What else shall we test?

Truman Boyes truman at suspicious.org
Thu Jul 23 13:19:50 CDT 2009


Hi Michael,

I would suggest testing:

throughput with 64 byte packets
throughput with 1500 byte packets
a distribution of whatever you deem an imix to be ... 64, 128, 512,  
1500 with a Poisson distribution.
throughput of periodic packet stream when the control plane is being  
affected (ie. either icmp to router, TTL expired, or some router alert  
option)
max prefixes
number of lost packets when fiber is pulled to one of the  
"uplinks" ... to determine the convergence time.
you can send 1000 packets per second and loop the receive back to the  
test unit so you can track how many milliseconds of packet loss.
IPv6 throughput
number of filters / ACLs applied ... and throughput when these ACLs  
are applied.
number of supported mac filters
Apply a filter to the control plane and then attack port 179 .. see  
how the BGP sessions hold up.
saturate a GE card with transit traffic and see if the network control  
packets suffer any loss (ie. session drop, retransmit, etc)

Kind regards,
Truman Boyes


On 22/07/2009, at 8:05 PM, Michael J McCafferty wrote:

> All,
> 	We are putting together a test plan to test a pair of Cisco 7206  
> VXR's,
> each with with NPE-G2. The purpose of the test is just to make sure we
> know where their realistic limits are with a real configuration, full
> route tables from two providers, etc. We have one JDSU T-Berd 8000  
> test
> system with interfaces and software to test a single stream through
> multi-mode fiber interfaces. We plan to test through the interfaces on
> the NPE and through PA-GE cards with a variety of packet sizes
> (especially 64 Byte).
> 	I'd be interested in any thoughts on additional testing or testing
> methodologies we might want to do, to help us set our expectations for
> this setup and to plan when we need to go bigger as we grow traffic,
> hosts, etc.
> 	We plan to get 1 to 3 additional full tables and peer with Any2  
> Easy on
> this network within the next year. We want to determine how this
> platform will behave under moderate DoS attacks, BGP updates, etc. Is
> there anything else we need to be mindful of? Can we get a realistic
> test of the routers with the T-Berd? What else should we test while we
> have the maintenance window and the test system on hand?
>
> 	Your thoughts and experience are appreciated!
>
> Thanks !
> Mike
>
> -- 
> ************************************************************
> Michael J. McCafferty
> Principal, Security Engineer
> M5 Hosting
> http://www.m5hosting.com
>
> You can have your own custom Dedicated Server up and running today !
> RedHat Enterprise, CentOS, Ubuntu, Debian, OpenBSD, FreeBSD, and more
> ************************************************************
>
>




More information about the NANOG mailing list