Security – Aticara http://aticara.com/blog Technologies Fri, 24 Mar 2017 05:51:23 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.11 http://aticara.com/blog/wp-content/uploads/2017/03/cropped-fevcon-32x32.png Security – Aticara http://aticara.com/blog 32 32 VXLAN testing using Aticara http://aticara.com/blog/index.php/2017/03/17/vxlan-testing-using-aticara/ http://aticara.com/blog/index.php/2017/03/17/vxlan-testing-using-aticara/#respond Fri, 17 Mar 2017 02:56:27 +0000 http://aticara.com/blog//?p=36 Aticara Introduction

Aticara is a completely software based and virtualized traffic simulator which can run on Commercial Off
the Shelf Hardware (COTS) and can generate line rate traffic both stateful and stateless.
Supported Hypervisors: ESX, KVM, Openstack
Supported Speeds: 1 /10/25/40/50/80/100 Gbps
(200 & 400 Gbps in roadmap)*

VXLAN testing using Aticara

Aticara facilitates functional and performance testing of Vxlan Gateways both physical and virtual by generating Vxlan traffic which represent multi-tenant application sharing L2/L3 infrastructure.

Aticara can surround the Vxlan gateway and generate traffic representing several hundred thousand virtual machine generating Vxlan encapsulated traffic.

Aticara is beneficial because it allows the QA engineer to simulate Vxlan encapsulated traffic originating from several hundred thousand Virtual Machine without having to have configure them therby also shrinking the test bed required for generating huge volume of Vxlan traffic.

Aticara can simulate several hundred thousand emulated VM’s which can generate stateless as well as stateful traffic (ICMP, TCP, HTTP). Aticara also emulates several hundred thousand Virtual Tunnel End Points (VTEP) which in turn applies the Vxlan encapsulation.

Figure1: ATICARA VM with Vxlan Support

Aticara simulates servers behind the VLAN, which can be configured to match the corresponding VNI.
Figure1 depicts the way Aticara can wrap around the VXLAN Gateway to achieve both function and
performance testing.

VXLAN Usecases Achievable with Aticara

As Vxlan Gateways become more sophisticated and heavily deployed in the cloud, the level of testing required to verify the functionality and performance becomes critical.

Below are some of the scenarios which can be tested with Aticara

  • Small numer of VTEPS with large number of VNI and eVM’s
  • Large Number of VTEP’s with small number of VNI and eVM’s
  • Broadcast/Mutlicast Flood test
  • Line rate application traffic per VNI
  • VxLAN/VLAN Leakage
  • VM Migration

 

 

 

]]>
http://aticara.com/blog/index.php/2017/03/17/vxlan-testing-using-aticara/feed/ 0
Testing Service Function Chaining With Aticara http://aticara.com/blog/index.php/2017/03/11/new-blog-1/ http://aticara.com/blog/index.php/2017/03/11/new-blog-1/#respond Sat, 11 Mar 2017 06:13:33 +0000 http://aticara.com/blog//?p=10 Aticara Introduction

Aticara is a completely software based and virtualized traffic simulator which can run on Commercial Off
the Shelf Hardware (COTS) and can generate line rate traffic both stateful and stateless.
Supported Hypervisors: ESX, KVM, Openstack
Supported Speeds: 1 /10/25/40/50/80/100 Gbps
(200 & 400 Gbps in roadmap)*

OVERVIEW

Service Function Chaining provides the ability to define an ordered list of network services (e.g., Firewall, NAT, QoS). These services are then stitched together in the network to create a service chain.

A service function chain defines anordered set of abstract service functions and orderingconstraints that must be applied to packets and/or frames and/orflows selected as a result of classification.  An example of an abstract service function is “a firewall”.  The implied order

may not be a linear progression as the architecture allows forSFCs that copy to more than one branch, and also allows forcases where there is flexibility in the order in which servicefunctions need to be applied.  The term “service chain” is oftenused as shorthand for service function chain.

Critical Components for deploying Service Plane in the Cloud

 

Classifier:  An element that performs Classification.

Service Function Chain (SFC):  A service function chain defines anordered set of abstract service functions and orderingconstraints that must be applied to packets and/or frames and/orflows selected as a result of classification.  An example of anabstract service function is “a firewall”.  The implied ordermay not be a linear progression as the architecture allows forSFCs that copy to more than one branch, and also allows forcases where there is flexibility in the order in which servicefunctions need to be applied.  The term “service chain” is oftenused as shorthand for service function chain.

 Service Function (SF):  A function that is responsible for specifictreatment of received packets.  A Service Function can act atvarious layers of a protocol stack (e.g., at the network layeror other OSI layers).  As a logical component, a service function can be realized as a virtual element or be embedded ina physical network element.  One or more Service Functions canbe embedded in the same network element.  Multiple occurrencesof the service function can exist in the same administrative domain. One or more service functions can be involved in the delivery ofadded-value services.  A non-exhaustive list of abstract servicefunctions includes: firewalls, WAN and application acceleration, Deep Packet Inspection (DPI), Lawful Intercept (LI), server loadbalancing etc.

Service Function Forwarder (SFF):  A service function forwarder isresponsible for forwarding traffic to one or more connected service functions according to information carried in the SFCencapsulation, as well as handling traffic coming back from theSF.  Additionally, an SFF is responsible for delivering trafficto a classifier when needed and supported, transporting trafficto another SFF (in the same or different type of overlay), andterminating the Service Function Path (SFP).

NSH, VxLAN GPE Header Support

Aticara can simulate millions of host behind Service Classifier, as well as simulate Service Classifier
itself by encapsulating the traffic generates by simulated host with in Network Service Header (NSH).
Aticara can also simulate Service Function Forwarder (SFF) by encapsulating NSH in VXLAN-GPE,
LISP and GENEVE

What scenarios can be tested with Aticara?

  • Functional and Performance testing of Service Classifier
  • Functional and Performance Testing of Service Function forwarder
  • Functional and Performance Testing of Service Function itself
  • Supported Encapsulations: NSH, VXLAN-GPE, GENEVE* and LISP*

What can Aticara simulate?

  • Hosts behind Service Classifier and Internet
  • Hosts behind Service Classifier, Service Classifier and Internet to Test Service Function Forwarder
  • Hosts behind Service Classifier & Internet, Service Classifier and Service Function Forwarder to test
    Service Function*
  • Aticara can also send statistics per host, service classifier, SFF statistics to the SDN Controller
    through its management port in JSON format periodically
    *

 

 

]]>
http://aticara.com/blog/index.php/2017/03/11/new-blog-1/feed/ 0