Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Measurement of Maximum new NAT-sessions per second / How to send packets

14,725 views

Published on

Measurement of Maximum new NAT-sessions per second
How to send packets?
Tcpreplay

Published in: Technology
  • Be the first to comment

Measurement of Maximum new NAT-sessions per second / How to send packets

  1. 1. 単位時間あたりの 新規NAT session 数の 最大値を測ってみた ~パケット送信方法~ 2014/11/02 #vyosjp @otsuka752 (@twovs)
  2. 2. Measurement of Maximum new NAT-sessions per second (How to send packets) 2014/11/02 #vyosjp @otsuka752 (@twovs)
  3. 3. about me • @otsuka752 (@twovs) • ネコ2人+奥さん+可愛い娘 •• 無線LLAANN装置の開発((11999999~~22000044)) • オンラインゲームのシステム管理者(2004~) • ただし,ゲームには全く興味無し • ZFS 最高!!! beadm 便利!!!
  4. 4. はじめに/Intro • VyOS は10万セッションのNAT も動くらしい VyOS can store 100K sessions and works well http://research.ssaakkuurraa..aadd..jjpp// 2012/07/24/janog30-network2/ • 単位時間あたりの新規session 数は? How many new sessions/sec does VyOS handle?
  5. 5. 構成/System • server(Guest) • tcpdump Internal network • Host(*3) • VirtualBox • VyOS-1.1.0(*1) • NAT(masquerade) • client(Physical) • send packets packets(*2) 1GbE
  6. 6. 構成/System (*1) Guest properties (VyOS) CPU x1 Memory 2GB ((**22)) IICCMMPP((たくさんのSSrrcc//DDsstt IIPPAAddddrr の組合せ)) ICMP(Many kinds of Src/Dst IPAddr pairs) (*3) Host properties CPU AMD Athlon 64 X2 Dual Core Processor 6400+ Memory 8GB OS Solaris 11.1 VirtualBox 4.3.14
  7. 7. 設定/Configuration • IPAddr と下記以外はデフォルト値 Use Default Configuration except for IPAddr and below set protocols static route 0.0.0.0/0 next-hop ‘(server)' set nat source rule 10 outbound-interface 'eth1' set nat source rule 10 source address '0.0.0.0/0' set nat source rule 10 translation address 'masquerade' set system conntrack expect-table-size '2048' set system conntrack hash-size '16384' set system conntrack table-size '1048576'
  8. 8. 試験手順/Testing procedure (1) VyOS のNAT セッションやカウンタをリセット Reset conntrack and clear NAT counters of VyOS vvyyooss@@vvyyooss::~~$$ rreesseett ccoonnnnttrraacckk This will clear all currently tracked and expected connections. Continue? (Y/N) [N]: y vyos@vyos:~$ clear nat source counters
  9. 9. 試験手順/Testing procedure (2) クライアントからP[pps] でN 種類のパケットを送信 Send N different kinds of packets to VyOS at P[pps] from client [client]$ scapy Welcome to Scapy (2.2.0-1) >>> Scapy も良いけど… Scapy is good.
  10. 10. 試験手順/Testing procedure (2) クライアントからP[pps] でN 種類のパケットを送信 Send N different kinds of packets to VyOS at P[pps] from client [client]$ sudo tcpreplay --unique-ip ¥ -l ${N} --pps=${P} -K -i eth0 file.pcap Tcpreplay もイイネ I love Tcpreplay too.
  11. 11. 試験手順/Testing procedure (3) サーバに届いたパケット数を数える Count the number of packets from client [[sseerrvveerr]]$$ ssuuddoo ttccppdduummpp --nn --ii eetthh00
  12. 12. 試験手順/Testing procedure (4) VyOS でNAT table の数を見る Show NAT statistics on VyOS vyos@vyos:~$ show nat source statistics rule pkts bytes interface ---- ---- ----- --------- 10 100K 2800K eth1
  13. 13. 結果/Results N:セッション数/sessions handled by VyOS
  14. 14. 結果/Results N:セッション数/sessions handled by VyOS
  15. 15. 結果/Results • 新規セッション20K[pps] で処理できそう (合計20万セッションでも) VyOS will bbee aabbllee ttoo hhaannddllee 20K new-session per sec (with 200K unique sessions condition)
  16. 16. 備考/Notes • >30K[pps] のパケロス発生時でも [サーバに届いたパケット数] と [VyOS で作られたNAT session 数] は概ね同数 >30K[pps] condition, i.e. PER != 0 [number of packets received by server] is also nearly equal to [number of NAT-sessions on VyOS]
  17. 17. tcpreplay が気になるでしょ!? You will be interested in tcpreplay.
  18. 18. 続きはウェブで! Find more on the web!
  19. 19. お知らせ 日本語サイト始めてみました! I translate the web site into Japanese. http://tcpreplay.jp/
  20. 20. お知らせ • 日本語サイト始めてみました! • http://tcpreplay.jp/ • https://github.com/otsuka752/ • Web site in English • http://tcpreplay.appneta.com/ • https://github.com/appneta/tcpreplay/
  21. 21. END

×