Measurement of Maximum new NAT-sessions per second / How to send packets

9,827 views

Published on

Measurement of Maximum new NAT-sessions per second
How to send packets?
Tcpreplay

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
9,827
On SlideShare
0
From Embeds
0
Number of Embeds
6,875
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Measurement of Maximum new NAT-sessions per second / How to send packets

  1. 1. 単位時間あたりの 新規NAT session 数の 最大値を測ってみた ~パケット送信方法~ 2014/11/02 #vyosjp @otsuka752 (@twovs)
  2. 2. Measurement of Maximum new NAT-sessions per second (How to send packets) 2014/11/02 #vyosjp @otsuka752 (@twovs)
  3. 3. about me • @otsuka752 (@twovs) • ネコ2人+奥さん+可愛い娘 •• 無線LLAANN装置の開発((11999999~~22000044)) • オンラインゲームのシステム管理者(2004~) • ただし,ゲームには全く興味無し • ZFS 最高!!! beadm 便利!!!
  4. 4. はじめに/Intro • VyOS は10万セッションのNAT も動くらしい VyOS can store 100K sessions and works well http://research.ssaakkuurraa..aadd..jjpp// 2012/07/24/janog30-network2/ • 単位時間あたりの新規session 数は? How many new sessions/sec does VyOS handle?
  5. 5. 構成/System • server(Guest) • tcpdump Internal network • Host(*3) • VirtualBox • VyOS-1.1.0(*1) • NAT(masquerade) • client(Physical) • send packets packets(*2) 1GbE
  6. 6. 構成/System (*1) Guest properties (VyOS) CPU x1 Memory 2GB ((**22)) IICCMMPP((たくさんのSSrrcc//DDsstt IIPPAAddddrr の組合せ)) ICMP(Many kinds of Src/Dst IPAddr pairs) (*3) Host properties CPU AMD Athlon 64 X2 Dual Core Processor 6400+ Memory 8GB OS Solaris 11.1 VirtualBox 4.3.14
  7. 7. 設定/Configuration • IPAddr と下記以外はデフォルト値 Use Default Configuration except for IPAddr and below set protocols static route 0.0.0.0/0 next-hop ‘(server)' set nat source rule 10 outbound-interface 'eth1' set nat source rule 10 source address '0.0.0.0/0' set nat source rule 10 translation address 'masquerade' set system conntrack expect-table-size '2048' set system conntrack hash-size '16384' set system conntrack table-size '1048576'
  8. 8. 試験手順/Testing procedure (1) VyOS のNAT セッションやカウンタをリセット Reset conntrack and clear NAT counters of VyOS vvyyooss@@vvyyooss::~~$$ rreesseett ccoonnnnttrraacckk This will clear all currently tracked and expected connections. Continue? (Y/N) [N]: y vyos@vyos:~$ clear nat source counters
  9. 9. 試験手順/Testing procedure (2) クライアントからP[pps] でN 種類のパケットを送信 Send N different kinds of packets to VyOS at P[pps] from client [client]$ scapy Welcome to Scapy (2.2.0-1) >>> Scapy も良いけど… Scapy is good.
  10. 10. 試験手順/Testing procedure (2) クライアントからP[pps] でN 種類のパケットを送信 Send N different kinds of packets to VyOS at P[pps] from client [client]$ sudo tcpreplay --unique-ip ¥ -l ${N} --pps=${P} -K -i eth0 file.pcap Tcpreplay もイイネ I love Tcpreplay too.
  11. 11. 試験手順/Testing procedure (3) サーバに届いたパケット数を数える Count the number of packets from client [[sseerrvveerr]]$$ ssuuddoo ttccppdduummpp --nn --ii eetthh00
  12. 12. 試験手順/Testing procedure (4) VyOS でNAT table の数を見る Show NAT statistics on VyOS vyos@vyos:~$ show nat source statistics rule pkts bytes interface ---- ---- ----- --------- 10 100K 2800K eth1
  13. 13. 結果/Results N:セッション数/sessions handled by VyOS
  14. 14. 結果/Results N:セッション数/sessions handled by VyOS
  15. 15. 結果/Results • 新規セッション20K[pps] で処理できそう (合計20万セッションでも) VyOS will bbee aabbllee ttoo hhaannddllee 20K new-session per sec (with 200K unique sessions condition)
  16. 16. 備考/Notes • >30K[pps] のパケロス発生時でも [サーバに届いたパケット数] と [VyOS で作られたNAT session 数] は概ね同数 >30K[pps] condition, i.e. PER != 0 [number of packets received by server] is also nearly equal to [number of NAT-sessions on VyOS]
  17. 17. tcpreplay が気になるでしょ!? You will be interested in tcpreplay.
  18. 18. 続きはウェブで! Find more on the web!
  19. 19. お知らせ 日本語サイト始めてみました! I translate the web site into Japanese. http://tcpreplay.jp/
  20. 20. お知らせ • 日本語サイト始めてみました! • http://tcpreplay.jp/ • https://github.com/otsuka752/ • Web site in English • http://tcpreplay.appneta.com/ • https://github.com/appneta/tcpreplay/
  21. 21. END

×