates one entry in
the DUT Cache. This restricts the possible set-ups only to the the DUT Cache. This restricts the possible set-ups only to the
measurement with two traffic components as specified in section measurement with two traffic components as specified in section
6.5. 6.3.2.
6.3 Measurements With Fixed Flow Export Rate 6.3 Measurements With Fixed Flow Export Rate
This section covers the measurements where the RFC2544 metrics need This section covers the measurements where the RFC2544 metrics need
to be measured with Flow monitoring enabled but at certain Flow to be measured with Flow monitoring enabled but at certain Flow
Export Rate lower than Flow Monitoring Throughput. Export Rate lower than Flow Monitoring Throughput.
The tester here has both options as specified in section 6.4 and The tester here has both options as specified in section 6.3.1 and
6.5. 6.3.2.
6.4 Measurements With Single Traffic Component 6.3.1 Measurements With Single Traffic Component
Section 12 of [RFC2544] discusses the use of protocol source and Section 12 of [RFC2544] discusses the use of protocol source and
destination addresses for defined measurements. To perform all the destination addresses for defined measurements. To perform all the
RFC2544 type measurements with Flow monitoring enabled the defined RFC2544 type measurements with Flow monitoring enabled the defined
Flow Keys SHOULD contain IP source and destination address. The Flow Keys SHOULD contain IP source and destination address. The
RFC2544 type measurements with Flow monitoring enabled then can be RFC2544 type measurements with Flow monitoring enabled then can be
executed under these additional conditions: executed under these additional conditions:
a. the test traffic is not limited to single unique pair of source a. the test traffic is not limited to single unique pair of source
and destination addresses and destination addresses
b. the traffic generator defines test traffic as follows: b. the traffic generator defines test traffic as follows:
allow for a parameter to send N (where N is an integer number allow for a parameter to send N (where N is an integer number
starting at 1 and incremented in small steps) packets with source starting at 1 and incremented in small steps) packets with source
IP address A and destination IP address B before changing both IP IP address A and destination IP address B before changing both IP
addresses to the next value addresses to the next value
Novak Expires July, 2012 This test traffic definition allows execution of the Flow monitoring
This test traffic definition allows execution of the Flow monitoring measurements with fixed Flow Export Rate while measuring the DUT
measurements with fixed Flow Export Rate while measuring the DUT RFC2544 characteristics. This set-up is the better option since it
RFC2544 characteristics. This set-up is the better option since it best simulates the live network traffic scenario with Flows
best simulates the live network traffic scenario with Flows containing more than just one packet.
containing more than just one packet.
The initial packet rate at N equal to 1 defines the Flow Export Rate Novak Expires September, 2012
for the whole measurement procedure. Subsequent increases of N will The initial packet rate at N equal to 1 defines the Flow Export Rate
not change the Flow Export Rate as the time and Cache for the whole measurement procedure. Subsequent increases of N will
characteristics of the test traffic stay the same. This set-up is not change the Flow Export Rate as the time and Cache
suitable for measurements with Flow Export Rates below the Flow characteristics of the test traffic stay the same. This set-up is
Monitoring Throughput. suitable for measurements with Flow Export Rates below the Flow
Monitoring Throughput.
6.5 Measurements With Two Traffic Components 6.3.2 Measurements With Two Traffic Components
The test traffic set-up in section 6.4 might be difficult to achieve The test traffic set-up in section 6.3.1 might be difficult to
with commercial traffic generators or the granularity of the traffic achieve with commercial traffic generators or the granularity of the
rates as defined by the initial packet rate at N equal to 1 might not traffic rates as defined by the initial packet rate at N equal to 1
be suitable for the required measurement. An alternate mechanism is might not be suitable for the required measurement. An alternative
to define two traffic components in the test traffic. One to populate mechanism is to define two traffic components in the test traffic.
Flow monitoring Cache and the second one to execute the RFC2544 One to populate Flow monitoring Cache and the second one to execute
measurements. the RFC2544 measurements.
a. Flow monitoring test traffic component - the exact traffic a. Flow monitoring test traffic component - the exact traffic
definition as specified in section 5.2. definition as specified in section 5.2.
b. RFC2544 Test Traffic Component - test traffic as specified by b. RFC2544 Test Traffic Component - test traffic as specified by
RFC2544 MUST create just one entry in the DUT Cache. In the RFC2544 MUST create just one entry in the DUT Cache. In the
particular set-up discussed here this would mean a traffic stream particular set-up discussed here this would mean a traffic stream
with just one pair of unique source and destination IP addresses with just one pair of unique source and destination IP addresses
(but could be avoided if Flow Keys were for example UDP/TCP source (but could be avoided if Flow Keys were for example UDP/TCP source
and destination ports and Flow Keys did not contain the and destination ports and Flow Keys did not contain the
addresses). addresses).
skipping to change at page 25, line 58 skipping to change at page 25, line 52
the capability to verify the Flow monitoring accuracy in terms of the the capability to verify the Flow monitoring accuracy in terms of the
exported Flow Record data. Since every Cache entry created in the exported Flow Record data. Since every Cache entry created in the
Cache is populated by just one packet, the full set of captured data Cache is populated by just one packet, the full set of captured data
on the Collector can be parsed (e.g. providing the values of all Flow on the Collector can be parsed (e.g. providing the values of all Flow
Keys and other Flow Record fields, not only the overall Flow Record Keys and other Flow Record fields, not only the overall Flow Record
count in the exported data) and each set of parameters from each Flow count in the exported data) and each set of parameters from each Flow
Record can be checked against the parameters as configured on the Record can be checked against the parameters as configured on the
traffic generator and set in packets sent to the DUT. The exported traffic generator and set in packets sent to the DUT. The exported
Flow Record is considered accurate if: Flow Record is considered accurate if:
Novak Expires July, 2012
a. all the Flow Record fields are present in each exported Flow a. all the Flow Record fields are present in each exported Flow
Record Record
b. all the Flow Record fields values match the value ranges as set by b. all the Flow Record fields values match the value ranges as set by
the traffic generator (for example an IP address falls within the the traffic generator (for example an IP address falls within the
range of the IP addresses increments on the traffic generator) range of the IP addresses increments on the traffic generator)
c. all the possible Flow Record fields values as defined at the
traffic generator have been found in the captured export data Novak Expires September, 2012
on the Collector. This check needs to be offset against detected c. all the possible Flow Record field values as defined at the
traffic generator have been found in the captured export data on
the Collector. This check needs to be offset against detected
packet losses at the DUT during the measurement packet losses at the DUT during the measurement
8. Evaluating Flow Monitoring Applicability 8. Evaluating Flow Monitoring Applicability
The measurement results as discussed in this document and obtained The measurement results as discussed in this document and obtained
for certain DUTs allow for a preliminary analysis of a Flow for certain DUTs allow for a preliminary analysis of a Flow
monitoring deployment based on the traffic analysis data from the monitoring deployment based on the traffic analysis data from the
providers network. providers network.
An example of such traffic analysis in the Internet is provided by An example of such traffic analysis in the Internet is provided by
[CAIDA] and the way it can be used is discussed below. The data [CAIDA] and the way it can be used is discussed below. The data
skipping to change at page 26, line 38 skipping to change at page 26, line 33
Expected data rate on the network device: 1 Gbit/s Expected data rate on the network device: 1 Gbit/s
The required value needed to be known is the average number of Flows The required value needed to be known is the average number of Flows
created per second in the network device: created per second in the network device:
Expected packet rate Expected packet rate
Flows per second = -------------------- Flows per second = --------------------
Packet per flow Packet per flow
When using the example values given above, the network device would When using the example values given above, the network device would
Be required to process 18 000 Flows per second. By executing the be required to process 18 000 Flows per second. By executing the
benchmarking as specified in this document a platform capable of this benchmarking as specified in this document a platform capable of this
processing can be determined for the deployment in that particular processing can be determined for the deployment in that particular
part of the user network. part of the user network.
It needs to be kept in mind that the above is a very rough and It needs to be kept in mind that the above is a very rough and
averaged Flow activity estimate which cannot account for traffic averaged Flow activity estimate which cannot account for traffic
anomalies, for example a large number of DNS request packets which anomalies, for example a large number of DNS request packets which
are typically small packets coming from many different sources and are typically small packets coming from many different sources and
represent mostly just one packet per Flow. represent mostly just one packet per Flow.
9. Acknowledgements 9. Acknowledgements
This work could have been performed thanks to the patience and This work could have been performed thanks to the patience and
support of Cisco Systems NetFlow development team, namely Paul support of Cisco Systems NetFlow development team, namely Paul
Aitken, Paul Atkins and Andrew Johnson. Thanks belong to Benoit Aitken, Paul Atkins and Andrew Johnson. Thanks belong to Benoit
Claise for numerous detailed reviews and presentations of the Claise for numerous detailed reviews and presentations of the
document and Aamer Akhter for initiating this work. A special document and Aamer Akhter for initiating this work. A special
acknowledgment needs to go to the whole of the working group and acknowledgment needs to go to the whole of the working group and
Novak Expires July, 2012
especially to the chair Al Morton for the support and work on especially to the chair Al Morton for the support and work on
this draft and Paul Aitken for a very detailed technical review. this draft and Paul Aitken for a very detailed technical review.
Novak Expires September, 2012
10. Security Considerations 10. Security Considerations
Documents of this type do not directly affect the security of Documents of this type do not directly affect the security of
the Internet or corporate networks as long as benchmarking the Internet or corporate networks as long as benchmarking
is not performed on devices or systems connected to operating is not performed on devices or systems connected to operating
networks. networks.
Benchmarking activities as described in this memo are limited to Benchmarking activities as described in this memo are limited to
technology characterization using controlled stimuli in a laboratory technology characterization using controlled stimuli in a laboratory
environment, with dedicated address space and the constraints environment, with dedicated address space and the constraints
skipping to change at page 27, line 58 skipping to change at page 27, line 55
[RFC1242] Bradner, S., "Benchmarking Terminology for Network [RFC1242] Bradner, S., "Benchmarking Terminology for Network
Interconnection Devices", RFC 1242, July 1991 Interconnection Devices", RFC 1242, July 1991
[RFC2285] Mandeville R., "Benchmarking Terminology for LAN Switching [RFC2285] Mandeville R., "Benchmarking Terminology for LAN Switching
Devices", Informational, RFC 2285, November 1998 Devices", Informational, RFC 2285, November 1998
[RFC3031] E. Rosen, A. Viswanathan, R. Callon, "Multiprotocol Label [RFC3031] E. Rosen, A. Viswanathan, R. Callon, "Multiprotocol Label
Switching Architecture", Standards Track, RFC 3031, Switching Architecture", Standards Track, RFC 3031,
January 2001 January 2001
Novak Expires July, 2012
[RFC3917] Quittek J., "Requirements for IP Flow Information Export [RFC3917] Quittek J., "Requirements for IP Flow Information Export
(IPFIX)", Informational, RFC 3917, October 2004. (IPFIX)", Informational, RFC 3917, October 2004.
Novak Expires September, 2012
[RFC5101] Claise B., "Specification of the IP Flow Information [RFC5101] Claise B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", Standards Track, RFC 5101, January 2008 Flow Information", Standards Track, RFC 5101, January 2008
[RFC5180] C. Popoviciu, A. Hamza, D. Dugatkin, G. Van de Velde, [RFC5180] C. Popoviciu, A. Hamza, D. Dugatkin, G. Van de Velde,
"IPv6 Benchmarking Methodology for Network Interconnect "IPv6 Benchmarking Methodology for Network Interconnect
Devices", Informational, RFC 5180, May 2008 Devices", Informational, RFC 5180, May 2008
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, [RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
"Architecture Model for IP Flow Information Export", "Architecture Model for IP Flow Information Export",
skipping to change at page 28, line 40 skipping to change at page 28, line 37
draft-ietf-ipfix-configuration-model-10 draft-ietf-ipfix-configuration-model-10
Author's Addresses Author's Addresses
Jan Novak (editor) Jan Novak (editor)
Cisco Systems Cisco Systems
Edinburgh, Edinburgh,
United Kingdom United Kingdom
Email: janovak@cisco.com Email: janovak@cisco.com
Novak Expires July, 2012 Novak Expires September, 2012
Appendix A: Recommended Report Format Appendix A: Recommended Report Format
Parameter Units Parameter Units
----------------------------------- ------------------------------------ ----------------------------------- ------------------------------------
Test Case test case name (section 5 and 6) Test Case test case name (section 5 and 6)
Test Topology Figure 2, other Test Topology Figure 2, other
Traffic Type IPv4, IPv6, MPLS, other Traffic Type IPv4, IPv6, MPLS, other
Test Results Test Results
Flow Monitoring Throughput Flow Records per second or Not Flow Monitoring Throughput Flow Records per second or Not
Applicable Applicable
skipping to change at page 29, line 26 skipping to change at page 29, line 26
Control Information Export Rate Flow Records per second Control Information Export Rate Flow Records per second
RFC2544 Throughput packets per second RFC2544 Throughput packets per second
(Other RFC2544 Metrics) (as appropriate) (Other RFC2544 Metrics) (as appropriate)
General Parameters General Parameters
Traffic Direction unidirectional, bidirectional Traffic Direction unidirectional, bidirectional
DUT Interface Type Ethernet, POS, ATM, other DUT Interface Type Ethernet, POS, ATM, other
DUT Interface Bandwidth MegaBits per second DUT Interface Bandwidth MegaBits per second
Traffic Specifications Traffic Specifications
Number of Traffic Components (see section 6.4 and 6.5) Number of Traffic Components (see section 6.3.1 and 6.3.2)
For each traffic component: For each traffic component:
Packet Size bytes Packet Size bytes
Traffic Packet Rate packets per second Traffic Packet Rate packets per second
Traffic Bit Rate MegaBits per second Traffic Bit Rate MegaBits per second
Number of Packets Sent number of entries Number of Packets Sent number of entries
Incremented Packet Header Fields list of fields Incremented Packet Header Fields list of fields
Number of Unique Header Values number of entries Number of Unique Header Values number of entries
Number of Packets per Flow number of entries Number of Packets per Flow number of entries
Flow monitoring Specifications Flow monitoring Specifications
skipping to change at page 29, line 48 skipping to change at page 29, line 48
Observation Points DUT interface names Observation Points DUT interface names
Cache Size number of entries Cache Size number of entries
Active Timeout seconds Active Timeout seconds
Inactive Timeout seconds Inactive Timeout seconds
Flow Keys list of fields Flow Keys list of fields
Flow Record Fields total number of fields Flow Record Fields total number of fields
Number of Flows Created number of entries Number of Flows Created number of entries
Flow Export Transport Protocol UDP, TCP, SCTP, other Flow Export Transport Protocol UDP, TCP, SCTP, other
Flow Export Protocol IPFIX, NetFlow, other Flow Export Protocol IPFIX, NetFlow, other
Flow Export data packet size bytes Flow Export data packet size bytes
Flow Export MTU bytes
MPLS Specifications (for traffic type MPLS only) MPLS Specifications (for traffic type MPLS only)
Tested Label Operation imposition, swap, disposition Tested Label Operation imposition, swap, disposition
Novak Expires July, 2012 Novak xpires September, 2012
Appendix B: Miscellaneous Tests Appendix B: Miscellaneous Tests
This section lists the tests which could be useful to asses a proper This section lists the tests which could be useful to asses a proper
Flow monitoring operation under various operational or stress Flow monitoring operation under various operational or stress
conditions. These tests are not deemed suitable for any benchmarking conditions. These tests are not deemed suitable for any benchmarking
for various reasons. for various reasons.
B.1 DUT Under Traffic Load B.1 DUT Under Traffic Load
The Flow Monitoring Throughput SHOULD be measured under different The Flow Monitoring Throughput SHOULD be measured under different
levels of static traffic load through the DUT. This can be levels of static traffic load through the DUT. This can be achieved
achieved only by using two traffic components as discussed in only by using two traffic components as discussed in section 6.3.2.
section 6.5, where one traffic component exercises the Flow One traffic component exercises the Flow Monitoring Plane. The second
Monitoring Plane and the second traffic component loads only traffic component loads only the Forwarding Plane without affecting
the Forwarding Plane without affecting Flow monitoring (e.g. it Flow monitoring (e.g. it creates just a certain amount of permanent
creates just a certain amount of permanent Cache entries). Cache entries).
The variance in Flow Monitoring Throughput as function of the The variance in Flow Monitoring Throughput as function of the traffic
traffic load should be noted for comparison purposes between two load should be noted for comparison purposes between two DUTs of
DUTs of similar architecture and capability. similar architecture and capability.
B.2 In-band Flow Export B.2 In-band Flow Export
The test topology in section 4.1 mandates the use of separate The test topology in section 4.1 mandates the use of separate Flow
Flow Export interface to avoid the Flow Export data generated by Export interface to avoid the Flow Export data generated by the DUT
the DUT to mix with the test traffic from the traffic generator. to mix with the test traffic from the traffic generator. This is
This is necessary in order to create clear and reproducible test necessary in order to create clear and reproducible test conditions
conditions for the benchmark measurement. for the benchmark measurement.
The real network deployment of Flow monitoring might not allow The real network deployment of Flow monitoring might not allow for
for such a luxury - for example on a very geographically large such a luxury - for example on a very geographically large network.
network. In such a case, Flow Export will use an ordinary traffic In such a case, Flow Export will use an ordinary traffic forwarding
forwarding interface e.g. in-band Flow Export. interface e.g. in-band Flow Export.
The Flow monitoring operation should be verified with in-band The Flow monitoring operation should be verified with in-band Flow
Flow Export configuration while following these test steps: Export configuration while following these test steps:
a. Perform benchmark test as specified in section 5 a. Perform benchmark test as specified in section 5
b. One of the results will be how much bandwidth Flow Export b. One of the results will be how much bandwidth Flow Export used
used on the dedicated Flow Export interface on the dedicated Flow Export interface
c. Change Flow Export configuration to use the test interface c. Change Flow Export configuration to use the test interface
d. Repeat the benchmark test while the receiver filters out the d. Repeat the benchmark test while the receiver filters out the
Flow Export data from analysis Flow Export data from analysis
The expected result is that the RFC2544 Throughput achieved in The expected result is that the RFC2544 Throughput achieved in step
step a. is same as the Throughput achieved in step d. provided a. is same as the Throughput achieved in step d. provided that the
that the bandwidth of the output DUT interface is not the bandwidth of the output DUT interface is not the bottleneck (in
bottleneck (in other words it must have enough capacity to other words it must have enough capacity to forward both test and
forward both test and Flow Export traffic). Flow Export traffic).
B.3 Variable Packet Size B.3 Variable Packet Size
The Flow monitoring measurements specified in this document would The Flow monitoring measurements specified in this document would be
be interesting to repeat with variable packet sizes within one
Novak Expires July, 2012
particular test (e.g. test traffic containing mix of packet
sizes). The packet forwarding tests specified mainly in [RFC2544]
do not recommend and perform such tests. Flow monitoring is not
dependent on packet sizes so such a test could be performed during
the Flow Monitoring Throughput measurement and verify its value
does not depend on the offered traffic packet sizes. The tests
must be carefully designed in order to avoid measurement errors
due to the physical bandwidth limitations and changes of the base
forwarding performance with packet size.
B.4 Bursty Traffic Novak Expires September, 2012
interesting to repeat with variable packet sizes within one
particular test (e.g. test traffic containing mix of packet sizes).
The packet forwarding tests specified mainly in [RFC2544] do not
recommend and perform such tests. Flow monitoring is not dependent
on packet sizes so such a test could be performed during the Flow
Monitoring Throughput measurement and verify its value does not
depend on the offered traffic packet sizes. The tests must be
carefully designed in order to avoid measurement errors due to the
physical bandwidth limitations and changes of the base forwarding
performance with packet size.
RFC2544 section 21 discusses and defines the use of bursty B.4 Bursty Traffic
traffic. It can be used for Flow monitoring testing as well to
gauge some short term overload DUT capabilities in terms of Flow
monitoring. The tests benchmark here would not be the Flow
Export Rate the DUT can sustain but the absolute number of Flow
Records the DUT can process without dropping any single Flow
Record. The traffic set-up to be used for this test is as follows:
a. each sent packet creates a new Cache entry RFC2544 section 21 discusses and defines the use of bursty traffic.
b. the packet rate is set to the maximum transmission speed of the It can be used for Flow monitoring testing as well to gauge some
DUT interface used for the test short term overload DUT capabilities in terms of Flow monitoring. The
test benchmark here would not be the Flow Export Rate the DUT can
sustain but the absolute number of Flow Records the DUT can process
without dropping any single Flow Record. The traffic set-up to be
used for this test is as follows:
B.5 Various Flow Monitoring Configurations a. each sent packet creates a new Cache entry
b. the packet rate is set to the maximum transmission speed of the
DUT interface used for the test
This section translates the terminology used in the IPFIX B.5 Various Flow Monitoring Configurations
documents [RFC5470], [RFC5101] and others into the terminology
used in this document. Section B.5.2 proposes another measurement
which is not possible to verify in a black box test manner.
B.5.1 RFC2544 Throughput without Metering Process This section translates the terminology used in the IPFIX documents
[RFC5470], [RFC5101] and others into the terminology used in this
document. Section B.5.2 proposes another measurement which is not
possible to verify in a black box test manner.
If Metering Process is not defined on the DUT it means no Flow B.5.1 RFC2544 Throughput without Metering Process
monitoring Cache exists and no Flow analysis occurs. The
performance measurement of the DUT in such a case is just pure
[RFC2544] measurement.
B.5.2 RFC2544 Throughput with Metering Process If Metering Process is not defined on the DUT it means no Flow
monitoring Cache exists and no Flow analysis occurs. The performance
measurement of the DUT in such a case is just pure [RFC2544]
measurement.
If only Metering Process is enabled it means that Flow analysis B.5.2 RFC2544 Throughput with Metering Process
on the DUT is enabled and operational but no Flow Export happens.
The performance measurement of a DUT in such a configuration
represents an useful test of the DUT capabilities (this
corresponds to the case when the network operator uses Flow
monitoring for example for manual denial of service attacks
detection and does not wish to use Flow Export).
The performance testing on this DUT can be performed as discussed If only Metering Process is enabled it means that Flow analysis on
in this document but it is not possible to verify the operation the DUT is enabled and operational but no Flow Export happens. The
and results without interrogating the DUT. performance measurement of a DUT in such a configuration represents
an useful test of the DUT capabilities (this corresponds to the case
when the network operator uses Flow monitoring for example for manual
denial of service attacks detection and does not wish to use Flow
Export).
Novak Expires July, 2012 The performance testing on this DUT can be performed as discussed in
B.5.3 RFC2544 Throughput with Metering and Exporting Process this document but it is not possible to verify the operation and
results without interrogating the DUT.
This test represents the performance testing as discussed in Novak Expires September, 2012
section 6. B.5.3 RFC2544 Throughput with Metering and Exporting Process
B.6 Tests With Bidirectional Traffic This test represents the performance testing as discussed in
section 6.
The test topology on figure 2 can be expanded to verify Flow B.6 Tests With Bidirectional Traffic
The test topology in figure 2 can be expanded to verify Flow
monitoring functionality with bidirectional traffic in two possible monitoring functionality with bidirectional traffic in two possible
ways: ways:
a. use two sets of interfaces, one for Flow monitoring for ingress a. use two sets of interfaces, one for Flow monitoring for ingress
traffic and one for Flow monitoring egress traffic traffic and one for Flow monitoring egress traffic
b. use exactly same set-up as in figure 2 but use the interfaces in b. use exactly same set-up as in figure 2 but use the interfaces in
full duplex mode e.g. sending and receiving simultaneously on each full duplex mode e.g. sending and receiving simultaneously on each
of them of them
The set-up in point a. above is in fact equivalent to the set-up with The set-up in point a. above is in fact equivalent to the set-up with
several Observation Points as already discussed in section 4.1 several Observation Points as already discussed in section 4.1
and 4.3.1. and 4.3.1.
For the set-up in point b. same rules should be applied (as per For the set-up in point b. same rules should be applied (as per
section 4.1 and 4.3.1) - traffic passing through each Observation section 4.1 and 4.3.1) - traffic passing through each Observation
Point SHOULD always create a new Cache entry in the Cache e.g. the Point SHOULD always create a new Cache entry in the Cache e.g. the
same traffic SHOULD NOT be just looped back on the receiving same traffic SHOULD NOT be just looped back on the receiving
interfaces to create the bidirectional traffic flow. interfaces to create the bidirectional traffic flow.
B.7 Instantaneous Flow Export Rate B.7 Instantaneous Flow Export Rate
An additional useful information when analysing the Flow Export data An additional useful information when analysing the Flow Export data
is the time distribution of the instantaneous Flow Export Rate. It is the time distribution of the instantaneous Flow Export Rate. It
can be derived during the measurements in two ways: can be derived during the measurements in two ways:
a. The Collector might provide the capability to decode Flow Export a. The Collector might provide the capability to decode Flow Export
during capturing and at the same time counting the Flow Records during capturing and at the same time counting the Flow Records
and provide the instantaneous (or simply an average over shorter and provide the instantaneous (or simply an average over shorter
time interval than specified in section 5.4) Flow Export Rate time interval than specified in section 5.4) Flow Export Rate
b. The Flow Export protocol (like IPFIX [RFC5101]) can provide time b. The Flow Export protocol (like IPFIX [RFC5101]) can provide time
stamps in the Flow Export packets which would allow time based stamps in the Flow Export packets which would allow time based
analysis and calculate the Flow Export Rate as an average over analysis and calculate the Flow Export Rate as an average over
much shorter time interval than specified in section 5.4 much shorter time interval than specified in section 5.4
The accuracy and shortest time average will always be limited by the The accuracy and shortest time average will always be limited by the
precision of the time stamps (1 second for IPFIX) or by the precision of the time stamps (1 second for IPFIX) or by the
capabilities of the DUT and the Collector. capabilities of the DUT and the Collector.
Novak Expires July, 2012 Novak Expires September, 2012
 End of changes. 162 change blocks. 
415 lines changed or deleted 413 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/