View - SIP Forum
Transcription
View - SIP Forum
Location of Test: CT Labs facility, Rocklin, CA Date of Test: January, 2006 NexTone Session Border Controller Attack Performance Test Statement of Test Purpose CT Labs was commissioned by NexTone to verify SIP call-handling performance of the NexTone MSC session border controller (SBC) product while subjected to various real-world attacks. The test involved generating high levels of valid real-world SIP-based VoIP traffic while launching attacks against the SBC, including denial of service (DoS) and other malicious attacks designed to disrupt SIP-based services. Product Tested The NexTone Multiprotocol Session Controller (MSC), a robust session border controller, intelligently facilitates the interconnection of IP based networks for the exchange of real time traffic such as VoIP. The NexTone MSC enables network operators to securely peer with other IP based carriers by using advanced session management capabilities such as intelligent session routing, dynamic session admission control, SIP/H.323 signaling interworking, media transcoding, VoIP firewalling and denial of service (DoS) protection. The NexTone MSC offers flexibility and scalability while ensuring consistent service quality, protection and security even when under attack. The stateful intelligence of the NexTone MSC enables carriers to successfully interconnect to any VoIP network while building towards a next generation SIP based architecture such as IMS. NexTone MSC Version Tested: v4.0c2-2 © 2006 CT Labs Testing Services Highlights • The NexTone MSC successfully sustained high SIP call rates while subjected to demanding CT Labs SIP DoS attacks • NexTone SBC passes SIP Torture and SIP Malformed Packet flood tests with no ill effects Executive Summary CT Labs staged a peering VoIP topology featuring a NexTone MSC session border controller positioned at the boundary between the two networks. A very high level of standards-based real-world SIP call traffic was generated between networks while various DoS and SIP-oriented attacks were launched. Performance of the legitimate VoIP call traffic was monitored during VoIP baseline and VoIP-plus-attack test runs. A properly-functioning SBC will ward off attacks while allowing valid VoIP calls to traverse inter-network boundaries. CT Labs found the NexTone MSC product to provide a solid protection layer under extremely adverse attack conditions and significant SIP call loads up to 150 calls/ sec. While maintaining its protection and processing valid SIP calls, the NexTone MSC was found to successfully reject a variety of SIP-specific attacks at up to ½ GE wire rate and packet rates up to 150,000 packets/sec, a significant result. NexTone MSC SBC Attack Performance Test CT Labs Test Report Test Methodology and Conditions CT Labs staged an inter-carrier peering network topology as shown in Figure 1. The NexTone MSC SBC was configured to pass real-world SIP calls while protecting the “B” network side from SIP attacks1 sourced from the “A” side. Flow control on Ethernet was enabled, as it would be in a production network, limiting the attack rates to approx. 500 Mbits/sec. Note: signaling and media paths were configured using separate NexTone MSC network ports (detail not shown in the diagram). A pair of Empirix Hammer NXT-IP high density VoIP call generators provided the bulk of the legitimate SIP call load, while the Hammer FX-IPs accumulated RTP jitter statistics for their SIP calls. NexTone contributed an in- house SIP call generator tool (“Spitfire”) to bring the call rates up to the targets for this test. The Hammer FX-IP calls were placed via the NexTone MSC-protected SIP Express Router2 proxy while attacks were launched, providing a failure indication if the proxy was left unprotected to attacks and thus unable to properly process calls. Table 1 below presents a subset of the comprehensive series of attacks that CT Labs launched against the NexTone MSC. A final long-duration test run was performed to verify call-handling reliability, the results of which are presented later in this report. Table 1: Selected Attack Tests Test Description SIP Malformed Packet Flood This test floods the 4500 PROTOS test cases from 1000 random, outside, source IP address/ports to the NexTone MSC at up to line rates. SIP Torture Test Flood This test floods SIP Torture Test messages from 100 random source address/ports to the NexTone MSC at up to line rates. SIP REGISTER Flood This test floods the NexTone MSC with REGISTERs from sources other than legitimate ones (i.e. other than the Empirix Hammer and NexTone generators). SIP INVITE Flood This test floods the NexTone MSC with INVITEs from sources other than legitimate ones (i.e. other than the Empirix Hammer and NexTone call generators). SIP INVITE, Response Spoof Floods These tests flood the NexTone MSC with INVITES or SIP Responses (100 Trying, 180 Ringing, etc) while spoofing the IP addresses of legitimate SIP devices. Test Duration Total SIP 3 Endpoints 15 min 0 15 min 0 30 min 41,880 30 min 55,680 30 min 36,480 INV. / 41,880 Resp. Figure 1: Test Setup Diagram ------------------------------------------------------1. This test utilized the CT Labs SIP Attack Tool platform, a scriptable framework for verifying protection and prevention from attacks against SIP devices. 2. SIP Express Router (SER), an open-source SIP server available from www.iptel.org 3. Total call generator SIP endpoints used. The simultaneous calls for each test run were conditioned based on the call durations and interval between calls. © 2006 CT Labs Testing Services Page 2 NexTone MSC SBC Attack Performance Test CT Labs Test Report Test Results Summary For these tests the Empirix Hammer call generators contributed up to 48,480 SIP endpoints of traffic at 110 cps, with the NexTone generators adding 7200 endpoints at up to 40 cps when required. Call durations were adjusted from 90 sec. to 238 sec. depending on the call generator platform and call rates desired. Baseline no-attack test runs were first performed to verify NexTone MSC SIP call connectivity and correct operation of the test platform. During these runs, the NexTone MSC exhibited excellent SIP call setup latency4 performance of 19 mSec average; as well, the calls experienced an average 0.3 mSec of RTP jitter induced by the SBC. Table 2 below presents the performance results for the NexTone MSC as it handled legitimate VoIP calls while being subjected to a variety of challenging attacks against SIP-based services. As the data illustrates, the NexTone MSC continued to provide protection from attacks while handling standards-based SIP calls at call rates up to 150 calls per second. As expected, given the unique nature of each attack type and the SBC processing power required to reject each attack, the level of legitimate SIP traffic that could be processed was found to vary. Ultimately, the NexTone MSC continued to provide effective protection without significantly impacting throughput performance of valid SIP calls. Table 2: Test Results, SIP Calls + Attacks Test Run Description Total SIP Endpoints Simul. SIP Calls, avg. SIP Call Rate, cps Attack Packet Rate, pps SIP Call Setup Latency, mSec Notes 4 Test run at high SIP call rate, without attacks. SIP Call Baseline 55,680 27,330 150 0 19 SIP INVITE Flood 55,680 27,330 150 110,997 258 SER was unaffected, and the NexTone MSC continued to process legitimate VoIP traffic. SIP REGISTER Flood 41,880 20,430 140 117,048 111 SER was unaffected, and the NexTone MSC continued to process legitimate VoIP traffic. 150 Endpoints being spoofed resulted in packets being correctly blocked by the NexTone MSC. SER was unaffected, and the NexTone MSC continued to process legitimate VoIP traffic. 194 Endpoints being spoofed resulted in packets being correctly blocked by the NexTone MSC. SER was unaffected, and the NexTone MSC continued to process legitimate VoIP traffic.. SIP INVITE Spoof Flood SIP Response Spoof Flood 36,480 41,880 17,730 20,430 110 140 RTP jitter performance was notable for the above test runs, with .3 mSec average measured for the SIP INVITE Flood test run. The SIP REGISTER Flood test resulted in an average of 1.2 mSec of RTP jitter. In all cases5, 133,305 144,775 the level of RTP jitter induced by the NexTone MSC was found to be insignificant and would not have any impact on user-perceived voice quality. ------------------------------------------------------4. SIP call setup latency is a performance metric that measures the interval between the SIP INVITE message and the final ACK message from the originating endpoint, confirming establishment of the call session. 5. RTP jitter data not available for the spoof flood tests since RTP data is collected from the same gateways being spoofed. © 2006 CT Labs Testing Services Page 3 NexTone MSC SBC Attack Performance Test CT Labs Test Report Test Results, Continued Included in the metrics collected during each test run were SIP call setup latency and RTP jitter induced by the NexTone MSC session border controller while under attack. As shown in the graph below, the measured impact during the challenging SIP INVITE Flood attack was 258 mSec of SIP call setup latency, a minimal effect on user-perceived performance (call setup delays of less than 400 mSec will not degrade a user’s call experience). Note that this test case was run while simultaneously processing 55,680 endpoints of valid SIP calls. To further underscore the NexTone MSC’s performance, during the SIP INVITE Flood test the average call’s RTP jitter was observed to be 0.3 mSec, an excellent result. mSe c SIP Call Setup Latency, Average 500 450 400 350 300 250 200 150 100 50 0 258 194 150 111 19 SIP call SIP calls + baseline REGISTER (no attacks) Flood SIP calls + SIP calls + SIP calls + INVITE RESPONSE INVITE Flood Spoof Flood Spoof Flood In addition to the attack tests conducted while valid SIP calls transited the NexTone MSC, the SIP Malformed and Torture Test Flood tests were run to verify the survivability of the NexTone MSC’s SIP parser mechanisms when subjected to malformed and unusually formatted SIP messages. The primary goal of these test cases was to ensure that the MSC did not crash while being subjected to high packet rates of these malformed messages. As the results in Table 3 indicate, in both tests the NexTone MSC continued to run and provide protection for the SER proxy. Given the high packet rates for these tests, the results show the NexTone MSC is a highly capable performer when subjected to these types of flood attacks. Table 3: Test Results, Malformed Packets / Torture Test Attacks Test Run Description Attack Packet Rates, pps Notes SIP Malformed Packet Flood 88,600 SER was unaffected, and the NexTone MSC continued to run without deleterious effects. SIP Torture Test Flood 149,980 SER was unaffected, and the NexTone MSC continued to run without deleterious effects. 62-Hour Reliability Test Many product problems associated with the attack conditions created in this test are expected to precipitate rapid failures or crashes in less robust products. However, a final long-term test run was conducted to further verify that the NexTone MSC was free from memory leaks and other internal resource management faults that can take longer to occur. © 2006 CT Labs Testing Services This 62 hour test was conducted with 41,880 SIP endpoints at 140 cps while under a continuous INVITE Flood attack at an average rate of 110 kpps. In other words, a very demanding environment. The result: the NexTone MSC successfully processed over 18.7 million legitimate SIP calls with a call success rate of 99.998%; this, while continuing to provide protection to the SER proxy server on the staged network. Page 4 NexTone MSC SBC Attack Performance Test CT Labs Test Report Company Information About CT Labs About NexTone NexTone develops carrier-grade products for delivering scalable control of real-time IP services, such as voice over IP (VoIP). NexTone's solutions enable carriers, service providers, and enterprises to securely, simply, and costeffectively interconnect networks for end-to-end control and management of IP traffic. As of December 2005, NexTone's real-time IP technology is installed by more than 370 service providers and enterprises worldwide to dramatically reduce capital expenditures and deliver ongoing operational efficiencies such as reduced interconnect "turn-up" time and simplified network operations. The company is headquartered in Gaithersburg, Maryland, USA, with domestic and international offices worldwide. For more information, www.nextone.com. CT Labs was founded in 1998 with the mission of providing outsource Q/A testing and marketing report services to the converged communications industry. The CT Labs team brings with it a wide range of talents and experience that gives us a unique ability to solve the most challenging test projects. Our open testing services philosophy enables us to provide our customers with test plans, test execution, testing reports, and even assistance in setting up specific testing environments in their own testing areas. Our test lab is well-equipped with tools and test platforms from our technology partners. In addition, CT Labs has the in-house expertise to develop specialized tools when offthe-shelf solutions are not available. CT Labs prides itself on keeping our lab current, enabling us to perform testing projects on cutting-edge nextgeneration network products and technologies. www.ct-labs.com v: +1 916-577-2100 f: +1 916-577-2101 info@ct-labs.com Multiprotocol Session Controller and NexTone MSC are trademarks or registered trademarks of NexTone in the United States and other countries. All other trademarks contained herein are the property of their respective owners. © 2006 CT Labs Testing Services Page 5
Similar documents
nextone session controllers
as a simple and cost effective way to interconnect IP based voice networks. NGC Inc. unique hosted solution enables service providers to control a dedicated NexTone, without significant capital out...
More information