How we did it
 
|
|||
 | |||
|
|
|
|||
| |||
|
We created a midsize corporate network to conduct our testing. The main office and branch office networks were composed of Cisco Catalyst 2924 and 3548XL switches; Hewlett-Packard 2524 switches; Cisco 6509, 5500, and HP 9304m Layer 3 switches; and Cisco 3660 and 7206VXR routers. Branch offices were connected to the main office through a T-1 frame relay cloud configured in a hub-and-spoke topology, while the main office was connected to the Internet via a simulated DS-3. This design let LAN and WAN appliances be tested with minimal reconfiguration.
Each network consisted of multiple Windows 2000, Windows XP and Linux servers and workstations. The corporate office had a Polycom H.323 videoconferencing unit that was configured for 768K bit/sec operation and a Minerva VNP-201 MPEG-2 encoder/decoder set to run at 6M bit/sec. A corresponding MPEG-2 unit was located within the simulated Internet cloud. The other Polycom H.323 station was in the second branch office. All three offices were equipped with Cisco 7960 IP phones.
Baseline throughput and packet-loss testing were conducted using Ixia Communications' 1600/1600T cards and Spirent Communications' SmartBits 2000 and 6000B cards.
Advertisement: |
Each card was configured for full-duplex, 100M bit/sec operation and used line-rate Ethernet frames between 64 and 1,518 bytes. The SmartBits 2000 cards also were used to create a simulated denial-of-service attack that consisted of large amounts of Internet Control Messaging Protocol and User Datagram Protocol (UDP).
To generate Web traffic, we used Ixia's IxWeb and Caw Networks' WebAvalanche to make HTTP requests to an Apache Web server hosted on one of the Linux servers in the corporate office. Statistics were observed before and after denial-of-service attacks took place to baseline HTTP performance in the network. These results were compared against statistics taken before and after quality-of-service policies were enabled.
Further tests were conducted by generating congestion over the frame relay cloud using several real world applications, including Web traffic, FTP downloads, Windows file transfers and peer-to-peer traffic using Kazaa. This congestion was significant enough to prevent voice over IP and H.323 videoconferencing from working over the branch office T-1 lines. Subjective evaluations were made of voice and video quality before and after policies were put in place. Additionally, Iperf, a TCP-based network performance tool, was used to judge fair per-flow allocation of resources. More information on Iperf can be found at dast.nlanr.net/Projects/Iperf.
All tests were conducted in the Network Services Interoperability Lab at the University of Florida in Gainesville.
RELATED LINKS
