Presentation is loading. Please wait.

Presentation is loading. Please wait.

Benchmarking for CoPP draft-shishio-bmwg-copp-00 Shishio Tsuchiya

Published byNeil Carroll Modified over 7 years ago

Similar presentations

Presentation on theme: "Benchmarking for CoPP draft-shishio-bmwg-copp-00 Shishio Tsuchiya"— Presentation transcript:

1 Benchmarking for CoPP draft-shishio-bmwg-copp-00 Shishio Tsuchiya shtsuchi@cisco.com

2 RFC6192 CoPP Control Plane Protection Protect router's control plane from undesired or malicious traffic. +----------------+ | Router Control | | Plane | +------+ +-------+ | | Router Control Plane Protection | | +------+ +-------+ | Forwarding | Interface X ==[ Plane ]== Interface Y +----------------+ Figure 1: Router Control Plane Protection

3 Background Business: Router less service Consumer: FTTH/DDoS Data center: Large Scale ARP/NDP, DDOS Test by themself, no standard

4 2. Test setup 2.1. Topology DUT connect to Router/Attack Emulator/Traffic Generator +------------------------+ | | | DUT | | | | +----------------+ | | | Router Control | | | | Plane | | | +------+ +-------+ | | | | | | Router Control | | Plane Protection | +-----------+ | | | | | Attack | | +------+ +-------+ | | Emulator |---|---[ | | +-----------+ | | Forwarding | | +----------+ +----|---[ Plane ]---|----| Router |---+ | | +----------------+ | +----------+ | | +------------------------+ | | +----------------+ | +-------| Traffic |------------------------+ | Generator | +----------------+

5 2.2. Network Configure IGP/OSPS between DUT and Router DUT configure CoPP if needed

6 3. Test procedure 3.1. Attack Packet Attack Emulator : send packets to DUT to confirm influence of CoPP Test duration time should be grater than hold time between UUT and Router Attack Emulator

7 Attack Packet exampleexpect action Typicalfragment/ip option/ ICMP ttl exceed drop/rate-limit Routing Protocol from trust network BGP/OSPFaccept but rate-limit would be preferred Routing Protocol from untrust network BGP/OSPFdrop Control Packet from trust network ARP/NDP/ICMP/ICMPv6 accept but rate-limit would be preferred Control Packet from un- trust network ARP/NDP/ICMP/ICMPv6drop/rate-limit Management Packet from trust network NTP/SSH/Telnet/Radius/D NS/DHCP accept/rate-limit Management Packet from un-trust network NTP/SSH/Telnet/Radius/D NS/DHCP drop undefined packetsIPX/Appletalkdrop Will update in detail in future version

8 Test result +--------+----------------+----------------+------------------------+ | Attack | Attack | Attack | Loss of packets on | | | rate[pps/bps] | duration time | traffic generator | +--------+----------------+----------------+------------------------+ | - | - | - | - | +--------+----------------+----------------+------------------------+ CPU Utilization of DUT will be added

9 Ask to WG Is the draft useful for the WG? Any idea of the scenario – test procedure – confirmation of stability

Download ppt "Benchmarking for CoPP draft-shishio-bmwg-copp-00 Shishio Tsuchiya"

Similar presentations

Basic BGP Data Plane Convergence Benchmarking draft-papneja-bgp-basic-dp-convergence-01 Rajiv Papneja, Susan Hares, Bhavani Parise, Mohan Nanduri, Jay.

Basic BGP Data Plane Convergence Benchmarking draft-papneja-bgp-basic-dp-convergence-01 Rajiv Papneja, Susan Hares, Bhavani Parise, Mohan Nanduri, Jay.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
Chapter 6: Static Routing

Chapter 6: Static Routing
RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.

RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 The Routing Table: A Closer Look Routing Protocols and Concepts – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 The Routing Table: A Closer Look Routing Protocols and Concepts – Chapter.
Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66.

Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
Routing and Routing Protocols Introduction to Static Routing.

Routing and Routing Protocols Introduction to Static Routing.
Draft-novak-bmwg-ipflow-meth-05.txt IP Flow Information Accounting and Export Benchmarking Methodology

Draft-novak-bmwg-ipflow-meth-05.txt IP Flow Information Accounting and Export Benchmarking Methodology
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IETF 90: VNF PERFORMANCE BENCHMARKING METHODOLOGY Contributors: Sarah Muhammad Durrani: Mike Chen:

IETF 90: VNF PERFORMANCE BENCHMARKING METHODOLOGY Contributors: Sarah Muhammad Durrani: Mike Chen:
Guide to TCP/IP, Third Edition

Guide to TCP/IP, Third Edition
Distance Vector Routing Protocols W.lilakiatsakun.

Distance Vector Routing Protocols W.lilakiatsakun.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP Forwarding.

IP Forwarding.
PC1 LAN GW SP RTR1 SP RTR2 DST 4 * 25 ms 21 ms dst [4.168.18.3] 4. A third packet is sent with TTL=3, which decrements at each hop, and expires after RTR2,

PC1 LAN GW SP RTR1 SP RTR2 DST 4 * 25 ms 21 ms dst [ ] 4. A third packet is sent with TTL=3, which decrements at each hop, and expires after RTR2,

Similar presentations

Ads by Google