wiki:GENIFlowSpaceFirewallTests

Version 11 (modified by lnevers@bbn.com, 10 years ago) (diff)

--

Internet2 FlowSpace Firewall Tests

This page outlines testing planned for the Advanced Layer 2 Services (AL2S) FlowSpace Firewall (FSF) feature.

The tests will verify the ability of FSF to provide advertised features for various scenarios that will use both ION and AL2S GENI endpoints. GENI slices will be setup to validate the functionality.

Test Goals

  • FSF ability to support a simple learning switch controller for various topologies.
  • FSF ability to support multiple concurrent add/delete learning switch controller request.
  • Verify ability to use different learning switch controller implementations (FloodLight, POX)
  • Verify rate limiting
  • Ability to query statistics for switch, links, firewall rules with FloodLight rest API.

Assumptions

  • Functional testing will start with simple 2 node topology connected to AL2s.
  • All ION to AL2S cross-connects will be used to verify ability to support OpenFlow connections.
  • Testing assumed that GENI networks stitching is available for OESS.
  • Each topology is verify with stitching only as a first step. Once verified OpenFlow is added to the experiment.
  • End-point traffic types generated will include UDP, TCP, ICMP using various tools.

FSF-T1 Functional Tests

  1. Create slice which results in VLANs allocation between AL2S InstaGENI end-point
  2. Delete VLANs and verify release of VLANs via AL2S router proxy.
  3. Submit multiple concurrent requests to add and to delete flow spaces.
  4. Configure various rate limits and verify enforcement.
  5. Query FSF status and rules via FloodLight rest API.
  6. Generate traffic outside of pre-defined flowspace and verify that it is handled properly.

Topology Scenarios

FSF-T2 Two Site tests

Initial testing will take place with two sites that are already connected to AL2S. Multiple slivers will be created by multiple experimenters. Functional testing will be executed in this topology.

Network Connection details for this 2 node topology:

Missouri InstaGENI:
VLANs: 1150-1160
AL2S end-point: KANS
ION cross connect: urn:publicid:IDN+ion.internet2.edu+interface+rtr.kans:xe-0/0/3:missouri-ig

Stanford InstaGENI:
VLANs: 1630-1639
AL2S end-point: SUNN
ION cross connect: urn:publicid:IDN+ion.internet2.edu+interface+rtr.salt:xe-0/1/1:stanford-ig


FSF-T3 ION to AL2S interconnects tests

Both slices shown will be setup using each of the 10 interconnects between ION and AL2s:

ION to AL2S cross-connects The following cross-connects will be verified in the OpenFlow topologies shown above are:

  1. sdn-sw.losa e1/1 <-> rtr.losa:port=et-10/0/0
  2. sdn-sw.atla e15/1 <-> rtr.atla:port=xe-0/3/0
  3. sdn-sw.chic e3/1 <-> rtr.chic:port=et-10/0/0
  4. sdn-sw.clev e5/1 <-> rtr.clev:port=et-5/0/0
  5. sdn-sw.hous e15/3 <-> rtr.hous:port=xe-0/1/3
  6. sdn-sw.kans e15/1 <-> rtr.kans:port=xe-0/0/3
  7. sdn-sw.newy32aoa e3/2 <-> rtr.newy:port=et-5/0/0
  8. sdn-sw.salt e15/1 <-> rtr.salt:port=xe-0/1/1
  9. sdn-sw.seat e-2/0/0.0 <-> rtr.seat:port=et-5/0/0
  10. sdn-sw.wash e5/2 <-> rtr.wash:port=et-9/0/0

FSF-T4 Linear topology tests

Multiple concurrent version of this topology will be set up by multiple experimenters:

Review of available statistics will take place to ensure that resource allocation and usage is properly captured in the available tools. (AL2S Router Proxy).


FSF-T5 Star Topology tests

A version of this topology will be set up by multiple users:

2.1 Test Methodology

Test Characteristics:

  • All test hosts are dedicate hosts (bare metal/raw-pc) unless otherwise stated
  • All results are captured for default bandwidth allocation (100Mb/s shaped), unless otherwise stated.
  • All results collected between January 2014

Iperf TCP measurements captured in this page have the following assumptions:

  • All results are for a 60 second test run.
  • For OpenFlow scenarios, traffic is exchanged before each of the measurements below to establish data flows:
    • iperf '1 client' scenario command: 'iperf -c dest_host -t 60'
    • iperf '5 clients' scenario command: 'iperf -c dest_host -t 60 -P 5'
    • iperf '10 clients' scenario command: 'iperf -c dest_host -t 60 -P 10'

Iperf UDP measurements captured in this page have the following assumptions:

  • Each test run is 60 seconds and traffic is exchanged before each of the measurements to establish a data flow.
  • UDP measurements between racks requested a bandwidth of 100 Mbits/sec, if results showed that 100Mb/s was possible, then increased to 1Gb/s.

Attachments (4)

Download all attachments as: .zip