you name it, we analyze it
DESCRIPTION
With the ever increasing number of networking protocols, it can be difficult for vendors, integrators, and end-users to determine how well different products and systems perform in real-world networking situations. Each protocol has their own method of defining traffic streams and message structures. Packet analyzers, like Wireshark, have been developed to interpret individual network packets and can perform rudimentary analysis of traffic streams for well-known packet types. Analyzing industrial protocols usually requires much more massaging of the data and in many cases requires a user to do much of the work by hand. This session will present a method to break-down industrial traffic streams into the core components necessary to analyze their performance. By identifying a few key fields in each protocol, a user can define their own method to identify individual traffic streams and analyze their performance.TRANSCRIPT
You Name It, We Analyze It! 1
You Name It,We Analyze It!
Jim GilsinnKenexis Consulting Corporation
You Name It, We Analyze It! 2
Industrial Network Types & Metrics:Publish/Subscribe
• Publish/subscribe or peer-to-peer communications
• Main performance metric: Cyclic frequency variability/jitter
• Real-time EtherNet/IP™ uses publish/subscribe• Requested/Accepted Packet Interval (RPI/API)• Measured Packet Interval (MPI)
You Name It, We Analyze It! 3
Industrial Network Types & Metrics:Publish/Subscribe
• Difference between TPub_Com_Init & TSub_Com_Init is network roundtrip delay
• TPub_Com_Init, TSub_Com_Init not important
• Variability in TPub much more important
• Theoretically, TPub doesn’t need to match Tsub
• In production systems, they are the same
TPub_Com_Init
Subscriber Publisher
TPub_1
TPub_2
TPub_N-1
TPub_N
TSub_Com_Init
TSub_M
.
.
.
You Name It, We Analyze It! 4
Performance Testing Methodology:Performance Metrics
• Command/response or master/slave communications
• Main performance metric: Latency
• Large numbers of protocols use this• Most (All?) PC-based server/client protocols – HTTP(S), (S)FTP, etc.• Most industrial protocols – Modbus/TCP, Profinet, Ethercat, etc.
You Name It, We Analyze It! 5
Industrial Network Types & Metrics:Command/Response
• Difference between TCom_Delay & TRes is network roundtrip delay
• Latency in TCom & TRes important
TRes_1
Commander Responder
TRes_2
TCom_Delay_1
TCom_1
TCom_2
TCom_Delay_2
You Name It, We Analyze It! 6
Isolating Traffic Streams
• Isolating traffic streams can be tricky
• 10’s – 100’s of traffic streams in production environment
• Your Wireshark Fu must be strong!
• Usually requires additional post-processing
• Multiple streams can exist between same devices
You Name It, We Analyze It! 7
Isolating Traffic Streams
• Traffic pairs• Source IP/MAC address• Destination IP/MAC address• Source TCP/UDP port• Destination TCP/UDP port
• Publish/Subscribe• Communication stream ID• Sequence number (optional)
• Command/Response• Command message/field• Response message/field• Message ID (optional)
You Name It, We Analyze It! 8
Test Time vs. Packet Interval
Test Time (s)
Measured Packet Interval (ms)~62 sec testMean MPI = 2msMin ~ 1.2Max ~ 2.9
You Name It, We Analyze It! 9
Time Plot for Command/Response
Regular Pattern to Delayed Packets
Regular Pattern of Minimal Delayed Packets
You Name It, We Analyze It! 10
Command/Response Timing Plots
• Quick succession of command/response packets
• Minimal delay in command/response sequence
• Apparently large delay in a single packet
• Example: Rockwell tag reads
Quick Succession Read Commands
Delay Until Next Time Sequence
You Name It, We Analyze It! 11
Next Steps
• Streamline traffic stream processing
• Develop better command/response code
• Build more mathematical statistical models
• Add graphical modeling of time & frequency domain
• Add more industrial protocols and obtain example files• Modbus• Profinet• DNP3• 61850• And others…
You Name It, We Analyze It! 12
Questions
• Contact Me• Jim Gilsinn• 301-706-9985 or 614-323-2254• [email protected]• Twitter – @JimGilsinn• LinkedIn – http://www.linkedin.com/in/jimgilsinn/• SlideShare – http://www.slideshare.net/gilsinnj