RFC 8456
Benchmarking Methodology for Software-Defined Networking (SDN) Controller Performance
Pages: 64
Informational
Informational
Part 4 of 4 – Pages 51 to 64
A.5. Scalability
A.5.1. Control Sessions Capacity
Procedure: Network Devices OpenFlow Controller | | | OFPT_HELLO Exchange for Switch 1 | |<------------------------------------->| | | | OFPT_HELLO Exchange for Switch 2 | |<------------------------------------->| | . | | . | | . | | OFPT_HELLO Exchange for Switch n | |X<----------------------------------->X| | | Discussion: The value of Switch (n - 1) will provide the Control Sessions Capacity.
A.5.2. Network Discovery Size
Procedure: Network Devices OpenFlow SDN Controller Application | | | | | <Deploy network with | | |given no. of OF switches N>| | | | | OFPT_HELLO Exchange | | |<-------------------------->| | | | | | OFPT_PACKET_OUT with LLDP| | | to all switches | | |<---------------------------| | | | | | OFPT_PACKET_IN with LLDP| | | rcvd from Switch 1| | |--------------------------->| | | | | | OFPT_PACKET_IN with LLDP| | | rcvd from Switch 2| | |--------------------------->| | | . | | | . | | | | | | OFPT_PACKET_IN with LLDP| | | rcvd from Switch n| | |--------------------------->| | | | | | | <Wait for the expiry of| | | the Trial Duration (Td)>| | | | | | Query the controller for| | | discovered n/w topo. (N1)| | |<--------------------------| | | | | | <If N1==N, repeat Step 1| | | with N + 1 nodes| | | until N1<N >| | | | | | <If N1<N, repeat Step 1 | | | with N=N1 nodes once and | | | exit> | | | |
Legend:
n/w topo: Network topology
OF: OpenFlow
Discussion:
The value of N1 provides the Network Discovery Size value. The
Trial Duration can be set to the stipulated time within which the
user expects the controller to complete the discovery process.
A.5.3. Forwarding Table Capacity
Procedure: Test Traffic Network Devices OpenFlow SDN Generator TP1 Controller Application | | | | | | | | |G-ARP (H1..Hn) | | | |---------------->| | | | | | | | |OFPT_PACKET_IN(D1..Dn)| | | |--------------------->| | | | | | | | |<Wait for 5 secs>| | | | | | | | <Query for FWD | | | | entry> |(F1) | | | | | | |<Wait for 5 secs>| | | | | | | | <Query for FWD | | | | entry> |(F2) | | | | | | |<Wait for 5 secs>| | | | | | | | <Query for FWD | | | | entry> |(F3) | | | | | | | <Repeat Step 2 | | | |until F1==F2==F3>| | | | | Legend: G-ARP: Gratuitous ARP message H1..Hn: Host 1 .. Host n FWD: Forwarding Table Discussion: Query the controller's Forwarding Table entries multiple times, until three consecutive queries return the same value. The last value retrieved from the controller will provide the Forwarding Table Capacity value. The query interval is user configurable. The interval of 5 seconds shown in this example is for representational purposes.
A.6. Security
A.6.1. Exception Handling
Procedure: Test Traffic Test Traffic Network Devices OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1..Dn) | | | | |--------------->| | | | | | | | | | |OFPT_PACKET_IN(D1..Dn)| | | | |--------------------->| | | | | | | |Traffic (S1..Sn,D1..Dn) | | | |-------------------------->| | | | | | | | | | |OFPT_PACKET_IN(S1..Sa,| | | | | D1..Da)| | | | |--------------------->| | | | | | | | | |OFPT_PACKET_IN | | | | | (Sa+1..Sn,| | | | | Da+1..Dn)| | | | | (1% incorrect OFP| | | | | match header)| | | | |--------------------->| | | | | | | | | | FLOW_MOD(D1..Dn)| | | | |<---------------------| | | | | | | | | | FLOW_MOD(S1..Sa)| | | | | OFP headers| | | | |<---------------------| | | | | | | | |Traffic (S1..Sa,| | | | | D1..Da)| | | | |<---------------| | | | | | | | | | | | <Wait for the| | | | | expiry of the| | | | | Trial| | | | | Duration>| | | | | | | | | | <Record Rx| | | | | frames at| | | | | TP2 (Rn1)>|
| | | | |
| | | | <Repeat |
| | | | Step 1 with|
| | | | 2% incorrect|
| | | |OFPT_PACKET_INs>|
| | | | |
| | | | <Record Rx|
| | | | frames at|
| | | | TP2 (Rn2)>|
Legend:
G-ARP: Gratuitous ARP message
OFPT_PACKET_IN(Sa+1..Sn,Da+1..Dn): OFPT_PACKET_IN with
wrong version number
Rn1: Total number of frames received at Test Port 2
with 1% incorrect frames
Rn2: Total number of frames received at Test Port 2
with 2% incorrect frames
Discussion:
The traffic rate sent towards the OpenFlow switch from Test Port 1
should be 1% higher than the Path Programming Rate. Rn1 will
provide the Path Provisioning Rate of the controller when 1% of
incorrect frames are received, and Rn2 will provide the Path
Provisioning Rate of the controller when 2% of incorrect frames
are received.
The procedure defined above provides test steps to determine the
effects of handling error packets on the Path Programming Rate.
The same procedure can be adapted to determine the effects on
other performance tests listed in this benchmarking test.
A.6.2. Handling Denial-of-Service Attacks
Procedure: Test Traffic Test Traffic Network Device OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1..Dn) | | | | |---------------->| | | | | | | | | | |OFPT_PACKET_IN(D1..Dn)| | | | |--------------------->| | | | | | | |Traffic (S1..Sn,D1..Dn) | | | |--------------------------->| | | | | | | | | | |OFPT_PACKET_IN(S1..Sn,| | | | | D1..Dn)| | | | |--------------------->| | | | | | | | | |TCP SYN attack | | | | |from a switch | | | | |--------------------->| | | | | | | | | |FLOW_MOD(D1..Dn) | | | | |<---------------------| | | | | | | | | | FLOW_MOD(S1..Sn) | | | | | OFP headers | | | | |<---------------------| | | | | | | | |Traffic (S1..Sn, | | | | | D1..Dn) | | | | |<----------------| | | | | | | | | | | |<Wait for the| | | | |expiry of the| | | | | Trial| | | | | Duration>| | | | | | | | | | <Record Rx| | | | | frames at| | | | | TP2 (Rn1)>| | | | | |
Legend:
G-ARP: Gratuitous ARP message
Discussion:
A TCP SYN attack should be launched from one of the
emulated/simulated OpenFlow switches. Rn1 provides the Path
Programming Rate of the controller upon handling a denial-of-
service attack.
The procedure defined above provides test steps to determine the
effects of handling denial of service on the Path Programming
Rate. The same procedure can be adapted to determine the effects
on other performance tests listed in this benchmarking test.
A.7. Reliability
A.7.1. Controller Failover Time
Procedure: Test Traffic Test Traffic Network Device OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1) | | | | |-------------->| | | | | | | | | | |OFPT_PACKET_IN(D1) | | | | |---------------------->| | | | | | | |Traffic (S1..Sn,D1) | | | |--------------------------->| | | | | | | | | | | | | | | |OFPT_PACKET_IN(S1,D1) | | | | |---------------------->| | | | | | | | | |FLOW_MOD(D1) | | | | |<----------------------| | | | |FLOW_MOD(S1) | | | | |<----------------------| | | | | | | | |Traffic (S1,D1)| | | | |<--------------| | | | | | | | | | |OFPT_PACKET_IN(S2,D1) | | | | |---------------------->| | | | | | | | | |FLOW_MOD(S2) | | | | |<----------------------| | | | | | | | | |OFPT_PACKET_IN | | | | | (Sn-1,D1) | | | | |---------------------->| | | | | | | | | |OFPT_PACKET_IN(Sn,D1) | | | | |---------------------->| | | | | . | | | | | . |<Bring down | | | | . | the active | | | | | controller> | | | | FLOW_MOD(Sn-1) | | | | | X<-----------------| |
| | | | |
| | |FLOW_MOD(Sn) | |
| | |<----------------------| |
| | | | |
| |Traffic (Sn,D1)| | |
| |<--------------| | |
| | | | |
| | | |<Stop the |
| | | |test after |
| | | |recv. traffic|
| | | |upon |
| | | |failure> |
Legend:
G-ARP: Gratuitous ARP message
Discussion:
The time difference between the last valid frame received before
the traffic loss and the first frame received after the traffic
loss will provide the Controller Failover Time.
If there is no frame loss during the Controller Failover Time, the
Controller Failover Time can be deemed negligible.
A.7.2. Network Re-provisioning Time
Procedure: Test Traffic Test Traffic Network Devices OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1) | | | | |--------------->| | | | | | | | | | |OFPT_PACKET_IN(D1) | | | | |--------------------->| | | |G-ARP (S1) | | | |----------------------------->| | | | | | | | | | |OFPT_PACKET_IN(S1) | | | | |--------------------->| | | | | | | |Traffic (S1,D1,Seq. no (1..n))| | | |----------------------------->| | | | | | | | | | |OFPT_PACKET_IN(S1,D1) | | | | |--------------------->| | | | | | | | | Traffic (D1,S1,| | | | | Seq. no (1..n))| | | | |--------------->| | | | | | | | | | |OFPT_PACKET_IN(D1,S1) | | | | |--------------------->| | | | | | | | | |FLOW_MOD(D1) | | | | |<---------------------| | | | | | | | | |FLOW_MOD(S1) | | | | |<---------------------| | | | | | | | | Traffic (S1,D1,| | | | | Seq. no(1))| | | | |<---------------| | | | | | | | | | Traffic (S1,D1,| | | | | Seq. no(2))| | | | |<---------------| | | | | | | |
| | | | | | Traffic (D1,S1,Seq. no(1))| | | |<-----------------------------| | | | | | | | | Traffic (D1,S1,Seq. no(2))| | | |<-----------------------------| | | | | | | | | Traffic (D1,S1,Seq. no(x))| | | |<-----------------------------| | | | | | | | | | Traffic (S1,D1,| | | | | Seq. no(x))| | | | |<---------------| | | | | | | | | | | | | | | | | <Bring down | | | | | the switch in| | | | | the active| | | | | traffic path>| | | | | | | | |PORT_STATUS(Sa) | | | | |--------------------->| | | | | | | | | Traffic (S1,D1,| | | | | Seq. no(n - 1))| | | | | X<------------| | | | | | | | |Traffic (D1,S1,Seq. no(n - 1))| | | | X<------------------------| | | | | | | | | | | | | | | |FLOW_MOD(D1) | | | | |<---------------------| | | | | | | | | |FLOW_MOD(S1) | | | | |<---------------------| | | | | | | | Traffic (D1,S1,Seq. no(n))| | | |<-----------------------------| | | | | | | | | | Traffic (S1,D1,| | | | | Seq. no(n))| | | | |<---------------| | | | | | | | | | | |<Stop the test| | | | | after recv. | | | | | traffic upon| | | | | failover> |
Legend:
G-ARP: Gratuitous ARP message
Seq. no: Sequence number
Sa: Neighbor switch of the switch that was brought down
Discussion:
The time difference between the last valid frame received before
the traffic loss (packet with sequence number x) and the first
frame received after the traffic loss (packet with sequence
number n) will provide the Network Re-provisioning Time.
Note that the trial is valid only when the controller provisions
the alternate path upon network failure.
Acknowledgments
The authors would like to thank the following individuals for
providing their valuable comments regarding the earlier draft
versions of this document: Al Morton (AT&T), Sandeep Gangadharan
(HP), M. Georgescu (NAIST), Andrew McGregor (Google), Scott Bradner,
Jay Karthik (Cisco), Ramki Krishnan (VMware), Boris Khasanov
(Huawei), and Brian Castelli (Spirent).
Authors' Addresses
Bhuvaneswaran Vengainathan Veryx Technologies Inc. 1 International Plaza, Suite 550 Philadelphia, PA 19113 United States of America Email: bhuvaneswaran.vengainathan@veryxtech.com Anton Basil Veryx Technologies Inc. 1 International Plaza, Suite 550 Philadelphia, PA 19113 United States of America Email: anton.basil@veryxtech.com Mark Tassinari Hewlett Packard Enterprise 8000 Foothills Blvd. Roseville, CA 95747 United States of America Email: mark.tassinari@hpe.com Vishwas Manral NanoSec Co 3350 Thomas Rd. Santa Clara, CA 95054 United States of America Email: vishwas.manral@gmail.com Sarah Banks VSS Monitoring 930 De Guigne Drive Sunnyvale, CA 94085 United States of America Email: sbanks@encrypted.net