Internet Engineering Task Force (IETF) J. Novak
Request for Comments: 6645 Cisco Systems, Inc.
Category: Informational July 2012
ISSN: 2070-1721
Internet Engineering Task Force (IETF) J. Novak
Request for Comments: 6645 Cisco Systems, Inc.
Category: Informational July 2012
ISSN: 2070-1721
IP Flow Information Accounting and Export Benchmarking Methodology
IP流量信息核算和出口基准方法
Abstract
摘要
This document provides a methodology and framework for quantifying the performance impact of the monitoring of IP flows on a network device and the export of this information to a Collector. It identifies the rate at which the IP flows are created, expired, and successfully exported as a new performance metric in combination with traditional throughput. The metric is only applicable to the devices compliant with RFC 5470, "Architecture for IP Flow Information Export". The methodology quantifies the impact of the IP flow monitoring process on the network equipment.
本文档提供了一种方法和框架,用于量化网络设备上IP流监控的性能影响,以及将此信息导出到收集器。它将IP流的创建、过期和成功导出的速率标识为与传统吞吐量相结合的新性能指标。该指标仅适用于符合RFC 5470“IP流信息导出架构”的设备。该方法量化了IP流监控过程对网络设备的影响。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6645.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6645.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................4
2. Terminology .....................................................5
2.1. Existing Terminology .......................................5
2.2. New Terminology ............................................6
3. Flow Monitoring Performance Benchmark ...........................8
3.1. Definition .................................................8
3.2. Device Applicability .......................................8
3.3. Measurement Concept ........................................8
3.4. The Measurement Procedure Overview .........................9
4. Measurement Setup ..............................................11
4.1. Measurement Topology ......................................11
4.2. Baseline DUT Setup ........................................13
4.3. Flow Monitoring Configuration .............................13
4.4. Collector .................................................19
4.5. Sampling ..................................................19
4.6. Frame Formats .............................................19
4.7. Frame Sizes ...............................................20
4.8. Flow Export Data Packet Sizes .............................20
4.9. Illustrative Test Setup Examples ..........................20
5. Flow Monitoring Throughput Measurement Methodology .............22
5.1. Flow Monitoring Configuration .............................23
5.2. Traffic Configuration .....................................24
5.3. Cache Population ..........................................25
5.4. Measurement Time Interval .................................25
5.5. Flow Export Rate Measurement ..............................26
5.6. The Measurement Procedure .................................27
6. RFC 2544 Measurements ..........................................28
6.1. Flow Monitoring Configuration..............................28
6.2. Measurements with the Flow Monitoring Throughput Setup ....29
6.3. Measurements with Fixed Flow Export Rate...................29
7. Flow Monitoring Accuracy .......................................30
8. Evaluating Flow Monitoring Applicability .......................31
9. Acknowledgements ...............................................32
10. Security Considerations .......................................32
11. References ....................................................33
11.1. Normative References .....................................33
11.2. Informative References ...................................33
Appendix A. Recommended Report Format .............................35
Appendix B. Miscellaneous Tests ...................................36
B.1. DUT Under Traffic Load ...................................36
B.2. In-Band Flow Export ......................................36
B.3. Variable Packet Rate .....................................37
B.4. Bursty Traffic ...........................................37
B.5. Various Flow Monitoring Configurations ...................38
B.6. Tests with Bidirectional Traffic .........................38
B.7. Instantaneous Flow Export Rate ...........................39
1. Introduction ....................................................4
2. Terminology .....................................................5
2.1. Existing Terminology .......................................5
2.2. New Terminology ............................................6
3. Flow Monitoring Performance Benchmark ...........................8
3.1. Definition .................................................8
3.2. Device Applicability .......................................8
3.3. Measurement Concept ........................................8
3.4. The Measurement Procedure Overview .........................9
4. Measurement Setup ..............................................11
4.1. Measurement Topology ......................................11
4.2. Baseline DUT Setup ........................................13
4.3. Flow Monitoring Configuration .............................13
4.4. Collector .................................................19
4.5. Sampling ..................................................19
4.6. Frame Formats .............................................19
4.7. Frame Sizes ...............................................20
4.8. Flow Export Data Packet Sizes .............................20
4.9. Illustrative Test Setup Examples ..........................20
5. Flow Monitoring Throughput Measurement Methodology .............22
5.1. Flow Monitoring Configuration .............................23
5.2. Traffic Configuration .....................................24
5.3. Cache Population ..........................................25
5.4. Measurement Time Interval .................................25
5.5. Flow Export Rate Measurement ..............................26
5.6. The Measurement Procedure .................................27
6. RFC 2544 Measurements ..........................................28
6.1. Flow Monitoring Configuration..............................28
6.2. Measurements with the Flow Monitoring Throughput Setup ....29
6.3. Measurements with Fixed Flow Export Rate...................29
7. Flow Monitoring Accuracy .......................................30
8. Evaluating Flow Monitoring Applicability .......................31
9. Acknowledgements ...............................................32
10. Security Considerations .......................................32
11. References ....................................................33
11.1. Normative References .....................................33
11.2. Informative References ...................................33
Appendix A. Recommended Report Format .............................35
Appendix B. Miscellaneous Tests ...................................36
B.1. DUT Under Traffic Load ...................................36
B.2. In-Band Flow Export ......................................36
B.3. Variable Packet Rate .....................................37
B.4. Bursty Traffic ...........................................37
B.5. Various Flow Monitoring Configurations ...................38
B.6. Tests with Bidirectional Traffic .........................38
B.7. Instantaneous Flow Export Rate ...........................39
Monitoring IP flows (Flow monitoring) is defined in the "Architecture for IP Flow Information Export" [RFC5470] and related IPFIX documents specified in Section 1.2 of [RFC5470]. It analyzes the traffic using predefined fields from the packet header as keys and stores the traffic and other internal information in the DUT (Device Under Test) memory. This cached flow information is then formatted into records (see Section 2.1 for term definitions) and exported from the DUT to an external data collector for analysis. More details on the measurement architecture are provided in Section 3.3.
“IP流信息导出架构”[RFC5470]和[RFC5470]第1.2节规定的相关IPFIX文件中定义了监控IP流(流监控)。它使用来自包头的预定义字段作为密钥来分析流量,并将流量和其他内部信息存储在DUT(被测设备)内存中。然后将缓存的流信息格式化为记录(术语定义见第2.1节),并从DUT导出到外部数据采集器进行分析。第3.3节提供了有关测量体系结构的更多详细信息。
Flow monitoring on network devices is widely deployed and has numerous uses in both service-provider and enterprise segments as detailed in the "Requirements for IP Flow Information Export (IPFIX)" [RFC3917]. This document provides a methodology for measuring Flow monitoring performance so that network operators have a framework to measure the impact on the network and network equipment.
网络设备上的流量监控被广泛部署,并在服务提供商和企业部门有多种用途,详见“IP流量信息导出(IPFIX)要求”[RFC3917]。本文件提供了测量流量监控性能的方法,以便网络运营商有一个框架来测量对网络和网络设备的影响。
This document's goal is to provide a series of methodology specifications for the measurement of Flow monitoring performance in a way that is comparable amongst various implementations, platforms, and vendor devices.
本文件的目标是提供一系列方法规范,用于测量流量监测性能,其方式可在各种实施、平台和供应商设备之间进行比较。
Flow monitoring is, in most cases, run on network devices that also forward packets. Therefore, this document also provides the methodology for [RFC2544] measurements in the presence of Flow monitoring. It is applicable to IPv6 and MPLS traffic with their specifics defined in [RFC5180] and [RFC5695], respectively.
在大多数情况下,流量监控在也转发数据包的网络设备上运行。因此,本文件还提供了流量监测情况下的[RFC2544]测量方法。它适用于IPv6和MPLS流量,其详细信息分别在[RFC5180]和[RFC5695]中定义。
This document specifies a methodology to measure the maximum IP Flow Export Rate that a network device can sustain without impacting the Forwarding Plane, without losing any IP flow information and without compromising IP flow accuracy (see Section 7 for details).
本文件规定了一种测量网络设备在不影响转发平面、不丢失任何IP流信息和不影响IP流准确性的情况下可维持的最大IP流输出速率的方法(详情见第7节)。
[RFC2544], [RFC5180], and [RFC5695] specify benchmarking of network devices forwarding IPv4, IPv6, and MPLS [RFC3031] traffic, respectively. The methodology specified in this document stays the same for any traffic type. The only restriction may be the DUT's lack of support for Flow monitoring of a particular traffic type.
[RFC2544]、[RFC5180]和[RFC5695]分别指定转发IPv4、IPv6和MPLS[RFC3031]流量的网络设备的基准测试。本文件中规定的方法对于任何流量类型保持不变。唯一的限制可能是DUT缺乏对特定流量类型的流量监控的支持。
A variety of different DUT architectures exist that are capable of Flow monitoring and export. As such, this document does not attempt to list the various white-box variables (e.g., CPU load, memory utilization, hardware resources utilization, etc.) that could be gathered as they always help in comparison evaluations. A more complete understanding of the stress points of a particular device
存在各种不同的DUT体系结构,能够进行流量监控和导出。因此,本文档不试图列出可以收集的各种白盒变量(例如,CPU负载、内存利用率、硬件资源利用率等),因为它们总是有助于比较评估。更全面地了解特定设备的应力点
can be attained using this internal information, and the tester MAY choose to gather this information during the measurement iterations.
可以使用此内部信息获得,测试人员可以选择在测量迭代期间收集此信息。
The terminology used in this document is based on that defined in [RFC5470], [RFC2285], and [RFC1242], as summarized in Section 2.1. The only new terms needed for this methodology are defined in Section 2.2.
本文件中使用的术语基于[RFC5470]、[RFC2285]和[RFC1242]中定义的术语,如第2.1节所述。第2.2节定义了该方法所需的唯一新术语。
Additionally, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
此外,本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中的说明进行解释。
Device Under Test (DUT) [RFC2285, Section 3.1.1]
被测设备(DUT)[RFC2285,第3.1.1节]
Flow [RFC5101, Section 2]
流量[RFC5101,第2节]
Flow Key [RFC5101, Section 2]
流量键[RFC5101,第2节]
Flow Record [RFC5101, Section 2]
流量记录[RFC5101,第2节]
Template Record [RFC5101, Section 2]
模板记录[RFC5101,第2节]
Observation Point [RFC5470, Section 2]
观测点[RFC5470,第2节]
Metering Process [RFC5470, Section 2]
计量过程[RFC5470,第2节]
Exporting Process [RFC5470, Section 2]
导出过程[RFC5470,第2节]
Exporter [RFC5470, Section 2]
出口商[RFC5470,第2节]
Collector [RFC5470, Section 2]
收集器[RFC5470,第2节]
Control Information [RFC5470, Section 2]
控制信息[RFC5470,第2节]
Data Stream [RFC5470, Section 2]
数据流[RFC5470,第2节]
Flow Expiration [RFC5470, Section 5.1.1]
流量到期[RFC5470,第5.1.1节]
Flow Export [RFC5470, Section 5.1.2]
流量输出[RFC5470,第5.1.2节]
Throughput [RFC1242, Section 3.17]
吞吐量[RFC1242,第3.17节]
Definition: Memory area held and dedicated by the DUT to store Flow information prior to the Flow Expiration.
定义:DUT持有并专用于存储流量到期前的流量信息的存储区域。
Definition: The size of the Cache in terms of how many entries the Cache can hold.
定义:缓存的大小,根据缓存可以容纳多少个条目。
Discussion: This term is typically represented as a configurable option in the particular Flow monitoring implementation. Its highest value will depend on the memory available in the network device.
讨论:该术语通常表示为特定流监控实现中的可配置选项。其最大值取决于网络设备中可用的内存。
Measurement units: Number of Cache entries
度量单位:缓存条目数
Definition: For long-running Flows, the time interval after which the Metering Process expires a Cache entry to ensure Flow data is regularly updated.
定义:对于长时间运行的流,计量过程使缓存项过期的时间间隔,以确保定期更新流数据。
Discussion: This term is typically presented as a configurable option in the particular Flow monitoring implementation. See Section 5.1.1 of [RFC5470] for a more detailed discussion.
讨论:该术语通常在特定的流监控实现中作为可配置选项出现。有关更详细的讨论,请参见[RFC5470]第5.1.1节。
Flows are considered long running when they last longer than several multiples of the Active Timeout. If the Active Timeout is zero, then Flows are considered long running if they contain many more packets (tens of packets) than usually observed in a single transaction.
如果流的持续时间超过活动超时的几倍,则认为流是长时间运行的。如果活动超时为零,则如果流包含的数据包(数十个数据包)比单个事务中通常观察到的数据包多,则流被视为长时间运行。
Measurement units: Seconds
测量单位:秒
Definition: The time interval used by the Metering Process to expire an entry from the Cache when no more packets belonging to that specific Cache entry have been observed during the interval.
定义:当在该时间间隔内没有观察到更多属于该特定缓存项的数据包时,计量过程用于使缓存项过期的时间间隔。
Discussion: Idle Timeout is typically represented as a configurable option in the particular Flow monitoring implementation. See Section 5.1.1 of [RFC5470] for more detailed discussion. Note that some documents in the industry refer to "Idle Timeout" as "inactive timeout".
讨论:空闲超时通常表示为特定流监控实现中的可配置选项。更多详细讨论见[RFC5470]第5.1.1节。请注意,行业中的一些文档将“空闲超时”称为“非活动超时”。
Measurement units: Seconds
测量单位:秒
Definition: The number of Cache entries that expire from the Cache (as defined by the Flow Expiration term) and are exported to the Collector within a measurement time interval. There SHOULD NOT be any export filtering, so that all the expired Cache entries are exported. If there is export filtering and it can't be disabled, this MUST be indicated in the measurement report.
定义:在测量时间间隔内从缓存过期(由流过期期限定义)并导出到收集器的缓存项数。不应有任何导出筛选,以便导出所有过期的缓存项。如果存在导出筛选且无法禁用,则必须在测量报告中注明。
The measured Flow Export Rate MUST include both the Data Stream and the Control Information, as defined in Section 2 of [RFC5470].
测量的流量输出率必须包括[RFC5470]第2节中定义的数据流和控制信息。
Discussion: The Flow Export Rate is measured using Flow Export data observed at the Collector by counting the exported Flow Records during the measurement time interval (see Section 5.4). The value obtained is an average of the instantaneous export rates observed during the measurement time interval. The smallest possible measurement interval (if attempting to measure a nearly instantaneous export rate rather than average export rate on the DUT) is limited by the export capabilities of the particular Flow monitoring implementation (when physical-layer issues between the DUT and the Collector are excluded).
讨论:通过计算测量时间间隔内的输出流量记录,使用收集器观察到的流量输出数据测量流量输出率(见第5.4节)。获得的值是在测量时间间隔内观察到的瞬时输出率的平均值。可能的最小测量间隔(如果试图测量DUT上几乎瞬时的输出速率而不是平均输出速率)受到特定流量监测实施的输出能力的限制(当DUT和收集器之间的物理层问题被排除时)。
Measurement units: Number of Flow Records per second
测量单位:每秒的流量记录数
Flow Monitoring Throughput
流量监测吞吐量
Definition: The maximum Flow Export Rate the DUT can sustain without losing a single Cache entry. Additionally, for packet forwarding devices, the maximum Flow Export Rate the DUT can sustain without dropping packets in the Forwarding Plane (see Figure 1).
定义:DUT在不丢失单个缓存项的情况下可维持的最大流量输出速率。此外,对于包转发设备,DUT可以维持的最大流导出速率,而不会在转发平面中丢弃包(见图1)。
Measurement units: Number of Flow Records per second
测量单位:每秒的流量记录数
Discussion: The losses of Cache entries, or forwarded packets per this definition are assumed to happen due to the lack of DUT resources to process any additional traffic information or lack of resources to process Flow Export data. The physical-layer issues, like insufficient bandwidth from the DUT to the Collector or lack of Collector resources, MUST be excluded as detailed in Section 4.
讨论:根据此定义,缓存项或转发数据包的丢失假定是由于缺少DUT资源来处理任何附加流量信息或缺少资源来处理流导出数据而发生的。如第4节所述,必须排除物理层问题,如DUT到收集器的带宽不足或收集器资源不足。
The Flow monitoring performance metric is applicable to network devices that deploy the architecture described in [RFC5470]. These devices can be network packet forwarding devices or appliances that analyze traffic but do not forward traffic (e.g., probes, sniffers, replicators).
流量监控性能指标适用于部署[RFC5470]中所述体系结构的网络设备。这些设备可以是网络数据包转发设备或分析流量但不转发流量的设备(例如,探测器、嗅探器、复制器)。
This document does not intend to measure Collector performance, it only requires sufficient Collector resources (as specified in Section 4.4) in order to measure the DUT characteristics.
本文件不打算测量采集器性能,它只需要足够的采集器资源(如第4.4节所规定)来测量DUT特性。
Figure 1 presents the functional block diagram of the DUT. The traffic in the figure represents test traffic sent to the DUT and forwarded by the DUT, if possible. When testing devices that do not act as network packet forwarding devices (such as probes, sniffers, and replicators), the Forwarding Plane is simply an Observation Point as defined in Section 2 of [RFC5470]. The Throughput of such devices will always be zero, and the only applicable performance metric is the Flow Monitoring Throughput. Netflow is specified by [RFC3954].
图1显示了DUT的功能框图。图中的流量表示发送到DUT并由DUT转发的测试流量(如果可能)。当测试不作为网络数据包转发设备的设备(如探测器、嗅探器和复制器)时,转发平面只是[RFC5470]第2节中定义的观察点。此类设备的吞吐量始终为零,唯一适用的性能指标是流量监控吞吐量。网络流量由[RFC3954]指定。
+------------------------- +
| IPFIX | NetFlow | Others |
+------------------------- +
| ^ |
| Flow Export |
| ^ |
| +-------------+ |
| | Monitoring | |
| | Plane | |
| +-------------+ |
| ^ |
| traffic information |
| ^ |
| +-------------+ |
| | | |
traffic ---|---->| Forwarding |------|---->
| | Plane | |
| +-------------+ |
| |
| DUT |
+------------------------- +
+------------------------- +
| IPFIX | NetFlow | Others |
+------------------------- +
| ^ |
| Flow Export |
| ^ |
| +-------------+ |
| | Monitoring | |
| | Plane | |
| +-------------+ |
| ^ |
| traffic information |
| ^ |
| +-------------+ |
| | | |
traffic ---|---->| Forwarding |------|---->
| | Plane | |
| +-------------+ |
| |
| DUT |
+------------------------- +
Figure 1. The Functional Block Diagram of the DUT
图1。DUT的功能框图
Flow monitoring is represented in Figure 1 by the Monitoring Plane; it is enabled as specified in Section 4.3. It uses the traffic information provided by the Forwarding Plane and configured Flow Keys to create Cache entries representing the traffic forwarded (or observed) by the DUT in the DUT Cache. The Cache entries are expired from the Cache depending on the Cache configuration (e.g., the Active and Idle Timeouts, the Cache Size), number of Cache entries, and the traffic pattern. The Cache entries are used by the Exporting Process to format the Flow Records, which are then exported from the DUT to the Collector (see Figure 2 in Section 4).
流量监测在图1中由监测平面表示;按照第4.3节的规定启用。它使用转发平面提供的流量信息和配置的流密钥来创建缓存条目,以表示DUT在DUT缓存中转发(或观察)的流量。根据缓存配置(例如,活动和空闲超时、缓存大小)、缓存条目数和流量模式,缓存条目将从缓存中过期。导出过程使用缓存条目格式化流记录,然后将流记录从DUT导出到收集器(参见第4节中的图2)。
The Forwarding Plane and Monitoring Plane represent two separate functional blocks, each with its own performance capability. The Forwarding Plane handles user data packets and is fully characterized by the metrics defined by [RFC1242].
转发平面和监视平面代表两个独立的功能块,每个功能块都有自己的性能。转发平面处理用户数据包,并完全由[RFC1242]定义的度量表征。
The Monitoring Plane handles Flows that reflect the analyzed traffic. The metric for Monitoring Plane performance is the Flow Export Rate, and the benchmark is the Flow Monitoring Throughput.
监控平面处理反映分析流量的流量。监控飞机性能的指标是流量输出率,基准是流量监控吞吐量。
The measurement procedure is fully specified in Sections 4, 5, and 6. This section provides an overview of principles for the measurements.
第4、5和6节对测量程序进行了详细说明。本节概述了测量原理。
The basic measurement procedure of the performance characteristics of a DUT with Flow monitoring enabled is a conventional Throughput measurement using a search algorithm to determine the maximum packet rate at which none of the offered packets and corresponding Flow Records are dropped by the DUT as described in [RFC1242] and Section 26.1 of [RFC2544].
启用流量监控的DUT性能特性的基本测量程序是使用搜索算法确定最大分组速率的常规吞吐量测量,在该速率下,DUT不会丢弃任何提供的分组和相应的流量记录,如[RFC1242]和第26.1节所述[RFC2544]。
The DUT with Flow monitoring enabled contains two functional blocks that need to be measured using characteristics applicable to one or both blocks (see Figure 1). See Sections 3.4.1 and 3.4.2 for further discussion.
启用流量监控的DUT包含两个功能块,需要使用适用于一个或两个功能块的特性进行测量(见图1)。进一步讨论见第3.4.1节和第3.4.2节。
On one hand, the Monitoring Plane and Forwarding Plane (see Figure 1) need to be looked at as two independent blocks, and the performance of each measured independently. On the other hand, when measuring the performance of one, the status and performance of the other MUST be known and benchmarked when both are present.
一方面,需要将监视平面和转发平面(见图1)视为两个独立的块,并单独测量每个块的性能。另一方面,在衡量一方的绩效时,必须了解另一方的状态和绩效,并在两者都存在时进行基准测试。
The Flow Monitoring Throughput MUST be (and can only be) measured with one packet per Flow as specified in Section 5. This traffic type represents the most demanding traffic from the Flow monitoring point of view and will exercise the Monitoring Plane (see Figure 1) of the DUT most. In this scenario, every packet seen by the DUT creates a new Cache entry and forces the DUT to fill the Cache instead of just updating the packet and byte counters of an already existing Cache entry.
流量监控吞吐量必须(并且只能)按照第5节中的规定,使用每个流量一个数据包进行测量。从流量监测的角度来看,该流量类型代表要求最高的流量,并将使用DUT most的监测平面(见图1)。在这种情况下,DUT看到的每个数据包都会创建一个新的缓存条目,并强制DUT填充缓存,而不仅仅是更新已经存在的缓存条目的数据包和字节计数器。
The exit criteria for the Flow Monitoring Throughput measurement are one of the following (e.g., if any of the conditions are reached):
流量监测吞吐量测量的退出标准如下(例如,如果达到任何条件):
a. The Flow Export Rate at which the DUT starts to lose Flow Information or the Flow Information gets corrupted.
a. DUT开始丢失流量信息或流量信息损坏时的流量输出速率。
b. The Flow Export Rate at which the Forwarding Plane starts to drop or corrupt packets (if the Forwarding Plane is present).
b. 转发平面开始丢弃或损坏数据包的流导出速率(如果存在转发平面)。
A corrupted packet here means packet header corruption (resulting in the cyclic redundancy check failure on the transmission level and consequent packet drop) or packet payload corruption, which leads to lost application-level data.
在这里,损坏的数据包意味着数据包报头损坏(导致传输级别上的循环冗余检查失败并导致数据包丢失)或数据包有效负载损坏,从而导致应用级别数据丢失。
The Forwarding Plane (see Figure 1) performance metrics are fully specified by [RFC1242] and MUST be measured accordingly. A detailed traffic analysis (see below) with relation to Flow monitoring MUST be
转发平面(见图1)的性能指标由[RFC1242]完全指定,必须进行相应的测量。必须提供与流量监控相关的详细流量分析(见下文)
performed prior of any [RFC2544] measurements. Most importantly, the Flow Export Rate caused by the test traffic during an [RFC2544] measurement MUST be known and reported.
在任何[RFC2544]测量之前执行。最重要的是,必须知道并报告[RFC2544]测量期间由测试流量引起的流量输出率。
The required test traffic analysis mainly involves the following:
所需的测试流量分析主要包括以下内容:
a. Which packet header parameters are incremented or changed during traffic generation.
a. 在流量生成过程中,哪些数据包头参数会增加或更改。
b. Which Flow Keys the Flow monitoring configuration uses to generate Flow Records.
b. 流监控配置用于生成流记录的流键。
The performance metrics described in RFC 1242 can be measured in one of the three modes:
RFC 1242中描述的性能指标可在以下三种模式中的一种模式下测量:
a. As a baseline of forwarding performance without Flow monitoring.
a. 作为转发性能的基准,无需流量监控。
b. At a certain level of Flow monitoring activity specified by a Flow Export Rate lower than the Flow Monitoring Throughput.
b. 在由低于流量监控吞吐量的流量输出速率指定的流量监控活动的特定级别。
c. At the maximum level of Flow monitoring performance, e.g., using traffic conditions representing a measurement of Flow Monitoring Throughput.
c. 在流量监控性能的最大水平,例如,使用代表流量监控吞吐量测量的流量条件。
The above mentioned measurement mode in point a. represents an ordinary Throughput measurement specified in RFC 2544. The details of how to set up the measurements in points b. and c. are given in Section 6.
上述a点的测量模式。表示RFC 2544中指定的普通吞吐量测量。关于如何在点b中设置测量的详细信息。和c。在第6节中给出。
This section concentrates on the setup of all components necessary to perform Flow monitoring performance measurement. The recommended reporting format can be found in Appendix A.
本节主要介绍执行流量监测性能测量所需的所有组件的设置。建议的报告格式见附录A。
The measurement topology described in this section is applicable only to the measurements with packet forwarding network devices. The possible architectures and implementation of the traffic monitoring appliances (see Section 3.2) are too various to be covered in this document. Instead of the Forwarding Plane, these appliances generally have some kind of feed (e.g., an optical splitter, an interface sniffing traffic on a shared media, or an internal channel on the DUT providing a copy of the traffic) providing the information about the traffic necessary for Flow monitoring analysis. The measurement topology then needs to be adjusted to the appliance architecture and MUST be part of the measurement report.
本节中描述的测量拓扑仅适用于具有分组转发网络设备的测量。交通监控装置(见第3.2节)的可能架构和实施方式太多,本文件无法涵盖。代替转发平面,这些设备通常具有某种类型的馈送(例如,光分路器、在共享媒体上嗅探流量的接口或在DUT上提供流量副本的内部信道),提供流量监控分析所需的流量信息。然后,测量拓扑需要根据设备架构进行调整,并且必须是测量报告的一部分。
The measurement setup is identical to that used by [RFC2544], with the addition of a Collector to analyze the Flow Export (see Figure 2).
测量设置与[RFC2544]使用的相同,增加了一个收集器来分析流量输出(见图2)。
In the measurement topology with unidirectional traffic, the traffic is transmitted from the sender to the receiver through the DUT. The received traffic is analyzed to check that it is identical to the generated traffic.
在具有单向流量的测量拓扑中,流量通过DUT从发送方传输到接收方。对接收到的流量进行分析,以检查其是否与生成的流量相同。
The ideal way to implement the measurement is by using a single device to provide the sender and receiver capabilities with one sending port and one receiving port. This allows for an easy check as to whether all the traffic sent by the sender was re-transmitted by the DUT and received at the receiver.
实现测量的理想方法是使用单个设备为发送方和接收方提供一个发送端口和一个接收端口的能力。这允许容易地检查发送方发送的所有通信量是否由DUT重新发送并在接收方接收。
+-----------+
| |
| Collector |
| |
|Flow Record|
| analysis |
| |
+-----------+
^
| Flow Export
|
| Export Interface
+--------+ +-------------+ +----------+
| | | | | traffic |
| traffic| (*)| | | receiver |
| sender |-------->| DUT |--------->| |
| | | | | traffic |
| | | | | analysis |
+--------+ +-------------+ +----------+
+-----------+
| |
| Collector |
| |
|Flow Record|
| analysis |
| |
+-----------+
^
| Flow Export
|
| Export Interface
+--------+ +-------------+ +----------+
| | | | | traffic |
| traffic| (*)| | | receiver |
| sender |-------->| DUT |--------->| |
| | | | | traffic |
| | | | | analysis |
+--------+ +-------------+ +----------+
Figure 2. Measurement Topology with Unidirectional Traffic
图2。具有单向流量的测量拓扑
The DUT's export interface (connecting the Collector) MUST NOT be used for forwarding test traffic but only for the Flow Export data containing the Flow Records. In all measurements, the export interface MUST have enough bandwidth to transmit Flow Export data without congestion. In other words, the export interface MUST NOT be a bottleneck during the measurement.
DUT的导出接口(连接收集器)不得用于转发测试流量,而只能用于包含流量记录的流量导出数据。在所有测量中,导出接口必须具有足够的带宽,以便在无拥塞的情况下传输流导出数据。换句话说,导出接口在测量过程中不能成为瓶颈。
The traffic receiver MUST have sufficient resources to measure all test traffic transferred successfully by the DUT. This may be checked through measurements with and without the DUT.
业务接收器必须有足够的资源来测量DUT成功传输的所有测试业务。这可通过有或无DUT的测量进行检查。
Note that more complex topologies might be required. For example, if the effects of enabling Flow monitoring on several interfaces is of concern, or the maximum speed of media transmission is less than the DUT Throughput, the topology can be expanded with several input and output ports. However, the topology MUST be clearly written in the measurement report.
请注意,可能需要更复杂的拓扑。例如,如果在多个接口上启用流量监控的影响值得关注,或者媒体传输的最大速度小于DUT吞吐量,则可以使用多个输入和输出端口扩展拓扑。但是,必须在测量报告中清楚地写明拓扑结构。
The baseline DUT setup and the way the setup is reported in the measurement results is fully specified in Section 7 of [RFC2544].
[RFC2544]第7节对基线DUT设置和测量结果中报告设置的方式进行了详细说明。
The baseline DUT configuration might include other features, like packet filters or quality of service on the input and/or output interfaces, if there is the need to study Flow monitoring in the presence of those features. The Flow monitoring measurement procedures do not change in this case. Consideration needs to be made when evaluating measurement results to take into account the possible change of packet rates offered to the DUT and Flow monitoring after application of the features to the configuration. Any such feature configuration MUST be part of the measurement report.
基线DUT配置可能包括其他特性,如输入和/或输出接口上的包过滤器或服务质量,如果需要研究存在这些特性时的流量监控。在这种情况下,流量监测测量程序不会改变。在评估测量结果时,需要考虑提供给DUT的数据包速率的可能变化,以及在将特性应用于配置之后的流量监控。任何此类功能配置必须是测量报告的一部分。
The DUT export interface (see Figure 2) SHOULD be configured with sufficient output buffers to avoid dropping the Flow Export data due to a simple lack of resources in the interface hardware. The applied configuration MUST be part of the measurement report.
DUT导出接口(见图2)应配置足够的输出缓冲区,以避免由于接口硬件中简单的资源缺乏而丢弃流导出数据。应用的配置必须是测量报告的一部分。
The test designer has the freedom to run tests in multiple configurations. It is therefore possible to run both non-production and real deployment configurations in the laboratory, according to the needs of the tester. All configurations MUST be part of the measurement report.
测试设计器可以在多个配置中自由运行测试。因此,根据测试人员的需要,可以在实验室中运行非生产和实际部署配置。所有配置必须是测量报告的一部分。
This section covers all of the aspects of the Flow monitoring configuration necessary on the DUT in order to perform the Flow monitoring performance measurement. The necessary configuration has a number of components (see [RFC5470]), namely Observation Points, Metering Process, and Exporting Process as detailed below.
本节涵盖了DUT进行流量监测性能测量所需的流量监测配置的所有方面。必要的配置有许多组件(见[RFC5470]),即观察点、计量过程和导出过程,如下所述。
The DUT MUST support the Flow monitoring architecture as specified by [RFC5470]. The DUT SHOULD support IPFIX [RFC5101] to allow a meaningful results comparison due to the standardized export protocol.
DUT必须支持[RFC5470]规定的流量监测体系结构。DUT应支持IPFIX[RFC5101],以便根据标准化导出协议进行有意义的结果比较。
The DUT configuration, any existing Cache, and Cache entries MUST be erased before the application of any new configuration for the currently executed measurement.
在为当前执行的测量应用任何新配置之前,必须擦除DUT配置、任何现有缓存和缓存条目。
The Observation Points specify the interfaces and direction in which the Flow monitoring traffic analysis is to be performed.
观测点规定了进行流量监测交通分析的接口和方向。
The (*) in Figure 2 designates the Observation Points in the default configuration. Other DUT Observation Points might be configured depending on the specific measurement needs as follows:
图2中的(*)指定默认配置中的观察点。其他DUT观察点可根据具体测量需求进行配置,如下所示:
a. ingress port/ports only b. egress port/ports only c. both ingress and egress
a. 入口端口/仅端口b。出口端口/仅端口c。入口和出口
This test topology corresponds to unidirectional traffic only with traffic analysis performed on the input and/or output interface. Testing with bidirectional traffic is discussed in Appendix B.
该测试拓扑仅对应于在输入和/或输出接口上执行流量分析的单向流量。附录B中讨论了双向通信量的测试。
Generally, the placement of Observation Points depends upon the position of the DUT in the deployed network and the purpose of Flow monitoring. See [RFC3917] for detailed discussion. The measurement procedures are otherwise the same for all these possible configurations.
通常,观测点的位置取决于DUT在部署网络中的位置和流量监测的目的。详细讨论请参见[RFC3917]。对于所有这些可能的配置,测量程序都是相同的。
In the case of both ingress and egress Flow monitoring being enabled on one DUT, the resulting analysis should consider that each Flow will be represented in the DUT Cache by two Flow Records (one for each direction). Therefore, the Flow Export will also contain those two Flow Records.
在一个DUT上启用入口和出口流量监视的情况下,所得到的分析应该考虑到每个流将被DUT高速缓存中的两个流记录(每个方向一个)表示。因此,流导出也将包含这两个流记录。
If more than one Observation Point for one direction is defined on the DUT, the traffic passing through each of the Observation Points MUST be configured in such a way that it creates Flows and Flow Records that do not overlap. Each packet (or set of packets if measuring more than one packet per Flow - see Section 6.3.1) sent to the DUT on different ports still creates one unique Flow Record.
如果DUT上定义了一个方向的多个观察点,则通过每个观察点的交通量必须以这样的方式进行配置,即其创建的流量和流量记录不会重叠。发送到不同端口上DUT的每个数据包(或数据包集,如果每个流量测量一个以上的数据包,请参见第6.3.1节),仍然会创建一个唯一的流量记录。
The specific Observation Points and associated monitoring direction MUST be included as part of the measurement report.
测量报告中必须包括特定观测点和相关监测方向。
The Metering Process MUST be enabled in order to create the Cache in the DUT and configure the Cache related parameters.
为了在DUT中创建缓存并配置缓存相关参数,必须启用计量过程。
The Cache Size available to the DUT MUST be known and taken into account when designing the measurement as specified in Section 5. Typically, the Cache Size will be present in the "show" commands of the Flow monitoring process, in either the actual configuration or the product documentation from the DUT vendor. The Cache Size MUST have a fixed value for the entire duration of the measurement. This method is not applicable to benchmarking any Flow monitoring applications that dynamically change their Cache Size.
当按照第5节的规定设计测量时,必须知道并考虑DUT可用的缓存大小。通常,在实际配置或DUT供应商的产品文档中,缓存大小将出现在流量监测过程的“显示”命令中。在整个测量期间,缓存大小必须具有固定值。此方法不适用于对动态更改缓存大小的任何流监视应用程序进行基准测试。
The configuration of the Metering Process MUST be included as part of the measurement report. For example, when a Flow monitoring implementation uses timeouts to expire entries from the Cache, the Cache's Idle and Active Timeouts MUST be known and taken into account when designing the measurement as specified in Section 5. If the Flow monitoring implementation allows only timeouts equal to zero (e.g., immediate timeout or non-existent Cache), then the measurement conditions in Section 5 are fulfilled inherently without any additional configuration. The DUT simply exports information about every packet immediately, subject to the Flow Export Rate definition in Section 2.2.5.
计量过程的配置必须包含在计量报告中。例如,当流监控实现使用超时使缓存中的条目过期时,必须知道缓存的空闲和活动超时,并在按照第5节的规定设计度量时将其考虑在内。如果流量监控实现只允许超时等于零(例如,即时超时或不存在缓存),则第5节中的测量条件在没有任何额外配置的情况下内在地得到满足。DUT仅根据第2.2.5节中的流量导出率定义,立即导出关于每个数据包的信息。
If the Flow monitoring implementation allows configuration of multiple Metering Processes on a single DUT, the exact configuration of each process MUST be included in the measurement report. Only measurements with the same number of Metering Processes can be compared.
如果流量监测实施允许在单个DUT上配置多个计量过程,则测量报告中必须包括每个过程的准确配置。只能比较具有相同数量计量过程的测量值。
The Cache Size and the Idle and Active Timeouts MUST be included in the measurement report.
测量报告中必须包括缓存大小以及空闲和活动超时。
The Exporting Process MUST be configured in order to export the Flow Record data to the Collector.
必须配置导出过程才能将流记录数据导出到收集器。
The Exporting Process MUST be configured in such a way that all Flow Records from all configured Observation Points are exported towards the Collector, after the expiration policy, which is composed of the Idle and Active Timeouts and Cache Size.
导出过程的配置必须确保在过期策略(由空闲和活动超时以及缓存大小组成)之后,所有配置的观测点的所有流记录都导出到收集器。
The Exporting Process SHOULD be configured with IPFIX [RFC5101] as the protocol used to format the Flow Export data. If the Flow monitoring implementation does not support IPFIX, proprietary protocols MAY be used. Only measurements with the same export protocol SHOULD be compared since the protocols may differ in their export efficiency. The export efficiency might also be influenced by the Template Record used and the ordering of the individual export fields within the template.
导出过程应配置IPFIX[RFC5101]作为用于格式化流导出数据的协议。如果流监控实现不支持IPFIX,则可以使用专有协议。应仅比较具有相同导出协议的测量值,因为协议的导出效率可能不同。导出效率还可能受到所使用的模板记录以及模板中各个导出字段的顺序的影响。
The Template Records used by the tested implementations SHOULD be analyzed and documented as part of the measurement report. Ideally, only tests with same Template Records should be compared.
测试实施使用的模板记录应作为测量报告的一部分进行分析和记录。理想情况下,只应比较具有相同模板记录的测试。
Various Flow monitoring implementations might use different default values regarding the export of Control Information [RFC5470]; therefore, the Flow Export corresponding to Control Information SHOULD be analyzed and reported as a separate item on the measurement report. The export of Control Information SHOULD always be configured consistently across all testing and configured to the minimal possible value. Ideally, just one set of Control Information should be exported during each measurement. Note that Control Information includes options and Template Records [RFC5470].
各种流监控实现可能会使用不同的默认值来导出控制信息[RFC5470];因此,应分析与控制信息相对应的流量输出,并在测量报告中作为单独项目进行报告。控制信息的导出应始终在所有测试中一致配置,并配置为最小可能值。理想情况下,每次测量期间只应导出一组控制信息。注意,控制信息包括选项和模板记录[RFC5470]。
Section 10 of [RFC5101] and Section 8.1 of [RFC5470] discuss the possibility of deploying various transport-layer protocols to deliver Flow Export data from the DUT to the Collector. The selected protocol MUST be included in the measurement report. Only benchmarks with the same transport-layer protocol SHOULD be compared. If the Flow monitoring implementation allows the use of multiple transport-layer protocols, each of the protocols SHOULD be measured in a separate measurement run and the results reported independently in the measurement report.
[RFC5101]第10节和[RFC5470]第8.1节讨论了部署各种传输层协议的可能性,以将数据流导出数据从DUT传送到收集器。所选协议必须包含在测量报告中。只应比较具有相同传输层协议的基准测试。如果流监控实现允许使用多个传输层协议,则应在单独的测量运行中测量每个协议,并在测量报告中独立报告结果。
If a reliable transport protocol is used for the transmission of the Flow Export data from the DUT, the configuration of the Transport session MUST allow for non-blocking data transmission. An example of parameters to look at would be the TCP window size and maximum segment size (MSS). The most substantial transport-layer parameters should be included in the measurement report.
如果可靠的传输协议用于从DUT传输流导出数据,则传输会话的配置必须允许非阻塞数据传输。要查看的参数示例是TCP窗口大小和最大段大小(MSS)。测量报告中应包括最重要的传输层参数。
A Flow Record contains information about a specific Flow observed at an Observation Point. A Flow Record contains measured properties of the Flow (e.g., the total number of bytes for all the Flow packets) and usually characteristic properties of the Flow (e.g., source IP address).
流量记录包含有关在观测点观测到的特定流量的信息。流记录包含流的测量属性(例如,所有流数据包的总字节数)和流的通常特征属性(例如,源IP地址)。
The Flow Record definition is implementation specific. A Flow monitoring implementation might allow for only a fixed Flow Record definition, based on the most common IP parameters in the IPv4 or IPv6 headers -- for example, source and destination IP addresses, IP protocol numbers, or transport-level port numbers. Another implementation might allow the user to define their own arbitrary Flow Record to monitor the traffic. The only requirement for the measurements defined in this document is the need for a large
流记录定义是特定于实现的。流监视实现可能只允许基于IPv4或IPv6标头中最常见的IP参数(例如,源和目标IP地址、IP协议号或传输级别端口号)的固定流记录定义。另一个实现可能允许用户定义自己的任意流记录来监视流量。本文件中定义的测量的唯一要求是需要一个大的
number of Cache entries in the Cache. The Flow Keys needed to achieve that will typically be source and destination IP addresses and transport-level port numbers.
缓存中的缓存项数。实现这一点所需的流密钥通常是源和目标IP地址以及传输级别端口号。
The recommended full IPv4, IPv6, or MPLS Flow Record is shown below. The IP address indicates either IPv4 or IPv6, depending on the traffic type being tested. The Flow Record configuration is Flow monitoring implementation-specific; therefore, the examples below cannot provide an exact specification of individual entries in each Flow Record. The best set of key fields to use is left to the test designer using the capabilities of the specific Flow monitoring implementation.
建议的完整IPv4、IPv6或MPLS流记录如下所示。IP地址表示IPv4或IPv6,具体取决于测试的流量类型。流量记录配置是特定于流量监控实施的;因此,下面的示例无法提供每个流记录中单个条目的确切说明。要使用的最佳关键字段集留给测试设计者使用特定流监控实现的功能。
Flow Keys: Source IP address Destination IP address MPLS label (for MPLS traffic type only) Transport-layer source port Transport-layer destination port IP protocol number (IPv6 next header) IP type of service (IPv6 traffic class)
流密钥:源IP地址目标IP地址MPLS标签(仅适用于MPLS流量类型)传输层源端口传输层目标端口IP协议号(IPv6下一个标头)服务的IP类型(IPv6流量类)
Other fields: Packet counter Byte counter
其他字段:数据包计数器字节计数器
Table 1: Recommended Configuration
表1:推荐配置
If the Flow monitoring allows for user-defined Flow Records, the minimal Flow Record configurations allowing large numbers of Cache entries are, for example:
如果流监视允许用户定义流记录,则允许大量缓存项的最小流记录配置为,例如:
Flow Keys: Source IP address Destination IP address
流密钥:源IP地址目标IP地址
Other fields: Packet counter
其他字段:数据包计数器
or: Flow Keys: Transport-layer source port Transport-layer destination port
或:流键:传输层源端口传输层目标端口
Other fields: Packet counter
其他字段:数据包计数器
Table 2: User-Defined Configuration
表2:用户定义的配置
The Flow Record configuration MUST be clearly noted in the measurement report. The Flow Monitoring Throughput measurements on different DUTs, or different Flow monitoring implementations, MUST be only compared for exactly the same Flow Record configuration.
流量记录配置必须在测量报告中清楚注明。不同DUT或不同流量监测实施方式上的流量监测吞吐量测量值必须仅针对完全相同的流量记录配置进行比较。
The Flow monitoring architecture as specified in [RFC5470] allows for more complicated configurations with multiple Metering and Exporting Processes on a single DUT. Depending on the particular Flow monitoring implementation, it might affect the measured DUT performance. Therefore, the measurement report should contain information about how many Metering and Exporting Processes were configured on the DUT for the selected Observation Points.
[RFC5470]中规定的流量监控体系结构允许在单个DUT上进行多个计量和输出过程的更复杂配置。根据特定的流量监控实施,它可能会影响测量的DUT性能。因此,测量报告应包含有关在DUT上为所选观测点配置了多少计量和导出过程的信息。
The examples of such possible configurations are:
此类可能配置的示例如下:
a. Several Observation Points with a single Metering Process and a single Exporting Process.
a. 具有单个计量过程和单个输出过程的多个观测点。
b. Several Observation Points, each with one Metering Process but all using just one instance of Exporting Process.
b. 几个观察点,每个都有一个计量过程,但都只使用一个导出过程实例。
c. Several Observation Points with per-Observation-Point Metering Process and Exporting Process.
c. 多个观测点,每个观测点计量过程和输出过程。
The Flow Record configuration for measurements with MPLS encapsulated traffic SHOULD contain the MPLS label. For this document's purposes, "MPLS Label" is the entire 4 byte MPLS header. Typically, the label of the interest will be at the top of the label stack, but this depends on the details of the MPLS test setup.
MPLS封装流量测量的流记录配置应包含MPLS标签。在本文档中,“MPLS标签”是整个4字节MPLS标头。通常,感兴趣的标签将位于标签堆栈的顶部,但这取决于MPLS测试设置的细节。
The tester SHOULD ensure that the data received by the Collector contains the expected MPLS labels.
测试人员应确保收集器接收的数据包含预期的MPLS标签。
The MPLS forwarding performance document [RFC5695] specifies a number of possible MPLS label operations to test. The Observation Points MUST be placed on all the DUT test interfaces where the particular MPLS label operation takes place. The performance measurements SHOULD be performed with only one MPLS label operation at the time.
MPLS转发性能文档[RFC5695]指定了一些可能要测试的MPLS标签操作。观察点必须放置在发生特定MPLS标签操作的所有DUT测试接口上。性能测量应在一次仅使用一个MPLS标签操作的情况下执行。
The DUT MUST be configured in such a way that all the traffic is subject to the measured MPLS label operation.
DUT的配置方式必须确保所有流量都符合测量的MPLS标签操作。
The Collector is needed in order to capture the Flow Export data, which allows the Flow Monitoring Throughput to be measured.
需要收集器来捕获流导出数据,从而可以测量流监视吞吐量。
The Collector can be used exclusively as a capture device, providing just hexadecimal format of the Flow Export data. In such a case, it does not need to have any additional Flow Export decoding capabilities and all the decoding is done offline.
收集器可以专门用作捕获设备,只提供流导出数据的十六进制格式。在这种情况下,它不需要任何额外的流导出解码功能,所有解码都是离线完成的。
However, if the Collector is also used to decode the Flow Export data, it SHOULD support IPFIX [RFC5101] for meaningful results analysis. If proprietary Flow Export is deployed, the Collector MUST support it; otherwise, the Flow Export data analysis is not possible.
但是,如果收集器还用于解码流导出数据,则它应支持IPFIX[RFC5101]以进行有意义的结果分析。如果部署了专有流导出,收集器必须支持它;否则,无法进行流导出数据分析。
The Collector MUST be capable of capturing the export packets sent from the DUT at the full rate without losing any of them. When using reliable transport protocols (see also Section 4.3.3) to transmit Flow Export data, the Collector MUST have sufficient resources to guarantee non-blocking data transmission on the transport-layer session.
收集器必须能够以全速率捕获从DUT发送的导出数据包,而不会丢失任何数据包。当使用可靠的传输协议(另见第4.3.3节)传输流导出数据时,采集器必须有足够的资源来保证传输层会话上的非阻塞数据传输。
During the analysis, the Flow Export data needs to be decoded and the received Flow Records counted.
在分析过程中,需要对流量输出数据进行解码,并对接收到的流量记录进行计数。
The capture buffer MUST be cleared at the beginning of each measurement.
每次测量开始时必须清除捕获缓冲区。
Packet sampling and flow sampling is out of the scope of this document. This document applies to situations without packet, flow, or export sampling.
数据包采样和流采样不在本文件范围内。本文件适用于无数据包、数据流或出口采样的情况。
Flow monitoring itself is not dependent in any way on the media used on the input and output ports. Any media can be used as supported by the DUT and the test equipment. This applies both to data forwarding interfaces and to the export interface (see Figure 2).
流量监控本身不以任何方式依赖于输入和输出端口上使用的介质。在DUT和测试设备的支持下,可以使用任何介质。这既适用于数据转发接口,也适用于导出接口(见图2)。
At the time of this writing, the most common transmission media and corresponding frame formats (e.g., Ethernet, Packet over SONET) for IPv4, IPv6, and MPLS traffic are specified within [RFC2544], [RFC5180], and [RFC5695].
在撰写本文时,[RFC2544]、[RFC5180]和[RFC5695]中规定了IPv4、IPv6和MPLS流量的最常见传输介质和相应的帧格式(例如以太网、SONET上的数据包)。
The presented frame formats MUST be recorded in the measurement report.
提交的帧格式必须记录在测量报告中。
Frame sizes of the traffic to be analyzed by the DUT are specified in Section 9 of [RFC2544] for Ethernet type interfaces (64, 128, 256, 1024, 1280, 1518 bytes) and in Section 5 of [RFC5180] for Packet over SONET interfaces (47, 64, 128, 256, 1024, 1280, 1518, 2048, 4096 bytes).
对于以太网类型的接口(64、128、256、1024、1280、1518字节),[RFC2544]的第9节和[RFC5180]的第5节规定了DUT要分析的流量的帧大小,对于SONET上的数据包接口(47、64、128、256、1024、1280、1518、2048、4096字节)。
When measuring with large frame sizes, care needs to be taken to avoid any packet fragmentation on the DUT interfaces that could negatively affect measured performance values.
当使用大帧尺寸进行测量时,需要注意避免DUT接口上的任何数据包碎片,这可能会对测量的性能值产生负面影响。
The presented frame sizes MUST be recorded in the measurement report.
必须在测量报告中记录显示的框架尺寸。
The Flow monitoring performance will be affected by the packet size that the particular implementation uses to transmit Flow Export data to the Collector. The used packet size MUST be part of the measurement report and only measurements with same packet sizes SHOULD be compared.
流监控性能将受到特定实现用于将流导出数据传输到收集器的数据包大小的影响。所使用的数据包大小必须是测量报告的一部分,并且只能比较具有相同数据包大小的测量。
The DUT export interface (see Figure 2) maximum transmission unit (MTU) SHOULD be configured to the largest available value for the media. The Flow Export MTU MUST be recorded in the measurement report.
DUT导出接口(见图2)最大传输单元(MTU)应配置为介质的最大可用值。流量输出MTU必须记录在测量报告中。
The examples below represent a hypothetical test setup to clarify the use of Flow monitoring parameters and configuration, together with traffic parameters to test Flow monitoring. The actual benchmarking specifications are in Sections 5 and 6.
下面的示例表示一个假设的测试设置,以澄清流量监控参数和配置的使用,以及测试流量监控的流量参数。实际基准规范见第5节和第6节。
The traffic generator sends 1000 packets per second in 10000 defined streams, each stream identified by a unique destination IP address. Therefore, each stream has a packet rate of 0.1 packets per second.
流量生成器每秒在10000个定义的流中发送1000个数据包,每个流由唯一的目标IP地址标识。因此,每个流具有每秒0.1个分组的分组速率。
The packets are sent in a round-robin fashion (stream 1 to 10000) while incrementing the destination IP address for each sent packet. After a packet for stream 10000 is sent, the next packet destination IP address corresponds to stream 1's address again.
数据包以循环方式(流1到10000)发送,同时增加每个发送数据包的目标IP地址。在发送流10000的分组之后,下一个分组目的地IP地址再次对应于流1的地址。
The configured Cache Size is 20000 Flow Records. The configured Active Timeout is 100 seconds, and the Idle Timeout is 5 seconds.
配置的缓存大小为20000个流记录。配置的活动超时为100秒,空闲超时为5秒。
Flow monitoring on the DUT uses the destination IP address as the Flow Key.
DUT上的流量监控使用目标IP地址作为流量密钥。
A packet with the destination IP address equal to A is sent every 10 seconds, so the Cache entry is refreshed in the Cache every 10 seconds. However, the Idle Timeout is 5 seconds, so the Cache entries will expire from the Cache due to the Idle Timeout, and when a new packet is sent with the same IP address A, it will create a new entry in the Cache. This behavior depends upon the design and efficiency of the Cache ager, and incidences of multi-packet flows observed during this test should be noted.
目标IP地址等于A的数据包每10秒发送一次,因此缓存条目每10秒在缓存中刷新一次。但是,空闲超时为5秒,因此缓存条目将因空闲超时而从缓存中过期,并且当发送具有相同IP地址a的新数据包时,它将在缓存中创建新条目。此行为取决于缓存AGR的设计和效率,应注意在测试期间观察到的多数据包流的发生率。
The measured Flow Export Rate in this case will be 1000 Flow Records per second since every single sent packet will always create a new Cache entry and 1000 packets per second are sent.
在这种情况下,测量的流导出速率将为每秒1000个流记录,因为每个发送的数据包始终会创建一个新的缓存条目,并且每秒发送1000个数据包。
The expected number of Cache entries in the Cache during the whole measurement is around 5000. It corresponds to the Idle Timeout being 5 seconds; during those five seconds, 5000 entries are created. This expectation might change in real measurement setups with large Cache Sizes and a high packet rate where the DUT's actual export rate might be limited and lower than the Flow Expiration activity caused by the traffic offered to the DUT. This behavior is entirely implementation-specific.
在整个测量过程中,缓存中缓存项的预期数量约为5000。对应空闲超时为5秒;在这五秒钟内,创建了5000个条目。在具有大缓存大小和高分组速率的实际测量设置中,该期望可能会改变,其中DUT的实际导出速率可能会受到限制,并且低于由提供给DUT的流量引起的流过期活动。此行为完全是特定于实现的。
The traffic generator sends 1000 packets per second in 100 defined streams, each stream identified by a unique destination IP address. Each stream has a packet rate of 10 packets per second. The packets are sent in a round-robin fashion (stream 1 to 100) while incrementing the destination IP address for each sent packet. After a packet for stream 100 is sent, the next packet destination IP address corresponds to stream 1's address again.
流量生成器每秒在100个定义的流中发送1000个数据包,每个流由唯一的目标IP地址标识。每个流的分组速率为每秒10个分组。分组以循环方式(流1到100)发送,同时增加每个发送分组的目的地IP地址。在发送流100的分组之后,下一分组目的地IP地址再次对应于流1的地址。
The configured Cache Size is 1000 Flow Records. The configured Active Timeout is 100 seconds. The Idle Timeout is 10 seconds.
配置的缓存大小为1000个流记录。配置的活动超时为100秒。空闲超时为10秒。
Flow monitoring on the DUT uses the destination IP address as the Flow Key.
DUT上的流量监控使用目标IP地址作为流量密钥。
After the first 100 packets are sent, 100 Cache entries will have been created in the Flow monitoring Cache. The subsequent packets will be counted against the already created Cache entries since the destination IP address (Flow Key) has already been seen by the DUT (provided the Cache entries did not expire yet as described below).
发送前100个数据包后,将在流监控缓存中创建100个缓存条目。由于DUT已看到目标IP地址(流密钥)(前提是缓存项尚未到期,如下所述),因此将根据已创建的缓存项对后续数据包进行计数。
A packet with the destination IP address equal to A is sent every 0.1 second, so the Cache entry is refreshed in the Cache every 0.1 second, while the Idle Timeout is 10 seconds. In this case, the Cache entries will not expire until the Active Timeout expires, e.g., they will expire every 100 seconds and then the Cache entries will be created again.
目标IP地址等于A的数据包每0.1秒发送一次,因此缓存条目每0.1秒在缓存中刷新一次,而空闲超时为10秒。在这种情况下,缓存项在活动超时过期之前不会过期,例如,它们将每100秒过期一次,然后将再次创建缓存项。
If the test measurement time is 50 seconds from the start of the traffic generator, then the measured Flow Export Rate is 0 since during this period nothing expired from the Cache.
如果测试测量时间为流量生成器启动后的50秒,则测量的流量输出率为0,因为在此期间缓存中没有任何内容过期。
If the test measurement time is 100 seconds from the start of the traffic generator, then the measured Flow Export Rate is 1 Flow Record per second.
如果测试测量时间为流量生成器启动后100秒,则测量的流量输出速率为每秒1个流量记录。
If the test measurement time is 290 seconds from the start of the traffic generator, then the measured Flow Export Rate is 2/3 of a Flow Record per second since the Cache expired the same number of Flows twice (100) during the 290-seconds period.
如果测试测量时间为自流量生成器启动后的290秒,则测量的流量输出速率为每秒流量记录的2/3,因为缓存在290秒期间两次(100)过期相同数量的流量。
Objective:
目标:
To measure the Flow monitoring performance in a manner that is comparable between different Flow monitoring implementations.
以不同流量监控实施之间可比较的方式测量流量监控性能。
Metric definition:
度量定义:
Flow Monitoring Throughput - see Section 3.
流量监测吞吐量-见第3节。
Discussion:
讨论:
Different Flow monitoring implementations might choose to handle Flow Export from a partially empty Cache differently than in the case of the Cache being fully occupied. Similarly, software- and hardware-based DUTs can handle the same situation as stated above differently. The purpose of the benchmark measurement in this section is to define one measurement procedure covering all the possible behaviors.
不同的流监控实现可能会选择以不同的方式处理来自部分空缓存的流导出,而不是在缓存被完全占用的情况下。类似地,基于软件和硬件的DUT可以以不同的方式处理上述相同的情况。本节中基准测量的目的是定义一个涵盖所有可能行为的测量程序。
The only criteria is to measure as defined here until Flow Record or packet losses are seen. The decision whether to dive deeper into the conditions under which the packet losses happen is left to the tester.
唯一的标准是按照此处的定义进行测量,直到看到流量记录或数据包丢失。是否深入研究数据包丢失发生的条件由测试人员决定。
Cache Size Cache Size configuration is dictated by the expected position of the DUT in the network and by the chosen Flow Keys of the Flow Record. The number of unique sets of Flow Keys that the traffic generator (sender) provides should be multiple times larger than the Cache Size. This ensures that the existing Cache entries are never updated by a packet from the sender before the particular Flow Expiration and Flow Export. This condition is simple to fulfill with linearly incremented Flow Keys (for example, IP addresses or transport-layer ports) where the range of values must be larger than the Cache Size. When randomized traffic generation is in use, the generator must ensure that the same Flow Keys are not repeated within a range of randomly generated values.
缓存大小缓存大小配置由DUT在网络中的预期位置和流记录的所选流键决定。流量生成器(发送方)提供的唯一流密钥集的数量应该是缓存大小的数倍。这确保在特定流过期和流导出之前,发送方的数据包不会更新现有缓存项。使用线性递增的流密钥(例如,IP地址或传输层端口)很容易满足此条件,其中值的范围必须大于缓存大小。使用随机流量生成时,生成器必须确保在随机生成的值范围内不会重复相同的流键。
The Cache Size MUST be known in order to define the measurement circumstances properly. Typically, the Cache Size will be found using the "show" commands of the Flow monitoring implementation in the actual configuration or in the product documentation from the vendor.
为了正确定义测量环境,必须知道缓存大小。通常,缓存大小将在实际配置或供应商的产品文档中使用流监控实现的“show”命令找到。
Idle Timeout Idle Timeout is set (if configurable) to the minimum possible value on the DUT. This ensures that the Cache entries are expired as soon as possible and exported out of the DUT Cache. It MUST be known in order to define the measurement circumstances completely and equally across implementations.
Idle Timeout Idle Timeout(空闲超时)设置为DUT上可能的最小值(如果可配置)。这可确保缓存项尽快过期并从DUT缓存中导出。必须知道这一点,以便在实现中完整、平等地定义度量环境。
Active Timeout Active Timeout is set (if configurable) to a value equal to or higher than the Idle Timeout. It MUST be known in order to define the measurement circumstances completely and equally across implementations.
活动超时活动超时设置为等于或高于空闲超时的值(如果可配置)。必须知道这一点,以便在实现中完整、平等地定义度量环境。
Flow Keys Definition: The test needs large numbers of unique Cache entries to be created by incrementing values of one or several Flow Keys. The number of unique combinations of Flow Keys values SHOULD be several times larger than the DUT Cache Size. This makes sure that any incoming packet will never refresh any already existing Cache entry.
流键定义:测试需要通过增加一个或多个流键的值来创建大量唯一的缓存项。流键值的唯一组合数应比DUT缓存大小大几倍。这确保任何传入的数据包都不会刷新任何已经存在的缓存条目。
The availability of Cache Size, Idle Timeout, and Active Timeout as configuration parameters is implementation-specific. If the Flow monitoring implementation does not support these parameters, the test possibilities, as specified by this document, are restricted. Some
缓存大小、空闲超时和活动超时作为配置参数的可用性取决于具体实现。如果流量监测实施不支持这些参数,则本文件规定的测试可能性受到限制。一些
testing might be viable if the implementation follows the guidance provided in the [IPFIX-CONFIG] document and is considered on a case-by-case basis.
如果实现遵循[IPFIX-CONFIG]文档中提供的指导,并在个案基础上考虑,那么测试可能是可行的。
Traffic Generation The traffic generator needs to increment the Flow Keys values with each sent packet. This way, each packet represents one Cache entry in the DUT Cache.
流量生成流量生成器需要为每个发送的数据包增加流量密钥值。这样,每个数据包代表DUT缓存中的一个缓存条目。
A particular Flow monitoring implementation might choose to deploy a hashing mechanism to match incoming data packets to a certain Flow. In such a case, the combination of how the traffic is constructed and the hashing might influence the DUT Flow monitoring performance. For example, if IP addresses are used as Flow Keys, this means there could be a performance difference for linearly incremented addresses (in ascending or descending order) as opposed to IP addresses randomized in a certain range. If randomized IP address sequences are used, then the traffic generator needs to be able to reproduce the randomization (e.g., the same set of IP addresses sent in the same order in different test runs) in order to compare various DUTs and Flow monitoring implementations.
特定的流监控实现可能会选择部署散列机制,以将传入数据包与特定流相匹配。在这种情况下,通信量的构造方式和散列的组合可能会影响DUT流监控性能。例如,如果IP地址用作流键,这意味着线性递增的地址(升序或降序)与在特定范围内随机化的IP地址可能存在性能差异。如果使用随机化IP地址序列,则流量生成器需要能够再现随机化(例如,在不同测试运行中以相同顺序发送的同一组IP地址),以便比较各种DUT和流量监控实现。
If the test traffic rate is below the maximum media rate for the particular packet size, the traffic generator MUST send the packets in equidistant time intervals. Traffic generators that do not fulfill this condition MUST NOT and cannot be used for the Flow Monitoring Throughput measurement. An example of this behavior is if the test traffic rate is one half of the media rate. The traffic generator achieves this rate by sending packets each half of each second at the full media rate and sending nothing for the second half of each second. In such conditions, it would be impossible to distinguish if the DUT failed to handle the Flows due to the shortage of input buffers during the burst or due to the limits in the Flow monitoring performance.
如果测试流量率低于特定数据包大小的最大媒体速率,则流量生成器必须以等距时间间隔发送数据包。不满足此条件的流量生成器不得也不能用于流量监控吞吐量测量。此行为的一个示例是,测试通信速率为媒体速率的一半。流量生成器通过以全媒体速率每半秒发送数据包,并在每半秒后不发送任何数据包来实现此速率。在这种情况下,无法区分DUT是否因突发期间输入缓冲器不足或流量监控性能限制而无法处理流量。
Measurement Duration The measurement duration (e.g., how long the test traffic is sent to the DUT) MUST be at least two-times longer than the Idle Timeout; otherwise, no Flow Export would be seen. The measurement duration SHOULD guarantee that the number of Cache entries created during the measurement exceeds the available Cache Size.
测量持续时间测量持续时间(例如,测试流量发送到DUT的时间)必须至少比空闲超时长两倍;否则,将看不到流导出。测量持续时间应保证在测量期间创建的缓存项数超过可用缓存大小。
The product of the Idle Timeout and the packet rate offered to the DUT (Cache population) during one measurement determines the total number of Cache entries in the DUT Cache during the measurement (while taking into account some margin for dynamic behavior during high DUT loads when processing the Flows).
一次测量期间提供给DUT(缓存填充)的空闲超时和数据包速率的乘积确定测量期间DUT缓存中缓存项的总数(同时在处理流时考虑高DUT负载期间动态行为的一些余量)。
The Flow monitoring implementation might behave differently depending on the relation of the Cache population to the available Cache Size during the measurement. This behavior is fully implementation-specific and will also be influenced if the DUT architecture is software based or hardware based.
根据测量期间缓存填充与可用缓存大小的关系,流监视实现的行为可能会有所不同。这种行为是完全特定于实现的,如果DUT体系结构是基于软件的还是基于硬件的,也会受到影响。
The Cache population (if it is lower or higher than the available Cache Size) during a particular benchmark measurement SHOULD be noted, and mainly only measurements with the same Cache population SHOULD be compared.
应注意特定基准测量期间的缓存填充(如果低于或高于可用缓存大小),并且主要只应比较具有相同缓存填充的测量。
The measurement time interval is the time value that is used to calculate the measured Flow Export Rate from the captured Flow Export data. It is obtained as specified below.
测量时间间隔是用于根据捕获的流量输出数据计算测量流量输出率的时间值。按以下规定获得。
RFC 2544 specifies, with the precision of the packet beginning and ending, the time intervals to be used to measure the DUT time characteristics. In the case of a Flow Monitoring Throughput measurement, the start and stop time needs to be clearly defined, but the granularity of this definition can be limited to just marking the start and stop time with the start and stop of the traffic generator. This assumes that the traffic generator and DUT are collocated and the variance in transmission delay from the generator to the DUT is negligible as compared to the total time of traffic generation.
RFC 2544以数据包开始和结束的精度规定了用于测量DUT时间特性的时间间隔。在流量监控吞吐量测量的情况下,需要明确定义开始和停止时间,但此定义的粒度可以限制为仅标记流量生成器的开始和停止时间。这假设业务生成器和DUT并置,并且与业务生成的总时间相比,从生成器到DUT的传输延迟的变化可以忽略不计。
The measurement start time: the time when the traffic generator is started
测量开始时间:流量生成器启动的时间
The measurement stop time: the time when the traffic generator is stopped
测量停止时间:流量生成器停止的时间
The measurement time interval is then calculated as the difference (stop time) - (start time) - (Idle Timeout).
然后将测量时间间隔计算为差值(停止时间)-(开始时间)-(空闲超时)。
This supposes that the Cache Size is large enough that the time needed to fill it with Cache entries is longer than the Idle Timeout. Otherwise, the time needed to fill the Cache needs to be used to calculate the measurement time interval in place of the Idle Timeout.
这假设缓存大小足够大,以至于用缓存项填充它所需的时间比空闲超时时间长。否则,需要使用填充缓存所需的时间来计算测量时间间隔,而不是空闲超时。
Instead of measuring the absolute values of the stop and start times, it is possible to set up the traffic generator to send traffic for a certain predefined time interval, which is then used in the above definition instead of the difference (stop time) - (start time).
不必测量停止和开始时间的绝对值,可以设置流量生成器以发送特定预定义时间间隔的流量,然后在上述定义中使用该时间间隔,而不是差值(停止时间)-(开始时间)。
The Collector MUST stop collecting the Flow Export data at the measurement stop time.
采集器必须在测量停止时停止收集流量输出数据。
The Idle Timeout (or the time needed to fill the Cache) causes delay of the Flow Export data behind the test traffic that is analyzed by the DUT. For example, if the traffic starts at time point X, Flow Export will start only at the time point X + Idle Timeout (or X + time to fill the Cache). Since Flow Export capture needs to stop with the traffic (because that's when the DUT stops processing the Flows at the given rate), the time interval during which the DUT kept exporting data is shorter by the Idle Timeout than the time interval when the test traffic was sent from the traffic generator to the DUT.
空闲超时(或填充缓存所需的时间)导致DUT分析的测试流量后面的流导出数据延迟。例如,如果流量在时间点X开始,则流导出将仅在时间点X+空闲超时(或X+填充缓存的时间)开始。由于流导出捕获需要随着流量停止(因为此时DUT停止以给定速率处理流),DUT保持导出数据的时间间隔比测试流量从流量生成器发送到DUT的时间间隔短空闲超时。
The Flow Export Rate needs to be measured in two consequent steps. The purpose of the first step (point a. below) is to gain the actual value for the rate; the second step (point b. below) needs to be done in order to verify that no Flow Record are dropped during the measurement:
流量输出率需要在两个后续步骤中测量。第一步(下文a点)的目的是获得费率的实际值;需要执行第二步(以下b点),以验证在测量过程中没有流量记录下降:
a. In the first step, the captured Flow Export data MUST be analyzed only for the capturing interval (measurement time interval) as specified in Section 5.4. During this period, the DUT is forced to process Cache entries at the rate the packets are sent. When traffic generation finishes, the behavior when emptying the Cache is completely implementation-specific; therefore, the Flow Export data from this period cannot be used for benchmarking.
a. 在第一步中,必须仅针对第5.4节规定的捕获间隔(测量时间间隔)分析捕获的流量输出数据。在此期间,DUT被迫以发送数据包的速率处理缓存条目。当流量生成完成时,清空缓存的行为完全是特定于实现的;因此,此期间的流量输出数据不能用于基准测试。
b. In the second step, all the Flow Export data from the DUT MUST be captured in order to determine the Flow Record losses. It needs to be taken into account that especially when large Cache Sizes (in order of magnitude of hundreds of thousands of entries and higher) are in use, the Flow Export can take many multiples of Idle Timeout to empty the Cache after the measurement. This behavior is completely implementation-specific.
b. 在第二步中,必须捕获DUT的所有流量输出数据,以确定流量记录损失。需要考虑的是,特别是当使用较大的缓存大小(以数十万个条目或更高的数量级为单位)时,流导出可能需要许多倍的空闲超时来在测量后清空缓存。此行为完全是特定于实现的。
If the Collector has the capability to redirect the Flow Export data after the measurement time interval into a different capture buffer (or time stamp the received Flow Export data after that), this can be done in one step. Otherwise, each Flow Monitoring Throughput measurement at a certain packet rate needs to be executed twice -- once to capture the Flow Export data just for the measurement time
如果收集器能够在测量时间间隔后将流导出数据重定向到不同的捕获缓冲区(或在此之后对接收到的流导出数据进行时间戳),则可以在一个步骤中完成。否则,在特定数据包速率下的每个流监控吞吐量测量都需要执行两次——一次是为了捕获测量时的流导出数据
interval (to determine the actual Flow Export Rate) and a second time to capture all Flow Export data in order to determine Flow Record losses at that packet rate.
间隔(确定实际流量输出速率)和第二次捕获所有流量输出数据,以确定该数据包速率下的流量记录损失。
At the end of the measurement time interval, the DUT might still be processing Cache entries that belong to the Flows expired from the Cache before the end of the interval. These Flow Records might appear in an export packet sent only after the end of the measurement interval. This imprecision can be mitigated by use of large amounts of Flow Records during the measurement (so that the few Flow Records in one export packet can be ignored) or by use of timestamps exported with the Flow Records.
在测量时间间隔结束时,DUT可能仍在处理属于间隔结束前从缓存过期的流的缓存项。这些流记录可能出现在仅在测量间隔结束后发送的导出数据包中。这种不精确性可以通过在测量期间使用大量的流记录(以便可以忽略一个导出数据包中的少数流记录)或使用流记录导出的时间戳来缓解。
The measurement procedure is the same as the Throughput measurement in Section 26.1 of [RFC2544] for the traffic sending side. The DUT output analysis is done on the traffic generator receiving side for the test traffic, the same way as for RFC 2544 measurements.
测量程序与[RFC2544]第26.1节中针对业务发送端的吞吐量测量相同。DUT输出分析在测试通信量的通信量发生器接收端进行,方法与RFC 2544测量相同。
An additional analysis is performed using data captured by the Collector. The purpose of this analysis is to establish the value of the Flow Export Rate during the current measurement step and to verify that no Flow Records were dropped during the measurement. The procedure for measuring the Flow Export Rate is described in Section 5.5.
使用收集器捕获的数据执行附加分析。该分析的目的是确定当前测量步骤中的流量输出率值,并验证测量过程中未丢失任何流量记录。第5.5节描述了流量输出率的测量程序。
The Flow Export performance can be significantly affected by the way the Flow monitoring implementation formats the Flow Records into the Flow Export packets. The ordering and frequency in which Control Information is exported and the number of Flow Records in one Flow Export packet are of interest. In the worst case scenario, there is just one Flow Record in every Flow Export packet.
流监控实现将流记录格式化为流导出数据包的方式会显著影响流导出性能。导出控制信息的顺序和频率以及一个流导出数据包中的流记录的数量是令人感兴趣的。在最坏的情况下,每个流导出数据包中只有一个流记录。
Flow Export data should be sanity checked during the benchmark measurement for:
在基准测量期间,应检查流量输出数据的完整性,以确定:
a. the number of Flow Records per packet, by simply calculating the ratio of exported Flow Records to the number of Flow Export packets captured during the measurement (which should be available as a counter on the Collector capture buffer).
a. 每个数据包的流量记录数,只需计算导出的流量记录与测量期间捕获的流量导出数据包数的比率(应作为收集器捕获缓冲区上的计数器提供)。
b. the number of Flow Records corresponding to the export of Control Information per Flow Export packet (calculated as the ratio of the total number of such Flow Records in the Flow Export data and the number of Flow Export packets).
b. 与每个流导出数据包的控制信息导出相对应的流记录数(计算为流导出数据中此类流记录的总数与流导出数据包数的比率)。
RFC 2544 measurements can be performed under two Flow monitoring setups (see also Section 3.4.2). This section details both and specifies ways to construct the test traffic so that RFC 2544 measurements can be performed in a controlled environment from the Flow monitoring point of view. A controlled Flow monitoring environment means that the tester always knows what Flow monitoring activity (Flow Export Rate) the traffic offered to the DUT causes.
RFC 2544测量可在两种流量监测设置下进行(另见第3.4.2节)。本节详细介绍并指定了构建测试流量的方法,以便从流量监控的角度在受控环境中执行RFC 2544测量。受控流量监控环境意味着测试仪始终知道提供给DUT的流量会导致什么流量监控活动(流量输出率)。
This section is applicable mainly for the Throughput (RFC 2544, Section 26.1) and latency (RFC 2544, Section 26.2 ) measurements. It could also be used to measure frame loss rate (RFC 2544, Section 26.3) and back-to-back frames (RFC 2544, Section 26.4). Flow Export requires DUT resources to be generated and transmitted; therefore, the Throughput in most cases will be much lower when Flow monitoring is enabled on the DUT than when it is not.
本节主要适用于吞吐量(RFC 2544,第26.1节)和延迟(RFC 2544,第26.2节)测量。它还可用于测量帧丢失率(RFC 2544,第26.3节)和背对背帧(RFC 2544,第26.4节)。流量输出要求生成和传输DUT资源;因此,在大多数情况下,当DUT上启用流量监控时,吞吐量将比未启用流量监控时低得多。
Objective:
目标:
Provide RFC 2544 network device characteristics in the presence of Flow monitoring on the DUT. RFC 2544 studies numerous characteristics of network devices. The DUT forwarding and time characteristics without Flow monitoring present on the DUT can vary significantly when Flow monitoring is deployed on the network device.
在DUT上存在流量监控的情况下,提供RFC 2544网络设备特性。RFC2544研究网络设备的许多特性。当在网络设备上部署流量监控时,DUT上不存在流量监控的DUT转发和时间特性可能会发生显著变化。
Metric definition:
度量定义:
Metric as specified in [RFC2544].
[RFC2544]中规定的公制。
The measured Throughput MUST NOT include the packet rate corresponding to the Flow Export data, because it is not user traffic forwarded by the DUT. It is generated by the DUT as a result of enabling Flow monitoring and does not contribute to the test traffic that the DUT can handle. Flow Export requires DUT resources to be generated and transmitted; therefore, the Throughput in most cases will be much lower when Flow monitoring is enabled on the DUT than when it is not.
测量的吞吐量不得包括与流导出数据对应的分组速率,因为它不是由DUT转发的用户流量。它由DUT生成,作为启用流量监控的结果,不影响DUT可以处理的测试流量。流量输出要求生成和传输DUT资源;因此,在大多数情况下,当DUT上启用流量监控时,吞吐量将比未启用流量监控时低得多。
Flow monitoring configuration (as detailed in Section 4.3) needs to be applied the same way as discussed in Section 5 with the exception of the Active Timeout configuration.
流量监控配置(如第4.3节所述)的应用方式与第5节所述相同,但活动超时配置除外。
The Active Timeout SHOULD be configured to exceed several times the measurement time interval (see Section 5.4). This ensures that if
活动超时应配置为超过测量时间间隔的几倍(见第5.4节)。这确保了如果
measurements with two traffic components are performed (see Section 6.3.2), there is no Flow monitoring activity related to the second traffic component.
使用两个交通组件进行测量(见第6.3.2节),没有与第二个交通组件相关的流量监测活动。
The Flow monitoring configuration does not change in any other way for the measurement performed in this section. What changes and makes the difference is the traffic configurations as specified in the sections below.
对于本节中执行的测量,流量监测配置不会以任何其他方式改变。改变和改变的是以下章节中规定的交通配置。
To perform a measurement with Flow Monitoring Throughput setup, the major requirement is that the traffic and Flow monitoring be configured in such a way that each sent packet creates one entry in the DUT Cache. This restricts the possible setups only to the measurement with two traffic components as specified in Section 6.3.2.
要使用流量监控吞吐量设置执行测量,主要要求是流量和流量监控的配置方式应确保每个发送的数据包在DUT缓存中创建一个条目。这将可能的设置仅限于第6.3.2节中规定的具有两个交通组件的测量。
This section covers the measurements where the RFC 2544 metrics need to be measured with Flow monitoring enabled, but at a certain Flow Export Rate that is lower than the Flow Monitoring Throughput.
本节介绍了需要在启用流量监控的情况下测量RFC 2544指标的测量,但测量的流量输出速率低于流量监控吞吐量。
The tester here has both options as specified in Sections 6.3.1 and 6.3.2.
此处的测试仪具有第6.3.1节和第6.3.2节中规定的两个选项。
Section 12 of [RFC2544] discusses the use of protocol source and destination addresses for defined measurements. To perform all the RFC 2544 type measurements with Flow monitoring enabled, the defined Flow Keys SHOULD contain an IP source and destination address. The RFC 2544 type measurements with Flow monitoring enabled then can be executed under these additional conditions:
[RFC2544]第12节讨论了协议源地址和目标地址在定义测量中的使用。要在启用流量监控的情况下执行所有RFC 2544类型的测量,定义的流量键应包含IP源和目标地址。启用流量监控的RFC 2544型测量可在以下附加条件下执行:
a. the test traffic is not limited to a single, unique pair of source and destination addresses.
a. 测试通信量不限于一对唯一的源地址和目标地址。
b. the traffic generator defines test traffic as follows: it allows for a parameter to send N (where N is an integer number starting at 1 and is incremented in small steps) packets with source IP address A and destination IP address B before changing both IP addresses to the next value.
b. 流量生成器将测试流量定义如下:它允许一个参数在将两个IP地址更改为下一个值之前,使用源IP地址a和目标IP地址B发送N(其中N是从1开始的整数,并以小步递增)数据包。
This test traffic definition allows execution of the Flow monitoring measurements with a fixed Flow Export Rate while measuring the DUT RFC 2544 characteristics. This setup is the better option since it
此测试流量定义允许在测量DUT RFC 2544特性时,以固定流量输出率执行流量监测测量。此设置是更好的选项,因为它
best simulates the live network traffic scenario with Flows containing more than just one packet.
最佳模拟包含多个数据包的流的实时网络流量场景。
The initial packet rate at N equal to 1 defines the Flow Export Rate for the whole measurement procedure. Subsequent increases of N will not change the Flow Export Rate as the time and Cache characteristics of the test traffic stay the same. This setup is suitable for measurements with Flow Export Rates below the Flow Monitoring Throughput.
N等于1时的初始分组速率定义了整个测量过程的流输出速率。随着测试流量的时间和缓存特性保持不变,N的后续增加不会改变流导出速率。此设置适用于流量输出速率低于流量监控吞吐量的测量。
The test traffic setup described in Section 6.3.1 might be difficult to achieve with commercial traffic generators or if the granularity of the traffic rates as defined by the initial packet rate at N equal to 1 are unsuitable for the required measurement. An alternative mechanism is to define two traffic components in the test traffic: one to populate Flow monitoring Cache and the second to execute the RFC 2544 measurements.
第6.3.1节中描述的测试流量设置可能难以通过商业流量生成器实现,或者如果N等于1时初始分组速率定义的流量粒度不适合所需的测量。另一种机制是在测试流量中定义两个流量组件:一个用于填充流量监控缓存,另一个用于执行RFC2544测量。
a. Flow monitoring test traffic component -- the exact traffic definition as specified in Section 5.2.
a. 流量监测测试流量组件——第5.2节中规定的确切流量定义。
b. RFC 2544 Test Traffic Component -- test traffic as specified by RFC 2544 MUST create just one entry in the DUT Cache. In the particular setup discussed here, this would mean a traffic stream with just one pair of unique source and destination IP addresses (but could be avoided if Flow Keys were, for example, UDP/TCP source and destination ports and Flow Keys did not contain the addresses).
b. RFC 2544测试流量组件——RFC 2544指定的测试流量必须在DUT缓存中只创建一个条目。在这里讨论的特定设置中,这意味着只有一对唯一的源和目标IP地址的流量流(但如果流密钥是,例如UDP/TCP源和目标端口,并且流密钥不包含这些地址,则可以避免)。
The Flow monitoring traffic component will exercise the DUT in terms of Flow activity, while the second traffic component will measure the RFC 2544 characteristics.
流量监控流量组件将在流量活动方面执行DUT,而第二个流量组件将测量RFC 2544特性。
The measured Throughput is the sum of the packet rates of both traffic components. The definition of other RFC 1242 metrics remains unchanged.
测量的吞吐量是两个流量组件的数据包速率之和。其他RFC 1242指标的定义保持不变。
The pure Flow Monitoring Throughput measurement described in Section 5 provides the capability to verify the Flow monitoring accuracy in terms of the exported Flow Record data. Since every Cache entry created in the Cache is populated by just one packet, the full set of captured data on the Collector can be parsed (e.g., providing the values of all Flow Keys and other Flow Record fields, not only the overall Flow Record count in the exported data), and each set of
第5节中描述的纯流量监测吞吐量测量提供了根据导出的流量记录数据验证流量监测准确性的能力。由于在缓存中创建的每个缓存条目仅由一个数据包填充,因此可以解析收集器上捕获的全套数据(例如,提供所有流键和其他流记录字段的值,而不仅仅是导出数据中的总流记录计数),以及每一组数据
parameters from each Flow Record can be checked against the parameters as configured on the traffic generator and set in packets sent to the DUT. The exported Flow Record is considered accurate if:
每个流量记录中的参数可对照流量发生器上配置的参数进行检查,并在发送至DUT的数据包中进行设置。如果满足以下条件,则认为导出的流量记录是准确的:
a. all the Flow Record fields are present in each exported Flow Record.
a. 所有流量记录字段都存在于每个导出的流量记录中。
b. all the Flow Record fields' values match the value ranges set by the traffic generator (for example, an IP address falls within the range of the IP address increments on the traffic generator).
b. 所有流记录字段的值都与流量生成器设置的值范围相匹配(例如,IP地址在流量生成器上的IP地址增量范围内)。
c. all the possible Flow Record field values as defined at the traffic generator have been found in the captured export data on the Collector. This check needs to be offset against detected packet losses at the DUT during the measurement.
c. 在收集器上捕获的导出数据中找到了在流量生成器中定义的所有可能的流量记录字段值。该检查需要与测量期间在DUT处检测到的数据包丢失相抵消。
For a DUT with packet forwarding, the Flow monitoring accuracy also involves data checks on the received traffic, as already discussed in Section 4.
对于具有分组转发的DUT,流量监控精度还包括对接收到的流量进行数据检查,如第4节所述。
The measurement results, as discussed in this document and obtained for certain DUTs, allow for a preliminary analysis of a Flow monitoring deployment based on the traffic analysis data from the providers' network. An example of such traffic analysis in the Internet is provided by [CAIDA]; the way it can be used is discussed below. The data needed to estimate if a certain network device can manage the particular amount of live traffic with Flow monitoring enabled is:
本文件中讨论的以及针对某些DUT获得的测量结果允许基于来自提供商网络的流量分析数据对流量监控部署进行初步分析。[CAIDA]提供了互联网上此类流量分析的一个示例;其使用方法如下所述。在启用流量监控的情况下,估计某个网络设备是否可以管理特定数量的实时流量所需的数据为:
Average packet size: 350 bytes Number of packets per IP flow: 20
平均数据包大小:350字节每个IP流的数据包数:20
Expected data rate on the network device: 1 Gbit/s
网络设备上的预期数据速率:1 Gbit/s
The average number of Flows created per second in the network device is needed and is determined as follows:
网络设备中每秒创建的流的平均数量是需要的,并且确定如下:
Expected packet rate
Flows per second = --------------------
Packet per flow
Expected packet rate
Flows per second = --------------------
Packet per flow
When using the above example values, the network device is required to process 18000 Flows per second. By executing the benchmarking as specified in this document, a platform capable of this processing can be determined for the deployment in that particular part of the user network.
当使用上述示例值时,网络设备需要每秒处理18000个流。通过执行本文件中规定的基准测试,可以为用户网络的特定部分中的部署确定能够进行此处理的平台。
Keep in mind that the above is a very rough and averaged Flow activity estimate, which cannot account for traffic anomalies; for example, a large number of DNS request packets that are typically small packets coming from many different sources and represent mostly just one packet per Flow.
请记住,上述是一个非常粗略和平均的流量活动估计,不能解释交通异常;例如,大量DNS请求数据包通常是来自许多不同来源的小数据包,并且大多数情况下每个流只表示一个数据包。
This work was performed thanks to the patience and support of Cisco Systems NetFlow development team, namely Paul Aitken, Paul Atkins, and Andrew Johnson. Thanks to Benoit Claise for numerous detailed reviews and presentations of the document, and to Aamer Akhter for initiating this work. A special acknowledgment to the entire BMWG working group, especially to the chair, Al Morton, for the support and work on this document and Paul Aitken for a very detailed technical review.
这项工作的完成要感谢Cisco Systems NetFlow开发团队的耐心和支持,他们是Paul Aitken、Paul Atkins和Andrew Johnson。感谢Benoit Claise对该文件进行的大量详细审查和介绍,以及Aamer Akhter发起的这项工作。特别感谢BMWG工作组全体成员,特别是主席Al Morton对本文件的支持和工作,以及Paul Aitken对本文件的详细技术审查。
Documents of this type do not directly affect the security of the Internet or corporate networks as long as benchmarking is not performed on devices or systems connected to operating networks.
只要不在连接到操作网络的设备或系统上执行基准测试,此类文件不会直接影响互联网或公司网络的安全性。
Benchmarking activities, as described in this memo, are limited to technology characterization using controlled stimuli in a laboratory environment, with dedicated address space and the constraints specified in sections above.
如本备忘录所述,基准测试活动仅限于在实验室环境中使用受控刺激进行技术表征,具有专用地址空间和上述章节中规定的约束条件。
The benchmarking network topology will be an independent test setup and MUST NOT be connected to devices that may forward the test traffic into a production network, or misroute traffic to the test management network.
基准网络拓扑将是一个独立的测试设置,不得连接到可能将测试流量转发到生产网络或将流量错误路由到测试管理网络的设备。
Further, benchmarking is performed on a "black-box" basis, relying solely on measurements observable external to the DUT.
此外,基准测试是在“黑盒”的基础上进行的,仅依赖于DUT外部可观察到的测量。
Special capabilities SHOULD NOT exist in the DUT specifically for benchmarking purposes. Any implications for network security arising from the DUT SHOULD be identical in the lab and in production networks.
DUT中不应存在专门用于基准测试的特殊能力。在实验室和生产网络中,DUT对网络安全的影响应相同。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2544] Bradner, S. and J. McQuaid, "Benchmarking Methodology for Network Interconnect Devices", RFC 2544, March 1999.
[RFC2544]Bradner,S.和J.McQuaid,“网络互连设备的基准测试方法”,RFC 2544,1999年3月。
[RFC1242] Bradner, S., "Benchmarking Terminology for Network Interconnection Devices", RFC 1242, July 1991.
[RFC1242]Bradner,S.,“网络互连设备的基准术语”,RFC1242,1991年7月。
[RFC2285] Mandeville, R., "Benchmarking Terminology for LAN Switching Devices", RFC 2285, February 1998.
[RFC2285]Mandeville,R.,“局域网交换设备的基准术语”,RFC 22852998年2月。
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, January 2001.
[RFC3031]Rosen,E.,Viswanathan,A.,和R.Callon,“多协议标签交换体系结构”,RFC 30312001年1月。
[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, "Requirements for IP Flow Information Export (IPFIX)", RFC 3917, October 2004.
[RFC3917]Quitek,J.,Zseby,T.,Claise,B.,和S.Zander,“IP流信息导出(IPFIX)的要求”,RFC 39172004年10月。
[RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, October 2004.
[RFC3954]Claise,B.,Ed.,“Cisco Systems NetFlow服务导出版本9”,RFC 3954,2004年10月。
[RFC5101] Claise, B., Ed., "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information", RFC 5101, January 2008.
[RFC5101]Claise,B.,Ed.,“交换IP流量信息的IP流量信息导出(IPFIX)协议规范”,RFC 5101,2008年1月。
[RFC5180] Popoviciu, C., Hamza, A., Van de Velde, G., and D. Dugatkin, "IPv6 Benchmarking Methodology for Network Interconnect Devices", RFC 5180, May 2008.
[RFC5180]Popoviciu,C.,Hamza,A.,Van de Velde,G.,和D.Dugatkin,“网络互连设备的IPv6基准测试方法”,RFC 51802008年5月。
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, "Architecture for IP Flow Information Export", RFC 5470, March 2009.
[RFC5470]Sadasivan,G.,Brownlee,N.,Claise,B.,和J.Quitek,“IP流信息导出架构”,RFC 54702009年3月。
[RFC5695] Akhter, A., Asati, R., and C. Pignataro, "MPLS Forwarding Benchmarking Methodology for IP Flows", RFC 5695, November 2009.
[RFC5695]Akhter,A.,Asati,R.,和C.Pignataro,“IP流的MPLS转发基准测试方法”,RFC 56952009年11月。
[CAIDA] Claffy, K., "The nature of the beast: recent traffic
measurements from an Internet backbone",
http://www.caida.org/publications/papers/1998/
Inet98/Inet98.html
[CAIDA] Claffy, K., "The nature of the beast: recent traffic
measurements from an Internet backbone",
http://www.caida.org/publications/papers/1998/
Inet98/Inet98.html
[IPFIX-CONFIG] Muenz, G., Muenchen, TU, Claise, B., and P. Aitken, "Configuration Data Model for IPFIX and PSAMP", Work in Progress, July 2011.
[IPFIX-CONFIG]Muenz,G.,Muenchen,TU,Claise,B.,和P.Aitken,“IPFIX和PSAMP的配置数据模型”,正在进行的工作,2011年7月。
[PSAMP-MIB] Dietz, T., Claise, B., and J. Quittek, "Definitions of Managed Objects for Packet Sampling", Work in Progress, October 2011.
[PSAMP-MIB]Dietz,T.,Claise,B.,和J.Quittek,“数据包采样管理对象的定义”,正在进行的工作,2011年10月。
[IPFIX-MIB] Dietz, T., Kobayashi, A., Claise, B., and G. Muenz, "Definitions of Managed Objects for IP Flow Information Export", Work in Progress, March 2012.
[IPFIX-MIB]Dietz,T.,Kobayashi,A.,Claise,B.,和G.Muenz,“IP流信息导出的托管对象定义”,正在进行的工作,2012年3月。
Appendix A. (Informative) Recommended Report Format
附录A(资料性附录)推荐报告格式
Parameter Units
----------------------------------- ------------------------------------
Test Case test case name (Sections 5 and 6)
Test Topology Figure 2, other
Traffic Type IPv4, IPv6, MPLS, other
Parameter Units
----------------------------------- ------------------------------------
Test Case test case name (Sections 5 and 6)
Test Topology Figure 2, other
Traffic Type IPv4, IPv6, MPLS, other
Test Results Flow Monitoring Throughput Flow Records per second or Not Applicable Flow Export Rate Flow Records per second or Not Applicable Control Information Export Rate Flow Records per second Throughput packets per second (Other RFC 1242 Metrics) (as appropriate)
测试结果流量监控每秒吞吐量流量记录或不适用流量导出速率每秒流量记录或不适用控制信息每秒吞吐量数据包导出速率流量记录(其他RFC 1242指标)(视情况而定)
General Parameters DUT Interface Type Ethernet, POS, ATM, other DUT Interface Bandwidth MegaBits per second
一般参数DUT接口类型以太网、POS、ATM、其他DUT接口带宽兆位/秒
Traffic Specifications Number of Traffic Components (see Sections 6.3.1 and 6.3.2) For each traffic component: Packet Size bytes Traffic Packet Rate packets per second Traffic Bit Rate MegaBits per second Number of Packets Sent number of entries Incremented Packet Header Fields list of fields Number of Unique Header Values number of entries Number of Packets per Flow number of entries Traffic Generation linearly incremented or randomized
交通规范交通组件的数量(见第6.3.1节和第6.3.2节)对于每个流量组件:数据包大小字节流量数据包速率数据包每秒流量比特率兆位每秒发送的数据包数条目数递增数据包报头字段列表字段数唯一报头值条目数每流数据包数条目数流量生成线性递增或随机化
Flow monitoring Specifications Direction ingress, egress, both Observation Points DUT interface names Cache Size number of entries Active Timeout seconds Idle Timeout seconds Flow Keys list of fields Flow Record Fields total number of fields Number of Flows Created number of entries Flow Export Transport Protocol UDP, TCP, SCTP, other Flow Export Protocol IPFIX, NetFlow, other Flow Export data packet size bytes Flow Export MTU bytes
流量监控规格方向入口、出口、两个观察点DUT接口名称缓存大小条目数活动超时秒空闲超时秒流量键字段列表流量记录字段总数创建的流数量条目流量导出传输协议UDP、TCP、SCTP、,其他流导出协议IPFIX、NetFlow、其他流导出数据包大小字节流导出MTU字节
Parameter Units (continued)
----------------------------------- ------------------------------------
MPLS Specifications (for traffic type MPLS only)
Tested Label Operation imposition, swap, disposition
Parameter Units (continued)
----------------------------------- ------------------------------------
MPLS Specifications (for traffic type MPLS only)
Tested Label Operation imposition, swap, disposition
The format of the report as documented in this appendix is informative, but the entries in the contents of it are required as specified in the corresponding sections of this document.
本附录中记录的报告格式仅供参考,但其内容中的条目要求符合本文件相应章节的规定。
Many of the configuration parameters required by the measurement report can be retrieved from the [IPFIX-MIB] and [PSAMP-MIB] MIB modules, and from the [IPFIX-CONFIG] YANG module or other general MIBs. Therefore, querying those modules from the DUT would be beneficial: first of all, to help in populating the required entries of the measurement report, and also to document all the other configuration parameters from the DUT.
测量报告所需的许多配置参数可以从[IPFIX-MIB]和[PSAMP-MIB]MIB模块以及[IPFIX-CONFIG]模块或其他通用MIB中检索。因此,从DUT查询这些模块将是有益的:首先,有助于填充测量报告所需的条目,并记录DUT的所有其他配置参数。
Appendix B. (Informative) Miscellaneous Tests
附录B(资料性)其他试验
This section lists tests that could be useful to asses a proper Flow monitoring operation under various operational or stress conditions. These tests are not deemed suitable for any benchmarking for various reasons.
本节列出了在各种操作或应力条件下,可用于评估正确流量监测操作的测试。由于各种原因,这些测试不适用于任何基准测试。
The Flow Monitoring Throughput should be measured under different levels of static traffic load through the DUT. This can be achieved only by using two traffic components as discussed in Section 6.3.2. One traffic component exercises the Flow Monitoring Plane. The second traffic component loads only the Forwarding Plane without affecting Flow monitoring (i.e., it creates just a certain amount of permanent Cache entries).
流量监控吞吐量应在通过DUT的不同静态流量负载水平下进行测量。这只能通过使用第6.3.2节中讨论的两个交通组件来实现。一个交通组件执行流量监控平面。第二个流量组件只加载转发平面,而不影响流监视(即,它只创建一定数量的永久缓存条目)。
The variance in Flow Monitoring Throughput as a function of the traffic load should be noted for comparison purposes between two DUTs of similar architecture and capability.
应注意流量监测吞吐量随流量负载的变化,以便在具有类似架构和能力的两个DUT之间进行比较。
The test topology in Section 4.1 mandates the use of a separate Flow Export interface to avoid the Flow Export data generated by the DUT to mix with the test traffic from the traffic generator. This is necessary in order to create clear and reproducible test conditions for the benchmark measurement.
第4.1节中的测试拓扑要求使用单独的流量输出接口,以避免DUT生成的流量输出数据与来自流量生成器的测试流量混合。这对于为基准测量创建清晰且可再现的试验条件是必要的。
The real network deployment of Flow monitoring might not allow for such a luxury -- for example, on a very geographically large network.
流监控的实际网络部署可能不允许这样的奢侈——例如,在地理位置非常大的网络上。
In such a case, the Flow Export will use an ordinary traffic forwarding interface, e.g., in-band Flow Export.
在这种情况下,流导出将使用普通的业务转发接口,例如带内流导出。
The Flow monitoring operation should be verified with in-band Flow Export configuration while following these test steps:
在执行以下测试步骤时,应使用带内流量输出配置验证流量监测操作:
a. Perform the benchmark test as specified in Section 5. One of the results will be how much bandwidth Flow Export used on the dedicated Flow Export interface. b. Change Flow Export configuration to use the test interface. c. Repeat the benchmark test while the receiver filters out the Flow Export data from analysis.
a. 按照第5节的规定进行基准测试。结果之一是在专用流导出接口上使用了多少带宽流导出。B更改流导出配置以使用测试界面。C重复基准测试,同时接收器从分析中过滤出流导出数据。
The expected result is that the Throughput achieved in step a. is same as the Throughput achieved in step c. provided that the bandwidth of the output DUT interface is not the bottleneck (in other words, it must have enough capacity to forward both test and Flow Export traffic).
预期结果是在步骤a中实现的吞吐量。与步骤c中实现的吞吐量相同。如果输出DUT接口的带宽不是瓶颈(换句话说,它必须有足够的容量转发测试和流导出流量)。
The Flow monitoring measurements specified in this document would be interesting to repeat with variable packet sizes within one particular test (e.g., test traffic containing mixed packet sizes). The packet forwarding tests specified mainly in [RFC2544] do not recommend performing such tests. Flow monitoring is not dependent on packet sizes, so such a test could be performed during the Flow Monitoring Throughput measurement, and verification of its value does not depend on the offered traffic packet sizes. The tests must be carefully designed in order to avoid measurement errors due to the physical bandwidth limitations and changes of the base forwarding performance with packet size.
在一个特定的测试中(例如,包含混合数据包大小的测试流量),可以使用可变数据包大小重复本文档中规定的流量监控测量。[RFC2544]中主要规定的数据包转发测试不建议执行此类测试。流量监控不依赖于数据包大小,因此可以在流量监控吞吐量测量期间执行此类测试,并且其值的验证不依赖于提供的流量数据包大小。必须仔细设计测试,以避免由于物理带宽限制和基本转发性能随数据包大小的变化而导致的测量错误。
RFC 2544, Section 21 discusses and defines the use of bursty traffic. It can be used for Flow monitoring testing to gauge some short-term overload DUT capabilities in terms of Flow monitoring. The test benchmark here would not be the Flow Export Rate the DUT can sustain, but the absolute number of Flow Records the DUT can process without dropping any single Flow Record. The traffic setup to be used for this test is as follows:
RFC 2544第21节讨论并定义了突发流量的使用。它可用于流量监测测试,以测量流量监测方面的一些短期过载DUT能力。这里的测试基准不是DUT可以维持的流量输出率,而是DUT可以处理的流量记录的绝对数量,而不会丢失任何单个流量记录。用于本测试的流量设置如下所示:
a. each sent packet creates a new Cache entry. b. the packet rate is set to the maximum transmission speed of the DUT interface used for the test.
a. 每个发送的数据包创建一个新的缓存条目。B将包速率设置为用于测试的DUT接口的最大传输速度。
This section translates the terminology used in the IPFIX documents ([RFC5470], [RFC5101], and others) into the terminology used in this document. Section B.5.2 proposes another measurement that is impossible to verify in a black box test manner.
本节将IPFIX文档中使用的术语([RFC5470]、[RFC5101]和其他)翻译为本文档中使用的术语。第B.5.2节提出了另一种无法以黑盒试验方式验证的测量方法。
If the Metering Process is not defined on the DUT it means no Flow monitoring Cache exists and no Flow analysis occurs. The performance measurement of the DUT in such a case is just pure [RFC2544] measurement.
如果未在DUT上定义计量过程,则表示不存在流量监控缓存,也不进行流量分析。在这种情况下,DUT的性能测量仅为纯[RFC2544]测量。
If only the Metering Process is enabled, Flow analysis on the DUT is enabled and operational but no Flow Export happens. The performance measurement of a DUT in such a configuration represents a useful test of the DUT's capabilities (this corresponds to the case when the network operator uses Flow monitoring, for example, for manual detection of denial-of-service attacks, and does not wish to use Flow Export).
如果仅启用计量过程,则DUT上的流量分析将启用并运行,但不会发生流量输出。在这种配置中,DUT的性能测量表示DUT能力的有用测试(这对应于网络运营商使用流量监控(例如,用于手动检测拒绝服务攻击,并且不希望使用流量导出)的情况)。
The performance testing on this DUT can be performed as discussed in this document, but it is not possible to verify the operation and results without interrogating the DUT.
该DUT的性能测试可按本文件所述进行,但在不询问DUT的情况下,无法验证操作和结果。
This test represents the performance testing as discussed in Section 6.
该测试代表第6节中讨论的性能测试。
Bidirectional traffic is not part of the normative benchmarking tests based on discussion with and recommendation of the Benchmarking working group. The experienced participants stated that this kind of traffic did not provide reproducible results.
根据与标杆管理工作组的讨论和建议,双向通信不是标准标杆管理测试的一部分。经验丰富的参与者表示,这种交通没有提供可重复的结果。
The test topology in Figure 2 can be expanded to verify Flow monitoring functionality with bidirectional traffic using the interfaces in full duplex mode, e.g., sending and receiving simultaneously on each of them.
图2中的测试拓扑可以扩展为使用全双工模式下的接口(例如,在每个接口上同时发送和接收)验证双向流量的流量监控功能。
The same rules should be applied for Flow creation in the DUT Cache (as per Sections 4.1 and 4.3.1) -- traffic passing through each Observation Point should always create a new Cache entry in the
DUT缓存中的流创建应采用相同的规则(根据第4.1节和第4.3.1节)——通过每个观察点的流量应始终在DUT缓存中创建一个新的缓存条目
Cache, e.g., the same traffic should not be just looped back on the receiving interfaces to create the bidirectional traffic flow.
缓存,例如,相同的通信量不应仅在接收接口上循环,以创建双向通信流。
Additional useful information when analyzing the Flow Export data is the time distribution of the instantaneous Flow Export Rate. It can be derived during the measurements in two ways:
分析流量输出数据时的其他有用信息是瞬时流量输出率的时间分布。可通过两种方式在测量过程中得出:
a. The Collector might provide the capability to decode Flow Export during capturing and at the same time count the Flow Records and provide the instantaneous (or simply, an average over shorter time interval than specified in Section 5.4) Flow Export Rate. b. The Flow Export protocol (like IPFIX [RFC5101]) can provide time stamps in the Flow Export packets that would allow time-based analysis and calculate the Flow Export Rate as an average over much shorter time interval than specified in Section 5.4.
a. 收集器可以在捕获期间解码流量输出,同时对流量记录进行计数,并提供瞬时(或简单地说,比第5.4节规定的时间间隔短的平均)流量输出率。B流导出协议(如IPFIX[RFC5101])可以在流导出数据包中提供时间戳,允许基于时间的分析,并在比第5.4节规定的时间间隔短得多的时间间隔内计算流导出率的平均值。
The accuracy and shortest time average will always be limited by the precision of the time stamps (1 second for IPFIX) or by the capabilities of the DUT and the Collector.
准确度和最短时间平均值始终受到时间戳精度(IPFIX为1秒)或DUT和采集器能力的限制。
Author's Address
作者地址
Jan Novak (editor) Cisco Systems Edinburgh United Kingdom EMail: janovak@cisco.com
Jan Novak(编辑)思科系统爱丁堡英国电子邮件:janovak@cisco.com