Measurement of Maximum new NAT-sessions per second / How to send packets
•
4 j'aime•18,786 vues
Measurement of Maximum new NAT-sessions per second How to send packets? Tcpreplay
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
Similaire à Measurement of Maximum new NAT-sessions per second / How to send packets
Similaire à Measurement of Maximum new NAT-sessions per second / How to send packets (15)
Plus de @ otsuka752
Plus de @ otsuka752 (20)
Dernier
Dernier (12)
Measurement of Maximum new NAT-sessions per second / How to send packets
- 1. 単位時間あたりの 新規NAT session 数の 最大値を測ってみた ~パケット送信方法~ 2014/11/02 #vyosjp @otsuka752 (@twovs)
- 2. Measurement of Maximum new NAT-sessions per second (How to send packets) 2014/11/02 #vyosjp @otsuka752 (@twovs)
- 3. about me • @otsuka752 (@twovs) • ネコ2人+奥さん+可愛い娘 •• 無線LLAANN装置の開発((11999999~~22000044)) • オンラインゲームのシステム管理者(2004~) • ただし,ゲームには全く興味無し • ZFS 最高!!! beadm 便利!!!
- 4. はじめに/Intro • VyOS は10万セッションのNAT も動くらしい VyOS can store 100K sessions and works well http://research.ssaakkuurraa..aadd..jjpp// 2012/07/24/janog30-network2/ • 単位時間あたりの新規session 数は? How many new sessions/sec does VyOS handle?
- 5. 構成/System • server(Guest) • tcpdump Internal network • Host(*3) • VirtualBox • VyOS-1.1.0(*1) • NAT(masquerade) • client(Physical) • send packets packets(*2) 1GbE
- 6. 構成/System (*1) Guest properties (VyOS) CPU x1 Memory 2GB ((**22)) IICCMMPP((たくさんのSSrrcc//DDsstt IIPPAAddddrr の組合せ)) ICMP(Many kinds of Src/Dst IPAddr pairs) (*3) Host properties CPU AMD Athlon 64 X2 Dual Core Processor 6400+ Memory 8GB OS Solaris 11.1 VirtualBox 4.3.14
- 7. 設定/Configuration • IPAddr と下記以外はデフォルト値 Use Default Configuration except for IPAddr and below set protocols static route 0.0.0.0/0 next-hop ‘(server)' set nat source rule 10 outbound-interface 'eth1' set nat source rule 10 source address '0.0.0.0/0' set nat source rule 10 translation address 'masquerade' set system conntrack expect-table-size '2048' set system conntrack hash-size '16384' set system conntrack table-size '1048576'
- 8. 試験手順/Testing procedure (1) VyOS のNAT セッションやカウンタをリセット Reset conntrack and clear NAT counters of VyOS vvyyooss@@vvyyooss::~~$$ rreesseett ccoonnnnttrraacckk This will clear all currently tracked and expected connections. Continue? (Y/N) [N]: y vyos@vyos:~$ clear nat source counters
- 9. 試験手順/Testing procedure (2) クライアントからP[pps] でN 種類のパケットを送信 Send N different kinds of packets to VyOS at P[pps] from client [client]$ scapy Welcome to Scapy (2.2.0-1) >>> Scapy も良いけど… Scapy is good.
- 10. 試験手順/Testing procedure (2) クライアントからP[pps] でN 種類のパケットを送信 Send N different kinds of packets to VyOS at P[pps] from client [client]$ sudo tcpreplay --unique-ip ¥ -l ${N} --pps=${P} -K -i eth0 file.pcap Tcpreplay もイイネ I love Tcpreplay too.
- 11. 試験手順/Testing procedure (3) サーバに届いたパケット数を数える Count the number of packets from client [[sseerrvveerr]]$$ ssuuddoo ttccppdduummpp --nn --ii eetthh00
- 12. 試験手順/Testing procedure (4) VyOS でNAT table の数を見る Show NAT statistics on VyOS vyos@vyos:~$ show nat source statistics rule pkts bytes interface ---- ---- ----- --------- 10 100K 2800K eth1
- 13. 結果/Results N:セッション数/sessions handled by VyOS
- 14. 結果/Results N:セッション数/sessions handled by VyOS
- 15. 結果/Results • 新規セッション20K[pps] で処理できそう (合計20万セッションでも) VyOS will bbee aabbllee ttoo hhaannddllee 20K new-session per sec (with 200K unique sessions condition)
- 16. 備考/Notes • >30K[pps] のパケロス発生時でも [サーバに届いたパケット数] と [VyOS で作られたNAT session 数] は概ね同数 >30K[pps] condition, i.e. PER != 0 [number of packets received by server] is also nearly equal to [number of NAT-sessions on VyOS]
- 17. tcpreplay が気になるでしょ!? You will be interested in tcpreplay.
- 19. 続きはウェブで! Find more on the web!
- 20. お知らせ 日本語サイト始めてみました! I translate the web site into Japanese. http://tcpreplay.jp/
- 21. お知らせ • 日本語サイト始めてみました! • http://tcpreplay.jp/ • https://github.com/otsuka752/ • Web site in English • http://tcpreplay.appneta.com/ • https://github.com/appneta/tcpreplay/
- 22. END