3. โน#โบ PROPRIETARY AND CONFIDENTIAL
Agenda
๏ฃ Testing NFV
โข Benefits of NFV and the Testing Implications
โข Challenges for NFV and the Testing Requirements
๏ฃ Test Tools Old & New
โข What Existing Tools Do
โข Hardware Tester Architecture โ benefits/challenges
โข Virtual Machine Tester Architecture โ benefits/challenge
โข What can we learn and what do we lose?
๏ฃ New NFV Test Methodologies
6. โน#โบ PROPRIETARY AND CONFIDENTIAL
Benefits of NFV and the Testing Implications
Benefit Impact
Reduced Equipment Cost and
Reduced Power Consumption
Equivalent Testing Costs must fall
Reduced Time-to-Market for
Innovative New Services
Test systems must integrate with
new lab platforms and be capable of
automation
Possibility of Running Production,
Test and Reference Facilities on the
same infrastructure
As above. Integrating Test System
with Orchestration is key
๏ฑ Virtual Test Ports, Standard APIs and Orchestration
Integration are key
7. โน#โบ PROPRIETARY AND CONFIDENTIAL
Benefits of NFV and the Testing Implications (cont.)
Benefit Impact
Optimizing network configuration/
topology in near real-time based on
traffic and service demand
Test it!
What effect does this have on QoE for
service user.
Temporarily repair failures by
automated re-configuration and moving
network workloads onto spare capacity
Test it!
Do the failover mechanisms work?
What is the service impact during re-
configuration
Rapid Scaling of Services to meet real-
time demand. Scaling-up and scaling-
out of capacity under orchestration
control
Test it!
New methodologies required.
Does the orchestration mechanism
respond correctly to demand. How is
existing traffic affected when it does?
8. โน#โบ PROPRIETARY AND CONFIDENTIAL
Challenges for NFV and the Testing Requirements
Challenge Requirement
Portability/
Interoperability
Test the functionality and performance in all
data centre environments that will be
encountered in service
Performance Trade-Offs
when using industry
standard hardware
Benchmark existing services (e.g. latency,
delay variation, power consumption for
different service levels). Determine the
resources required to continue meeting SLAs
Migration and Co-
existence/ Compatibility
with legacy platforms
Test services using a mixture of virtual and
physical network appliances
9. โน#โบ PROPRIETARY AND CONFIDENTIAL
Challenges for NFV and the Testing Requirements
(Cont.)
Challenge Requirement
Network Stability
Determine stability of data and control-planes
when large numbers of VMs are being created
or re-located
Integration
Test service chains as well as individual VNFs.
Requires complex protocol support from test
ports
Security and Resilience
Induce failure and test service downtime
(while network function is re-created).
Test servers, hypervisors, virtual appliances
and orchestration mechanisms against security
attacks.
10. โน#โบ PROPRIETARY AND CONFIDENTIAL
Testing Within the NFV Infrastructure
Test Path Possibilities
๏ฃ vSwitch performance, availability and scalability
๏ฃ VNF performance, availability and scalability
๏ฃ Server performance, availability and scalability
11. โน#โบ PROPRIETARY AND CONFIDENTIAL
PASS Methodologies for NFV
๏ฃ Performance
โข Data-plane throughput, latency,
latency variation etc.
โข VNF vs Dedicated hardware
โข Effect of real-time optimization
on QoE
โข Performance per environment
โข Service Chain performance
โข Power Consumption
๏ฃ Availability
โข Control-plane convergence
โข Data-plane reliability under load
โข Migration and Auto-scaling
(SLA Maintenance)
๏ฃ Security
โข VLAN/VPN leakage
โข Firewall Performance
โข Security of virtual
infrastructure
๏ฃ Scale
โข Control-plane peer scale
โข Routing table scale
โข Session quantity and
establishment rate
โข Capacity of NFVI
13. โน#โบ PROPRIETARY AND CONFIDENTIAL
Test Ports Emulate Complex Environments
๏ฃ 1G or 10G
Ethernet
๏ฃ V4 & V6
Addresses
๏ฃ RIP, BGP, IS-
IS or OSPF
๏ฃ 10G, 40G or 100G
Ethernet
๏ฃ MPLS Label Stack
๏ฃ IS-IS or OSPF
๏ฃ Multi-Protocol iBGP
๏ฃ LDP
๏ฃ BFD
๏ฃ VRFs
๏ฃ Firewall Functions
๏ฃ Border Relay
14. โน#โบ PROPRIETARY AND CONFIDENTIAL
Hardware-based Tester Model
Advantages
๏ฃ Repeatable results
๏ฃ Line rate traffic
๏ฃ High-scale control-plane
๏ฃ Accurate (to ~5nS) across
millions of streams
๏ฃ Single management interface
๏ฃ Easily automated
๏ฃ Cost effective
โข Emulate realistic environment
โข Power, real-estate
Hardware-based
Test Device
Data-plane traffic
Control-plane peering,
updates etc.
15. โน#โบ PROPRIETARY AND CONFIDENTIAL
Module
Module
Module
Module
Architecture of a Hardware Test Device
Controller
Module
CPU /
MEM
CPU /
MEM
CPU /
MEM
CPU /
MEM
GPS
PTP Compute
Resource
CPU
Core
CPU
Core
CPU
Core
PHY
PHY
PHY
FPGA
FPGA
FPGA
16. 16 PROPRIETARY AND CONFIDENTIAL
Constant Bitrate
Traffic (CBR)
Variable Bitrate
Traffic (VBR)
Continuous Burst
Microburst
Realizing Test Functionality in VM Equivalents
CPU
๏ฃ Stateful control-plane protocols
๏ฃ Emulated and Simulated devices
(L2-7)
โข 1000s of peers per port
โข Millions of routes per port
๏ฃ Test Configuration and control
๏ฃ Results processing and database
FPGA
๏ฃ Line rate performance
๏ฃ Traffic Generation and Analysis
โข Sophisticated scheduling
โข 1 Million flows per port
individually measureable in real-
time
๏ฃ Accurate & Stable time stamping
๏ฃ High-resolution sampling
๏ฃ Line Rate Capture buffers
๏ฃ Work is in progress to enhance soft FPGA performance
๏ฃ In cases where replicating hardware performance is not possible
new methodologies are being developed
18. 18
๏ฃ Target D/SUTs
โข vBNG (PPPoE/DHCP)
โข vCPE [vFW, vLB, vRouter] (IGMP, DHCP, OSPF/BGP, Stateful traffic)
โข vPE (BGP, MPLS VPN, VPLS)
โข System Infrastructure performance โ Hypervisor, OS, vSwitch, vNIC
๏ฃ Measure
โข Forwarding throughput (RFC 2544)
โข Latency/Jitter โ TWAMP Latency
โข Orchestration with VM/VNF/(V)TA auto-scaling
Forwarding Performance Benchmarking of a VNF
Test Topology
(Virtual) Test Appliance (virtual) Test Appliance
VNF under test
(V)TA
(V)TA
Traffic
(V)TA (V)TA
19. 19
๏ฃ Objective - Test the fail-over convergence time when one of the VNFs
fails and back up path has been configured for the test topology
๏ฃ Convergence Configurations
โข ECMP Load sharing over Active/Active Paths
โข Active/Standby Paths โ Failover to Standby Path
๏ฃ Measure:
โข Convergence Time
โข Impact on convergence time of route/VRF table size
Fail-over Convergence Measurement
(Virtual) Test
Appliance
Test Appliance
VTA/
TA
Simulated
Endpoints
DUT Virtual Routers
(VNFs)
Emulated
Router
VTA/
TA
VTA/
TA
Traffic
.
.
.
.
Simulated
Endpoints
VTA/
TA .
.
.
.
20. 20
๏ฃ Objective - Determine the performance of a distributed VNF during and
after the migration of one or more constituent VMs
โข Migration of a constituent VM from one physical server to another
โข Migration of a VNF in service chain from one physical server to another
โข Migration of VM or VNF across data centres
๏ฃ Measure (during a scheduled VNF VM Migration)
โข Throughput and Latency before and after migration
โข Service disruption time
Performance Impact of VM Migration
Test Appliance Test Appliance
.
.
.
.
VTA/
TA
VTA/
TA .
.
.
.
Simulated
Server Cloud
Simulated
Workload Clients
Server 1
Server 2
Traffic
21. 21
๏ฃ Objective - Test the auto-scaling functionality of the VNF.
โข Auto scaling triggered by mechanisms such as an embedded monitoring function/
threshold crossing detection & event notification
โข Example โ an increase in the number of PPPoE or DHCP incoming session requests
(beyond the scale supported by one VM)
๏ฃ Measure
โข Disable the auto-scaling feature on DUT in order to base line the performance
โข Re-Enable auto-scaling and gradually increase load
โข Record the transactions/sec, average, min and max response time
โข Record the total number of VMs instantiated by the VNF
โข Record the NVFI resources used by the VNF (processor, memory, storage)
Auto Scaling of VMs in a VNF
Virtual Test Appliance Virtual Test ApplianceVNF Under Test
.
.
.
.
VTA VTA
.
.
.
.
Simulated
Server Cloud
Simulated
Workload Clients
22. 22
๏ฃ NFV brings new benefits and challenges that require new testing
techniques
๏ฃ Existing testing technology has been virtualized thus building on
many years of experience
๏ฃ Virtualized test environments are challenging. The test
community is:
โข Addressing the challenges where this is technically feasible
โข Creating new methodologies where it is not
Conclusions
26. 26
PPPoE connections
MPLS tunnels
BFD for fault detection
๏ฃ Physical test devices emulate DSLAMS and 1000s of PPPoE client
on one side and Edge and core routers on other side
๏ฃ In above example, the VNFs under test are virtualized BNG/PE
running on standard server
โข PPPoE and MPLS connections formed between test device and
VNF under test
VNF Functional & Performance Testing
1. Using physical test devices to validate performance of virtual BNG
Test system
emulates
DSLAMs & PPPoE
clients
Test system
emulates Edge
and core routers
27. 27
๏ฃ Virtual test appliances emulate realistic video and web clients
and servers generating stateful L4-7 traffic
๏ฃ In above example, the VNFs under test are virtualized Firewall,
Load Balancer and CE router running as a service chain inside a
standard server
VNF Functional & Performance Testing
2. Using virtual test devices to validate performance Service Chain
vLoad
Balancer
Emulated
Video/Web Clients
Emulated
Video/Web Server
Service chain
vFirewall vCE
28. 28
๏ฃ The following metrics are measured/verified by the test
appliances for service chains that include virtual appliances such
as Firewalls, IDS/IPS, DPI, Load Balancers, Traffic Classifiers, WAN
Accelerators and CE devices
โข Sustained packet forwarding rate
โข Connection establishment rate & transactions per second
โข Total number of connections
โข Round trip time and goodput
โข Denial of service handling & packet loss
โข Service chain scale (and interference)
โข Packet leakage across service chains
โข Time between VM instantiation and first available packet
Service chain validation (e.g. vFirewall, vLB & vCE)
29. 29
๏ฃ The following methodology is used to ensure portability of VNFs
and stability of NFV environment
โข Virtual Test Appliance is connected to Service Chain as
โข โxโ service chains are created. The test appliances ensure that adding the
โx + 1โth service chain does not degrade the performance of the first โxโ
service chains more than expected levels
โข Tests are repeated for a number of different hypervisors and vSwitches and
the test appliances verify that the VNF performance is consistent across
different hypervisors
Service Chain Stability, Portability and
Scalability
30. 30
Testing reliability and availability of VNFs
LAG 1
Server A Server B
BFD
BFD
๏ฃ Virtual test devices form connections with primary and backup
VNFs over a LAG
๏ฃ High frequency BFD running between the test devices and VNFs
constantly monitor the connection liveliness
LAG 2
BFD
31. 31
๏ฃ The following methodology is used to ensure availability of VNFs
โข Initially Port 1 is active on Both LAGs 1 and 2
โข High frequency BFD monitors connection liveness
โข VM Migration is initiated from Server A to Server B
โข Port 2 becomes active and port 1 becomes standby on both LAGs
โข Number of packets lost in forward direction is TX packets on Stream ID 1 on
LAG 1 minus RX packets on Stream ID 1 on LAG 2
โข Number of packets lost in reverse direction is TX packets on Stream ID 2 on
LAG 2 minus RX packets on Stream ID 2 on LAG 1
โข VM migration time is the greater of [Time of arrival of first packet on Port 2
of LAG 2 โ Time of arrival of last packet on Port 1 of LAG 2] and [Time of
arrival of first packet on Port 2 of LAG 1 โ Time of arrival of last packet on
Port 1 of LAG 1]
Reliability & availability of VMs (VM Migration)
32. 32
Monitoring
probe
Monitoring
probe
On on-demand basis, insert virtual monitoring probes
in the service chain, for active or passive monitoring
Performance monitoring
interface to OSS/BSS
NFV Service Assurance
vLoad
Balancer vFirewall vCE
vMonitoring
Probe
vMonitoring
Probe
33. 33
๏ฃ The following methodology is used to perform active and passive
monitoring of NFV environments
โข A combination of virtual and physical monitoring probes are used
โข Probes provide information to OSS/BSS systems
โข Virtual monitoring probes are inserted on an on-demand basis at various
points in the service chain to test a subset of or all of the functions of a
service chain
โข For active monitoring, the virtual probes originate and terminate packets;
for passive monitoring, the virtual probes just tap in to the service chain
Active and passive monitoring of NFV
environments
34. 34
Traditional Router Architecture
Router
Router
Packet Forwarding Hardware
Network OS
App App App
Packet Forwarding Hardware
Network OS
App App App
๏ง Custom Designed Specialized Hardware
Based on ASIC, FPGA or Network
Processors
๏ง Proprietary Network Operating System
e.g. Cisco IOS or JUNOS
๏ง Embedded Software - Routing Protocols,
Routing Data Bases, SPF Algorithms,
Firewall Functionality etc.
35. 35
Conventional Routing
The Control and Data Plane
Router
Router
Packet Forwarding
Hardware
Network OS
App App App
Router
Router
Packet Forwarding
Hardware
Network OS
App App App
Router
Router
Packet Forwarding
Hardware
Network OS
App App App
Router
Packet Forwarding
Hardware
Network OS
App App App
Router
Packet Forwarding
Hardware
Network OS
App App App
Router
Router
Packet Forwarding
Hardware
Network OS
App App App
Routers โtalkโ to one another
via routing protocols to
discover neighbours and
topology
Each Router builds a database of
the network topology which it
uses to determine how to switch
data packets
36. 36
๏ฃ For
โข Established - Tried and Tested
โข Bomb Proof!
๏ฃ Against
โข Inflexible โ Changes require weeks to implement
โข Expensive - Every node requires compute resources
โข Proprietary - Every vendor implements routing algorithms in their own way
โข Hard to Maintain - Every node must be visited for software maintenance
โข Vulnerable to control-plane attack
Conventional Routing Pros and Cons
37. 37
Controller
SDN โ What Changes?
Firewall
Network OS
Router
Network OS
Load Balancer
Network OS
Router
Network OS
Router
Network OS
Router
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Network OS
38. 38
Controller
SDN and OpenFlow
๏ฃ Switches built from
cheap merchant (off-
the-shelf) silicon
๏ฃ OpenFlow is a
component of SDN
๏ฃ Applications perform path
calculations (like SPF today)
๏ฃ Much greater flexibility to
add new functionality (e.g.
SJ-BPF)
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
Packet Forwarding
Hardware
SDN Controller
(South-bound interface)
39. 40
Simplified Provisioning of Complex Topology
๏ฃ SDN will enable dynamic
provisioning across network
layers
Data Centre A
Data Centre BApp App App
SDN Controller