bandwidth test controller (bwctl) speaker: shin-fu huang date: 2009/10/08 1
TRANSCRIPT
Bandwidth Test Controller (BWCTL)
Speaker: Shin-Fu HuangDate: 2009/10/08
1
Outline
• Architecture of BWCTL
• Building BWCTL
• Applications of BWCTL– BWCTLD(bwctld.conf, bwctld.limits,
bwctld.keys)
– BWCTL
• Reference
2
Architecture of BWCTL
Source : http://www.internet2.edu/pubs/bwctl-cookbook.pdf3
Architecture of BWCTL(Cont.)
Source : http://www.internet2.edu/pubs/bwctl-cookbook.pdf4
Building the Application
• tar –zxvf bwctl-1.3.tar.gz • cd bwctl-1.3• ./configure --prefix=/ami– --prefix is only needed if you don't like the default– (/usr/local on most systems)
• make• make install
5
Applications of BWCTL
• bwctl (Client)• bwctld (Deamon)
6
BWCTLD
• bwctld.conf– Configuration file for the bwcltd daemon
• bwctld.limits– Authentication(who)– Authorization(what)
• bwctld.keys– Be used to hold the identity/AES keys pairs
needed for bwctld to authenticate users
7
bwctld.conf
• var_dir– Directory where bwctld.pid file is stored
• user – Specifies the uid the bwctld process will run as
• group – Specifies the gid the bwctld process will run as
8
bwctld.limits
• allow_open_mode (on)– This limit is only useful if the class is assigned to a
netmask. It is used to limit specific IP/netmask identities to only encrypted or authenticated mode transactions or to allow open mode.
• allow_tcp (on)– Allow TCP Iperf tests for userclass.
• allow_udp (off)– Allow UDP Iperf tests for userclass.– Security issue(UDP no congestion control)
9
bwctld.limits(Cont.)
• bandwidth– Maximum amount of bandwidth to allow
userclass to use in a UDP Iperf test. 0 indicates unlimited by policy, but remember this is checked all the way to the root of the hierarchy.
– If you want an unlimited userclass, your root must be unlimited, and the whole path down to the given userclass.
10
bwctld.limits(Cont.)
• Hierarchical Limitclasses
rootallow_udp=on
ncnuallow_udp=off
jail regular local
11
bwctld.limits(Cont.)
• root:– limit root with \
bandwidth=900m, \ allow_udp=on, \ allow_tcp=on, \ allow_open_mode=off
12
bwctld.limits(Cont.)
• default: – limit regular with parent=root, \
duration=30, \ allow_tcp=on, \ allow_udp=off, \ allow_open_mode=on
13
bwctld.limits(Cont.)
• ncnu:– limit ncnu with parent=root, \
allow_open_mode=on, \ allow_udp=off, \ allow_tcp=on
14
bwctld.limits(Cont.)
• Assign– assign default regular– net subnet• assign net 10.10.0.0/16 ncnu• assign net 2001:e10:6840::/48 ncnu• assign net 2001:288:c001::/48 ncnu
– user user• Assign a specific user to a given userclass. The user
must be defined in the bwctld.keys file. • assign user xinfu root
15
bwctld.keys
• Username and AES Key Rules: – Usernames are limited to 16 characters – AES key is a 128 bit session key – AES key is not encrypted in the keys file, use UNIX
permissions to protect it – Can use a pass phrase to generate the AES key – Use aespasswd to add pass phrase generated
keys into the keys file – Client: application prompts user for pass phrase
16
bwctld.keys(Cont.)
• aespasswd– To create a new key file use the ‘-n’ option • aespasswd -n -f bwctld.keys xinfu
– Add User• aespasswd -f bwctld.keys ccc
– Delete User• aespasswd -d -f bwctld.keys ccc
17
BWCTL(Cont.)
• SYNOPSIS– bwctl [options] -c recvhost -s sendhost• From sendhost to recvhost
– bwctl [options] -c recvhost• Send to recvhost
– bwctl [options] -s sendhost• Receive from sendhost
18
BWCTL(Cont.)
• Testing Authentication Options – Within a single authentication domain• bwctl -A AE AESKEY myname -s hostA -c hostB
– Between different authentication domains • bwctl -s hostA AE AESKEY myname -c hostB AE AESKEY
othername
19
BWCTL(Cont.)
• OPTIONS• -u– UDP test.
• -T tool (iperf)– Specify which throughput tester to use: iperf,
thrulay, nuttcp
• -b bandwidth (1Mb)– Limit UDP send rate to bandwidth (bits/sec).
20
BWCTL(Cont.)
• -l len– length of read/write buffers (bytes).
• -P nStreams (1)– Number of concurrent streams for the test.
• -t time (10)– Duration of test (seconds).
21
BWCTL(Cont.)
• Output Arguments• -f units– Specify the units for the tool to use when
displaying the results.– Iperf: • k (Kilobits per second) • K (Kilobytes per second) • m (Megabits per second) • M (Megabytes per second)
22
Reference
• Bandwidth Test Controller (BWCTL)– http://www.internet2.edu/performance/bwctl/
23