• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for teknologi, kunst og design (TKD)
  • TKD - Master Theses
  • TKD - Master i Anvendt data- og informasjonsteknologi (ACIT)
  • View Item
  •   Home
  • Fakultet for teknologi, kunst og design (TKD)
  • TKD - Master Theses
  • TKD - Master i Anvendt data- og informasjonsteknologi (ACIT)
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Generating synthetic VoIP traffic for analyzing redundant OpenBSD-Firewalls

Woernhard, Maurice David
Master thesis
Thumbnail
View/Open
Woernhard_MauriceDavid.pdf (712.2Kb)
URI
https://hdl.handle.net/10642/464
Date
2006
Metadata
Show full item record
Collections
  • TKD - Master i Anvendt data- og informasjonsteknologi (ACIT) [243]
Abstract
Voice over IP, short VoIP, is among the fastest growing broadband technologies

in the private and commercial sector. Compared to the Plain Old Telephone

System (POTS), Internet telephony has reduced availability, measured in uptime

guarantees per a given time period. This thesis makes a contribution towards

proper quantitative statements about network availability when using two redundant,

state synchronized computers, acting as firewalls between the Internet

(WAN) and the local area network (LAN).

First, methods for generating adequate VoIP traffic volumes for loading a

Gigabit Ethernet link are examined, with the goal of using a minimal set of

hardware, namely one regular desktop computer. pktgen, the Linux kernel

UDP packet generator, was chosen for generating synthetic/artificial traffic,

reflecting the common VoIP packet characteristics packet size, changing sender

and receiver address, as well as typical UDP-port usage. pktgen’s three main

parameters influencing the generation rate are fixed inter-packet delay, packet size

and total packet count. It was sought to relate these to more user-friendly values

of amount of simultaneous calls, voice codec employed and call duration. The

proposed method fails to model VoIP traffic accurately, mostly due to the currently

unstable nature of pktgen. However, it is suited for generating enough

packets for testing the firewalls.

Second, the traffic forwarding limit and failover behavior of the redundant,

state-synchronized firewalls was examined. The firewalls were running

OpenBSD 3.8 and used the Common Address Redundancy Protocol (CARP)

and the packet filter state synchronization protocol (pfsync) for achieving redundancy,

with one acting as master, and the other as backup. Empirical measurements

show that the upper limit for unidirectional traffic is at about 125,000

packets per second, independent of packet sizes typical for VoIP media packets

(less than 220 bytes). This is far below the traffic capacity of Gigabit Ethernet,

and is caused by a “receive livelock”: full system load due to non-optimized

interrupt handling. The obtained measurements allow for questioning the

suitability of a default OpenBSD installation for firewalls in high packet rate networks..

The network connectivity glitch in failover situations was measured at:

when turning CARP off administratively while processing circa 80,000 packets

per second, the maximum glitch was in the magnitude of 300 milliseconds. When power-cycling the master firewall, maximum connectivity interruptions

of circa 3,000 milliseconds occurred. In all cases, series with much lower values

were measured, but may not be representative.
Description
Master i nettverks- og systemadministrasjon
Publisher
Høgskolen i Oslo. Avdeling for ingeniørutdanning
Universitetet i Oslo

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit