Testing Multiplay Networks

Transcription

Testing Multiplay Networks
Testing Multiplay Networks
P/N 915-1743-01 Rev A April, 2008
Contents
Testing Multiplay Networks . ..................................................................... 2
Ixia’s Approach to Multiplay Testing........................................................... 5
How Does IxLoad Work?........................................................................... 6
Voice Testing with IxLoad........................................................................... 9
IPTV Testing with IxLoad.......................................................................... 10
Testing Peer-to-Peer with IxLoad.............................................................. 12
Data and Infrastructure Testing with IxLoad............................................. 13
Testing Application-Aware Devices with IxLoad........................................ 14
Testing Security with IxLoad..................................................................... 15
IxLoad – All-in-One Solution..................................................................... 16
Testing Multiplay Networks
Service providers are increasingly looking to deliver differentiated multiplay services to business
and digital homes over converged IP networks. 2007 revenues for all service providers topped
$1.54 trillion, with $284 billion in equipment purchases.
As the Internet evolves, a wider variety of multiplay services are carried from broadly distributed
sources to a large and varied audience of consumers. Services of all types that use a range of
protocols are seen in modern multiplay networks, including:
•Data – HTTP, HTTPS, FTP, E-mail
•Voice over IP – SIP, MGCP, RTP
•IPTV – RTSP, IGMP
•Peer-to-peer – BitTorrent, eDonkey, Gnutella
•Infrastructure – DHCP, DNS, RADIUS
•Security – SSL, TLS, IPSec
Email
0.4%
IM
0.5%
Other
13.60%
Streaming
7.7%
Gaming
1.0%
VoIP
0.5%
P2P
32.2%
Download
5.0%
Web
39.1%
Source: IDC, 2007
Figure 1. Distribution of Internet Traffic
Figure 1 shows the breakdown of U.S. Internet traffic for 2006. Each service has its own requirements, as shown in Figure 2. To the consumer, however, quality of experience (QoE) must simply
“feel right.” VoIP calls must sound as good as land-line service; IPTV must be absent of blockiness,
blurring, or frozen frames; and high-speed Internet services must appear responsive. Special care
must be taken by service providers to satisfy all service requirements – all at the same time!
Balancing of service requirements is essential in order to minimize capital expenditure (CAPEX).
Services must be delivered with the proper amount of networking equipment and bandwidth.
2
IPTV:
real time
high bandwidth
latency sensitive
high QoE expectation
Voice:
real time
low bandwidth
latency sensitive
high QoE expectation
High-speed Internet:
not real time
variable bandwidth
not latency sensitive
no QoE expectation
Mobility and
Mobile Services:
real time
moderate bandwidth
latency sensitive
moderate QoE expectation
Business:
other services +
security
high SLA requirements
Peer-to-peer:
not real time
very high bandwidth
not latency sensitive
no QoE expectation
Gaming:
real time
variable bandwidth
latency sensitive
high QOE expectation
Figure 2. Application Traffic Requirements
More and more specialized, application-specific networking devices will continue to emerge as
new services gain traction. In contrast, larger and more powerful networking devices are integrating functions of the separate devices. As a result, an increasingly large and diverse range of network devices must be carefully tuned to interoperate correctly and to produce maximized results.
Table 1 is a breakdown of some of the modern devices used in multiplay networks.
Web
Voice
Video
Data
Common
load balancers
proxy servers
video head-ends
e-mail gateway
firewalls
web servers
registration servers
access devices
e-mail servers
VPN gateways
web caches
session border
controllers
set-top boxes
anti-spam servers
routers
content inspection
devices (DPI)
intrustion detection
systems
IMS devices
infrastructure servers
Table 1. Internet Multiplay Devices
3
This blizzard of general and specialized devices is used in different combinations at multiple locations within LANs and throughout the Internet. In order to ensure that devices and systems have
matched capacities and capabilities and that they interoperate correctly, it’s necessary that testing
occur at multiple system levels of network integration: individual components, network subsystems
and complete networks. In particular, subsystems must be tested at their major network demarcation points, as shown in Figure 3.
Back Office
Core Network
Customer Premises
Aggregation and Access Network
PON/
FTTH
OLT
Video Server
ONU
Metro
Residential
Gateway
Core
Voice Server
IP DSLAM
Web Server
s
s
s
Figure 3. Major Network Demarcation Points
Service verification is never a one-time thing. Every networking component and system is subject to
a continuous stream of updates, upgrades and expansion. Testing at every juncture is essential in
order to ensure continued proper operation, capacity and performance.
Today’s networking devices and protocol servers in multiplay networks are highly intelligent, digging deep into packet contents to separate protocols, identify sessions and inspect contents. This
information is used in complex algorithms that prioritize traffic so as to meet the QoE requirements
of each service type.
This sophistication calls for an equal sophistication in network test equipment. In particular, test
facilities must offer:
•Multiservice subscriber emulation – to test multiplay devices and networks, test equipment must assume the roles of the end-user and protocol server.
•Protocol coverage – to test the broad range of devices listed in Table 1, test equipment
must emulate a wide range of voice, video and data protocols.
•City scale – networks must be pushed to their limits and beyond to properly determine
capacities and test quality of service and admission policy enforcement.
•Flexibility – as the Internet matures, usage will morph to take advantage of new, converged applications. Test equipment must be easy to program and to modify in order to
keep up with a changing environment.
4
Ixia’s Approach to Multiplay Testing
Ixia offers a complete, all-in-one hardware/software solution. Ixia’s chassis, interface modules and
applications provide a complete, integrated system for testing all types of multiplay devices and
networks. All running on the same chassis, Ixia test applications cover the full gamut from conformance test, to layer 2-3 and layer 4-7 performance testing, to full automation and regression
testing. The back of this brochure describes the range of Ixia’s test applications.
IxLoad™, in particular, was designed from the ground up to test layer 4-7 network devices, subsystems and networks of all sizes through an extensive set of protocol emulations. IxLoad is used by a
wide range of device and chip developers, network equipment manufacturers, service providers,
proof-of-concept test labs, and enterprises of all sizes. IxLoad offers all types of testing:
•Scalability – determine the maximum number of users and sessions that can be supported.
•Performance – measure per-protocol maximum data rates.
•Interoperability – ensure that devices conform to published and de-facto standards in the
same manner.
•Security – guarantee that security devices fend off attacks and that other devices are not
vulnerable.
•Realism – ensures that testing closely matches real-world conditions, with protocol client/
server emulations and service traffic over established routing planes.
The bottom-line benefits of using IxLoad are:
•Maximize profit – IxLoad minimizes testing time, allowing you to get to market sooner.
•Minimize OPEX – thoroughly tested devices and networks exhibit fewer problems, reducing OPEX.
•Minimize CAPEX – the ability to measure capacity and performance in real-world scenarios allows you to properly provision your networks without unnecessary overcapacity.
Capacity needed for future expansion can be accurately determined.
5
How Does IxLoad Work?
In general, a device, subsystem or network is connected to other network devices and computers
that request or supply services, as shown in Figures 2 and 3.
Ixia’s test hardware and IxLoad work together to test the central device or network, referred to as
a system under test (SUT). They do this by providing protocol emulations for the service subscribers
and servers connected to the SUT. Where the SUT is a self-sufficient server, only subscribers need
be emulated. Figure 4 shows how the Ixia chassis and interfaces connect to the SUT.
Ixia Server Emulations
Device or
System Under Test
(SUT)
Figure 4. Ixia Emulations used During Test
Ixia’s architecture makes it easy to scale to city-size emulation of subscriber communities. Depending on the scale of the SUT, as few as two ports and as many as several hundred ports can be
used. Each interface port contains a dedicated, high-performance computer with substantial
memory. Using the protocol emulations performed on each port’s CPU, IxLoad can simulate large
numbers of subscribers using different services, such as HTTP, FTP, VoIP, IPTV and E-mail. Table 2
lists IxLoad’s complement of protocol emulations. Table 3 indicates how many sessions of particular types are available from Ixia’s most popular interfaces.
6
Ixia Protocol Emulations
Data
• HTTP, HTTPS
• FTP
• SMTP, POP3, IMAP
• Peer-to-peer
• CIFS
Voice
• SIP
• MGCP
• RTP
Video
• IGMP, MLD
• Video on Demand
• RSTP, RTP
• MS IPTV
Infrastructure
• Telnet
• DNS
• DHCP
• LDAP
• RADIUS, DIAMETER
Table 2. IxLoad Protocol Emulations
Each Ixia interface is capable of emulating large numbers of voice, video, and data subscribers
while generating near line-rate traffic, as shown in Table 3. The ASM1000XMV12X load module,
in particular, is a powerful and flexible card. It contains twelve 1G Ethernet interfaces that can be
completely or partially aggregated into a single 10G Ethernet interface, producing line-rate 10G
stateful application traffic.
Ixia Interface Card
10/100/1G Ethernet
(LSM1000XMV16)
Ports/
Card
HTTP
IPTV
Voice
16
190,000 /
36,480,000
2,000 /
384,000
900 /
172,800
3
60,000 /
2,1600,000
250 / 9,000
12-1G
/ 1-10G
2,200,000 /
26,400,000
24,000 /
288,000
10G Ethernet
(LSM10GXM3)
10/100/1G/10G Ethernet
(AMS1000XMV12X)
10,800 /
19,600
Table 3. IxLoad Emulation Capacities
True Subscriber Modeling
Although testing SUTs with large numbers of protocol sessions is useful, it is not a very accurate
model of the real world. Specifically, it misses the effects of:
•Upload and download bandwidth restrictions
•Differing Internet usage by different communities
•Service provider levels of service
7
To closely model real-world device and network load, IxLoad uses a unique approach called subscriber modeling. Named groups of subscribers are associated with usage patterns and network
restrictions, including:
•Application usage – which voice, video and data applications are used and in what
proportions.
•Usage details – particular web sites visited, e-mail servers used, transfer sizes, protocol
options, etc.
•Bandwidth limitations – upload/download bandwidth limitations imposed by the service
provider.
For example, with IxLoad, sets of subscriber groups can be defined, as shown below.
Group
Time Usage
Profile
Usage
Distribution
Teen
GenY
Telecommuter
Corporation
Figure 5. Subscriber Modeling
IxLoad’s powerful and easy-to-use graphical interface provides an intuitive and straightforward
method of connecting subscriber groups to voice, video, and data servers. A specific test is shown
in Figure 5, in which three subscriber groups: “Home network”, “Gold Subscribers” and “Ultra
Subscribers” are connected to servers on a “Data network” and “Video head end”.
8
The results of IxLoad test runs are complete and easily customizable. Results include:
•Raw capacity and performance
•Maximum number of sessions supported
•Maximum session establishment rate
•Quality of experience metrics, including latency, jitter, loss, along with specialized voice
and video metrics
Ixia’s unique subscriber modeling provides a highly accurate mechanism for layer 4-7 device and
network testing than the simplistic methods used by competing products. Subscriber modeling
provides a powerful and flexible means of measuring device/network performance so that you
can compete, plan, and scale.
In the following sections, we’ll look at how IxLoad is used for specific voice, video, and data
applications.
Voice Testing with IxLoad
VoIP has moved beyond being a transit network technology to being an integral part of home and
enterprise telephony. However, transporting real-time data like voice over the same network used
for all other data traffic presents challenges for service quality. Verifying VoIP performance under
conditions of high data stress is important to ensure expected results.
IxLoad’s VoIP feature provides:
•High-level SIP MGCP and RTP emulations
•Flexible SIP and RTP emulation allowing full state machine and message control
•Cisco SCCP protocol support
•A large complement of CODECs, including G.711, G.723, G.726, G.729A, G.729B and
AMR in a number of bit rates.
•Full call setup control
•MOS quality scoring
•Playback of recorded audio files for real-world repeatable results
•IP video phone support
With IxLoad you can quantify the affect on users’ quality of experience versus:
•Number of sessions
•Session setup rate
•Voice traffic volume
•Advanced call scenarios
9
IPTV Testing with IxLoad
IPTV usage is making steady inroads as telecom operators seek to complete with cable operators.
IPTV traffic includes both broadcast and video on demand services. Using IP networks, broadcast
IPTV is sent to all subscribers watching a particular channel. As subscribers change channels, they
leave one group and join another. Broadcast IPTV requires substantial bandwidth – 2 Mbps for a
standard-definition stream to 6 Mbps for a high-definition stream. Video viewing is very sensitive
to loss and jitter; set-top boxes often provide buffering to aid in this regard. A key advantage of
using multicast networks is that bandwidth use is optimized in the service provider’s network.
Video-on-demand services are quite different from broadcast IPTV. Separate streams are individually sent to each viewer. Immediate response to pause, rewind, and fast forward controls is also
expected. Bandwidth requirements are also very high – unicast streams equate to a linear increase
in bandwidth as more subscribers use video on demand services.
Video viewing is very sensitive to loss and jitter; set-top boxes often provide buffering to aid in
this regard. Some of the key challenges in validating IPTV service include response times, channel
change performance, and excellent picture quality.
The technologies used in IPTV deployments are shown in Figure 6.
Data
Data
P
UD
UDP
UDP/RTP
I
UDP
UDP/RTP
Voice
UDP/RTP
Metro
UD
P/
Metro
Core
Video
(Broadband TV,
Video-on-Demand)
UDP/RTP
UDP
IGMP
P
GM
Video-on-Demand Media Stream
Voice
Video
RT
P
Data
Voice
Video
Multicast Broadcast
Request to Join Broadcast
Figure 6. Broadcast and Video-on-Demand Technologies
Broadcast IPTV uses the IGMP protocol to enroll subscribers in the multicast groups that correspond
to the channels that they are watching. Video channel contents are sent as UDP multicast streams
from the service provider’s head-end to all enrolled subscribers. Channel change occurs when the
consumer’s set-top box uses IGMP to switch multicast group enrollment and then waits for new
video to arrive. VoD handling utilizes RTSP to request programs and RTP over UDP to deliver content. All traffic is unicast.
10
Because of the nature and complexity of IPTV handling, four distinct network subsystems need to
be tested individually and in combination:
•Super video head-end (SVHE) – takes the video content from multiple sources and
processes it for delivery to the IP network.
•Video transport network – includes national and regional networks that serve to connect the SVHE to access/broadband networks.
•Access/broadband network – consists of distributed multipurpose devices that provide
access control, multicast handling and last-mile termination.
•Infrastructure components – provide addressing, name resolution, authentication and
customer premise equipment (CPE) management functions.
IxLoad provides all of the emulations required to test each of these functions individually and in
combination. These include:
•Emulation of IGMP and MLD (for IPv6) for broadcast IPTV
•Emulation of RTSP and RTP for video on demand
•Advanced QoE measurements using MDI and TVQM
•MPEG-2 and MPEG-4 compression algorithms
•Support for simple program and multiprogram transport streams
•A wide range of supported CODECs
•Video capture and playback for real-world repeatable results
•Multiple channel change profiles to simulate rapid channel change (channel zapping) and
direct channel change
With IxLoad’s IPTV testing features, you can:
•Benchmark video head-end performance while delivering any mix of broadcast and VoD
channels
•Measure QoE under a wide variety of usage scenarios
•Measure channel change performance
•Ensure proper capacity when adding video to a provider’s network
11
Testing Peer-to-Peer with IxLoad
Since the inception of peer-to-peer applications in the late 1990s, P2P applications have multiplied
and evolved to represent a formidable component of Internet traffic. Service providers estimate
that P2P traffic will constitute 60% of network traffic over the next two years. Furthermore, there is
a strong possibility that increased IP video content will drive this percentage higher.
Some of the more popular P2P applications in use today include BitTorrent, Gnutella, Fasttrack,
eDonkey, Livewire, KaZaA and WinMx. All types of data are transported within P2P connections:
data files, programs, pictures, and voice and video streams.
P2P protocols are particularly problematic due to the mix of delay-sensitive and delay-insensitive
traffic that they carry. With all types of data carried over the same session, it’s not always easy to
identify sensitive voice and video data. The bandwidth-hungry nature of P2P usage makes it critical, however, that traffic types are identified for proper prioritization. IxLoad’s P2P testing features:
•Support for BitTorrent, eDonkey and Gnutella, with more protocols to come soon.
•An extensive library of predefined P2P flows
•Detailed measurement statistics and real-time graphs
•Very high scale
With IxLoad’s P2P testing features, you can:
•Test QoS enforcement with P2P and multiplay traffic
•Benchmark deep packet inspection performance
•Verify DPI classification mechanism accuracy
12
Data and Infrastructure Testing with IxLoad
Despite the excitement over new voice and video applications, web-based and other data traffic
still consumes most of the Internet’s capacity. Included in this category are a number of protocols:
•Web – HTTP, HTTPS
•E-mail – SMTP, POP3, IMAP
•File transfer – FTP
•Business-specific protocols – protocols used within business applications, often
proprietary
There are also a number of essential infra­structure protocols that support the Internet and local
networks. These include:
•Name resolution – DNS
•Management – Telnet
•Authentication – RADIUS, 802.1x, EAP, NAC
•Directory services – LDAP
•Address management – DHCP
•File sharing – CIFS
•Security – SSL, SSH, IPSec
Depending on the intended placement of the SUT – within a LAN, inside a provider’s network or
available on the Internet – a protocol’s usage pattern will vary. IxLoad’s subscriber modeling is
ideally suited to model home and office users, occasional and heavy users, and naïve and sophisticated users.
IxLoad covers testing of the full range of protocols listed above, with:
•Client and server emulation
•Proxy server support
•Think times and transaction aborts for user realism
•Retrieved page/file/file size specification
•Compatibility with all major web and FTP servers
•SSL and TLS support within HTTPS
•Generation of unique user IDs and passwords
•Use of prepared data for all tests
•Configurable TOS and DHCP bits
•Distributed denial of service (DDoS) and vulnerability security attacks
13
Testing Application-Aware Devices with IxLoad
Prioritization of multiplay traffic requires that traffic forwarding devices perform deep packet
inspection (DPI) so as to correctly identify traffic streams, as shown in Figure 7. DPI also allows
proper application of security mechanisms. The requirement to prioritize voice, video, and data
traffic while applying security precautions is a substantial task for application-aware devices, as
shown in Figure 8.
The requirements for testing application-aware devices are as complex, if not more complex, than
those associated with traffic forwarding itself. Since the DPI that these devices perform recognizes
complete sessions and keys off protocol interchange messages, they need to be tested with stateful
application traffic that follows protocol rules.
Devices need to be exercised at their limits and beyond to ensure that they will function at optimum
levels and properly apply quality of service and admission policies. This type of testing involves
the use of a wide range of multiplay traffic.
Header Layers
Application Layer
L2
L3
L4
Ethernet
Internet
Protocol
(IP)
Transport
Layer
(TCP/UDP)
L7
Email (SMTP, POP3, IMAP)
Web (HTTP/S)
File Xfer (FTP, Gopher)
Instant Messaging
Peer-to-Peer Applications
Directory Services
Deep Packet Inspection
Figure 7. Deep Packet Inspection
3IGNATURE
$ATABASE
Voice
s!PPLICATIONSIGNATURES
sVIRUSSIGNATURES
s(ACKERINTRUSIONSIGNATURES
s3PAMSIGNATURES
Data
IPTV
& Video
Applicationaware
Device
1O3
0OLICY3ERVER
0ACKET#LASSIFICATION
0RIORITIZED1UEUING
Figure 8. Application Aware Operation
14
Testing Security with IxLoad
Most security devices are deployed at the edge of the network to filter legitimate traffic, and can
be deployed in the core of the network to further supplement and protect the capability of the
network and the application running over the network to deliver required services to the end user.
Firewalls and other security devices have become increasingly complex, evolving from simplistic
filtering to application-aware processing of a wide range of Internet protocols. Security devices
have become a platform for next-generation application-aware inspection capabilities:
•Web security – intelligent HTTP/URL and content inspection to defend against buffer overflow attacks, viruses, spyware, phishing attacks, and to validate protocol compliance by
ensuring properly formed packets. Secure web connections are supported through HTTPS,
which utilizes the SSL and TLS protocols
•IPSec VPNs – secure, encrypted, and authenticated traffic between security gateways
•E-mail security – protection from spam, viruses, and phishing attacks that can overwhelm
networks with wasteful traffic
•Network security – application-aware content inspection, access control enforcement
with IPSec, 802.1x, RADIUS, intrusion prevention capabilities and DDoS attack mitigation
•Next-generation – support for IPv6, quality-of-service, voice and video streaming
As the industry moves further towards unified network security, network edge devices are providing better security services. One of the fastest growing security services running on these devices
is virus and spam protection for e-mail messages delivered over industry-standard protocols,
including SMTP and POP3. Indeed, the growth of such protection is directly related to the rapid
rise of virus and spam e-mails, estimated to comprise 60-80% of all e-mails.
One of the drawbacks to offering several stateful, application-aware services in a single device
is the potential for degradation of the device’s performance characteristics. To fully characterize
the performance of such devices, real-world conditions must be closely matched by incrementally
enabling application-aware inspection engines.
IxLoad provides facilities for checking security devices’ resistance to attacks:
•Distributed denial of service – extreme load can be placed on the SUT using multiple
Ixia interfaces. This type of testing is used to ensure that the SUT resists DDoS attacks and
continues to pass legal traffic
•Vulnerability attacks – a very wide range of attacks, based on the well-known Nessus®
library, can be used to determine SUT vulnerabilities
•Security protocols – secure web and IPSec encapsulated traffic is used to characterize
SUT performance while performing encryption operations
15
IxLoad – All-in-One Solution
Ixia’s IxLoad is the industry-leading product for layer 4 through 7 performance testing of all types
of devices and networks. With IxLoad, developers, equipment manufacturers, service providers,
and enterprises can:
•Get to market faster – with efficient and flexible testing. Product development is accelerated through IxLoad’s powerful and intuitive GUI. It’s flexible interactive and automation
programming allow complete testing at all development and deployment stages.
•Minimize test equipment CAPEX – with an all-in-one solution. All types of testing can
be performed with IxLoad and Ixia’s other test applications. One hardware/software solution tests your devices and networks from development, through staging, through fielding, to
network support.
•Minimize network OPEX – with early and frequent testing. Testing at the development,
staging, and provisioning levels ensures that devices and networks operate correctly and
with sufficient capacity. IxLoad’s flexibility and speed allow this to be done frequently – initially and then for each and every product update, upgrade and expansion.
•Minimize network CAPEX – with real-world characterization. IxLoad’s ability to accurately model the run-time environment of networks enables accurate tuning and capacity
measurements. This, in turn, allows networks to be provisioned without unnecessary overcapacity.
These advantages are enabled by IxLoad’s best-in-class features:
•A highly scalable, integrated test solution
•Real-world subscriber-based modeling – with emulation of multiplay clients and servers
•Highest traffic rate – the only solution with
10 Gbps, line-rate traffic
•All-in-one test solution – covering all device testing needs, with triple-play, infrastructure,
security, and router components
•Widest protocol coverage – with the full range of voice, video, data, security, and infrastructure protocols
•Ease of use – IxLoad’s sophisticated GUI is the ultimate in productivity, quickly moving from
small-scale setup to large-scale testing.
The Ixia test platform provides an all-in-one system for all of your IP testing needs, from conformance tests, to layer 2-3 routing and switching, to layer 4-7 application service testing.
16
Ixia applications also offer the fastest path to automation, generating automation scripts with the
push of a button – that may be coordinated by the Test Conductor™ regression tool to create and
run complete regression suites. Ixia platforms have forward and backward compatibility, guaranteeing the long-term benefits of your investment.
For more information on IxLoad and other Ixia platform and test applications, visit us at http://
www.ixiacom.com or call one of the sales offices listed on the back of this brochure.
17
Ixia Worldwide
Headquarters
26601 Agoura Rd.
Calabasas, CA 91302
(Toll Free North America)
1.877.367.4942
(Outside North America)
+1.818.871.1800
(Fax) 818.871.1805
www.ixiacom.com
Other Ixia Contacts
Info: info@ixiacom.com
Investors: ir@ixiacom.com
Public Relations: pr@ixiacom.com
Renewals: renewals@ixiacom.com
Sales: sales@ixiacom.com
Support: support@ixiacom.com
Training: training@ixiacom.com