WHITE PAPER Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com “SD-WAN promises flexibility and fast, cost-effective enabling of new networking functions. But how do you test and verify the operation of SD-WAN solutions?” WHITE PAPER OVERVIEW Wide Area Networks (WANs) have been the basis for long-distance communication for decades. Over time their complexity and manageability has increased as new applications and features have been added. This slows down the upgrade process significantly as new features typically requires adding or changing hardware in the network – which all needs to be tested before being brought online. Two new concepts - Software-Defined Networking (SDN) and Network Function Virtualization (NFV) – are generating huge interest because they promise to add more flexibility and faster updating of networks. Software-defined WAN (SD-WAN) solutions are based on SDN adapted for WAN connections in enterprise networks over a wide geographical area – including branch offices and data centers. SD-WANs let enterprises and service providers deploy new networking services, applications and features faster, with more flexibility and at a lower cost than ever before. As a result, SD-WAN solutions are now being deployed and the market is expected to grow rapidly. However testing new SD-WAN solutions to ensure the networks operate properly and to verify their performance presents its own challenges. This White Paper examines those challenges and explains how Xena’s L4-7 and L2-3 test platforms provide the features needed to quickly and cost-effectively test and verify the performance of SD-WAN solutions. SD-WAN The new SD-WAN solutions offer exciting possibilities. But testing & verifying them presents its own set of challenges.
Transcript
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
“SD-WAN promises
flexibility and fast,
cost-effective
enabling of new
networking
functions. But how
do you test and
verify the operation
of SD-WAN
solutions?”
WHITE PAPER
OVERVIEW Wide Area Networks (WANs) have been the basis for long-distance communication for decades. Over time their complexity and manageability has increased as new applications and features have been added. This slows down the upgrade process significantly as new features typically requires adding or changing hardware in the network – which all needs to be tested before being brought online.
Two new concepts - Software-Defined Networking (SDN) and Network Function Virtualization (NFV) – are generating huge interest because they promise to add more flexibility and faster updating of networks.
Software-defined WAN (SD-WAN) solutions are based on SDN adapted for WAN connections in enterprise networks over a wide geographical area – including branch offices and data centers. SD-WANs let enterprises and service providers deploy new networking services, applications and features faster, with more flexibility and at a lower cost than ever before.
As a result, SD-WAN solutions are now being deployed and the market is expected to grow rapidly. However testing new SD-WAN solutions to ensure the networks operate properly and to verify their performance presents its own challenges.
This White Paper examines those challenges and explains how Xena’s L4-7 and L2-3 test platforms provide the features needed to quickly and cost-effectively test and verify the performance of SD-WAN solutions.
SD-WAN The new SD-WAN solutions offer exciting possibilities. But testing & verifying them presents its own set of challenges.
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
INTRODUCTION Communication is essential for the modern society and this of course includes today’s enterprises, which rely on Wide Area Networks (WANs) for their communication. There are however many challenges for organizations that want to manage Wide Area Networks. The complexity of the networks is growing in these years as new applications are supported causing higher management and maintenance costs. Reliability is essential and 24/7 availability is a requirement for most enterprises. At the same time the enterprises typically cover a wide geographical area with a number of remote branch offices that also need to be included in the enterprise communication network to get access to applications and services needed for their business.
To ensure the reliability enterprises in many cases use private lines that are nowadays typically based on Multiprotocol Label Switching (MPLS); earlier also legacy digital lines like T1/E1 or frame relay were used. On the public internet the traffic can experience issues like network congestion, jitter, packet loss and even loss of service. MPLS lines provide guaranteed privacy and Quality of Service (QoS) – but are at the same time rather costly. This drives the enterprises to look for solutions where lower priority traffic can be routed through the public Internet, saving the private lines for high priority, mission critical communication.
Figure 1: Typical enterprise communication setup Software defined WAN (SD-WAN) solutions are designed to address these network issues. SD-WAN is based on Software-Defined Networking (SDN) adapted for WAN connections in enterprise networks – including branch offices and data centers – over a wide geographical area.
SDN is split into a control plane (which decides where the traffic is sent) and a data plane (or forwarding plane), which forwards traffic in the direction of the destination according to control plane decisions.
A concept related to SDN is Network Function Virtualization (NFV). NFV is the overall principle of implementing network functions (like routing, intrusion detection and intrusion prevention) as software running Commercial Off-The-Shelf (COTS) hardware. Functions implemented this way are called Virtual Network Functions (VNF). The data forwarding devices in figure 2 could be created as VNFs.
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Figure 2: SDN architecture With SD-WAN traditional routers are replaced with appliances (forwarders) that can execute SD-WAN policies defining the traffic distribution through private MPLS links (or other types of dedicated links e.g. over wireless 3G/4G Long Term Evolution (LTE) or satellite) and the public Internet, based on bandwidth available for the traffic and the performance of the link as shown in figure 3. The routing of the traffic can be changed dynamically in case of network issues.
Figure 3: SD-WAN network with a mix of private links and public Internet connections SD-WAN may be extended to mobile devices that could be instructed to send high priority data traffic through a LTE connection, while voice calls could be routed over a WIFI connection (if available). This would however require that the mobile device has SD-WAN software installed.
Centralized controllers set the SD-WAN policies and prioritize the traffic. Many functions covered by SD-WAN like path control, overlay networks, encryption and subscription-based pricing are
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
already available with existing solutions. SD-WAN bring these functions together as an integrated enterprise network solution. As the functionality of the SD-WAN forwarders are immediately modified when they receive new policies from a centralized controller, changing the behavior of the network can be achieved much faster than in a traditionally built network.
Some SD-WAN solutions offer replacement of MPLS links (or at least replacement of MPLS backup links) through an overlay network with lower-cost connections over the public Internet via multiple, simultaneous connections. SD-WAN forwarders will monitor the physical link performance, and send traffic on a packet-by-packet basis to remote SD-WAN forwarders through the physical link best able to handle the requirements for the traffic.
In some cases enterprises don’t want to manage the SD-WAN themselves. Instead they outsource this task to service providers, which with SD-WAN quickly and cost-effectively can launch new, differentiated and managed services by adding software. Services can include bandwidth-on-demand and security e.g. Next Generation Firewall (NGFW), Unified Threat Management (UTM), anti-malware and IPsec based secure IP communication. The service providers will charge the enterprises a fee to install and deliver the communication service and related management and maintenance. This may include a Service Level Agreement (SLA) that specifies a minimum guaranteed service level.
For service providers SD-WAN could be a risk for their revenue as MPLS based traffic will move to lower cost SD-WAN connections through the public Internet – partially or fully depending on the implementation and on customer requirements. However experience reported from the first SD-WAN deployments indicate that customers expect to get more value for their communication expenses rather than a cost reduction, so it is important that the service providers can create and implement services that their customers want.
SD-WAN deployment has started and is expected to be wide spread in the coming years. In December 2015 Gartner predicted that 30% of enterprises will have deployed SD-WAN technology in their branches by the end of 2019. IDC predicts that the market for SD-WAN products and services will grow impressively the next years, reaching $6 billion in 2020.
SD-WAN Requirements
The Open Networking User Group’s (ONUG) is an industry user group in the networking and storage sectors. The ONUG mission is “to enable greater choice and options for IT business leaders by advocating for open interoperable hardware and software-defined solutions that span across the entire IT stack in an effort to create business value”
ONUG supports several use case working groups, including the ONUG SD-WAN Working Group, which has created the White paper “ONUG Software-Defined WAN Use Case” where 10 business requirements are defined (see table 1). These requirements are expected to be met for SD-WAN adoption and usage.
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Requirement Description
1 Ability for remote site/branch to leverage public and private WANs in an active-active fashion for business applications.
2 Ability to deploy CPE in a physical or virtual form factor on commodity hardware.
3 A secure hybrid WAN architecture that allows for dynamic traffic engineering capability across private and public WAN paths as specified by application policy, prevailing network WAN availability and/or degradation at transport or application layer performance.
4 Visibility, prioritization and steering of business critical and real-time applications as per security and corporate governance and compliance policies.
5 A highly available and resilient hybrid WAN environment for optimal client and application experience.
6 Layer 2 and 3 interoperability with directly connected switch and/or router.
7 Site, Application and VPN performance level dashboard reporting.
8 Open north-bound API for controller access and management, ability to forward specific log events to network event co-relation manager and/or Security Incident and Event Manager (SIEM).
9 Capability to effect zero touch deployment at branch site with minimal to no configuration changes on directly connected infrastructure, ensuring agility in provisioning and deployment.
10 FIPS 140-2 validation certification for cryptography modules/encryption with automated certificate life cycle management and reporting.
Table 1: Business requirements defined by the ONUG SD-WAN Working Group
SD-WAN Testing
Shortly after the ONUG SD-WAN Working Group had released the “ONUG Software-Defined WAN Use Case” white paper, a number of SD-WAN vendors (Cisco, Glue Networks, Riverbed, Silver Peak, Talari, VeloCloud and Viptela) conducted tests to demonstrate that their SD-WAN products support the top 10 requirements listed in the ONUG SD-WAN Working Group white paper. The white paper defines 6 WAN architecture models. One of them was used as reference architecture for the tests (see figure 4). In the tests the remote sites and the data centers were emulated with test equipment.
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Figure 4: Reference architecture for ONUG test cases The tests that involved test instruments required generation of UDP and HTTP/TCP traffic streams. During the tests it was verified that the different traffic types were routed through either the MPLS network or the Internet depending on policies and the actual conditions in the test.
SD-WAN vendors still test their products generating large amounts of UDP and TCP traffic to uncover any issues before shipping product or software upgrades to the end customers. This includes testing of throughput, latency and loss under extreme traffic conditions.
Enterprises planning to implement SD-WAN need to consider if performance and reliability is impaired when moving some or all their traffic from dedicated MPLS links to the public Internet. SD-WAN vendors can document the effect of the SD-WAN through measurements of the traffic characteristics in a realistic environment. This includes stress testing through generation of traffic with different rates and packet sizes and measurement of packet loss and latency, which is typically performed as a RFC 2544 test.
If an enterprise has signed an SLA agreement with a network operator for their communication path through an SD-WAN it will be relevant to verify that the requirements in the SLA are fulfilled. ITU-T has defined the Y.1564 standard for turning up, installing and trouble-shooting Ethernet-based services. Formulated as an improvement over RFC2544, it is the only standard test methodology that allows for complete validation of Ethernet service-level agreement’s (SLAs) in a single test.
Y.1564 focuses on the following service level parameters:
• Information rate (IR) – or Bandwidth • Frame transfer delay (FTD) – or latency
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
• Frame delay variation (FDV) – or packet jitter • Frame loss ratio (FLR) • Availability (AVAIL) FTD can be measured round-trip, where the delay going in both directions of a line is measured in one measurement, which can be done with one test instrument and a far-end loopback. Round trip measurements will however not identify differences in the two directions of the link.
Figure 5: Typical Y. 1564 round trip test configuration In many cases network conditions are actually different in the two directions, not only for FTD but also for IR, FDV and FLR. It can therefore be relevant to measure the parameters for the two directions separately, which requires two testers – one at each end of the connection. To identify FTD for each direction it is also necessary the synchronize time stamps in the two testers, typically using Precision Time Protocol (PTP), Network Time Protocol (NTP) or Global Positioning System (GPS).
A SLA will guarantee Service Acceptance Criteria (SAC), which are worst case values for FTD, FDV, FLR and AVAIL at a Committed Information Rate (CIR) – the maximum bandwidth guaranteed by the network operator to the customer. The SLA can also include a commitment on how large bursts the network will accept - the Committed Burst Size (CBS). The network operator may allow that both CIR and CBS are exceeded to some extend: Excess Information Rate (EIR) and Excess Burst Size (EBS). However when CIR or CBS are exceeded it is not expected that the SACs are met.
An Y.1564 test is typically conducted for a number of services simultaneously. The Y.1564 test is divided into two phases:
• Service configuration test: The services are tested rapidly one by one with data rates up to CIR, checking that the SACs for FTD, FDV and FLR are fulfilled. The test may also check what happens when EIR is applied and check for CBS and EBS.
• Service performance test: All the services are checked simultaneously at their individual CIR.
It is checked that the SACs for FTD, FDV and FLR are fulfilled for all services during the test. This test is recommended to run 15 minutes, 2 hours or 24 hours as specified in ITU-T M.2110.
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Figure 6: High-level Y. 1564 service activation test methodology
SD-WAN Vendors
A number of vendors are now offering SD-WAN solutions. The vendors include:
• Cisco iWAN (Intelligent WAN) runs on Cisco routers with the appropriate licensing. IWAN is a collection of Cisco technologies that work together to make dynamic path forwarding decisions.
• Citrix NetScaler SD-WAN is a solution that combines proactive application traffic management, end-to-end QoS, Routing and WAN optimization.
• CloudGenix offers a full SD-WAN solution complete with Central Control software, forwarders (CloudGenix ION), a policy manager and a traffic analytics engine.
• Glue Networks provides Software Defined Network Orchestration solutions - Gluware, which address multi-vendor network complexity.
• Nuage Networks provides software-defined networking (SDN) solutions, which deliver policy-based automation across the network.
• Riverbed Networks builds software-defined architecture for digital business (e.g. hybrid networking, the cloud, SD-WAN, SaaS, mobile, big data, and infrastructure visibility)
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
• Silver Peak markets SD-WAN solutions for enterprises and service providers
• Talari SD-WAN products include a Network Controller, Physical appliances and Virtual appliances that allow Talari’s functionality to be installed in commodity x86 hardware
• VeloCloud provide all three elements needed to achieve a Cloud-Delivered SD-WAN: a cloud network for enterprise-grade connection to cloud and enterprise applications; software-defined control and automation; and virtual services delivery
• Versa is an innovative vendor in the SD-WAN and SD-Security market. Versa’s carrier-grade NFV software provides unmatched agility, cost savings and flexibility vs. traditional network hardware
• Viptela SD-WAN products include: Secure Extensible Network (SEN) – for building large-scale WANs with complete integration of routing, security, centralized policy, and orchestration. vEdge Cloud – a software router platform that supports Viptela’s vEdge hardware routers
• Virtela/NTT delivers services via its Virtualized Overlay Network and Virtela Enterprise Services Cloud (ESC) platform, with Local Cloud Centers (LCCs) located around the world
SD-WAN Service Providers
Many service providers are offering (or have announced that they plan to offer) SD-WAN based services to their customers. These service providers include:
• AT&T • BT • CBCcom • CenturyLink Inc. • China Mobile • Colt • EarthLink
SD-WANs and SD-WAN appliances can of course be tested with Xena testers. To generate tests with HTTP over TCP traffic and UDP traffic simultaneously the VulcanBay tester supporting layer 4-7 can be used.
Testing at lower layers is supported by the ValkyrieCompact and ValkyrieBay test chassis equipped with relevant test modules. For testing up to 10 Gbps these test modules are recommended:
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
• 10 Gbps optical Ethernet: Odin-10G-1S-6P Wire-speed 6-port 10G L2-3 test module • 1 Gbps optical and electrical Ethernet: Odin-1G-3S-6P 6-port 1Gbps test module
Figure 7: The powerful and versatile Xena Odin-1G-3S-6P Wire-speed 6-port 1GE L2-3 test module
Several other Xena test modules are available for ValkyrieCompact and ValkyrieBay supporting data rates up to 100 Gbps. Up to 12 test modules can be installed in ValkyrieBay.
Testing up to Layer 3
Based on Xena’s advanced architecture, ValkyrieCompact and ValkyrieBay equipped with Odin-10G-1S-6P or Odin-1G-3S-6P test modules are proven solutions for Ethernet testing at layers 2 and 3. Advanced test scenarios can be performed using the free test applications for the test modules:
ValkyrieManager test software is used to configure and generate streams of Ethernet traffic between Xena test equipment and Devices Under Test (DUTs) and analyze the results. ValkyrieManager top features include:
• Multistream traffic generation at line rate • Generation of traffic streams with different rates and packet sizes • Generation of traffic streams with UDP and TCP headers • Generation of frames without VLAN tags, with one VLAN tag and double tagged frames • Configurable VLAN priority One ValkyrieManager is able to control multiple ValkyrieCompact and ValkyrieBay test chassis, which can be located far away from each other, e.g. at the ends of connections-to-be-tested supporting one-way measurements.
Valkyrie2544 offers full support for the 4 test types specified in RFC 2544: Throughput, Latency, Frame loss and Back-to-back frames; Jitter (Frame Delay Variation) is also supported.
WH
ITE
PAPE
R
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Valkyrie1564 provides full support for both the configuration and performance test types described in Y.1564 for complete validation of Ethernet Service Level Agreements (SLAs) in a single test.
ValkyrieTimeSynch enables multiple ValkyrieCompact or ValkyrieBay test chassis to synchronize their local time to each other. This can be used for One-Way Latency (OWL) measurements between two test chassis, synchronized traffic start between multiple chassis and accurate timestamping of captured packets in exported PCAP files. ValkyrieTimeSynch is compatible with Valkyrie1564 test methodology and can be used for Y.1564 OWL measurements.
Figure 8: ValkyrieTimeSync synchronizes reference time for two Xena Layer 2-3 testers.
Valkyrie2889 is an application for benchmarking the performance of Layer 2 LAN switches in accordance with RFC 2889.
Valkyrie3918 makes it easy to create, edit and execute all test types specified in RFC 3918. RFC 3918 describes tests for measuring and reporting the throughput, forwarding, latency and Internet Group Management Protocol (IGMP) group membership characteristics of devices that support IP multicast protocols.
ValkyrieCLI is another free application for ValkyrieBay and ValkyrieCompact. It is a powerful and easy-to-use command-line-interface (CLI) scripting API that makes test automation easier for test engineers.
Testing above Layer 3
Xena’s VulcanBay can be used to generate HTTP/TCP and UDP traffic streams simultaneously. In addition both products offer stateful end-to-end testing of network appliances such as switches, firewalls, routers, NAT routers, proxies, load-balancers, bandwidth shapers and more. The platform is also suitable to characterize entire network infrastructure performance for TCP. Top features include:
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
• Stateful TCP traffic load generation for millions of connections • Configuration and tuning of Ethernet, IP and TCP header fields for advanced traffic scenarios • Stateful TCP connection blasting • Extensive live stats and test reports • 1G – 10G Ethernet interfaces • 40G Ethernet interfaces • High port density – up to 12 x 10 GigE • Configurable allocation of processing resources to Ethernet test ports • Free VulcanManager traffic generation and analysis software makes basic testing quick and
easy • Wire-speed traffic capture with programmable filter and trigger criteria • Switched and routed network topologies, TCP proxy and NAT support • Export packet capture to industry standard pcap/Wireshark
CONCLUSION Deployment of SD-WAN solutions has started and is expected to grow rapidly in the coming years as SD-WAN allows enterprises and service providers to deploy and provide new networking services, applications and features faster and more flexible than what could be achieved with traditional technology.
However test of SD-WANs is required to verify the performance and ensure proper functioning. Test requirements can include layer 2-3 testing and layer 4-7 testing.
The VulcanBay test chassis supports comprehensive layer 4-7 testing. ValkyrieCompact and ValkyrieBay test chassis equipped with appropriate test module(s) provide powerful layer 2-3 testing capabilities up to 100 Gbps to test and verify SD-WAN solutions.
