Testing Multiplay Networks
Transcription
Testing Multiplay Networks
Testing Multiplay Networks P/N 915-1743-01 Rev A April, 2008 Contents Testing Multiplay Networks . ..................................................................... 2 Ixia’s Approach to Multiplay Testing........................................................... 5 How Does IxLoad Work?........................................................................... 6 Voice Testing with IxLoad........................................................................... 9 IPTV Testing with IxLoad.......................................................................... 10 Testing Peer-to-Peer with IxLoad.............................................................. 12 Data and Infrastructure Testing with IxLoad............................................. 13 Testing Application-Aware Devices with IxLoad........................................ 14 Testing Security with IxLoad..................................................................... 15 IxLoad – All-in-One Solution..................................................................... 16 Testing Multiplay Networks Service providers are increasingly looking to deliver differentiated multiplay services to business and digital homes over converged IP networks. 2007 revenues for all service providers topped $1.54 trillion, with $284 billion in equipment purchases. As the Internet evolves, a wider variety of multiplay services are carried from broadly distributed sources to a large and varied audience of consumers. Services of all types that use a range of protocols are seen in modern multiplay networks, including: •Data – HTTP, HTTPS, FTP, E-mail •Voice over IP – SIP, MGCP, RTP •IPTV – RTSP, IGMP •Peer-to-peer – BitTorrent, eDonkey, Gnutella •Infrastructure – DHCP, DNS, RADIUS •Security – SSL, TLS, IPSec Email 0.4% IM 0.5% Other 13.60% Streaming 7.7% Gaming 1.0% VoIP 0.5% P2P 32.2% Download 5.0% Web 39.1% Source: IDC, 2007 Figure 1. Distribution of Internet Traffic Figure 1 shows the breakdown of U.S. Internet traffic for 2006. Each service has its own requirements, as shown in Figure 2. To the consumer, however, quality of experience (QoE) must simply “feel right.” VoIP calls must sound as good as land-line service; IPTV must be absent of blockiness, blurring, or frozen frames; and high-speed Internet services must appear responsive. Special care must be taken by service providers to satisfy all service requirements – all at the same time! Balancing of service requirements is essential in order to minimize capital expenditure (CAPEX). Services must be delivered with the proper amount of networking equipment and bandwidth. 2 IPTV: real time high bandwidth latency sensitive high QoE expectation Voice: real time low bandwidth latency sensitive high QoE expectation High-speed Internet: not real time variable bandwidth not latency sensitive no QoE expectation Mobility and Mobile Services: real time moderate bandwidth latency sensitive moderate QoE expectation Business: other services + security high SLA requirements Peer-to-peer: not real time very high bandwidth not latency sensitive no QoE expectation Gaming: real time variable bandwidth latency sensitive high QOE expectation Figure 2. Application Traffic Requirements More and more specialized, application-specific networking devices will continue to emerge as new services gain traction. In contrast, larger and more powerful networking devices are integrating functions of the separate devices. As a result, an increasingly large and diverse range of network devices must be carefully tuned to interoperate correctly and to produce maximized results. Table 1 is a breakdown of some of the modern devices used in multiplay networks. Web Voice Video Data Common load balancers proxy servers video head-ends e-mail gateway firewalls web servers registration servers access devices e-mail servers VPN gateways web caches session border controllers set-top boxes anti-spam servers routers content inspection devices (DPI) intrustion detection systems IMS devices infrastructure servers Table 1. Internet Multiplay Devices 3 This blizzard of general and specialized devices is used in different combinations at multiple locations within LANs and throughout the Internet. In order to ensure that devices and systems have matched capacities and capabilities and that they interoperate correctly, it’s necessary that testing occur at multiple system levels of network integration: individual components, network subsystems and complete networks. In particular, subsystems must be tested at their major network demarcation points, as shown in Figure 3. Back Office Core Network Customer Premises Aggregation and Access Network PON/ FTTH OLT Video Server ONU Metro Residential Gateway Core Voice Server IP DSLAM Web Server s s s Figure 3. Major Network Demarcation Points Service verification is never a one-time thing. Every networking component and system is subject to a continuous stream of updates, upgrades and expansion. Testing at every juncture is essential in order to ensure continued proper operation, capacity and performance. Today’s networking devices and protocol servers in multiplay networks are highly intelligent, digging deep into packet contents to separate protocols, identify sessions and inspect contents. This information is used in complex algorithms that prioritize traffic so as to meet the QoE requirements of each service type. This sophistication calls for an equal sophistication in network test equipment. In particular, test facilities must offer: •Multiservice subscriber emulation – to test multiplay devices and networks, test equipment must assume the roles of the end-user and protocol server. •Protocol coverage – to test the broad range of devices listed in Table 1, test equipment must emulate a wide range of voice, video and data protocols. •City scale – networks must be pushed to their limits and beyond to properly determine capacities and test quality of service and admission policy enforcement. •Flexibility – as the Internet matures, usage will morph to take advantage of new, converged applications. Test equipment must be easy to program and to modify in order to keep up with a changing environment. 4 Ixia’s Approach to Multiplay Testing Ixia offers a complete, all-in-one hardware/software solution. Ixia’s chassis, interface modules and applications provide a complete, integrated system for testing all types of multiplay devices and networks. All running on the same chassis, Ixia test applications cover the full gamut from conformance test, to layer 2-3 and layer 4-7 performance testing, to full automation and regression testing. The back of this brochure describes the range of Ixia’s test applications. IxLoad™, in particular, was designed from the ground up to test layer 4-7 network devices, subsystems and networks of all sizes through an extensive set of protocol emulations. IxLoad is used by a wide range of device and chip developers, network equipment manufacturers, service providers, proof-of-concept test labs, and enterprises of all sizes. IxLoad offers all types of testing: •Scalability – determine the maximum number of users and sessions that can be supported. •Performance – measure per-protocol maximum data rates. •Interoperability – ensure that devices conform to published and de-facto standards in the same manner. •Security – guarantee that security devices fend off attacks and that other devices are not vulnerable. •Realism – ensures that testing closely matches real-world conditions, with protocol client/ server emulations and service traffic over established routing planes. The bottom-line benefits of using IxLoad are: •Maximize profit – IxLoad minimizes testing time, allowing you to get to market sooner. •Minimize OPEX – thoroughly tested devices and networks exhibit fewer problems, reducing OPEX. •Minimize CAPEX – the ability to measure capacity and performance in real-world scenarios allows you to properly provision your networks without unnecessary overcapacity. Capacity needed for future expansion can be accurately determined. 5 How Does IxLoad Work? In general, a device, subsystem or network is connected to other network devices and computers that request or supply services, as shown in Figures 2 and 3. Ixia’s test hardware and IxLoad work together to test the central device or network, referred to as a system under test (SUT). They do this by providing protocol emulations for the service subscribers and servers connected to the SUT. Where the SUT is a self-sufficient server, only subscribers need be emulated. Figure 4 shows how the Ixia chassis and interfaces connect to the SUT. Ixia Server Emulations Device or System Under Test (SUT) Figure 4. Ixia Emulations used During Test Ixia’s architecture makes it easy to scale to city-size emulation of subscriber communities. Depending on the scale of the SUT, as few as two ports and as many as several hundred ports can be used. Each interface port contains a dedicated, high-performance computer with substantial memory. Using the protocol emulations performed on each port’s CPU, IxLoad can simulate large numbers of subscribers using different services, such as HTTP, FTP, VoIP, IPTV and E-mail. Table 2 lists IxLoad’s complement of protocol emulations. Table 3 indicates how many sessions of particular types are available from Ixia’s most popular interfaces. 6 Ixia Protocol Emulations Data • HTTP, HTTPS • FTP • SMTP, POP3, IMAP • Peer-to-peer • CIFS Voice • SIP • MGCP • RTP Video • IGMP, MLD • Video on Demand • RSTP, RTP • MS IPTV Infrastructure • Telnet • DNS • DHCP • LDAP • RADIUS, DIAMETER Table 2. IxLoad Protocol Emulations Each Ixia interface is capable of emulating large numbers of voice, video, and data subscribers while generating near line-rate traffic, as shown in Table 3. The ASM1000XMV12X load module, in particular, is a powerful and flexible card. It contains twelve 1G Ethernet interfaces that can be completely or partially aggregated into a single 10G Ethernet interface, producing line-rate 10G stateful application traffic. Ixia Interface Card 10/100/1G Ethernet (LSM1000XMV16) Ports/ Card HTTP IPTV Voice 16 190,000 / 36,480,000 2,000 / 384,000 900 / 172,800 3 60,000 / 2,1600,000 250 / 9,000 12-1G / 1-10G 2,200,000 / 26,400,000 24,000 / 288,000 10G Ethernet (LSM10GXM3) 10/100/1G/10G Ethernet (AMS1000XMV12X) 10,800 / 19,600 Table 3. IxLoad Emulation Capacities True Subscriber Modeling Although testing SUTs with large numbers of protocol sessions is useful, it is not a very accurate model of the real world. Specifically, it misses the effects of: •Upload and download bandwidth restrictions •Differing Internet usage by different communities •Service provider levels of service 7 To closely model real-world device and network load, IxLoad uses a unique approach called subscriber modeling. Named groups of subscribers are associated with usage patterns and network restrictions, including: •Application usage – which voice, video and data applications are used and in what proportions. •Usage details – particular web sites visited, e-mail servers used, transfer sizes, protocol options, etc. •Bandwidth limitations – upload/download bandwidth limitations imposed by the service provider. For example, with IxLoad, sets of subscriber groups can be defined, as shown below. Group Time Usage Profile Usage Distribution Teen GenY Telecommuter Corporation Figure 5. Subscriber Modeling IxLoad’s powerful and easy-to-use graphical interface provides an intuitive and straightforward method of connecting subscriber groups to voice, video, and data servers. A specific test is shown in Figure 5, in which three subscriber groups: “Home network”, “Gold Subscribers” and “Ultra Subscribers” are connected to servers on a “Data network” and “Video head end”. 8 The results of IxLoad test runs are complete and easily customizable. Results include: •Raw capacity and performance •Maximum number of sessions supported •Maximum session establishment rate •Quality of experience metrics, including latency, jitter, loss, along with specialized voice and video metrics Ixia’s unique subscriber modeling provides a highly accurate mechanism for layer 4-7 device and network testing than the simplistic methods used by competing products. Subscriber modeling provides a powerful and flexible means of measuring device/network performance so that you can compete, plan, and scale. In the following sections, we’ll look at how IxLoad is used for specific voice, video, and data applications. Voice Testing with IxLoad VoIP has moved beyond being a transit network technology to being an integral part of home and enterprise telephony. However, transporting real-time data like voice over the same network used for all other data traffic presents challenges for service quality. Verifying VoIP performance under conditions of high data stress is important to ensure expected results. IxLoad’s VoIP feature provides: •High-level SIP MGCP and RTP emulations •Flexible SIP and RTP emulation allowing full state machine and message control •Cisco SCCP protocol support •A large complement of CODECs, including G.711, G.723, G.726, G.729A, G.729B and AMR in a number of bit rates. •Full call setup control •MOS quality scoring •Playback of recorded audio files for real-world repeatable results •IP video phone support With IxLoad you can quantify the affect on users’ quality of experience versus: •Number of sessions •Session setup rate •Voice traffic volume •Advanced call scenarios 9 IPTV Testing with IxLoad IPTV usage is making steady inroads as telecom operators seek to complete with cable operators. IPTV traffic includes both broadcast and video on demand services. Using IP networks, broadcast IPTV is sent to all subscribers watching a particular channel. As subscribers change channels, they leave one group and join another. Broadcast IPTV requires substantial bandwidth – 2 Mbps for a standard-definition stream to 6 Mbps for a high-definition stream. Video viewing is very sensitive to loss and jitter; set-top boxes often provide buffering to aid in this regard. A key advantage of using multicast networks is that bandwidth use is optimized in the service provider’s network. Video-on-demand services are quite different from broadcast IPTV. Separate streams are individually sent to each viewer. Immediate response to pause, rewind, and fast forward controls is also expected. Bandwidth requirements are also very high – unicast streams equate to a linear increase in bandwidth as more subscribers use video on demand services. Video viewing is very sensitive to loss and jitter; set-top boxes often provide buffering to aid in this regard. Some of the key challenges in validating IPTV service include response times, channel change performance, and excellent picture quality. The technologies used in IPTV deployments are shown in Figure 6. Data Data P UD UDP UDP/RTP I UDP UDP/RTP Voice UDP/RTP Metro UD P/ Metro Core Video (Broadband TV, Video-on-Demand) UDP/RTP UDP IGMP P GM Video-on-Demand Media Stream Voice Video RT P Data Voice Video Multicast Broadcast Request to Join Broadcast Figure 6. Broadcast and Video-on-Demand Technologies Broadcast IPTV uses the IGMP protocol to enroll subscribers in the multicast groups that correspond to the channels that they are watching. Video channel contents are sent as UDP multicast streams from the service provider’s head-end to all enrolled subscribers. Channel change occurs when the consumer’s set-top box uses IGMP to switch multicast group enrollment and then waits for new video to arrive. VoD handling utilizes RTSP to request programs and RTP over UDP to deliver content. All traffic is unicast. 10 Because of the nature and complexity of IPTV handling, four distinct network subsystems need to be tested individually and in combination: •Super video head-end (SVHE) – takes the video content from multiple sources and processes it for delivery to the IP network. •Video transport network – includes national and regional networks that serve to connect the SVHE to access/broadband networks. •Access/broadband network – consists of distributed multipurpose devices that provide access control, multicast handling and last-mile termination. •Infrastructure components – provide addressing, name resolution, authentication and customer premise equipment (CPE) management functions. IxLoad provides all of the emulations required to test each of these functions individually and in combination. These include: •Emulation of IGMP and MLD (for IPv6) for broadcast IPTV •Emulation of RTSP and RTP for video on demand •Advanced QoE measurements using MDI and TVQM •MPEG-2 and MPEG-4 compression algorithms •Support for simple program and multiprogram transport streams •A wide range of supported CODECs •Video capture and playback for real-world repeatable results •Multiple channel change profiles to simulate rapid channel change (channel zapping) and direct channel change With IxLoad’s IPTV testing features, you can: •Benchmark video head-end performance while delivering any mix of broadcast and VoD channels •Measure QoE under a wide variety of usage scenarios •Measure channel change performance •Ensure proper capacity when adding video to a provider’s network 11 Testing Peer-to-Peer with IxLoad Since the inception of peer-to-peer applications in the late 1990s, P2P applications have multiplied and evolved to represent a formidable component of Internet traffic. Service providers estimate that P2P traffic will constitute 60% of network traffic over the next two years. Furthermore, there is a strong possibility that increased IP video content will drive this percentage higher. Some of the more popular P2P applications in use today include BitTorrent, Gnutella, Fasttrack, eDonkey, Livewire, KaZaA and WinMx. All types of data are transported within P2P connections: data files, programs, pictures, and voice and video streams. P2P protocols are particularly problematic due to the mix of delay-sensitive and delay-insensitive traffic that they carry. With all types of data carried over the same session, it’s not always easy to identify sensitive voice and video data. The bandwidth-hungry nature of P2P usage makes it critical, however, that traffic types are identified for proper prioritization. IxLoad’s P2P testing features: •Support for BitTorrent, eDonkey and Gnutella, with more protocols to come soon. •An extensive library of predefined P2P flows •Detailed measurement statistics and real-time graphs •Very high scale With IxLoad’s P2P testing features, you can: •Test QoS enforcement with P2P and multiplay traffic •Benchmark deep packet inspection performance •Verify DPI classification mechanism accuracy 12 Data and Infrastructure Testing with IxLoad Despite the excitement over new voice and video applications, web-based and other data traffic still consumes most of the Internet’s capacity. Included in this category are a number of protocols: •Web – HTTP, HTTPS •E-mail – SMTP, POP3, IMAP •File transfer – FTP •Business-specific protocols – protocols used within business applications, often proprietary There are also a number of essential infrastructure protocols that support the Internet and local networks. These include: •Name resolution – DNS •Management – Telnet •Authentication – RADIUS, 802.1x, EAP, NAC •Directory services – LDAP •Address management – DHCP •File sharing – CIFS •Security – SSL, SSH, IPSec Depending on the intended placement of the SUT – within a LAN, inside a provider’s network or available on the Internet – a protocol’s usage pattern will vary. IxLoad’s subscriber modeling is ideally suited to model home and office users, occasional and heavy users, and naïve and sophisticated users. IxLoad covers testing of the full range of protocols listed above, with: •Client and server emulation •Proxy server support •Think times and transaction aborts for user realism •Retrieved page/file/file size specification •Compatibility with all major web and FTP servers •SSL and TLS support within HTTPS •Generation of unique user IDs and passwords •Use of prepared data for all tests •Configurable TOS and DHCP bits •Distributed denial of service (DDoS) and vulnerability security attacks 13 Testing Application-Aware Devices with IxLoad Prioritization of multiplay traffic requires that traffic forwarding devices perform deep packet inspection (DPI) so as to correctly identify traffic streams, as shown in Figure 7. DPI also allows proper application of security mechanisms. The requirement to prioritize voice, video, and data traffic while applying security precautions is a substantial task for application-aware devices, as shown in Figure 8. The requirements for testing application-aware devices are as complex, if not more complex, than those associated with traffic forwarding itself. Since the DPI that these devices perform recognizes complete sessions and keys off protocol interchange messages, they need to be tested with stateful application traffic that follows protocol rules. Devices need to be exercised at their limits and beyond to ensure that they will function at optimum levels and properly apply quality of service and admission policies. This type of testing involves the use of a wide range of multiplay traffic. Header Layers Application Layer L2 L3 L4 Ethernet Internet Protocol (IP) Transport Layer (TCP/UDP) L7 Email (SMTP, POP3, IMAP) Web (HTTP/S) File Xfer (FTP, Gopher) Instant Messaging Peer-to-Peer Applications Directory Services Deep Packet Inspection Figure 7. Deep Packet Inspection 3IGNATURE $ATABASE Voice s!PPLICATIONSIGNATURES sVIRUSSIGNATURES s(ACKERINTRUSIONSIGNATURES s3PAMSIGNATURES Data IPTV & Video Applicationaware Device 1O3 0OLICY3ERVER 0ACKET#LASSIFICATION 0RIORITIZED1UEUING Figure 8. Application Aware Operation 14 Testing Security with IxLoad Most security devices are deployed at the edge of the network to filter legitimate traffic, and can be deployed in the core of the network to further supplement and protect the capability of the network and the application running over the network to deliver required services to the end user. Firewalls and other security devices have become increasingly complex, evolving from simplistic filtering to application-aware processing of a wide range of Internet protocols. Security devices have become a platform for next-generation application-aware inspection capabilities: •Web security – intelligent HTTP/URL and content inspection to defend against buffer overflow attacks, viruses, spyware, phishing attacks, and to validate protocol compliance by ensuring properly formed packets. Secure web connections are supported through HTTPS, which utilizes the SSL and TLS protocols •IPSec VPNs – secure, encrypted, and authenticated traffic between security gateways •E-mail security – protection from spam, viruses, and phishing attacks that can overwhelm networks with wasteful traffic •Network security – application-aware content inspection, access control enforcement with IPSec, 802.1x, RADIUS, intrusion prevention capabilities and DDoS attack mitigation •Next-generation – support for IPv6, quality-of-service, voice and video streaming As the industry moves further towards unified network security, network edge devices are providing better security services. One of the fastest growing security services running on these devices is virus and spam protection for e-mail messages delivered over industry-standard protocols, including SMTP and POP3. Indeed, the growth of such protection is directly related to the rapid rise of virus and spam e-mails, estimated to comprise 60-80% of all e-mails. One of the drawbacks to offering several stateful, application-aware services in a single device is the potential for degradation of the device’s performance characteristics. To fully characterize the performance of such devices, real-world conditions must be closely matched by incrementally enabling application-aware inspection engines. IxLoad provides facilities for checking security devices’ resistance to attacks: •Distributed denial of service – extreme load can be placed on the SUT using multiple Ixia interfaces. This type of testing is used to ensure that the SUT resists DDoS attacks and continues to pass legal traffic •Vulnerability attacks – a very wide range of attacks, based on the well-known Nessus® library, can be used to determine SUT vulnerabilities •Security protocols – secure web and IPSec encapsulated traffic is used to characterize SUT performance while performing encryption operations 15 IxLoad – All-in-One Solution Ixia’s IxLoad is the industry-leading product for layer 4 through 7 performance testing of all types of devices and networks. With IxLoad, developers, equipment manufacturers, service providers, and enterprises can: •Get to market faster – with efficient and flexible testing. Product development is accelerated through IxLoad’s powerful and intuitive GUI. It’s flexible interactive and automation programming allow complete testing at all development and deployment stages. •Minimize test equipment CAPEX – with an all-in-one solution. All types of testing can be performed with IxLoad and Ixia’s other test applications. One hardware/software solution tests your devices and networks from development, through staging, through fielding, to network support. •Minimize network OPEX – with early and frequent testing. Testing at the development, staging, and provisioning levels ensures that devices and networks operate correctly and with sufficient capacity. IxLoad’s flexibility and speed allow this to be done frequently – initially and then for each and every product update, upgrade and expansion. •Minimize network CAPEX – with real-world characterization. IxLoad’s ability to accurately model the run-time environment of networks enables accurate tuning and capacity measurements. This, in turn, allows networks to be provisioned without unnecessary overcapacity. These advantages are enabled by IxLoad’s best-in-class features: •A highly scalable, integrated test solution •Real-world subscriber-based modeling – with emulation of multiplay clients and servers •Highest traffic rate – the only solution with 10 Gbps, line-rate traffic •All-in-one test solution – covering all device testing needs, with triple-play, infrastructure, security, and router components •Widest protocol coverage – with the full range of voice, video, data, security, and infrastructure protocols •Ease of use – IxLoad’s sophisticated GUI is the ultimate in productivity, quickly moving from small-scale setup to large-scale testing. The Ixia test platform provides an all-in-one system for all of your IP testing needs, from conformance tests, to layer 2-3 routing and switching, to layer 4-7 application service testing. 16 Ixia applications also offer the fastest path to automation, generating automation scripts with the push of a button – that may be coordinated by the Test Conductor™ regression tool to create and run complete regression suites. Ixia platforms have forward and backward compatibility, guaranteeing the long-term benefits of your investment. For more information on IxLoad and other Ixia platform and test applications, visit us at http:// www.ixiacom.com or call one of the sales offices listed on the back of this brochure. 17 Ixia Worldwide Headquarters 26601 Agoura Rd. Calabasas, CA 91302 (Toll Free North America) 1.877.367.4942 (Outside North America) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Other Ixia Contacts Info: [email protected] Investors: [email protected] Public Relations: [email protected] Renewals: [email protected] Sales: [email protected] Support: [email protected] Training: [email protected]