• No results found

Testing Darwinsim: The History and Evolution of Network Resiliency

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Testing Darwinsim: The History and Evolution of Network Resiliency"

Copied!
43
0
0

Loading.... (view fulltext now)

Download now ( 43 Page )

Full text

(1)

Session ID:

Session Classification:

Mike Hamilton

Ixia Communications

Testing Darwinsim: The History and

Evolution of Network Resiliency

SPO-210

(2)
(3)

Defining Resiliency

3

Security Latest attacks, evasions, malware, and spam. Identify and remediate vulnerabilities. Perform under DoS attack. Performance Application load, attacks, and impairments. Measure and improve performance under high-stress conditions.

Stability Impairments combined with application load. Ensure reliable performance and availability.

RESI

LIE

NC

Y

(4)

Performance

Performance Application load, attacks, and impairments. Measure and improve performance under high-stress conditions.

(5)

The Datasheet Game – Carrier Class Firewall

5

Metric Firewall A Firewall B Firewall C

(6)

The Datasheet Game – Carrier Class Firewall

Metric Firewall A Firewall B Firewall C

Throughput (Max)

150 Gbps 560 Gbps 640 Gbps†

(7)

The Datasheet Game – Carrier Class Firewall

7

Metric Firewall A Firewall B Firewall C

Throughput (Max) 150 Gbps 560 Gbps 640 Gbps† Throughput (IMIX) 37.8 Gbps 560 Gbps 135 Gbps‡

(8)

The Datasheet Game – Carrier Class Firewall

Metric Firewall A Firewall B Firewall C

Throughput (Max) 150 Gbps 560 Gbps 640 Gbps† Throughput (IMIX) 37.8 Gbps 560 Gbps 135 Gbps‡ Throughput (64B) 7.7 Gbps** 560 Gbps 31 Gbps**

(9)

The Datasheet Game – Carrier Class Firewall

9

Metric Firewall A Firewall B Firewall C

Throughput (Max) 150 Gbps 560 Gbps 640 Gbps† Throughput (IMIX) 37.8 Gbps 560 Gbps 135 Gbps‡ Throughput (64B) 7.7 Gbps** 560 Gbps 31 Gbps** Connections per Second* 380,000 3.29M 320,000

(10)

The Datasheet Game – Carrier Class Firewall

Metric Firewall A Firewall B Firewall C

Throughput (Max) 150 Gbps 560 Gbps 640 Gbps† Throughput (IMIX) 37.8 Gbps 560 Gbps 135 Gbps‡ Throughput (64B) 7.7 Gbps** 560 Gbps 31 Gbps** Connections per Second* 380,000 3.29M 320,000 Concurrent Connections 20M 280M 100M

(11)

The Datasheet Game – Carrier Class Firewall

(12)

The Datasheet Game – Carrier Class Firewall

(13)

The Datasheet Game – Carrier Class Firewall

13

Metric Firewall A Firewall B Firewall C

Throughput (64B)

(14)

The Datasheet Game – Carrier Class Firewall

Metric Firewall A Firewall B Firewall C

Throughput (64B)

7.7 Gbps 560 Gbps 31 Gbps CPS 380,000 3.29M 320,000

(15)

The Datasheet Game – Carrier Class Firewall

15

Metric Firewall A Firewall B Firewall C

Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps CPS 380,000 3.29M 320,000 Worst-case Throughput 1.8 Gbps 15.8 Gbps 1.5 Gbps

(16)

The Datasheet Game – Carrier Class Firewall

Metric Firewall A Firewall B Firewall C

Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps CPS 380,000 3.29M 320,000 Worst-case Throughput 1.8 Gbps 15.8 Gbps 1.5 Gbps Worst-case Goodput 6 Mbps 52 Mbps 5.1 Mbps

(17)

Performance

17

Performance Application load, attacks, and impairments. Measure and improve performance under high-stress conditions.

(18)

Security

Security Latest attacks, evasions, malware, and spam. Identify and remediate vulnerabilities. Perform under DoS attack. Performance Application load, attacks, and impairments. Measure and improve performance under high-stress conditions.

(19)

Does Mark the Spot?

(20)

IPS – Imprecise Performance Systems

Firewall A Firewall B Firewall C

Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps CPS 380,000 3.29M 320,000 Worst-case Throughput 1.8 Gbps 15.8 Gbps 1.5 Gbps Worst-case Goodput 6 Mbps 52 Mbps 5.1 Mbps IPS Throughput 26 Gbps 131.6 Gbps 40 Gbps

(21)

DDoS – Are You Ready?

(22)
(23)

$,£,€,¥…₤

(24)
(25)

Stability

25

Security Latest attacks, evasions, malware, and spam. Identify and remediate vulnerabilities. Perform under DoS attack. Performance Application load, attacks, and impairments. Measure and improve performance under high-stress conditions.

Stability Impairments combined with application load. Ensure reliable performance and availability.

RESI

LIE

NC

Y

(26)
(27)

How to Measure?

(28)
(29)

Combinations and Permutations

29 48 + 48 + 16 + 16 + 32 = 160 4 + 4 + 8 + 16 + 16 + 3 + 13 + 8 + 8 + 16 + 32 + 32 = 160 16 + 16+ 16 + 16 = 64 OR 16 + 16 + 32 + 32 + 4 + 3 + 9 + 16 + 16 + 16 = 160

(30)

Combinations

2

160+160+160

= 2

480

= 3.121749 x 10

144

packets

On a 10 Gbps link at 15mm PPS

= 2.08x10

137

seconds

= 3.46x10

135

minutes

= 5.78x10

133

hours

= 2.41x10

132

days

= 6.59x10

129

years

(31)

Why Should I Care?

(32)

Combinations and Permutations

48 + 48 + 16 + 16 + 32 = 160 4 + 4 + 8 + 16 + 16 + 3 + 13 + 8 + 8 + 16 + 32 + 32 = 160 = 96 16 + 16+ 16 + 16 = 64 OR 16 + 16 + 32 + 32 + 4 + 3 + 9 + 16 + 16 + 16 = 160 = 144

(33)

Combinations

2

96+144

= 2

240

= 1.77 x 10

72

packets

On a 10 Gbps link at 15mm PPS

= 1.18x10

65

seconds

= 1.96x10

63

minutes

= 3.27x10

61

hours

= 1.36x10

60

days

= 3.73x10

57

years

33

(34)
(35)

Resiliency Testing: A History Lesson

Internet Growth Leads to

Technology Standards

IETF Testing Standards

RFC 1944

RFC 2544

RFC 3511

(36)

RFC 2544: Right Standard, Wrong Time

Original Goal

Create Vendor-Agnostic Comparisons

18 years later (Today)

Industry continues to apply RFC 2544 to

next-generation and content aware devices

(37)

RFC 3511: False Sense of Security?

HTTP is NOT an Application

(38)
(39)

Moving Ahead: Evolving Testing Standards

IETF

Benchmarking Working

Group

Content-aware device

methodology

Industry consortiums

DPIbench

39

(40)

Resiliency = Battle-Tested

Apply emerging standards today

Download the most recent work

Understand your network traffic

(41)

Apply: Takeaways

Ask your vendor*:

1. Are you keeping up with emerging testing standards?

2. What application mixes and weights do you use during testing?

3. Do you combine applications and high-stress user load during testing?

4. What have the results been when you have tested using malformed traffic?

5. How does the device perform against application-layer attacks?

6. Can I test your product with my unique network, application, and user conditions?

*Vendors, ask yourself the same questions.

(42)

Apply: Final Thoughts

Read between the lines

Money matters

Just because code hasn’t been touched doesn’t

mean it is not the problem

Never leave a test port idle

(43)

Questions?

$,£,€,¥…₤

Contact information:

Mike Hamilton

Director of Global Systems Engineering

BreakingPoint Systems

[email protected]

References

Download now ( PDF - 43 Page - 1.43 MB )

Related documents

arxiv: v2 [astro-ph.co] 21 Nov 2013

In Figure 7 we present the mid-IR luminosity versus low- frequency radio luminosity (at 151-MHz) for the radio sources in our samples. In both plots we see a correlation between

[Savage Worlds] Alien vs Predator

The particulate dust and the heat shimmer obscured the IR detector, as I knew it would, and at dawn and dusk the reflection of the suns off the salt layers made the tracking

Molecular Recognition of Substrates by Protein Farnesyltransferase and Geranylgeranyltransferase-I.

the CaaX sequence) were appended to the C-terminus of the His 6 -EGFP-TEV proteins. Additional substrates were chosen based on high scoring peptides predicted to be FTase..

Incorporating Children and Young People’s Voices in Child and Adolescent Mental Health Services Using The Family Model

adolescent; children; family focused practice; mental health; psychology; The Family Model; young

Towards integrating transformative pedagogies to generate social justice

In response to the ethnic studies multicultural goal of cultivating the collective identities of specific cultural groups, liberal democratic multiculturalists ask if such

Understanding the Needs of Today s Financial Networks

The combination of Ixia’s network testing and network visibility solutions provides a unique network partner that can ensure your financial network at all stages – from design,

E-reading devices as a new medium for newspaper reading

Because the current segmentation system at Hufvudstadsbladet (HBL) is only based on demographic features, a segmentation based on service preferences would bring new

Global Network and Application Security Testing Market An Overview of Emerging Trends and Growth Opportunities For Test Solution Vendors

Global Network and Application Security Testing Market An Overview of Emerging Trends and Growth Opportunities For Test..