DevOps Automation with Performance Benchmarking
SDN and NFV are technologies that will transform carrier and enterprise networks over the next several years. Service providers are pressured by agile competitors entering the market. Network equipment manufacturers (NEMs) need to quickly respond with solutions to capitalize on SDN/NFV rollouts and migrations.
As the time from development to deployment has been reduced from months to days, an agile development is becoming business critical. But to monetize innovations, faster product rollout must not sacrifice product quality.
The key to a successful NFV migration is having test capabilities integrated into the continuous integration and continuous deployment (CI/CD) test pipeline. Tests need to be virtualized, deployable, configurable, and executable across multiple virtualization environments of private, hybrid, and public cloud infrastructures.
By leveraging the right test tools and process, organizations can gain dramatic improvements in the user experience, can reduce development cost and risks, while accelerating time to market without frustrating their development and IT operations personnel (DevOps).
Use Ixia Developer to Set Up Performance Benchmarks
Ixia Developer makes it easy for DevOps to introduce performance benchmarks into continuous integration to reduce software development risks and costs by discovering performance issues early in the development process.
In this article, we will explore how RFC 2544 Benchmarking provides a rapid and practical method to benchmark the performance of a compute-intensive virtual network function (VNF) such as a virtual router (vRouter) used to secure network communication with IP security (IPsec).
The test topology consists of two open source Vyatta 6.3 routers. configured to secure the traffic between two data centers using an IPsec Site-to-Site VPN tunnel. The protected traffic between the two data centers, “WDC” (West Datacenter) and “EDC” (East Data Center) will be recreated using Ixia Developer.
Ixia Developer is deployed as a standalone virtual machine (VM) running on its own dedicated VMWare ESXi host. The system under test (SUT) is deployed to a separate VMWare ESXi host running only the two Vyatta vRouters (configuration of the vRouters is at the end of this blog). Each Vyatta vRouter includes 3 interfaces:
- eth0: for management (DHCP – 10.200.134.x/24)
- eth1: for untrusted interfaces (IPsec)
- eth3: for the trusted interfaces (clear text)
Similarly, Ixia Developer is configured with 3 interfaces:
- eth0: management interface to access the web user interface
- eth1: to simulate protected hosts in the WDC
- eth2: to simulate protected hosts in the EDC
Before connecting Ixia Developer to the SUT, it was calibrated by running a back-to-back test to create its performance benchmark. To run the calibration test you can follow the same configuration steps and implement the following changes:
- connect the Ixia Developer virtual test ports to same virtual vSwitch
- set the IP addresses to be in the same subnet
The following results have been recorded:
Ixia Developer—Configure RFC 2544 Test
RFC 2544 defines a specific set of tests designed to measure and report the performance characteristics of network devices.
This section covers the Ixia Developer configuration steps to determine the maximum rate of forwarding and receiving IP frames without any frame loss. The search algorithm implements a binary search as defined by the RFC 2544 standard.
Set Up New Test
- Install the RFC 2544 extension for Ixia Developer
- On the Ixia Developer Dashboard page, click New Test.
Assign Test Interfaces
- On the Editor page, configure the network entity interfaces:
- Click the interface icon for either the Client or the Server entity to open the Interfaces window
- Check an interface (such as eth1) to select it, and then click OK
- Repeat to configure the remaining Client or Server entity
Configure Network
Modify the network entity properties to match our test topology:
- Click the entity name (such as ClientEntity) to open the Properties window
- Modify the settings to match below configurations, then click OK
- For the ClientEntity network, modify:
- Network Entity Name: WDC-IXIA-LAN
- Stack: IPv4
- IPs per interface: 25
- Starting IP: 192.168.1.2 / 24
- Gateway: 192.168.1.1
- MTU: 9000
- For the ServerEntity network, modify:
- Network Entity Name: EDC-IXIA-LAN
- Stack: IPv4
- IPs per interface: 25
- Starting IP: 192.168.2.2 / 24
- Gateway: 192.168.2.1
- MTU: 9000
The resulting network configuration is shown below:
Configure Traffic
- Click “+ Add Traffic to Your Test,” then select “RFC 2544 Traffic”
- Click the tile to display the configuration parameters
- Configure the parameters for the RFC 2544 test
- Min Rate = 1 Mbps
- Max Rate = 1000 Mbps
- Resolution = 25 Mbps
- Frame Size List: 64, 128, 256, 512, 1024, 1280, 1518*
- Note: IPsec lengthens the IP packet by adding at least one IP header (tunnel mode). The added header(s) varies in length dependent on the IPsec configuration mode but they do not exceed ~58 bytes. When using 1518 bytes/MTU, to avoid fragmentation after IPsec encapsulation you can replace 1518 bytes with 1460 bytes
- On the Ixia Developer Dashboard page, click Start Test
Ixia Developer—Monitor and Visualize Test Results
To monitor the test and see the results, click the title bar of the statistics widget, and view the statistics. The “RFC 2544 Frame Size Throughout (Mbps)” summarizes the best throughput achieved for each frame size.
The max achieved values are summarized below:
You can now leverage Ixia Developer’s REST API to include the performance benchmarking into the CI/CD test pipeline. Additionally, you can leverage Ixia Developer’s rich and realistic application traffic and malicious attacks to expand the performance benchmarking by modeling your production traffic.
Related Configuration: Vyatta vRouters
the Vyatta-WDC vRouter configuration used
set system host-name vyatta-wdc
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth1 address 4.0.0.1/24
set interfaces ethernet eth2 address 192.168.1.1/24
set interfaces ethernet eth1 mtu 9000
set interfaces ethernet eth2 mtu 9000
set service ssh
commit
save
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec ike-group IKE-WDC proposal 1
set vpn ipsec ike-group IKE-WDC proposal 1 encryption aes256
set vpn ipsec ike-group IKE-WDC proposal 1 hash sha1
set vpn ipsec ike-group IKE-WDC lifetime 3600
set vpn ipsec esp-group ESP-WDC proposal 1
set vpn ipsec esp-group ESP-WDC proposal 1 encryption aes256
set vpn ipsec esp-group ESP-WDC proposal 1 hash sha1
set vpn ipsec esp-group ESP-WDC lifetime 1800
edit vpn ipsec site-to-site peer 4.0.0.2
set authentication mode pre-shared-secret
set authentication pre-shared-secret SECRET
set default-esp-group ESP-WDC
set ike-group IKE-WDC
set local-ip 4.0.0.1
set tunnel 1 local subnet 192.168.1.0/24
set tunnel 1 remote subnet 192.168.2.0/24
top
set protocols static route 4.0.0.1/32 next-hop 4.0.0.2
commit
Vyatta-EDC vRouter configuration used
set system host-name vyatta-edc
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth1 address 4.0.0.2/24
set interfaces ethernet eth2 address 192.168.2.1/24
set interfaces ethernet eth1 mtu 9000
set interfaces ethernet eth2 mtu 9000
set service ssh
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec ike-group IKE-EDC proposal 1
set vpn ipsec ike-group IKE-EDC proposal 1 encryption aes256
set vpn ipsec ike-group IKE-EDC proposal 1 hash sha1
set vpn ipsec ike-group IKE-EDC lifetime 3600
set vpn ipsec esp-group ESP-EDC proposal 1
set vpn ipsec esp-group ESP-EDC proposal 1 encryption aes256
set vpn ipsec esp-group ESP-EDC proposal 1 hash sha1
set vpn ipsec esp-group ESP-EDC lifetime 1800
edit vpn ipsec site-to-site peer 4.0.0.1
set authentication mode pre-shared-secret
set authentication pre-shared-secret SECRET
set default-esp-group ESP-EDC
set ike-group IKE-EDC
set local-ip 4.0.0.2
set tunnel 1 local subnet 192.168.2.0/24
set tunnel 1 remote subnet 192.168.1.0/24
top
set protocols static route 4.0.0.2/32 next-hop 4.0.0.1
commit
Useful commands to monitor Vyatta router
show vpn ipsec sa, show vpn ipsec status, clear interfaces counters, show interfaces counters
show interfaces ethernet eth1 capture