Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Recommended Criteria
Maximum encrypted packets per second Throughput (Gbps) for encrypted traffic at several packet sizes Average packet size used for capacity calculations Additional equipment needed to sustain line rate throughput at a future average packet sizes.
before forwarding them. Equipment with a higher maximum encrypted PPS can encrypt/decrypt higher arrival rates of incoming packets and forward them more quickly, without introducing latency or dropping packets. Why is maximum PPS an important metric? Both Gbps and PPS are performance metrics that impact scalability and cost, and should be known by the operator. By identifying the maximum PPS, operators can better understand how the equipment will perform under the full range of peak traffic conditions and packet sizes found in the network, and how quickly network equipment will need to be augmented to sustain network throughput as average traffic characteristics change. If the incoming packet arrival rate of the packets exceeds the PPS processing limits of the equipment, packets will be dropped or delayed, causing retransmission, latency, or jitter. Overall throughput will decline and additional capacity required. Calculation of Theoretical PPS Standard 10 GigE Interface The theoretical maximum packets per second can be quickly calculated from Gbps, for a given packet size. In Figure 1, the theoretical packets per second are calculated for a 64 byte packet, assuming eight 10GigE interfaces at full capacity delivering traffic at 80 Gbps, including encryption and other overhead. Figure 1 is simply a mathematical calculation on theoretical maximum and does not include other equipment design limitations that can impact the actual packets per second that an operator would achieve.
When the incoming packet arrival rate (packets per second) exceeds the processing limits of the equipment, packets will be dropped or delayed, causing retransmission, latency, or jitter."
Theoretical Packets per Second Gigabits per Second GigaBytes per Second (Gbps/8) Packet Size (Bytes) Preamble + InterFrame Gap (Bytes) IPsec Overhead (Bytes) Total Bytes per Packet Total Packets per Second (millions) 70 80 10 64 20 58 142
Figure 2 uses the above formula to calculate PPS at multiple packet sizes, both encrypted and clear. As shown in Figure 2, at 80 Gbps, the maximum theoretical The impact of IPsec overhead is also clearly PPS at 64 byte encrypted packets is 70 million. At 1,518 byte encrypted packets, only 6 million PPS rate is possible. illustrated. If all 80 gigabits delivered packets were 64 byte packets, 119 million
Assumes ESP/AES128/SHA1
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001
could be delivered per second if clear (not encrypted), compared to 70 million encrypted.
" the smaller the packets, the higher the PPS rate, and therefore, the more packets need to be forwarded by the equipment."
As can be seen, the smaller the packets, the higher the PPS rate, and therefore, the more packets need to be forwarded by the equipment. Example #1: Encrypted PPS Calculation - 17 Gbps Security blade Most published data sheets for network nodes state a maximum throughput at a specific packet size, but do not provide the maximum encrypted packets per second (PPS) rate or Gbps for multiple packet size. However, by applying the mathematical calculation described previously, the maximum PPS rate at different packet sizes can be estimated, given the published Gbps and packet size for the equipment. For example, a security blade data sheet for a large infrastructure provider lists a maximum throughput of 80 Gbps (8x10 GigE ports) and the maximum encrypted (IPsec) throughput of 17 Gbps, assuming a 512 byte average packet size. Using the published 17 Gbps as a starting point, Figure 3 shows the calculation for the maximum encrypted PPS. Security Blade Example #1 Max. Throughput Max. IPsec Throughput Average Packet Size Calculated Maximum Encrypted PPS
Theoretical IPSec PPS calculated on 80GigE pipe consisting of 100% of given packet size, with 78B added for encryption (58), IFG (12), and preamble (8). For example: 80,000,000,000 / ((64 + 20+58) * 8) = 70.4 million PPS for 64 byte (payload) packet. For clear channel, IFG and preamble overhead only are added 20 bytes.
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001
80 Gbps
17 Gbps
512 Bytes
3.6 million*
At 17 Gbps maximum IPsec throughput and 512 byte packets, the maximum throughput possible is 3.6 million PPS, including encryption and other overhead.
"If the average packet size of the network traffic is smaller than the average packet size published in equipment datasheets, then operators need to adjust equipment needed for the expected capacity requirements accordingly."
in equipment datasheets, then operators need to adjust equipment needed for the expected capacity requirements accordingly. Every operator network is different and average packet sizes can vary even within a single network. The example following uses the same security blade parameters and shows the impact on throughput if the average packet size is 384B, 256B, or 64B, rather than the 512 average assumed on the datasheet. Example #2: 17 Gbps Security blade Throughput by Packet Size Using the security blade example in Figure 2 with a maximum throughput of 17 Gbps and a maximum PPS of 3.6M, Figure 4 converts the 3.6M PPS to Gbps, at three additional average packet sizes. Security Blade Example #2 Maximum Encrypted PPS Average Packet Size 512 Bytes 3.6 Million 384 Bytes 256 Bytes 64 Bytes Estimated Throughput3 17 Gbps 13.3 Gbps 9.6 Gbps 4.1 Gbps
If the average packet size needed by the network is actually 384 bytes instead of 512 bytes, then the security blade only provides 13.3 Gbps of capacity, not the 17 Gbps maximum. Example #3: 17 Gbps Security Blade - Capacity Implications of 384B Average Figure 5 shows that the throughput and available capacity of the security blade (assuming 3.6M PPS, 17 Gbps@512 B packet), will decline 35% when the actual network average packet size is 384, not 512 bytes. Security Blade Example #3
Example Gbps calculation: 3.6 M packets * (384 Bytes + 78B)* 8/1,000,000,000 = 13.3 Gbps
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001
PPS
3.6 M
Figure 5. Example - Decline in capacity with actual average packet size of 384B
In order to sustain the original 17 Gbps throughput, an additional blade (or chassis) would need to be added. If the actual network average packet size is different than the average used to calculate published Gbps, or if it changes over time, additional equipment can, of course, be added to augment throughput capacity. However, adding equipment increases costs for equipment as well as for power, space, and maintenance. Clearly, PPS and throughput by packet size are important metrics for accurate network dimensioning.
"As more real-time services are used in LTE networks, average packet size carried by the network will be smaller. Network aggregation nodes will need ultra-fast encryption/decryption to minimize latency and prevent a poor user experience."
Mobile network traffic, of course, includes a mix of all of these applications, and the average network traffic composition is unlikely to ever be only one application type. However, mobile broadband traffic can surge or spike on any number of events or applications, making peak traffic at any specific location at any given time quite different than the typical network average. Equipment that provides higher PPS can provide additional insurance against such extreme network
Source: Journal of Network and Computer Applications, Application classification using packet size distribution and port association.
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001
conditions. Will VoLTE decrease average packet size? VoLTE is a small part of mobile broadband traffic today, but the shift to incorporate voice is happening quickly. Over the last year, VoLTE has seen usage growth rates of 101%, and most operators expect to offer VoLTE in the next 1-2 years.5 VoLTE does not need to be a large percentage of the total traffic to have an impact on average packet size. When voice traffic is increased by just an additional 7% of total traffic, average packet size drops 25%, from 512 to 384 bytes (Figure 7).
"When voice traffic is increased by an additional 7% of total traffic, average packet size drops 25%"
Operators planning for near term scalability will have to consider the additional capacity requirements that VoLTE will have on LTE aggregation nodes and other equipment.
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001
"As operators prepare RFPs or conduct other LTE equipment evaluations, they should include packets per second as part of their evaluative criteria"
Figure 8. Maximum PPS reveals the performance limits of the equipment. To fully evaluate the scalability and performance of LTE security gateway equipment, the following specifications should be requested from vendors: Maximum (encrypted/IPsec) packets per second Throughput (Gbps) for encrypted traffic at several packet sizes, including the highest (1518B), lowest (64B) and midrange (512B)6 Average packet size used by vendor for quoted throughput and PPS capacity numbers Additional equipment needed to sustain line rate throughput at a smaller packet size.
In RFC 2544, the IETF recommends that seven standard frame sizes (64, 128, 256, 512, 1024, 1280 and 1518 byte) be tested multiple times, for a specified length of time. This is because all these frame sizes are used in the network and so the results for each must be known. http://www.ietf.org/rfc/rfc2544.txt
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001