Manual:Performance Testing with Traffic Generator: Difference between revisions
Line 138: | Line 138: | ||
/ip firewall filter | /ip firewall filter | ||
add chain=forward protocol=tcp connection-state=invalid \ | add chain=forward protocol=tcp connection-state=invalid \ | ||
action=drop comment="drop invalid connections" | |||
add chain=forward connection-state=established action=accept \ | add chain=forward connection-state=established action=accept \ | ||
comment="allow already established connections" | |||
add chain=forward connection-state=related action=accept \ | add chain=forward connection-state=related action=accept \ | ||
comment="allow related connections" | |||
</pre> | </pre> | ||
Revision as of 11:06, 12 October 2012
Summary
RouterOS Version 6 introduced new tool "traffic generator", which allows to perform performance testing without expensive testing hardware. Traffic is generated from one more router in the network.
This article shows necessary configuration and hardware to perform the same tests published in www.routerboard.com.
RB1100AHx2 Test setup
First step is to choose which ports we will be using for testing.
If we look at the diagram how ports are connected to CPU, fastest combinations are:
- port from switch1 to port form switch chip2,
- ether11 to switch chip,
- ether12/13 to switch chip or to ether11.
To get the maximum out of RB1100AHx2 we will be running 6 streams in total:
- from ether1 to ether6
- from ether1 to ether11
- from ether6 to ether1
- from ether6 to ether11
- from ether11 to ether6
- from ether11 to ether1
In our test environment one RB1100AHx2 will be device under test (DUT) and other RB1100AHx2 will be Traffic generator device.
Connecting the routers
Connect cables like this: ether1 to ether1, ether6 to ether6, ether11 to ether11 and proceed with software configuration. Either it will be routing (layer3) testing or bridging (layer2) testing.
Routing Performance Testing
DUT Config
/ip address add address=1.1.1.254/24 interface=ether1 network=1.1.1.0 add address=2.2.2.254/24 interface=ether6 network=2.2.2.0 add address=3.3.3.254/24 interface=ether11 network=3.3.3.0
Traffic Generator Config
/ip address add address=1.1.1.1/24 interface=ether1 network=1.1.1.0 add address=2.2.2.2/24 interface=ether6 network=2.2.2.0 add address=3.3.3.3/24 interface=ether11 network=3.3.3.0 /tool traffic-generator packet-template add name=r12 header-stack=mac,ip,udp ip-gateway=1.1.1.254 ip-dst=2.2.2.2 add name=r13 header-stack=mac,ip,udp ip-gateway=1.1.1.254 ip-dst=3.3.3.3 add name=r21 header-stack=mac,ip,udp ip-gateway=2.2.2.254 ip-dst=1.1.1.1 add name=r23 header-stack=mac,ip,udp ip-gateway=2.2.2.254 ip-dst=3.3.3.3 add name=r32 header-stack=mac,ip,udp ip-gateway=3.3.3.254 ip-dst=2.2.2.2 add name=r31 header-stack=mac,ip,udp ip-gateway=3.3.3.254 ip-dst=1.1.1.1
Note: To force MAC address re-discovery (on device/configuration change, just apply emply "set" command to necessary packet-templates)
Running Tests
/tool traffic-generator quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=60 mbps=300
We are specifying 60byte packet in traffic generator to get 64 byte packet on ethernet.
[admin@TrafficGen] > /tool traffic-gen quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=60 mbps=120
24 0 185 422 91.9Mbps 185 190 88.8Mbps 232 3.0Mbps 16us 24 1 213 397 105.8Mbps 212 747 102.1Mbps 650 3.7Mbps 10.6us 24 2 186 245 92.3Mbps 186 185 89.3Mbps 60 3.0Mbps 16.4us 24 3 213 685 105.9Mbps 212 961 102.2Mbps 724 3.7Mbps 10.8us 24 4 249 142 119.5Mbps 180 400 86.5Mbps 68 742 32.9Mbps 13.2us 24 5 249 141 119.5Mbps 193 158 92.7Mbps 55 983 26.8Mbps 11.1us 24 TOT 1 297 032 635.3Mbps 1 170 641 561.9Mbps 126 391 73.4Mbps 10.6us
You can also check in the DUT if forwarding is actually happening:
[admin@DUT] > /interface monitor-traffic aggregate,ether1,ether6,ether11 name: ether1 ether6 ether11 rx-packets-per-second: 1 235 620 481 094 487 045 267 469 rx-drops-per-second: 0 0 0 0 rx-errors-per-second: 0 0 0 0 rx-bits-per-second: 593.0Mbps 230.9Mbps 233.7Mbps 128.3Mbps tx-packets-per-second: 1 233 862 360 750 360 402 512 692 tx-drops-per-second: 0 0 0 0 tx-errors-per-second: 0 0 0 0 tx-bits-per-second: 603.9Mbps 178.9Mbps 178.7Mbps 246.0Mbps
After running the test you can see that total throughput of 64byte packets are 1 170 641pps which is a lot faster than shown in routerboard.com results.
This is because by default fast-path mode is enabled.
Lets enable connection tracking on DUT:
/ip firewall connection tracking set enabled=yes
And run the test again. As you can see now it is close to advertised pps rate.
46 0 249 793 123.8Mbps 127 410 61.1Mbps 122 383 62.7Mbps 3.22ms 46 1 249 791 123.8Mbps 87 232 41.8Mbps 162 559 82.0Mbps 5.2ms 46 2 249 792 123.8Mbps 127 424 61.1Mbps 122 368 62.7Mbps 3.15ms 46 3 249 792 123.8Mbps 87 219 41.8Mbps 162 573 82.0Mbps 5.18ms 46 4 249 792 119.9Mbps 40 492 19.4Mbps 209 300 100.4Mbps 5.54ms 46 5 249 791 119.8Mbps 46 736 22.4Mbps 203 055 97.4Mbps 5.41ms 46 TOT 1 498 751 735.3Mbps 516 513 247.9Mbps 982 238 487.4Mbps 3.15ms
We can now add more firewall rules, queues and any other configuration and see how much router can actually handle.
Lets add some firewall rules
We will take the customer protection rules from the manual
Start by adding default rules that should present on any firewall:
/ip firewall filter add chain=forward protocol=tcp connection-state=invalid \ action=drop comment="drop invalid connections" add chain=forward connection-state=established action=accept \ comment="allow already established connections" add chain=forward connection-state=related action=accept \ comment="allow related connections"
We get approximately 40Mbps less
TOT TOT 13 926 377 1138.0... 2 586 802 206.9Mbps 11 339 575 215.3Mbps 41.6us
Now add more rules from the manual to see how count of firewall rules influence performance of the board
/ip firewall filter add chain=forward protocol=icmp action=jump jump-target=icmp add chain=icmp protocol=icmp icmp-options=0:0 action=accept \ comment="echo reply" add chain=icmp protocol=icmp icmp-options=3:0 action=accept \ comment="net unreachable" add chain=icmp protocol=icmp icmp-options=3:1 action=accept \ comment="host unreachable" add chain=icmp protocol=icmp icmp-options=3:4 action=accept \ comment="host unreachable fragmentation required" add chain=icmp protocol=icmp icmp-options=4:0 action=accept \ comment="allow source quench" add chain=icmp protocol=icmp icmp-options=8:0 action=accept \ comment="allow echo request" add chain=icmp protocol=icmp icmp-options=11:0 action=accept \ comment="allow time exceed" add chain=icmp protocol=icmp icmp-options=12:0 action=accept \ comment="allow parameter bad" add chain=icmp action=drop comment="deny all other types"
TOT TOT 16 309 055 1142.4... 2 978 839 204.2Mbps 13 330 216 324.5Mbps 53.3us
There are almost no performance changes.
You can add further any amount of rules and see that there are minimum influence on performance of the router.
Perform the same test with different packet sizes:
/tool traffic-generator quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=508 mbps=500 /tool traffic-generator quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=1514 mbps=500
Note: mind that speed in quick mode is specified per stream, so if you have two streams per port, you need to send 1/2 of traffic per stream
Bridging Performance Testing
DUT Config
/interface bridge add /interface bridge port add bridge=bridge1 interface=ether1 add bridge=bridge1 interface=ether6 add bridge=bridge1 interface=ether11
Traffic Generator Config
/ip address add address=1.1.1.1/24 interface=ether1 network=1.1.1.0 add address=2.2.2.2/24 interface=ether6 network=2.2.2.0 add address=3.3.3.3/24 interface=ether11 network=3.3.3.0 /tool traffic-generator packet-template add header-stack=mac,ip,udp ip-src=1.1.1.1/32 ip-dst=2.2.2.2/32 name=b12 add header-stack=mac,ip,udp ip-src=1.1.1.1/32 ip-dst=3.3.3.3/32 name=b13 add header-stack=mac,ip,udp ip-src=2.2.2.2/32 ip-dst=1.1.1.1/32 name=b21 add header-stack=mac,ip,udp ip-src=2.2.2.2/32 ip-dst=3.3.3.3/32 name=b23 add header-stack=mac,ip,udp ip-src=3.3.3.3/32 ip-dst=1.1.1.1/32 name=b31 add header-stack=mac,ip,udp ip-src=3.3.3.3/32 ip-dst=2.2.2.2/32 name=b32
Running Tests
/tool traffic-generator quick tx-template=b12,b13,b21,b23,b31,b32 packet-size=60 mbps=200 /tool traffic-generator quick tx-template=b12,b13,b21,b23,b31,b32 packet-size=508 mbps=500 /tool traffic-generator quick tx-template=b12,b13,b21,b23,b31,b32 packet-size=1514 mbps=500