Bandwidth Test Controller (BWCTL)

Speaker: Shin-Fu HuangDate: 2009/10/08

1

Outline

• Architecture of BWCTL

• Building BWCTL

• Applications of BWCTL– BWCTLD(bwctld.conf, bwctld.limits,

bwctld.keys)

– BWCTL

• Reference

2

Architecture of BWCTL

Source : http://www.internet2.edu/pubs/bwctl-cookbook.pdf3

Architecture of BWCTL(Cont.)

Source : http://www.internet2.edu/pubs/bwctl-cookbook.pdf4

Building the Application

• tar –zxvf bwctl-1.3.tar.gz • cd bwctl-1.3• ./configure --prefix=/ami– --prefix is only needed if you don't like the default– (/usr/local on most systems)

• make• make install

5

Applications of BWCTL

• bwctl (Client)• bwctld (Deamon)

6

BWCTLD

• bwctld.conf– Configuration file for the bwcltd daemon

• bwctld.limits– Authentication(who)– Authorization(what)

• bwctld.keys– Be used to hold the identity/AES keys pairs

needed for bwctld to authenticate users

7

bwctld.conf

• var_dir– Directory where bwctld.pid file is stored

• user – Specifies the uid the bwctld process will run as

• group – Specifies the gid the bwctld process will run as

8

bwctld.limits

• allow_open_mode (on)– This limit is only useful if the class is assigned to a

netmask. It is used to limit specific IP/netmask identities to only encrypted or authenticated mode transactions or to allow open mode.

• allow_tcp (on)– Allow TCP Iperf tests for userclass.

• allow_udp (off)– Allow UDP Iperf tests for userclass.– Security issue(UDP no congestion control)

9

bwctld.limits(Cont.)

• bandwidth– Maximum amount of bandwidth to allow

userclass to use in a UDP Iperf test. 0 indicates unlimited by policy, but remember this is checked all the way to the root of the hierarchy.

– If you want an unlimited userclass, your root must be unlimited, and the whole path down to the given userclass.

10

bwctld.limits(Cont.)

• Hierarchical Limitclasses

rootallow_udp=on

ncnuallow_udp=off

jail regular local

11

bwctld.limits(Cont.)

• root:– limit root with \

bandwidth=900m, \ allow_udp=on, \ allow_tcp=on, \ allow_open_mode=off

12

bwctld.limits(Cont.)

• default: – limit regular with parent=root, \

duration=30, \ allow_tcp=on, \ allow_udp=off, \ allow_open_mode=on

13

bwctld.limits(Cont.)

• ncnu:– limit ncnu with parent=root, \

allow_open_mode=on, \ allow_udp=off, \ allow_tcp=on

14

bwctld.limits(Cont.)

• Assign– assign default regular– net subnet• assign net 10.10.0.0/16 ncnu• assign net 2001:e10:6840::/48 ncnu• assign net 2001:288:c001::/48 ncnu

– user user• Assign a specific user to a given userclass. The user

must be defined in the bwctld.keys file. • assign user xinfu root

15

bwctld.keys

• Username and AES Key Rules: – Usernames are limited to 16 characters – AES key is a 128 bit session key – AES key is not encrypted in the keys file, use UNIX

permissions to protect it – Can use a pass phrase to generate the AES key – Use aespasswd to add pass phrase generated

keys into the keys file – Client: application prompts user for pass phrase

16

bwctld.keys(Cont.)

• aespasswd– To create a new key file use the ‘-n’ option • aespasswd -n -f bwctld.keys xinfu

– Add User• aespasswd -f bwctld.keys ccc

– Delete User• aespasswd -d -f bwctld.keys ccc

17

BWCTL(Cont.)

• SYNOPSIS– bwctl [options] -c recvhost -s sendhost• From sendhost to recvhost

– bwctl [options] -c recvhost• Send to recvhost

– bwctl [options] -s sendhost• Receive from sendhost

18

BWCTL(Cont.)

• Testing Authentication Options – Within a single authentication domain• bwctl -A AE AESKEY myname -s hostA -c hostB

– Between different authentication domains • bwctl -s hostA AE AESKEY myname -c hostB AE AESKEY

othername

19

BWCTL(Cont.)

• OPTIONS• -u– UDP test.

• -T tool (iperf)– Specify which throughput tester to use: iperf,

thrulay, nuttcp

• -b bandwidth (1Mb)– Limit UDP send rate to bandwidth (bits/sec).

20

BWCTL(Cont.)

• -l len– length of read/write buffers (bytes).

• -P nStreams (1)– Number of concurrent streams for the test.

• -t time (10)– Duration of test (seconds).

21

BWCTL(Cont.)

• Output Arguments• -f units– Specify the units for the tool to use when

displaying the results.– Iperf: • k (Kilobits per second) • K (Kilobytes per second) • m (Megabits per second) • M (Megabytes per second)

22

Reference

• Bandwidth Test Controller (BWCTL)– http://www.internet2.edu/performance/bwctl/

23