Internet-DraftInternet Engineering Task Force (IETF) V. BhuvaneswaranVengainathan Network Working Group AntonRequest for Comments: 8456 A. BasilIntended Status:Category: Informational Veryx TechnologiesExpires: November 25, 2018 MarkISSN: 2070-1721 M. TassinariHewlett-Packard VishwasHewlett Packard Enterprise V. ManralNano Sec SarahNanoSec S. Banks VSS MonitoringMay 25,October 2018 Benchmarking Methodology forSDNSoftware-Defined Networking (SDN) Controller Performancedraft-ietf-bmwg-sdn-controller-benchmark-meth-09Abstract This document defines methodologies for benchmarkingcontrolthe control- plane performance of Software-Defined Networking (SDN) Controllers. The SDNcontrollers. SDN controllerController is a core component insoftware-defined networkingthe SDN architecture that controls thenetwork behavior.behavior of the network. SDNcontrollersControllers have been implemented with many varying designs in order to achieve their intended network functionality. Hence, the authors of this document have taken the approach of considering an SDNcontroller asController to be a black box, defining the methodology in a manner that is agnostic to protocols and network services supported by controllers.The intent of thisThis documentis to provideprovides a methodto measurefor measuring the performance of all controller implementations. Status ofthisThis Memo ThisInternet-Draftdocument issubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsnot an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are amaximumcandidate for any level ofsix monthsInternet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress. This Internet-Draft will expire on November 25, 2018.https://www.rfc-editor.org/info/rfc8456. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents(http://trustee.ietf.org/license-info)(https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1.Introduction...................................................4Introduction ....................................................4 1.1. Conventions Used in This Document ..........................4 2.Scope..........................................................4Scope ...........................................................4 3. TestSetup.....................................................4Setup ......................................................4 3.1. TestsetupSetup - ControllerworkingOperating in StandaloneMode........5Mode .......5 3.2. TestsetupSetup - ControllerworkingOperating in ClusterMode...........6Mode ..........6 4. TestConsiderations............................................7Considerations .............................................7 4.1. NetworkTopology..........................................7Topology ...........................................7 4.2. TestTraffic..............................................7Traffic ...............................................7 4.3. Test EmulatorRequirements................................7Requirements .................................7 4.4. ConnectionSetup..........................................7Setup ...........................................8 4.5. Measurement Point Specification andRecommendation........8Recommendation .........9 4.6. ConnectivityRecommendation...............................8Recommendation ................................9 4.7. TestRepeatability........................................8Repeatability .........................................9 4.8. TestReporting............................................8Reporting .............................................9 5. BenchmarkingTests.............................................9Tests .............................................11 5.1.Performance...............................................9Performance ...............................................11 5.1.1. Network Topology DiscoveryTime......................9Time ....................11 5.1.2. Asynchronous Message ProcessingTime................11Time ...............13 5.1.3. Asynchronous Message ProcessingRate................12Rate ...............14 5.1.4. Reactive Path ProvisioningTime.....................15Time ....................17 5.1.5. Proactive Path ProvisioningTime....................16Time ...................19 5.1.6. Reactive Path ProvisioningRate.....................18Rate ....................21 5.1.7. Proactive Path ProvisioningRate....................19Rate ...................23 5.1.8. Network Topology Change DetectionTime..............21Time .............25 5.2.Scalability..............................................22Scalability ...............................................26 5.2.1. ControlSession Capacity............................22Sessions Capacity ..........................26 5.2.2. Network DiscoverySize..............................23Size .............................27 5.2.3. Forwarding TableCapacity...........................24Capacity ..........................29 5.3.Security.................................................26Security ..................................................31 5.3.1. ExceptionHandling..................................26Handling .................................31 5.3.2.Denial of Service Handling..........................27Handling Denial-of-Service Attacks .................32 5.4.Reliability..............................................29Reliability ...............................................34 5.4.1. Controller FailoverTime............................29Time ...........................34 5.4.2. NetworkRe-Provisioning Time........................30Re-provisioning Time .......................36 6.References....................................................32 6.1. Normative References.....................................32 6.2. Informative References...................................32 7.IANAConsiderations...........................................32 8.Considerations ............................................37 7. SecurityConsiderations.......................................32 9. Acknowledgments...............................................33Considerations ........................................38 8. References .....................................................38 8.1. Normative References ......................................38 8.2. Informative References ....................................38 AppendixAA. Benchmarking MethodologyusingUsing OpenFlowControllers..34Controllers ...39 A.1. ProtocolOverview........................................34Overview ..........................................39 A.2. MessagesOverview........................................34Overview ..........................................39 A.3. ConnectionOverview......................................34Overview ........................................39 A.4. Performance BenchmarkingTests...........................35Tests .............................40 A.4.1. Network Topology DiscoveryTime.....................35Time ........................40 A.4.2. Asynchronous Message ProcessingTime................36Time ...................42 A.4.3. Asynchronous Message ProcessingRate................37Rate ...................43 A.4.4. Reactive Path ProvisioningTime.....................38Time ........................44 A.4.5. Proactive Path ProvisioningTime....................39Time .......................46 A.4.6. Reactive Path ProvisioningRate.....................40Rate ........................47 A.4.7. Proactive Path ProvisioningRate....................41Rate .......................49 A.4.8. Network Topology Change DetectionTime..............42Time .................50 A.5.Scalability..............................................43Scalability ................................................51 A.5.1. Control SessionsCapacity...........................43Capacity ..............................51 A.5.2. Network DiscoverySize..............................43Size .................................52 A.5.3. Forwarding TableCapacity...........................44Capacity ..............................54 A.6.Security.................................................46Security ...................................................55 A.6.1. ExceptionHandling..................................46Handling .....................................55 A.6.2.Denial of Service Handling..........................47Handling Denial-of-Service Attacks .....................57 A.7.Reliability..............................................49Reliability ................................................59 A.7.1. Controller FailoverTime............................49Time ...............................59 A.7.2. NetworkRe-Provisioning Time........................50Re-provisioning Time ...........................61 Acknowledgments ...................................................63 Authors'Addresses...............................................53Addresses ................................................64 1. Introduction This document provides generic methodologies for benchmarkingSDN controllerSoftware-Defined Networking (SDN) Controller performance.AnTo achieve the desired functionality, an SDNcontrollerController may support many northbound and southbound protocols, implement a wide range of applications, and worksolely,either alone or as part of agroup to achieve the desired functionality.group. This document considers an SDNcontroller asController to be a black box, regardless of design and implementation. The tests defined inthethis document can be used to benchmark an SDNcontrollerController for performance, scalability,reliabilityreliability, andsecurity independentsecurity, independently of northbound and southbound protocols. Terminology related to benchmarking SDNcontrollersControllers is described in the companion terminology document[I-D.sdn-controller-benchmark-term].[RFC8455]. These tests can be performed on an SDNcontrollerController running as a virtual machine (VM) instance or on a bare metal server. This document is intended for those who want to measurethean SDNcontrollerController's performance as well as compare the performance of various SDNcontrollers performance.Controllers. 1.1. ConventionsusedUsed inthis documentThis Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Scope This document defines a methodologyto measurefor measuring the networking metrics of SDNcontrollers.Controllers. For the purpose of this memo, the SDNcontrollerController is a function that manages and controls Network Devices. Any SDNcontrollerController without a control capability is out of scope for this memo. The tests defined in this document enable the benchmarking of SDN Controllers in twoways; as aways: standalonecontrollermode (a standalone controller) andas acluster mode (a cluster of homogeneouscontrollers.controllers). These tests are recommended for execution in lab environments rather than in live network deployments. Performance benchmarking of a federation ofcontrollers,controllers (i.e., a set of SDNcontrollersControllers) managing different domains, is beyond the scope of this document. 3. Test SetupTheAs noted above, the tests defined in this document enable the measurement of an SDNcontroller'sController's performance in standalone mode and cluster mode. This section defines common reference topologies that arelaterreferred to in individualtests.tests described later in this document. 3.1. TestsetupSetup - ControllerworkingOperating in Standalone Mode +-----------------------------------------------------------+ |Application PlaneApplication-Plane Test Emulator | | | | +-----------------+ +-------------+ | | | Application | | Service | | | +-----------------+ +-------------+ | | | +-----------------------------+(I2)-------------------------+ | | (Northboundinterfaces)Interface) +-------------------------------+ | +----------------+ | | | SDN Controller | | | +----------------+ | | | | Device Under Test (DUT) | +-------------------------------+ | (Southboundinterfaces)Interface) | +-----------------------------+(I1)-------------------------+ | | | +-----------++-----------++-------------+ | | | Network | | Network | | | | Device 2 |--..-| Devicen-1|n - 1| | | +-----------++-----------++-------------+ | | / \ / \ | | / \ / \ | | l0 / X \ ln | | / / \ \ | | +-----------+ +-----------+ | | | Network | | Network | | | | Device 1 |..| Device n | | | +-----------+ +-----------+ | | | | | | +---------------+ +---------------+ | | | Test Traffic | | Test Traffic | | | | Generator | | Generator | | | | (TP1) | | (TP2) | | | +---------------+ +---------------+ | | | |Forwarding PlaneForwarding-Plane Test Emulator | +-----------------------------------------------------------+ Figure 1 3.2. TestsetupSetup - ControllerworkingOperating in Cluster Mode +-----------------------------------------------------------+ |Application PlaneApplication-Plane Test Emulator | | | | +-----------------+ +-------------+ | | | Application | | Service | | | +-----------------+ +-------------+ | | | +-----------------------------+(I2)-------------------------+ | | (Northboundinterfaces)Interface) +---------------------------------------------------------+ | | |------------------ ------------------+------------------+ +------------------+ | | | SDN Controller 1 | <--E/W--> | SDN Controller n | | |------------------ ------------------+------------------+ +------------------+ | | | | Device Under Test (DUT) | +---------------------------------------------------------+ | (Southboundinterfaces)Interface) | +-----------------------------+(I1)-------------------------+ | | | +-----------++-----------++-------------+ | | | Network | | Network | | | | Device 2 |--..-| Devicen-1|n - 1| | | +-----------++-----------++-------------+ | | / \ / \ | | / \ / \ | | l0 / X \ ln | | / / \ \ | | +-----------+ +-----------+ | | | Network | | Network | | | | Device 1 |..| Device n | | | +-----------+ +-----------+ | | | | | | +---------------+ +---------------+ | | | Test Traffic | | Test Traffic | | | | Generator | | Generator | | | | (TP1) | | (TP2) | | | +---------------+ +---------------+ | | | |Forwarding PlaneForwarding-Plane Test Emulator | +-----------------------------------------------------------+ Figure 2 4. Test Considerations 4.1. Network Topology The test cases SHOULD use Leaf-Spine topology with at least2two Network Devices in the topology for benchmarking.The testTest traffic generators TP1 and TP2 SHOULD be connected to the leaf Network Device 1 and the leaf Network Device n. To achieve a complete performance characterization of the SDNcontroller,Controller, it is recommended that the controller be benchmarked for many network topologies and a varying number of Network Devices. Further, care should be taken to make sure that aloop preventionloop-prevention mechanism is enabledeitherin either the SDNcontroller,Controller orinthe network when the topology contains redundant network paths. 4.2. Test Traffic Test traffic is used to notify the controller about the asynchronous arrival of new flows. The test cases SHOULD use frame sizes of 128,512512, and 1508 bytes for benchmarking. Tests using jumbo frames are optional. 4.3. Test Emulator Requirements TheTest Emulatortest emulator SHOULDtime stamptimestamp the transmitted and received control messages to/from the controller on the established network connections. The test cases use these values to compute the controller processing time. 4.4. Connection Setup There may be controller implementations that support unencrypted and encrypted network connections with Network Devices. Further, the controller mayhavebe backwardcompatibilitycompatible with Network Devices running older versions of southbound protocols. It may be useful to measure thecontrollercontroller's performance with one or more applicable connection setup methods defined below. For cases with encrypted communications between the controller and the switch, key management and key exchange MUST take place before any performance or benchmark measurements. 1. Unencrypted connection with Network Devices, running the same protocol version. 2. Unencrypted connection with Network Devices, running different protocol versions.Example:Examples: a. Controller running current protocol version and switch running older protocolversionversion. b. Controller running older protocol version and switch running current protocolversionversion. 3. Encrypted connection with Network Devices, running the same protocolversionversion. 4. Encrypted connection with Network Devices, running different protocol versions.Example:Examples: a. Controller running current protocol version and switch running older protocolversionversion. b. Controller running older protocol version and switch running current protocolversionversion. 4.5. Measurement Point Specification and Recommendation Themeasurementaccuracy of the measurements depends on severalfactorsfactors, including the point of observation where the indications are captured. For example, the notification can be observed at the controller or test emulator. The test operator SHOULD make theobservations/ measurementsobservations/measurements at the interfaces of the testemulatoremulator, unlessit isexplicitlymentionedspecified otherwise in the individual test. In any case, the locations of measurement points MUST be reported. 4.6. Connectivity Recommendation The SDNcontrollerController in the test setup SHOULD be connected directly with theforwardingforwarding-plane andthe management planemanagement-plane test emulators to avoid any delays or failure introduced by the intermediate devices during benchmarking tests. When the controller is implemented as a virtual machine, details of the physical and logical connectivity MUST be reported. 4.7. Test Repeatability To increasetheconfidence in the measuredresult,results, it is recommended that each testRECOMMENDEDSHOULD be repeated a minimum of 10 times. 4.8. Test Reporting Each test has a reporting format that contains some global and identical reporting components, and some individual components that are specific to individual tests. The following parameters for test configurationparametersand controller settingsparametersMUST be reflected in the test report. Test Configuration Parameters: 1. Controller name and version 2. Northbound protocols and versions 3. Southbound protocols and versions 4. Controller redundancy mode(Standalone(standalone orCluster Mode)cluster mode) 5. Connection setup(Unencrypted(unencrypted orEncrypted)encrypted) 6. Network DeviceType (Physical or Virtualtype (physical, virtual, orEmulated)emulated) 7. Number ofNodesnodes 8. Number ofLinkslinks 9.Dataplane Test Traffic TypeData-plane test traffic type 10. ControllerSystem Configurationsystem configuration (e.g.,Physicalphysical orVirtual Machine,virtual machine, CPU,Memory, Caches, Operating System, Interface Speed, Storage)memory, caches, operating system, interface speed, storage) 11. ReferenceTest Setuptest setup (e.g., the setup shown in Section3.1 etc.,)3.1) Parameters for ControllerSettings Parameters:Settings: 1. Topologyre-discoveryrediscovery timeout 2. Controller redundancy mode (e.g.,active-standby etc.,)active-standby) 3. Controller state persistence enabled/disabled To ensure the repeatability of the test, the following capabilities of the test emulator SHOULD bereportedreported: 1. Maximum number of Network Devices that the forwarding plane emulates 2. Control message processing time (e.g.,Topology Discovery Messages)topology discovery messages) One way to determine the above two valuesareis to simulate the required control sessions and messages from the control plane. 5. Benchmarking Tests 5.1. Performance 5.1.1. Network Topology Discovery Time Objective:TheMeasure the time taken by the controller(s) to determine the complete network topology, defined as the interval starting with the first discovery message from the controller(s) at itsSouthbound interface,southbound interface and ending with all features of the static topology determined. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. The controller MUST support network discovery. 2.TesterThe tester should be able to retrieve the discovered topology informationeitherthrough either the controller's managementinterface,interface or northbound interface to determine if the discovery was successful and complete. 3. Ensure that the controller's topologyre-discoveryrediscovery timeout has been set to the maximumvaluevalue, to avoid initiation ofre-discoverythe rediscovery process in the middle of the test. Procedure: 1. Ensure that the controller isoperational,operational and that its network applications, northbound interface, and southboundinterfacesinterface are up and running. 2. Establish the network connections between the controller and the Network Devices. 3. Record the time for the first discovery message (Tm1) received from the controller atforwarding planethe forwarding-plane test emulator interfaceI1.(I1). 4. Query the controller every t seconds(RECOMMENDED(the RECOMMENDED value for t is 3) to obtain the discovered network topology information through the northbound interface or the managementinterfaceinterface, and compare it with the deployed network topology information. 5. Stop the trial when the discovered topology information matches the deployed networktopology,topology or when the discovered topology informationreturnreturns the same details for3three consecutive queries. 6. Record the time for the last discovery message (Tmn) sent to the controller from theforwarding planeforwarding-plane test emulator interface (I1) when the trialcompleted successfully.completes successfully (e.g., when the topology matches).Measurement:Measurements: Topology Discovery TimeTr1(DT1) =Tmn-Tm1. Tr1Tmn - Tm1 DT1 +Tr2DT2 +Tr3DT3 ..TrnDTn Average Topology Discovery Time (TDm) = ----------------------- Total TrialsSUM[SQUAREOF(Tri-TDm)]SUM[SQUAREOF(DTi - TDm)] Topology Discovery Time Variance (TDv)----------------------= ------------------------ Total Trials-1- 1 Reporting Format: The Topology Discovery Time results MUST be reported inthe format of a table,tabular format, with a row for each successful iteration. The last row of the table indicates the Topology Discovery Timevariancevariance, and the previous row indicates theaverageAverage Topology Discovery Time. If this test is repeated with a varying number of nodes over the same topology, the results SHOULD be reported in the form of a graph. The X coordinate SHOULD be theNumbernumber of nodes (N), and the Y coordinate SHOULD be theaverageAverage Topology Discovery Time. 5.1.2. Asynchronous Message Processing Time Objective:TheMeasure the time taken by the controller(s) to process an asynchronous message, defined as the interval starting with an asynchronous message from anetwork deviceNetwork Device after the discovery of all the devices by thecontroller(s),controller(s) and ending with a response message from the controller(s) at itsSouthboundsouthbound interface. Reference Test Setup: This test SHOULD use one of the testsetup describedsetups illustrated insectionSection 3.1 orsectionSection 3.2 of this document. Prerequisite:1.The controller MUST have successfully completed the network topology discovery for the connected Network Devices. Procedure: 1. Generate asynchronous messages from every connected NetworkDevice,Device to the SDNcontroller,Controller, one at a time in series from theforwarding planeforwarding-plane test emulator for thetrial duration.Trial Duration. 2. Record every request transmit time (T1) and the corresponding response received time (R1) at theforwarding planeforwarding-plane test emulator interface (I1) for every successful message exchange.Measurement: SUM{Ri} - SUM{Ti}Measurements: Asynchronous Message Processing TimeTr1(APT1) = SUM{Ri} - SUM{Ti} ----------------------- Nrx Where Nrx is the total number of successful messagesexchanged Tr1 + Tr2 + Tr3..Trnexchanged. Average Asynchronous Message Processing Time =--------------------APT1 + APT2 + APT3 .. APTn -------------------------- Total Trials Asynchronous Message Processing Time Variance (TAMv) =SUM[SQUAREOF(Tri-TAMm)] ----------------------SUM[SQUAREOF(APTi - TAMm)] -------------------------- Total Trials-1- 1 Where TAMm is the Average Asynchronous Message Processing Time. Reporting Format: The Asynchronous Message Processing Time results MUST be reported inthe format of a tabletabular format, with a row for each iteration. The last row of the table indicates the Asynchronous Message Processing Timevariancevariance, and the previous row indicates theaverageAverage Asynchronous Message Processing Time. The report SHOULD capture the followinginformationinformation, in addition to the configuration parameters capturedin section 4.8.per Section 4.8: - Successful messages exchanged (Nrx) - Percentage of unsuccessful messages exchanged, computed using the formula(1((1 - Nrx/Ntx) * 100),Wherewhere Ntx is the total number of messages transmitted to thecontroller.controller If this test is repeated with a varying number of nodes with the same topology, the results SHOULD be reported in the form of a graph. The X coordinate SHOULD be theNumbernumber of nodes (N), and the Y coordinate SHOULD be theaverageAverage Asynchronous Message Processing Time. 5.1.3. Asynchronous Message Processing Rate Objective: Measure the number of responses to asynchronous messages(such as(a new flow arrival notification message, link down, etc.) for which the controller(s) performed processing and replied with a valid and productive (non-trivial) responsemessage Thismessage. Using a single procedure, this test will measure the following two benchmarks on the Asynchronous Message Processing Rateusing a single procedure. The two benchmarks are(seesectionSection 2.3.1.3 of[I-D.sdn-controller-benchmark-term]):[RFC8455]): 1.Loss-freeMaximum Asynchronous Message Processing Rate 2.MaximumLoss-Free Asynchronous Message Processing RateHereHere, two benchmarks are determined through a series of trials where the number of messagesaresent to thecontroller(s),controller(s) and the responses received from the controller(s) are counted over thetrial duration.Trial Duration. The message response rate and themessage loss ratioMessage Loss Ratio are calculated for each trial. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. The controller(s) MUST have successfully completed the network topology discovery for the connected Network Devices. 2. Choose and record the Trial Duration (Td), the sending ratestep- size (STEP),STEP size, the tolerance on equality for two consecutive trials(P%),and(P%), and the maximum possiblemessage sendingmessage-sending rate (Ntx1/Td). Procedure: 1. Generate asynchronous messages continuously at the maximum possible rate on the established connections from all the emulated/simulated Network Devices for the giventrialTrial Duration (Td). 2. Record the total number of responses received (Nrx1) from the controller(Nrx1)as well as the number of messages sent (Ntx1) to the controller within thetrial durationTrial Duration (Td). 3. Calculate the Asynchronous Message Processing Rate(Tr1)(APR1) and the Message Loss Ratio (Lr1). Ensure that the controller(s)havehas returned to normal operation. 4. Repeat the trial by reducing the asynchronousmessage sendingmessage-sending rate used in the last trial by the STEP size. 5. Continue repeating the trials and reducing the sending rate until both the maximum value of Nrxn (number of responses received from the controller) and the Nrxn corresponding to a Loss Ratio of zeroloss ratiohave been found. 6. The trials corresponding to the benchmark levels MUST be repeated using the same asynchronous message rates until the responses received from the controller are equal (+/-P%) for two consecutive trials. 7. Record the number of responses received (Nrxn) from the controller(Nrxn)as well as the number of messages sent (Ntxn) to the controller in the last trial.Measurement:Measurements: Nrxn Asynchronous Message Processing RateTrn(APRn) = ----- Td Maximum Asynchronous Message Processing Rate =MAX(Trn)MAX(APRn) for all n Nrxn Asynchronous Message Loss RatioLrn(Lrn) = 1 - ----- NtxnLoss-freeLoss-Free Asynchronous Message Processing Rate =MAX(Trn)MAX(APRn) givenLrn=0Lrn = 0 Reporting Format: The Asynchronous Message Processing Rate results MUST be reported inthe format of a tabletabular format, with a row for each trial. The table should report the followinginformationinformation, in addition to the configuration parameters capturedin sectionper Section 4.8, with columns: - Offered rate (Ntxn/Td) - Asynchronous Message Processing Rate(Trn)(APRn) - Loss Ratio (Lr) - Benchmark at this iteration (blank for none,Maximum, Loss-Free)Maximum Asynchronous Message Processing Rate, Loss-Free Asynchronous Message Processing Rate) The results MAY be presented in the form of a graph. The X axis SHOULD be theOfferedoffered rate, and dual Y axes would represent the Asynchronous Message Processing Rate and the Loss Ratio, respectively. If this test is repeated with a varying number of nodes over the same topology, the results SHOULD be reported in the form of a graph. The X axis SHOULD be theNumbernumber of nodes (N), and the Y axis SHOULD be the Asynchronous Message Processing Rate. Both the Maximum Asynchronous Message Processing Rate and theLoss- Free RatesLoss-Free Asynchronous Message Processing Rate should be plotted for each N. 5.1.4. Reactive Path Provisioning Time Objective:TheMeasure the time taken by the controller tosetupset up a path reactively between source and destinationnode,nodes, defined as the interval starting with the first flow provisioning request message received by the controller(s) at itsSouthbound interface,southbound interface and ending with the last flow provisioning response message sent from the controller(s) at itsSouthboundsouthbound interface. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document. The number of Network Devices in the path is a parameter of the test that may be varied from2two to the maximum discovery size in repetitions of this test.Prerequisite:Prerequisites: 1. The controller MUST contain the network topology information for the deployed network topology. 2. The controller shouldhave the knowledge aboutknow the location of the destination endpoint for which the path has to be provisioned. This can be achieved through dynamic learning or static provisioning. 3. Ensure that the default action for'flow miss'"flow miss" in the Network Device is configured to'send"send tocontroller'.controller". 4. Ensure that each Network Device in a path requires the controller to make the forwarding decision while paving the entire path. Procedure: 1. Send a single traffic stream fromthetest traffic generator TP1 to test traffic generator TP2. 2. Record the time of the first flow provisioning request message sent to the controller (Tsf1) from the Network Device at theforwarding planeforwarding-plane test emulator interface (I1). 3. Wait for the arrival of the first traffic frame at theTraffic Endpoint TP2endpoint (i.e., test traffic generator TP2) or the expiry oftrial durationthe Trial Duration (Td). 4. Record the time of the last flow provisioning response message received from the controller (Tdf1) to the Network Device at theforwarding planeforwarding-plane test emulator interface (I1).Measurement:Measurements: Reactive Path Provisioning TimeTr1(RPT1) =Tdf1-Tsf1. Tr1 + Tr2 + Tr3 .. TrnTdf1 - Tsf1 Average Reactive Path Provisioning Time =-----------------------RPT1 + RPT2 + RPT3 .. RPTn -------------------------- Total TrialsSUM[SQUAREOF(Tri-TRPm)]Reactive Path Provisioning TimeVariance(TRPv) ---------------------Variance (TRPv) = SUM[SQUAREOF(RPTi - TRPm)] -------------------------- Total Trials-1- 1 Where TRPm is the Average Reactive Path Provisioning Time. Reporting Format: The Reactive Path Provisioning Time results MUST be reported inthe format of a tabletabular format, with a row for each iteration. The last row of the table indicates the Reactive Path Provisioning Timevariancevariance, and the previous row indicates the Average Reactive Path Provisioning Time. The report should capture the followinginformationinformation, in addition to the configuration parameters capturedin section 4.8.per Section 4.8: - Number of Network Devices in the path 5.1.5. Proactive Path Provisioning Time Objective:TheMeasure the time taken by the controller tosetupset up a path proactively between source and destinationnode,nodes, defined as the interval starting with the first proactive flow provisioned in the controller(s) at itsNorthbound interface,northbound interface and ending with the last flow provisioning response message sent from the controller(s) at itsSouthboundsouthbound interface. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. The controller MUST contain the network topology information for the deployed network topology. 2. The controller shouldhave the knowledge aboutknow the location of the destination endpoint for which the path has to be provisioned. This can be achieved through dynamic learning or static provisioning. 3. Ensure that the default action forflow miss"flow miss" in the Network Device is'drop'."drop". Procedure: 1. Send a single traffic stream from test traffic generator TP1 to test traffic generator TP2. 2. Install the flow entriesto reachso that the traffic travels from test traffic generator TP1to theuntil it reaches test traffic generator TP2 through the controller's northbound interface or management interface. 3. Wait for the arrival of the first traffic frame atthetest traffic generator TP2 or the expiry oftrial durationthe Trial Duration (Td). 4. Record the time when the proactive flow is provisioned in theControllercontroller (Tsf1) at themanagement planemanagement-plane test emulator interfaceI2.(I2). 5. Record the time of the last flow provisioning message received from the controller (Tdf1) at theforwarding planeforwarding-plane test emulator interfaceI1. Measurement:(I1). Measurements: Proactive Flow Provisioning TimeTr1(PPT1) =Tdf1-Tsf1. Tr1 + Tr2 + Tr3 .. TrnTdf1 - Tsf1 Average Proactive Path Provisioning Time =-----------------------PPT1 + PPT2 + PPT3 .. PPTn -------------------------- Total TrialsSUM[SQUAREOF(Tri-TPPm)]Proactive Path Provisioning TimeVariance(TPPv) --------------------Variance (TPPv) = SUM[SQUAREOF(PPTi - TPPm)] -------------------------- Total Trials-1- 1 Where TPPm is the Average Proactive Path Provisioning Time. Reporting Format: The Proactive Path Provisioning Time resultsMUST be reported in the format of a tableMUST be reported in tabular format, with a row for each iteration. The last row of the table indicates the Proactive Path Provisioning Timevariancevariance, and the previous row indicates the Average Proactive Path Provisioning Time. The report should capture the followinginformationinformation, in addition to the configuration parameters capturedin section 4.8.per Section 4.8: - Number of Network Devices in the path 5.1.6. Reactive Path Provisioning Rate Objective:TheMeasure the maximum number of independent paths a controller can concurrently establish per second between source and destination nodes reactively, defined as the number of paths provisioned per second by the controller(s) at itsSouthboundsouthbound interface for the flow provisioning requests received for path provisioning at itsSouthboundsouthbound interface between the start of the test and the expiry of the giventrial duration.Trial Duration. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. The controller MUST contain the network topology information for the deployed network topology. 2. The controller shouldhave the knowledge aboutknow the location of destination addresses for which the paths have to be provisioned. This can be achieved through dynamic learning or static provisioning. 3. Ensure that the default action for'flow miss'"flow miss" in the Network Device is configured to'send"send tocontroller'.controller". 4. Ensure that each Network Device in a path requires the controller to make the forwarding decision while provisioning the entire path. Procedure: 1. Send traffic with unique source and destination addresses from test traffic generator TP1. 2. Record the total number of unique traffic frames (Ndf) received atthetest traffic generator TP2 within thetrial durationTrial Duration (Td).Measurement:Measurements: Ndf Reactive Path Provisioning RateTr1(RPR1) = ------ TdTr1 + Tr2 + Tr3 .. TrnAverage Reactive Path Provisioning Rate =------------------------RPR1 + RPR2 + RPR3 .. RPRn -------------------------- Total TrialsSUM[SQUAREOF(Tri-RPPm)]Reactive Path Provisioning RateVariance(RPPv) --------------------Variance (RPPv) = SUM[SQUAREOF(RPRi - RPPm)] -------------------------- Total Trials-1- 1 Where RPPm is the Average Reactive Path Provisioning Rate. Reporting Format: The Reactive Path Provisioning Rate results MUST be reported inthe format of a tabletabular format, with a row for each iteration. The last row of the table indicates the Reactive Path Provisioning Ratevariancevariance, and the previous row indicates the Average Reactive Path Provisioning Rate. The report should capture the followinginformationinformation, in addition to the configuration parameters capturedin section 4.8.per Section 4.8: - Number of Network Devices in the path - Offered rate 5.1.7. Proactive Path Provisioning Rate Objective: Measure the maximum number of independent paths a controller can concurrently establish per second between source and destination nodes proactively, defined as the number of paths provisioned per second by the controller(s) at itsSouthboundsouthbound interface for the paths requested in itsNorthboundnorthbound interface between the start of the test and the expiry of the giventrial duration.Trial Duration. The measurement is based ondataplanedata-plane observations of successful pathactivationactivation. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. The controller MUST contain the network topology information for the deployed network topology. 2. The controller shouldhave the knowledge aboutknow the location of destination addresses for which the paths have to be provisioned. This can be achieved through dynamic learning or static provisioning. 3. Ensure that the default action forflow miss"flow miss" in the Network Device is'drop'."drop". Procedure: 1. Send traffic continuously with unique source and destination addresses from test traffic generator TP1. 2. Install corresponding flow entriesto reachso that the traffic travels from simulated sources atthetest traffic generator TP1tountil it reaches the simulated destinations at test traffic generator TP2 through the controller's northbound interface or management interface. 3. Record the total number of unique traffic frames (Ndf) receivedNdf)atthetest traffic generator TP2 within thetrial durationTrial Duration (Td).Measurement:Measurements: Ndf Proactive Path Provisioning RateTr1(PPR1) = ------ TdTr1 + Tr2 + Tr3 .. TrnAverage Proactive Path Provisioning Rate =-----------------------PPR1 + PPR2 + PPR3 .. PPRn -------------------------- Total TrialsSUM[SQUAREOF(Tri-PPPm)]Proactive Path Provisioning RateVariance(PPPv) --------------------Variance (PPPv) = SUM[SQUAREOF(PPRi - PPPm)] ------------------------- Total Trials-1- 1 Where PPPm is the Average Proactive Path Provisioning Rate. Reporting Format: The Proactive Path Provisioning Rate results MUST be reported inthe format of a tabletabular format, with a row for each iteration. The last row of the table indicates the Proactive Path Provisioning Ratevariancevariance, and the previous row indicates the Average Proactive Path Provisioning Rate. The report should capture the followinginformationinformation, in addition to the configuration parameters capturedin section 4.8.per Section 4.8: - Number of Network Devices in the path - Offered rate 5.1.8. Network Topology Change Detection Time Objective:TheMeasure the amount of timerequired fortaken by the controller to detect any changes in the network topology, defined as the interval starting with the notification message received by the controller(s) at itsSouthbound interface,southbound interface and ending with the first topology rediscoverymessagesmessage sent from the controller(s) at itsSouthboundsouthbound interface. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. The controller MUST have successfully discovered the network topology information for the deployed network topology. 2. The periodic network discovery operation should be configured to twice the TrialdurationDuration (Td) value. Procedure: 1. Trigger a topology change event by bringing down an active Network Device in the topology. 2. Record the time when the first topology change notification is sent to the controller (Tcn) at theforwarding planeforwarding-plane test emulator interface (I1). 3. Stop the trial when the controller sends the first topologyre- discoveryrediscovery message to the Network Device or the expiry oftrial durationthe Trial Duration (Td). 4. Record the time when the first topologyre-discoveryrediscovery message is received from the controller (Tcd) at theforwarding planeforwarding-plane test emulator interface(I1) Measurement:(I1). Measurements: Network Topology Change Detection TimeTr1(TDT1) =Tcd-Tcn. Tr1 + Tr2 + Tr3 .. TrnTcd - Tcn Average Network Topology Change Detection Time =------------------TDT1 + TDT2 + TDT3 .. TDTn -------------------------- Total Trials Network Topology Change Detection TimeVariance(NTDv)Variance (NTDv) =SUM[SQUAREOF(Tri-NTDm)] -----------------------SUM[SQUAREOF(TDTi - NTDm)] -------------------------- Total Trials-1- 1 Where NTDm is the Average Network Topology Change Detection Time. Reporting Format: The Network Topology Change Detection Time results MUST be reported inthe format of a tabletabular format, with a row for each iteration. The last row of the table indicates the Network Topology Change Detection Timevariancevariance, and the previous row indicates theaverageAverage Network Topology Change Detection Time. 5.2. Scalability 5.2.1. ControlSessionSessions Capacity Objective: Measure the maximum number of control sessions the controller can maintain, defined as the number of sessions that the controller can accept fromnetwork devices,Network Devices, starting with the first controlsession,session and ending with the last control session that the controller(s) accepts at itsSouthboundsouthbound interface. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document. Prerequisites: None Procedure: 1. Establish controlconnectionconnections with the controller from every Network Device emulated in theforwarding planeforwarding-plane test emulator. 2. Stop the trial when the controller starts dropping the control connections. 3. Record the number of successful connections established (CCn) with the controller(CCn)at theforwarding planeforwarding-plane test emulator. Measurement: Control Sessions Capacity =CCn.CCn Reporting Format: The ControlSessionSessions Capacity results MUST be reported in addition to the configuration parameters capturedin sectionper Section 4.8. 5.2.2. Network Discovery Size Objective: Measure the network size (number of nodes,linkslinks, and hosts) that a controller can discover, defined as the size of a network that the controller(s) can discover, startingfromwith a network topologygivenprovided by the user fordiscovery,discovery and ending with thetopologynumber of nodes, links, and hosts that the controller(s)couldwere able to successfully discover. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. The controller MUST support automatic network discovery. 2.TesterThe tester should be able to retrieve the discovered topology informationeitherthrough either the controller's management interface or northbound interface. Procedure: 1. Establish the network connections between the controller and the network nodes. 2. Query the controller every t seconds(RECOMMENDED(the RECOMMENDED value for t is 30) to obtain the discovered network topology information through the northbound interface or the management interface. 3. Stop the trial when the discovered network topology information remains the same as that of the last two query responses. 4. Compare the obtained network topology information with the deployed network topology information. 5. If the comparison is successful, increase the number of nodes by 1 and repeat the trial. If the comparison is unsuccessful, decrease the number of nodes by 1 and repeat the trial. 6. Continue the trial until the comparisonof step 5(step 5) is successful. 7. Record the number of nodes for the last trial run (Ns) where the topology comparison was successful. Measurement: Network Discovery Size =Ns.Ns Reporting Format: The Network Discovery Size results MUST be reported in addition to the configuration parameters capturedin sectionper Section 4.8. 5.2.3. Forwarding Table Capacity Objective: Measure the maximum number of flow entries a controller can manage in its Forwardingtable.Table. Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. Thecontrollercontroller's ForwardingtableTable should be empty. 2.Flow Idle time"Flow idle time" MUST be set to a higher or infinite value. 3. The controller MUST have successfully completed network topology discovery. 4.TesterThe tester should be able to retrieve theforwarding tableForwarding Table informationeitherthrough either the controller's management interface or northbound interface.Procedure:Procedures: o Reactive Flow Provisioning Mode: 1. Sendbi-directionalbidirectional traffic continuously with unique source and destination addresses from test traffic generators TP1 and TP2 at theasynchronous message processing rateAsynchronous Message Processing Rate of the controller. 2. Query the controller at a regular interval (e.g., every 5 seconds) for the number of learned flow entries from its northbound interface. 3. Stop the trial when the retrieved value is constant for three consecutiveiterationsiterations, and record the value received from the last query (Nrp). o Proactive Flow Provisioning Mode: 1. Install unique flows continuously through the controller's northbound interface or management interface until a failure response is received from the controller. 2. Record the total number of successful responses (Nrp). Note: Some controller designs forproactive flow provisioningProactive Flow Provisioning mode may require the switch to send flow setup requests in order to generate flow setup responses. In such cases, it is recommended to generatebi-directionalbidirectional traffic for the provisioned flows.Measurement:Measurements: Proactive Flow Provisioning Mode: Max Flow Entries = Total number of flows provisioned (Nrp) Reactive Flow Provisioning Mode: Max Flow Entries = Total number of learned flow entries (Nrp) Forwarding Table Capacity = Max FlowEntries.Entries Reporting Format: The Forwarding Table Capacity results MUST be tabulated with the followinginformationinformation, in addition to the configuration parameters capturedin section 4.8.per Section 4.8: - Provisioning Type (Proactive/Reactive) 5.3. Security 5.3.1. Exception Handling Objective: Determine theeffecteffects of handling error packets and notifications on performance tests. The impact MUST be measured for the following performancetests a.tests: 1. Path Provisioning Rateb.2. Path Provisioning Timec.3. Network Topology Change Detection Time Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. This test MUST be performed after obtaining the baseline measurement results for theaboveperformancetests.tests listed above. 2. Ensure that the invalid messages are not dropped by the intermediate devices connecting the controller and Network Devices. Procedure: 1. Perform theabove listedabove-listed performanceteststests, and send 1% of the messages from the Asynchronous Message Processing Rate test (Section 5.1.3) as invalid messages from the connected Network Devices emulated at theforwarding planeforwarding-plane test emulator. 2. Perform theabove listedabove-listed performanceteststests, and send 2% of the messages from the Asynchronous Message Processing Rate test (Section 5.1.3) as invalid messages from the connected Network Devices emulated at theforwarding planeforwarding-plane test emulator. Note: Invalid messages can be frames with incorrect protocol fields or any form of failure notifications sent towards the controller.Measurement: MeasurementMeasurements: Measurements MUST be done as per the equation defined in the "Measurements" section of the correspondingperformancetestmeasurement section.listed under "Objective". Reporting Format: The Exception Handling results MUST be reported inthe format of tabletabular format, with a column for each of the below parameters and row for each of thelistedabove-listed performancetests.tests: - Without Exceptions - With 1% Exceptions - With 2% Exceptions 5.3.2.Denial of ServiceHandling Denial-of-Service Attacks Objective: Determine theeffecteffects of handling DoS attacks on performance and scalabilitytests thetests. The impact MUST be measured for the following tests:a.1. Path Provisioning Rateb.2. Path Provisioning Timec.3. Network Topology Change Detection Timed.4. Network Discovery Size Reference Test Setup:TheThis test SHOULD use one of the test setupsdescribedillustrated insectionSection 3.1 orsectionSection 3.2 of this document. Prerequisite: This test MUST be performed after obtaining the baseline measurement results for theabove tests.performance tests listed above. Procedure:1.Perform thelisted testsabove-listed tests, and launch a DoS attack towards the controller while the trial is running. Note: DoS attacks can be launched on one of the followinginterfaces. a.interfaces: 1. Northbound (e.g.,Queryquery for flow entries continuously on the northbound interface)b.2. Management (e.g., Ping requests to the controller's management interface)c.3. Southbound (e.g., TCP SYN messages on the southbound interface)Measurement: MeasurementMeasurements: Measurements MUST be done as per the equation defined in the "Measurements" section of the correspondingtest's measurement section.test listed under "Objective". Reporting Format: TheDoS Attacks Handlingresults regarding the handling of DoS attacks MUST be reported inthe format of tabletabular format, with a column for each of the below parameters and a row for each of thelistedabove-listed tests. - Without any attacks - With attacks The report should also specify the nature of the attack and theinterface.interface in question. 5.4. Reliability 5.4.1. Controller Failover Time Objective:TheMeasure the time taken to switch from an active controller to the backupcontroller,controller when the controllers work in redundancy mode and the active controller fails, defined as the interval startingwithwhen the active controllerbringing down,is brought down and ending with the firstre-discoveryrediscovery message received from the new controller at itsSouthboundsouthbound interface. Reference Test Setup:TheThis test SHOULD use the test setupdescribedillustrated insectionSection 3.2 of this document.Prerequisite:Prerequisites: 1. Master controller election MUST be completed. 2. Nodes are connected to the controller clusterasper theRedundancy Mode (RM).implemented redundancy mode (e.g., active-standby). 3. The controller cluster should have successfully completed the network topology discovery. 4. The Network Device MUST send all new flows to the controller when it receives them from the test traffic generator. 5.ControllerThe controller should have learned the location of the destination (D1) at test traffic generator TP2. Procedure: 1. Senduni-directionalunidirectional traffic continuously with incremental sequencenumbernumbers and source addresses from test traffic generator TP1 at the ratethatat which the controllerprocessescan process the traffic without any drops. 2. Ensure that there are no packet drops observed at test traffic generator TP2. 3. Bring down the active controller. 4. Stop the trial whenathe first framereceived on TP2after the failoveroperation.operation is received on test traffic generator TP2. 5. Record the time at which the last valid frame was received (T1) at test traffic generator TP2 before the sequence error and the time at which the first valid frame was received (T2) after the sequence error atTP2 Measurement:test traffic generator TP2. Measurements: Controller Failover Time = (T2 - T1) Packet Loss = Number of missing packetsequences.sequences Reporting Format: The Controller Failover Time results MUST be tabulated with the followinginformation.information: - Number of cluster nodes - Redundancy mode - Controller Failover Time - Packet Loss - Cluster keep-alive interval 5.4.2. NetworkRe-ProvisioningRe-provisioning Time Objective:TheMeasure the time takento re-route the trafficby theController,controller to reroute traffic when there is a failure in existing traffic paths, defined as the interval startingfromwith the first failure notification message received by thecontroller,controller and ending with the last flow re-provisioning message sent by the controller at itsSouthboundsouthbound interface. Reference Test Setup: This test SHOULD use one of the testsetup describedsetups illustrated insectionSection 3.1 orsectionSection 3.2 of this document.Prerequisite:Prerequisites: 1.NetworkA network withthe givena specified number of nodes and redundant paths MUST be deployed. 2.Ensure that theThe controller MUSThave knowledge aboutknow the location of test traffic generators TP1 and TP2. 3. Ensure that the controller does not pre-provision the alternate path in the emulated Network Devices at theforwarding planeforwarding-plane test emulator. Procedure: 1. Sendbi-directionalbidirectional traffic continuously with a unique sequence number from test traffic generators TP1 and TP2. 2. Bring down a link or switch in the traffic path. 3. Stop the trial after receiving the first frame after networkre- convergence.reconvergence. 4. Record the time of the last received frame prior to the frame loss at test traffic generator TP2 (TP2-Tlfr) and the time of the first frame received after the frame loss at test traffic generator TP2 (TP2-Tffr). There must be a gap in sequence numbers of theseframesframes. 5. Record the time of the last received frame prior to the frame loss at test traffic generator TP1 (TP1-Tlfr) and the time of the first frame received after the frame loss at test traffic generator TP1 (TP1-Tffr).Measurement:Measurements: Forward Direction PathRe-ProvisioningRe-provisioning Time (FDRT) = (TP2-Tffr - TP2-Tlfr) Reverse Direction PathRe-ProvisioningRe-provisioning Time (RDRT) = (TP1-Tffr - TP1-Tlfr) NetworkRe-ProvisioningRe-provisioning Time =(FDRT+RDRT)/2(FDRT + RDRT)/2 Forward Direction Packet Loss = Number of missing sequence frames at test traffic generator TP1 Reverse Direction Packet Loss = Number of missing sequence frames at test traffic generator TP2 Reporting Format: The NetworkRe-ProvisioningRe-provisioning Time results MUST be tabulated with the followinginformation.information: - Number of nodes in the primary path - Number of nodes in the alternate path - NetworkRe-ProvisioningRe-provisioning Time - Forward Direction Packet Loss - Reverse Direction Packet Loss 6.References 6.1. Normative References [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997. [RFC8174] B. Leiba, "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", RFC 8174, May 2017. [I-D.sdn-controller-benchmark-term] Bhuvaneswaran.V, Anton Basil, Mark.T, Vishwas Manral, Sarah Banks, "Terminology for Benchmarking SDN Controller Performance", draft-ietf-bmwg-sdn-controller-benchmark-term-10 (Work in progress), May 25, 2018 6.2. Informative References [OpenFlow Switch Specification] ONF,"OpenFlow Switch Specification" Version 1.4.0 (Wire Protocol 0x05), October 14, 2013. 7.IANA Considerations This documentdoes not have anyhas no IANArequests. 8.actions. 7. Security ConsiderationsBenchmarkingThe benchmarking tests described in this document are limited to the performance characterization of controllers in a lab environment with isolatednetwork.networks. The benchmarking network topology will be an independent test setup and MUST NOT be connected to devices that may forward the test traffic into a productionnetwork,network or misroute traffic to the test management network. Further, benchmarking is performed on a "black-box" basis, relying solely on measurements observable external to the controller. Special capabilities SHOULD NOT exist in the controller specifically for benchmarking purposes. Any implications for network security arising from the controller SHOULD be identical in the lab and in production networks.9. Acknowledgments The authors would like to thank the following individuals8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words forproviding their valuable commentsuse in RFCs tothe earlier versionsIndicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC8174] Leiba, B., "Ambiguity ofthis document: Al Morton (AT&T), Sandeep Gangadharan (HP), M. Georgescu (NAIST), Andrew McGregor (Google), Scott Bradner , Jay Karthik (Cisco), Ramakrishnan (Dell), Khasanov Boris (Huawei), Brian Castelli (Spirent) This document was prepared using 2-Word-v2.0.template.dot.Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8455] Bhuvaneswaran, V., Basil, A., Tassinari, M., Manral, V., and S. Banks, "Terminology for Benchmarking Software-Defined Networking (SDN) Controller Performance", RFC 8455, DOI 10.17487/RFC8455, October 2018, <https://www.rfc-editor.org/info/rfc8455>. 8.2. Informative References [OpenFlow-Spec] ONF, "OpenFlow Switch Specification" Version 1.4.0 (Wire Protocol 0x05), October 2013, <https://www.opennetworking.org/wp-content/ uploads/2014/10/openflow-spec-v1.4.0.pdf>. AppendixAA. Benchmarking MethodologyusingUsing OpenFlow Controllers This section gives an overview of the OpenFlow protocol [OpenFlow-Spec] and provides a test methodologyto benchmarkfor benchmarking SDNcontrollersControllers supporting the OpenFlow southbound protocol. The OpenFlow protocol is used as an example to illustrate the methodologies defined in this document. A.1. Protocol Overview OpenFlow [OpenFlow-Spec] is an open standard protocol defined by the Open Networking Foundation(ONF)[ OpenFlow Switch Specification],(ONF) and used for programming the forwarding plane of network switches or routers via a centralized controller. A.2. Messages Overview The OpenFlow protocol supports threemessagesmessage typesnamely controller- to-switch, asynchronous-- namely, controller-to-switch, asynchronous, and symmetric. Controller-to-switch messages are initiated by the controller and used to directly manage or inspect the state of the switch. These messages allow controllers to query/configure the switch(Features, Configuration("features" messages, configuration messages), collect information from a switch (Read-Statemessage),messages), send packets on a specified port of a switch(Packet-out message),(OFPT_PACKET_OUT messages), and modify the switch forwarding plane and state(Modify- State,(Modify-State messages, Role-Requestmessagesmessages, etc.). Asynchronous messages are generated by the switch without a controller soliciting them. These messages allow switches to update controllers to denote an arrival of a new flow(Packet-in),(OFPT_PACKET_IN messages), switch statechange (Flow-Removed, Port-status)changes ("flow-removed" messages, port-status messages), anderror (Error).errors (Error messages). Symmetric messages are generated in either direction without solicitation. These messages allow switches and controllers to set up a connection(Hello),(Hello messages), verifyforliveness(Echo)(Echo messages), and offer additional functionalities(Experimenter).(Experimenter messages). A.3. Connection Overview The OpenFlow channel is used to exchange OpenFlowmessagemessages between an OpenFlow switch and an OpenFlow controller. The OpenFlow channel connection can besetupset up using plain TCP or TLS. By default, a switch establishes a single connection with the SDNcontroller.Controller. A switch may establish multiple parallel connections to a single controller (auxiliary connection) or multiple controllers to handle controller failures and load balancing. A.4. Performance Benchmarking Tests A.4.1. Network Topology Discovery Time Procedure: Network Devices OpenFlow SDN Controller Application | | | | |<Initialize controller | ||app.,NB|app., NB and SBinterfaces> |interfaces>| | | | |<Deploy network with | | | given no. of OF switches> | | | | | | OFPT_HELLO Exchange | | |<-------------------------->| | | | | |PACKET_OUTOFPT_PACKET_OUT withLLDP |LLDP| | | to allswitches |switches| | (Tm1)|<---------------------------| | | | | |PACKET_INOFPT_PACKET_IN with LLDP| | | rcvd fromswitch-1|Switch 1| | |--------------------------->| | | | | |PACKET_INOFPT_PACKET_IN with LLDP| | | rcvd fromswitch-2|Switch 2| | |--------------------------->| | | . | | | . | | | | | |PACKET_INOFPT_PACKET_IN with LLDP| | | rcvd fromswitch-n|Switch n| | (Tmn)|--------------------------->| | | | | | | <Wait for the expiry of| | || ofthe TrialdurationDuration (Td)>| | | | | | Query the controller for| | | discovered n/wtopo.(Di)|topo. (Di)| | |<--------------------------| | | | | | <Compare thediscovereddiscovered| | | n/w topology and the| | |&offered n/w topology>| | | | Legend: NB: Northbound SB: Southbound OF: OpenFlow OFP: OpenFlow Protocol LLDP: Link-Layer Discovery Protocol Tm1: Time of reception of first LLDP message from controller Tmn: Time of last LLDP message sent to controller Discussion: The Network Topology Discovery Time can be obtained by calculating the time difference between the firstPACKET_OUTOFPT_PACKET_OUT with an LLDP message received from the controller (Tm1) and the lastPACKET_INOFPT_PACKET_IN with an LLDP message sent to the controller (Tmn) when the comparison is successful. A.4.2. Asynchronous Message Processing Time Procedure: Network Devices OpenFlow SDN Controller Application | | ||PACKET_IN|OFPT_PACKET_IN with single | | |OFP match header | | (T0)|--------------------------->| | | | || PACKET_OUT|OFPT_PACKET_OUT with singleOFP| | | OFP action header | | (R0)|<---------------------------| | | . | | | . | | | . | | | | ||PACKET_IN|OFPT_PACKET_IN with singleOFP| ||match|OFP match header | | (Tn)|--------------------------->| | | | || PACKET_OUT|OFPT_PACKET_OUT with singleOFP| | | OFP actionheader|header | | (Rn)|<---------------------------| | | | | |<Wait for the expiry of the | | |Trialduration>Duration> | | | | | |<Record the number of | ||PACKET_INs/PACKET_OUTs|OFPT_PACKET_INs/ | | |OFPT_PACKET_OUTs ||Exchanged| |exchanged (Nrx)> | | | | | Legend: T0,T1,..Tn are PACKET_IN messages..Tn: transmittimestamps. R0,R1, ..Rn are PACKET_OUTtimestamps of OFPT_PACKET_IN messages R0,R1, ..Rn: receivetimestamps. Nrx :timestamps of OFPT_PACKET_OUT messages Nrx: Number of successfulPACKET_IN/PACKET_OUTOFPT_PACKET_IN/OFPT_PACKET_OUT message exchanges Discussion: The Asynchronous Message Processing Time will be obtained by calculating the sum of((R0-T0),(R1-T1)..(Rn((R0 - T0),(R1 - T1)..(Rn -Tn))/ Nrx.Tn))/Nrx. A.4.3. Asynchronous Message Processing Rate Procedure: Network Devices OpenFlow SDN Controller Application | | ||PACKET_IN|OFPT_PACKET_IN with singleOFP| ||match headers|OFP match header | | |--------------------------->| | | | || PACKET_OUT|OFPT_PACKET_OUT with single | | | OFP actionheaders|header | | |<---------------------------| | | | | | . | | | . | | | . | | | | ||PACKET_IN|OFPT_PACKET_IN with singleOFP| ||match headers|OFP match header | | |--------------------------->| | | | || PACKET_OUT|OFPT_PACKET_OUT with single | | | OFP actionheaders|header | | |<---------------------------| | | | | |<Repeat the steps untilthe| ||expiry|the expiry ofTrialthe | | |Trial Duration> | | | | | |<Record the number of OFP | | (Ntx1)|match headers sent> | | | | | |<Record the number of OFP | | (Nrx1)|action headers rcvd> | | | | | Note: The Ntx1 on initial trials should be greater thanNrx1 and repeatNrx1. Repeat the trials until the Nrxn for two consecutive trialsequeal toequals (+/-P%). Discussion:ThisUsing a single procedure, this test will measure twobenchmarks using single procedure. 1)benchmarks: 1. The Maximum Asynchronous Message Processing Rate will be obtained by calculating the maximumPACKET OUTsOFPT_PACKET_OUTs (Nrxn) received from the controller(s) across n trials.2)2. TheLoss-freeLoss-Free Asynchronous Message Processing Rate will be obtained by calculating the maximumPACKET OUTsOFPT_PACKET_OUTs received fromcontroller (s)the controller(s) when the Loss Ratio equals zero. Theloss ratioLoss Ratio is obtained by calculating 1 -Nrxn/NtxnNrxn/Ntxn. A.4.4. Reactive Path Provisioning Time Procedure: Test Traffic Test Traffic Network Devices OpenFlow Generator TP1 Generator TP2 Controller | | | | | |G-ARP (D1) | | | |--------------------->| | | | | | | ||PACKET_IN(D1)|OFPT_PACKET_IN(D1) | | ||------------------>||-------------------->| | | | | |Traffic (S1,D1) | | (Tsf1)|----------------------------------->| | | | | | | | | | | | | | | ||PACKET_IN(S1,D1) ||OFPT_PACKET_IN(S1,D1)| | ||------------------>||-------------------->| | | | | | | | FLOW_MOD(D1) | | ||<------------------||<--------------------| | | | | | |Traffic (S1,D1) | | | (Tdf1)|<---------------------| | | | | | Legend: G-ARP: Gratuitous ARPmessage.message Tsf1: Time of first frame sent from TP1 Tdf1: Time of first frame received from TP2 Discussion: The Reactive Path Provisioning Time can be obtained by finding the time difference between the transmit and receivetimetimes of the traffic(Tsf1-Tdf1).(Tsf1 - Tdf1). A.4.5. Proactive Path Provisioning Time Procedure: Test Traffic Test Traffic Network Devices OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | | | | | | | || <Install|<Install flow| | | | | for S1,D1> | | |G-ARP (D1) | | | | |-------------->| | | | | | | | | ||PACKET_IN(D1)|OFPT_PACKET_IN(D1)| | | || |--------------->||----------------->| | | | | | | |Traffic (S1,D1) | | |Tsf1)|---------------------------->|(Tsf1)|--------------------------->| | | | | | | | | | | FLOW_MOD(D1) | | | ||<---------------||<-----------------| | | | | | | | |Traffic (S1,D1)| | | | (Tdf1)|<--------------| | | | | | | | Legend: G-ARP: Gratuitous ARPmessage.message Tsf1: Time of first frame sent from TP1 Tdf1: Time of first frame received from TP2 Discussion: The Proactive Path Provisioning Time can be obtained by finding the time difference between the transmit and receivetimetimes of the traffic(Tsf1-Tdf1).(Tsf1 - Tdf1). A.4.6. Reactive Path Provisioning Rate Procedure: Test Traffic Test Traffic Network Devices OpenFlow Generator TP1 Generator TP2 Controller | | | | | | | | | | | | | |G-ARP (D1..Dn) | | | |--------------------| | | | | | | ||PACKET_IN(D1..Dn) ||OFPT_PACKET_IN(D1..Dn)| | | |--------------------->| | | | | |Traffic (S1..Sn,D1..Dn) | | |--------------------------------->| | | | | | | ||PACKET_IN(S1.Sn,D1.Dn)||OFPT_PACKET_IN(S1..Sn,| | | | D1..Dn)| | | |--------------------->| | | | | | | | FLOW_MOD(S1) | | | |<---------------------| | | | | | | | FLOW_MOD(D1) | | | |<---------------------| | | | | | | | FLOW_MOD(S2) | | | |<---------------------| | | | | | | | FLOW_MOD(D2) | | | |<---------------------| | | | . | | | | . | | | | | | | | FLOW_MOD(Sn) | | | |<---------------------| | | | | | | | FLOW_MOD(Dn) | | | |<---------------------| | | | | | | Traffic (S1..Sn, | | | | D1..Dn)| | | |<-------------------| | | | | | | | | | Legend: G-ARP: Gratuitous ARP message D1..Dn: Destination Endpoint 1, Destination Endpoint 2......., Destination Endpoint n S1..Sn: Source Endpoint 1, Source Endpoint 2..,..., Source Endpoint n Discussion: The Reactive Path Provisioning Rate can be obtained by finding the total number of frames received at test traffic generator TP2 after thetrial duration.Trial Duration. A.4.7. Proactive Path Provisioning Rate Procedure: Test Traffic Test Traffic Network Devices OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1..Dn) | | | ||-------------->||--------------->| | | | | | | | | ||PACKET_IN(D1.Dn)||OFPT_PACKET_IN | | | ||--------------->|| (D1..Dn)| | | | |---------------->| | | | | | | |Traffic (S1..Sn,D1..Dn) | | |Tsf1)|---------------------------->| |(Tsf1)|---------------------------->| | | | | | | | | | |<Install|<Install flow| | | | | for S1,D1> | | | | | | | | | | . | | | || <Install|<Install flow| | | | | for Sn,Dn> | | | | | | | | | FLOW_MOD(S1) | | | ||<---------------||<----------------| | | | | | | | | | FLOW_MOD(D1) | | | ||<---------------||<----------------| | | | | | | | | | . | | | | | FLOW_MOD(Sn) | | | ||<---------------||<----------------| | | | | | | | | | FLOW_MOD(Dn) | | | ||<---------------||<----------------| | | | | | | | |Traffic(S1.Sn,|(S1..Sn,| | | | |D1.Dn)|D1..Dn)| | | |(Tdf1)|<--------------|(Tdf1)|<---------------| | | | | | | | Legend: G-ARP: Gratuitous ARP message D1..Dn: Destination Endpoint 1, Destination Endpoint 2......., Destination Endpoint n S1..Sn: Source Endpoint 1, Source Endpoint 2..,..., Source Endpoint n Discussion: The Proactive Path Provisioning Rate can be obtained by finding the total number of frames received at test traffic generator TP2 after thetrial durationTrial Duration. A.4.8. Network Topology Change Detection Time Procedure: Network Devices OpenFlow SDN Controller Application | | | | | <Bring down a link in | | |switchSwitch S1>| | | | T0 |PORT_STATUS with link down | | | from S1 | | |--------------------------->| | | | | |FirstPACKET_OUTOFPT_PACKET_OUT withLLDP| ||to|LLDP to OFSwitchswitch | | T1 |<---------------------------| | | | | | | <Record time of1stfirst| | | OFPT_PACKET_OUT with| | |PACKET_OUT withLLDP T1>| | | | Discussion: The Network Topology Change Detection Time can be obtained by finding the difference between the timethethat OpenFlowswitchSwitch S1 sends the PORT_STATUS message (T0) and the time that the OpenFlow controller sends the first topologyre-discoveryrediscovery message (T1) to OpenFlow switches. A.5. Scalability A.5.1. Control Sessions Capacity Procedure: Network Devices OpenFlow Controller | | | OFPT_HELLO Exchange for Switch 1 | |<------------------------------------->| | | | OFPT_HELLO Exchange for Switch 2 | |<------------------------------------->| | . | | . | | . | | OFPT_HELLO Exchange for Switch n | |X<----------------------------------->X| | | Discussion: The value of Switchn-1(n - 1) will provide the Control Sessions Capacity. A.5.2. Network Discovery Size Procedure: Network Devices OpenFlow SDN Controller Application | | | | | <Deploy network with | | |given no. of OF switches N>| | | | | OFPT_HELLO Exchange | | |<-------------------------->| | | | | |PACKET_OUTOFPT_PACKET_OUT withLLDP |LLDP| | | to all switches | | |<---------------------------| | | | | |PACKET_INOFPT_PACKET_IN with LLDP| | | rcvd fromswitch-1|Switch 1| | |--------------------------->| | | | | |PACKET_INOFPT_PACKET_IN with LLDP| | | rcvd fromswitch-2|Switch 2| | |--------------------------->| | | . | | | . | | | | | |PACKET_INOFPT_PACKET_IN with LLDP| | | rcvd fromswitch-n|Switch n| | |--------------------------->| | | | | | | <Wait for the expiry of| | || ofthe TrialdurationDuration (Td)>| | | | | | Query the controller for| | | discovered n/wtopo.(N1)|topo. (N1)| | |<--------------------------| | | | | | <IfN1==NN1==N, repeat Step 1| | | with N + 1 nodes| | ||with N+1 nodesuntil N1<N >| | | | | | <IfN1<NN1<N, repeat Step 1 | | | with N=N1 nodes once and | | | exit> | | | | Legend: n/w topo: NetworkTopologytopology OF: OpenFlow Discussion: The value of N1 provides the Network Discovery Size value. Thetrial durationTrial Duration can be set to the stipulated time within which the user expects the controller to complete the discovery process. A.5.3. Forwarding Table Capacity Procedure: Test Traffic Network Devices OpenFlow SDN Generator TP1 Controller Application | | | | | | | | |G-ARP (H1..Hn) | | ||----------------->| ||---------------->| | | | | | ||PACKET_IN(D1..Dn)| |OFPT_PACKET_IN(D1..Dn)| | ||------------------>||--------------------->| | | | | | | | |<Wait for 5 secs>| | | | | | | | <Query for FWD | | | | entry> |(F1) | | | | | | |<Wait for 5 secs>| | | | | | | | <Query for FWD | | | | entry> |(F2) | | | | | | |<Wait for 5 secs>| | | | | | | | <Query for FWD | | | | entry> |(F3) | | | | | | | <Repeat Step 2 | | | |until F1==F2==F3>| | | | | Legend: G-ARP: Gratuitous ARP message H1..Hn: Host 1 .. Host n FWD: Forwarding Table Discussion: Query thecontroller forwarding tablecontroller's Forwarding Table entriesformultipletimestimes, untilthethree consecutive queries return the same value. The last value retrieved from the controller will provide the Forwarding Table Capacity value. The query interval is user configurable. The interval of 5 seconds shown in this example is for representationalpurpose.purposes. A.6. Security A.6.1. Exception Handling Procedure: Test Traffic Test Traffic Network Devices OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1..Dn) | | | ||------------------>||--------------->| | | | | | | | | ||PACKET_IN(D1..Dn)||OFPT_PACKET_IN(D1..Dn)| | | ||---------------->||--------------------->| | | | | | | |Traffic (S1..Sn,D1..Dn) | | ||----------------------------->||-------------------------->| | | | | | | | | ||PACKET_IN(S1..Sa,||OFPT_PACKET_IN(S1..Sa,| | | | | D1..Da)| | | ||---------------->||--------------------->| | | | | | | | | |OFPT_PACKET_IN ||PACKET_IN(Sa+1..| | | ||.Sn,Da+1..Dn)(Sa+1..Sn,| | | | ||(1%Da+1..Dn)| | | | | (1% incorrect OFP| | | | |Matchmatch header)| | | ||---------------->||--------------------->| | | | | | | | | | FLOW_MOD(D1..Dn)| | | ||<----------------||<---------------------| | | | | | | | | | FLOW_MOD(S1..Sa)| | | | | OFP headers| | | ||<----------------||<---------------------| | | | | | | | |Traffic(S1..Sa, |(S1..Sa,| | | | | D1..Da)| | | ||<------------------||<---------------| | | | | | | | | | | | <Wait for the| | | | | expiry of the| | | |Test| Trial| | | | | Duration>| | | | | | | | | | <Record Rx| | | | | frames at| | | | | TP2 (Rn1)>| | | | | | | | | | <Repeat | | | | |Step1 withStep 1 with| | | | ||2%2% incorrect| | | || PACKET_INs>||OFPT_PACKET_INs>| | | | | | | | | | <Record Rx| | | | | frames at| | | | | TP2 (Rn2)>|| | | | |Legend: G-ARP: Gratuitous ARPPACKET_IN(Sa+1..Sn,Da+1..Dn): OpenFlow PACKET_INmessage OFPT_PACKET_IN(Sa+1..Sn,Da+1..Dn): OFPT_PACKET_IN with wrong version number Rn1: Total number of frames received at Test Port 2 with 1% incorrect frames Rn2: Total number of frames received at Test Port 2 with 2% incorrect frames Discussion: The traffic rate sent towards the OpenFlow switch from Test Port 1 should be 1% higher than the Path Programming Rate. Rn1 will provide the Path Provisioning Rate of the controlleratwhen 1% of incorrect frameshandlingare received, and Rn2 will provide the Path Provisioning Rate of the controlleratwhen 2% of incorrect frameshandling.are received. The procedure defined above provides test steps to determine theeffecteffects of handling error packets on the Path Programming Rate.SameThe same procedure can beadoptedadapted to determine the effects on other performance tests listed in this benchmarkingtests.test. A.6.2.Denial of ServiceHandling Denial-of-Service Attacks Procedure: Test Traffic Test Traffic NetworkDevicDevice OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1..Dn) | | | ||------------------>||---------------->| | | | | | | | | ||PACKET_IN(D1..Dn)||OFPT_PACKET_IN(D1..Dn)| | | ||---------------->||--------------------->| | | | | | | |Traffic (S1..Sn,D1..Dn) | | ||----------------------------->||--------------------------->| | | | | | | | | ||PACKET_IN(S1..Sn,||OFPT_PACKET_IN(S1..Sn,| | | | | D1..Dn)| | | ||---------------->||--------------------->| | | | | | | | | |TCP SYNAttackattack | | | | |from a switch | | | ||---------------->||--------------------->| | | | | | | | | |FLOW_MOD(D1..Dn) | | | ||<----------------||<---------------------| | | | | | | | | | FLOW_MOD(S1..Sn) |FLOW_MOD(S1..Sn)|| | | | OFPheaders|headers | | ||<----------------|| |<---------------------| | | | | | | | |Traffic (S1..Sn, | | | | |D1..Dn)|D1..Dn) | | ||<------------------|| |<----------------| | | | | | | | | | |<Wait|<Wait for the| | | | |expiry of the| | |Test| | Trial| | | | | Duration>| | | | | | | | | | <Record Rx| | | | | frames at| | | | | TP2 (Rn1)>| | | | | | Legend: G-ARP: Gratuitous ARP message Discussion: A TCP SYN attack should be launched from one of the emulated/simulated OpenFlowSwitch.switches. Rn1 provides the Path Programming Rate of the controlleruponhandling denial ofupon handling a denial-of- service attack. The procedure defined above provides test steps to determine theeffecteffects of handling denial of service on the Path Programming Rate.SameThe same procedure can beadoptedadapted to determine the effects on other performance tests listed in this benchmarkingtests.test. A.7. Reliability A.7.1. Controller Failover Time Procedure: Test Traffic Test Traffic Network Device OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1) | | | ||------------>||-------------->| | | | | | | | | ||PACKET_IN(D1)|OFPT_PACKET_IN(D1) | | | ||---------------->||---------------------->| | | | | | | |Traffic (S1..Sn,D1) | | ||-------------------------->||--------------------------->| | | | | | | | | | | | | | ||PACKET_IN(S1,D1)|OFPT_PACKET_IN(S1,D1) | | | ||---------------->||---------------------->| | | | | | | | | |FLOW_MOD(D1) | | | ||<----------------||<----------------------| | | | |FLOW_MOD(S1) | | | ||<----------------||<----------------------| | | | | | | | |Traffic (S1,D1)| | | ||<------------||<--------------| | | | | | | | | ||PACKET_IN(S2,D1)|OFPT_PACKET_IN(S2,D1) | | | ||---------------->||---------------------->| | | | | | | | | |FLOW_MOD(S2) | | | ||<----------------||<----------------------| | | | | | | | ||PACKET_IN(Sn-1,D1)||OFPT_PACKET_IN | | ||---------------->|| | (Sn-1,D1) | | | | |---------------------->| | ||PACKET_IN(Sn,D1)| | | ||---------------->|| | |OFPT_PACKET_IN(Sn,D1) | | | | |---------------------->| | | | | . | | | | | . |<Bring downthe|| | | | .|active control-|| the active | | | |ler>| controller> | | | | FLOW_MOD(Sn-1) | | | | |<-X----------|X<-----------------| | | | | | | | | |FLOW_MOD(Sn) | | | ||<----------------||<----------------------| | | | | | | | |Traffic (Sn,D1)| | | ||<------------||<--------------| | | | | | | | | | | |<Stop thetest| | | ||after recv.|test after | | | ||traffic upon|recv. traffic| | | | |upon | |failure>| | |failure> | Legend: G-ARP: GratuitousARP.ARP message Discussion: The time difference between the last valid frame received before the traffic loss and the first frame received after the traffic loss will provide thecontroller failover time.Controller Failover Time. If there is no frame loss duringcontroller failover time,thecontroller failover timeController Failover Time, the Controller Failover Time can be deemed negligible. A.7.2. NetworkRe-ProvisioningRe-provisioning Time Procedure: Test Traffic Test Traffic Network Devices OpenFlow SDN Generator TP1 Generator TP2 Controller Application | | | | | | |G-ARP (D1) | | | ||-------------->||--------------->| | | | | | | | | ||PACKET_IN(D1)|OFPT_PACKET_IN(D1) | | | ||---------------->||--------------------->| | |G-ARP|G-ARP (S1) | | ||---------------------------->||----------------------------->| | | | | | | | | ||PACKET_IN(S1)|OFPT_PACKET_IN(S1) | | | ||---------------->||--------------------->| | | | | | | |Traffic(S1,D1,Seq.no(S1,D1,Seq. no (1..n))| | ||---------------------------->||----------------------------->| | | | | | | | | ||PACKET_IN(S1,D1)|OFPT_PACKET_IN(S1,D1) | | | ||---------------->||--------------------->| | | | | | | ||Traffic| Traffic (D1,S1,| | | | |Seq.noSeq. no (1..n))| | | ||-------------->||--------------->| | | | | | | | | ||PACKET_IN(D1,S1)|OFPT_PACKET_IN(D1,S1) | | | ||---------------->||--------------------->| | | | | | | | | |FLOW_MOD(D1) | | | ||<----------------||<---------------------| | | | | | | | | |FLOW_MOD(S1) | | | ||<----------------||<---------------------| | | | | | | ||Traffic| Traffic (S1,D1,| | | | |Seq.no(1))|Seq. no(1))| | | ||<--------------||<---------------| | | | | | | | ||Traffic| Traffic (S1,D1,| | | | |Seq.no(2))|Seq. no(2))| | | ||<--------------||<---------------| | | | | | | | | | | | | | Traffic(D1,S1,Seq.no(1))|(D1,S1,Seq. no(1))| | ||<----------------------------||<-----------------------------| | | | | | | | | Traffic(D1,S1,Seq.no(2))|(D1,S1,Seq. no(2))| | ||<----------------------------||<-----------------------------| | | | | | | | | Traffic(D1,S1,Seq.no(x))|(D1,S1,Seq. no(x))| | ||<----------------------------||<-----------------------------| | | | | | | | ||Traffic| Traffic (S1,D1,| | | | |Seq.no(x))|Seq. no(x))| | | ||<--------------||<---------------| | | | | | | | | | | | | | | | | <Bring down | | | | | the switch in| | | ||active traffic|| the active| | | |path>| traffic path>| | | | | | | | |PORT_STATUS(Sa) | | | ||---------------->||--------------------->| | | | | | | ||Traffic (S1,D1,|| Traffic (S1,D1,| | | |Seq.no(n-1))|| Seq. no(n - 1))| | | |X<-----------|| X<------------| | | | | | | |Traffic (D1,S1,Seq.no(n-1))||Traffic (D1,S1,Seq. no(n - 1))| | | |X------------------------|X<------------------------| | | | | | | | | | | | | | | |FLOW_MOD(D1) | | | ||<----------------||<---------------------| | | | | | | | | |FLOW_MOD(S1) | | | ||<----------------||<---------------------| | | | | | | | Traffic(D1,S1,Seq.no(n))|(D1,S1,Seq. no(n))| | ||<----------------------------||<-----------------------------| | | | | | | | ||Traffic| Traffic (S1,D1,| | | | |Seq.no(n))|Seq. no(n))| | | ||<--------------||<---------------| | | | | | | | | | | |<Stop the test| | | | | after recv. | | | | | traffic upon| | | | | failover> | Legend: G-ARP: Gratuitous ARPmessage. Seq.no:message Seq. no: Sequencenumber.number Sa: Neighbor switch of the switch that was broughtdown.down Discussion: The time difference between the last valid frame received before the traffic loss(Packet number(packet with sequence number x) and the first frame received after the traffic loss (packet with sequence number n) will provide thenetwork path re-provisioning time.Network Re-provisioning Time. Note that the trial is valid only when the controller provisions the alternate path upon network failure. Acknowledgments The authors would like to thank the following individuals for providing their valuable comments regarding the earlier draft versions of this document: Al Morton (AT&T), Sandeep Gangadharan (HP), M. Georgescu (NAIST), Andrew McGregor (Google), Scott Bradner, Jay Karthik (Cisco), Ramki Krishnan (VMware), Khasanov Boris (Huawei), and Brian Castelli (Spirent). Authors' Addresses Bhuvaneswaran Vengainathan Veryx Technologies Inc. 1 International Plaza, Suite 550PhiladelphiaPhiladelphia, PA 19113 United States of America Email: bhuvaneswaran.vengainathan@veryxtech.com Anton Basil Veryx Technologies Inc. 1 International Plaza, Suite 550PhiladelphiaPhiladelphia, PA 19113 United States of America Email: anton.basil@veryxtech.com Mark TassinariHewlett-Packard,Hewlett Packard Enterprise 8000 FoothillsBlvd,Blvd. Roseville, CA 95747 United States of America Email: mark.tassinari@hpe.com Vishwas ManralNano Sec,NanoSec Co 3350 Thomas Rd. Santa Clara, CA 95054 United States of America Email: vishwas.manral@gmail.com Sarah Banks VSS Monitoring 930 De GuigneDrive,Drive Sunnyvale, CA 94085 United States of America Email: sbanks@encrypted.net