Ethernet Technology Encyclopedia (v)

The main network elements in the Ethernet network include switches, routers, firewalls, servers, and clients. By testing the Ethernet network elements and the network itself, the network structure can be optimized, the network fault is eliminated and the network performance is mastered. Ethernet testing is also rule-based, such as the well-known rfc2544/rfc1242, rfc2889/rfc2285, RFC2647, the domestic yd/t1099-2001 (Gigabit Ethernet Switch Equipment technical specifications). (Computer science)

RFC2544/1242 Network Benchmark Test

There are four key metrics defined in rfc2544/1242: throughput, latency, packet loss, and back-to-back, which are the basis for evaluating network devices and, of course, the basis for evaluating Ethernet devices for all Ethernet interconnect devices. In testing, the setting of test conditions is very important, such as the length of the test package, test time, test rate, and so on. Under different conditions to test, the results of the test will be different. When throughput, latency, and packet loss tests are carried out, the testing of multiple streams can better reflect the performance of Ethernet devices in support of actual network traffic. In the multi-stream testing, users can simulate hundreds of user traffic through the test instrument, each with different source/destination MAC address, source/destination IP address, protocol encapsulation, packet length, etc.

RFC2285/2889 Ethernet Switch Benchmark test

rfc2285/2889 defines important test items in Ethernet switch testing: Forwarding test, congestion control, address learning rate, Address table capacity, error filtering, broadcast forwarding, broadcast latency, forwarding pressure, etc. These test indicators are mainly for the 2-tier Ethernet switching equipment, but also the current domestic two-tier Ethernet switch testing the most widely used test items. The test conditions relate to the length of the package, the test time, the test topology, and so on.

Quality of service and testing of rules

Just as people are increasingly concerned about the quality of telecommunications services, people are beginning to care about the quality of Ethernet services, care about the manageability of Ethernet, and care about the intelligence of Ethernet. The current Ethernet device not only requires high quality data to be accurately forwarded, but also can be forwarded according to the set rules. For QoS and rule testing, testing is done based on the rules implemented by the device being tested (DUT), and often requires multiple streaming testing. Test metrics include: throughput, packet loss, and latency.

Routing test

The key to the development of Ethernet is the routing technology, which greatly expands the application range of Ethernet. Common routing protocols include RIP, OSPF, BGP4, and Is-is. The routing test is divided into two parts: the control surface test and the data surface test. The tests we described earlier are mostly done with data-surface testing. Considering the three-layer switch and router forwarding to the packet is based on routing control, the routing control and data flow test need to be carried out at the same time, the test instrument needs to simulate a certain scale routing network, and simultaneously carry out traffic occurrence and analysis. The main test projects include: routing table capacity, convergence time, throughput, latency, and so on. In the routing test, it is necessary to simulate the routing oscillation events in Ethernet, and to test the performance of the Ethernet device under this change. In this test, the simulated routing oscillation event should be as much as possible.

4~7 Layer Test

The results of 4~7 layer test often directly reflect the service quality of users, such as concurrent tcp/http connection number, response time and so on. For firewall-class products, you also need to test their ability to attack and the actual performance metrics after applying defensive rules. For intrusion detection system, it is necessary to test the intrusion recognition rate and whether there is omission. Server tests and firewall tests can be found in the recent comparative evaluation reports of the network world.

10GE Equipment and IPV6 test

The test of 10GE Ethernet device depends not only on the port processing capability, but also on the performance of the equipment routing and forwarding and the quality control of the service at the 10GE rate.

It is only a matter of time before the application of IPV6 on the Ethernet network, and IPV6 's testing is now receiving widespread domestic attention. IPV6 test includes IPV6 protocol consistent performance test, IPV6 routing protocol conformance test, data forwarding performance test, IPV6 routing table capacity, IPV6 routing performance test, IPv6 over Ipv4/ipv4 over IPv6 tunnel test, mixed flow test.

Cabling testing is also involved in Ethernet testing, and high quality network cabling is important for testing. The test instruments commonly used in Ethernet testing include: Cable tester, network Protocol analyzer, Network Performance Analyzer, 4~7 layer simulation and Performance Analyzer. Ethernet Security

The security technology of Ethernet generally can be divided into Access control, authentication, encryption, security for switch management and some additional functions.

Access control

vlan--This is the most traditional Ethernet security technology, it through the division of multiple broadcast domains, the 2-tier VLAN can not be exchanged between, VLAN access through three layers, can be more diverse means of filtering and control, to avoid some potential security risks.

Port Isolation--a feature that is supported by many vendors ' switches, is actually understood as an extension of VLAN technology, where many switches make each port a VLAN and ports cannot exchange visits on 2 floors.

MAC address Filtering-many switches provide a filtering function for Mac addresses, after a host's MAC address is set in the switch, packets from and to it are discarded, and users can control the insecure computer in such a way.

MAC address Bundle-Some switches have the ability to bundle a host's Mac with a switch's port, VLAN, and so on. Prevent foreign PCs from illegally logging on to the network.

The three-tier acl--access control list has been used more and more widely on the switch, originally on the three-tier switch, and now appears on the 2-tier switch.

The four-layer acl--four-layer access control list can identify the packet fourth layer information, such as TCP or UDP port number, and decide whether to discard packets according to the policy.

Certification

IEEE 802.1x--ieee 802.1x is known as a port based access control protocol, the most talked-about technology in the industry this year. The technology protocol is simple to implement, authentication and business separation.

pppoe--Some people think it is outdated technology, but in today's broadband metropolitan area network is still widely used.

Web/portal Certification-This is based on the type of business certification, do not need to install other client software, only need a browser can be completed, in terms of users more convenient.

PEAP-PEAP (Protected Extensible Authentication Protocol) is an IETF standard that is an IEEE 802.1x revision that can be used for wired and wireless Ethernet authentication work. This technology leverages TLS (transport Layer security) by setting an End-to-end channel to transmit user authentication information, such as passwords, and so on, without having to install certificates on the user's terminal. This technology has a simpler security architecture.

ttls--is used to perform authentication work in wireless or wired Ethernet. This technology, similar to the architecture of the PEAP technology, also uses TLS, which is relatively low on the client side in the authentication process, and it is competing with PEAP.

ssh--has supported SSH on a number of new switch products from manufacturers, and can encrypt all transmitted data.

Security for Management

snmpv3--has a variety of security processing modules, has excellent security and management functions, to make up for the first two versions in the security deficiencies.

Access control for network devices-most switches can prevent unauthorized access and control of the switch by setting access passwords. In addition, users of Telnet or other means of access, not used for a certain period of time, many switches will break the connection, to prevent others in the network administrator is not in the case of the operation of the switch.

Additional Features

vpn--users can use IPSec VPN technology when using broadband access based on Ethernet technology.

Additional features of the switch--some of the leading vendors already have different security modules on their switches. Some switches have log functions, and some switches can track DHCP processes.