<?xml version="1.0"encoding="UTF-8"?> <!-- This template is for creating an Internet Draft using xml2rfc, which is available here: http://xml.resource.org. -->encoding="utf-8"?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"[<!-- One method to get references from the online citation libraries. There has to be one entity for each item to be referenced. An alternate method (rfc include) is described in the references. --> <!ENTITY RFC1918 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1918.xml"> <!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC2544 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2544.xml"> <!ENTITY RFC3022 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3022.xml"><!ENTITYRFC4340 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4340.xml">nbsp " "> <!ENTITYRFC4814 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4814.xml">zwsp "​"> <!ENTITYRFC5180 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5180.xml">nbhy "‑"> <!ENTITYRFC6146 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6146.xml"> <!ENTITY RFC7599 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7599.xml"> <!ENTITY RFC8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC8219 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8219.xml"> <!ENTITY RFC9000 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9000.xml"> <!ENTITY RFC9260 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9260.xml"> <!ENTITY RFC9411 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9411.xml">wj "⁠"> ]><?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <!-- used by XSLT processors --> <!-- For a complete list and description of processing instructions (PIs), please see http://xml.resource.org/authoring/README.html. --> <!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use. (Here they are set differently than their defaults in xml2rfc v1.32) --> <?rfc strict="yes" ?> <!-- give errors regarding ID-nits and DTD validation --> <!-- control the table of contents (ToC) --> <?rfc toc="yes"?> <!-- generate a ToC --> <?rfc tocdepth="4"?> <!-- the number of levels of subsections in ToC. default: 3 --> <!-- control references --> <?rfc symrefs="yes"?> <!-- use symbolic references tags, i.e, [RFC2119] instead of [1] --> <?rfc sortrefs="yes" ?> <!-- sort the reference entries alphabetically --> <!-- control vertical white space (using these PIs as follows is recommended by the RFC Editor) --> <?rfc compact="yes" ?> <!-- do not start each main section on a new page --> <?rfc subcompact="no" ?> <!-- keep one blank line between list items --> <!-- end of list of popular I-D processing instructions --><rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-ietf-bmwg-benchmarking-stateful-09"ipr="trust200902">number="9693" consensus="true" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" version="3"> <front> <!--The abbreviated title[rfced] As RFC 4814 isusedmentioned in this document's Abstract and Introduction, may we remove thepage header -reference to itis only necessary iffrom thefull title is longer than 39 characterstitle? Original: Benchmarking Methodology for Stateful NATxy Gateways using RFC 4814 Pseudorandom Port Numbers Perhaps: Benchmarking Methodology for Stateful NATxy Gateways Using Pseudorandom Port Numbers --> <title abbrev="Benchmarking Stateful NATxy Gateways">Benchmarking Methodology for Stateful NATxy GatewaysusingUsing RFC 4814 Pseudorandom Port Numbers</title><!-- add 'role="editor"' below for the editors if appropriate --> <!-- Another author who claims to be an editor --><seriesInfo name="RFC" value="9693"/> <author fullname="Gábor Lencse" initials="G." surname="Lencse"> <organization>Széchenyi István University</organization> <address> <postal> <street>Egyetem tér 1.</street><!-- Reorder these if your country does things differently --><city>Győr</city><region></region><code>H-9026</code> <country>Hungary</country> </postal><phone></phone><email>lencse@sze.hu</email><uri></uri></address> </author> <author fullname="Keiichi Shima" initials="K." surname="Shima"> <organization>SoftBank Corp.</organization> <address> <postal> <street>1-7-1 Kaigan</street><city>Minato-ku</city> <region>Tokyo</region><region>Minato-ku, Tokyo</region> <code>105-7529</code> <country>Japan</country> </postal><phone></phone><email>shima@wide.ad.jp</email> <uri>https://softbank.co.jp/</uri> </address> </author> <date year="2024"/> <!-- Meta-data Declarations --> <area>Operations and Management Area</area> <workgroup>Benchmarking Methodology Working Group</workgroup> <!-- WG name at the upperleft corner of the doc, IETF is fine for individual submissions. If this element is not present, the default is "Network Working Group", which is used by the RFC Editor as a nod to the history of the IETF. --> <keyword>Benchmarking, Stateful NATxy, Measurement Procedure, Throughput, Framemonth="December"/> <area>OPS</area> <workgroup>bmwg</workgroup> <keyword>Benchmarking</keyword> <keyword>Stateful NATxy</keyword> <keyword>Measurement Procedure</keyword> <keyword>Throughput</keyword> <keyword>Frame LossRate, Latency, PDV</keyword> <!-- Keywords will be incorporated into HTML output files in a meta tag but they have no effect on text or nroff output. If you submit your draft to the RFC Editor, the keywords will be used for the search engine. -->Rate</keyword> <keyword>Latency</keyword> <keyword>PDV</keyword> <abstract> <t>RFC 2544has defineddefines a benchmarking methodology for network interconnect devices. RFC 5180addressedaddresses IPv6specificitiesspecificities, and it alsoprovidedprovides a technology update butexcludedexcludes IPv6 transition technologies. RFC 8219addressedaddresses IPv6 transition technologies, including stateful NAT64. However, none of themdiscusseddiscuss how to applyRFC 4814pseudorandom port numbers from RFC 4814 to any stateful NATxy(NAT44,(such as NAT44, NAT64, and NAT66) technologies. This document discusses why using pseudorandom port numbers with stateful NATxy gateways is a difficult problem. It recommends a solutionlimitingthat limits the port number ranges andusinguses two test phases (phase 1 and phase 2).It is shownThis document shows how the classic performance measurement procedures(e.g.(e.g., throughput, frame loss rate, latency, etc.) can be carried out. New performance metrics and measurement procedures are also defined for measuring the maximum connection establishment rate, connection tear-down rate, and connection tracking table capacity. </t> </abstract> </front> <middle> <section anchor="intro"title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t><xreftarget="RFC2544"/> has definedtarget="RFC2544" format="default"/> defines a comprehensive benchmarking methodology for network interconnectdevices, whichdevices that is still in use. Itwasis mainly indpendent of IPversion independent,version, but ituseduses IPv4 in its examples. <xreftarget="RFC5180"/> addressedtarget="RFC5180" format="default"/> addresses IPv6 specificities and alsoaddedadds technologyupdates,updates butdeclareddeclares IPv6 transition technologies are out of its scope. <xreftarget="RFC8219"/> addressedtarget="RFC8219" format="default"/> addresses the IPv6 transition technologies, including stateful NAT64. Ithas reusedreuses several benchmarking procedures from <xreftarget="RFC2544"/> (e.g.target="RFC2544" format="default"/> (e.g., throughput, frame loss rate), and ithas redefinedredefines the latency measurement andaddedadds furtherones, e.g.ones (e.g., thePDV (packet delay variation) measurement.</t> <t>However,Packet Delay Variation (PDV) measurement).</t> <!-- [rfced] Per Section 3.6 of RFC 7322 ("RFC Style Guide"), abbreviations must be expanded upon first use. To avoid expanding "NAPT" upon first use here and stacking multiple sets of parentheses, we have rephrased as follows (because "NAPT" is introduced and expanded later in this document). Please let us know of any objections. Original: However, none of them discussed, how to apply<xref target="RFC4814"/>[RFC4814] pseudorandom port numbers, when benchmarking stateful NATxy (NAT44 (also called NAPT)<xref target="RFC3022"/>,[RFC3022], NAT64<xref target="RFC6146"/>,[RFC6146], and NAT66) gateways. (It should be noted that stateful NAT66 is not an IETF specification but refers to an IPv6 version of the stateful NAT44 specification.) Current: However, none of them discussed how to apply pseudorandom port numbers from [RFC4814] when benchmarking stateful NATxy gateways (such as NAT44 [RFC3022], NAT64 [RFC6146], and NAT66). (It should be noted that stateful NAT66 is not an IETF specification but refers to an IPv6 version of the stateful NAT44 specification.) --> <t>However, none of them discuss how to apply pseudorandom port numbers from <xref target="RFC4814" format="default"/> when benchmarking stateful NATxy gateways (such as NAT44 <xref target="RFC3022" format="default"/>, NAT64 <xref target="RFC6146" format="default"/>, and NAT66). (It should be noted that stateful NAT66 is not an IETF specification but refers to an IPv6 version of the stateful NAT44 specification.) The authors are not aware of any other RFCs that address this question. </t> <t>First,it is discussedthis document discusses why using pseudorandom port numbers with stateful NATxy gateways is a difficult problem.</t> <t>ThenThen, a solution isrecommended. </t> <section>recommended.</t> <section numbered="true" toc="default"> <name>Requirements Language</name> <t>The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xreftarget="RFC2119"/>target="RFC2119" format="default"/> <xreftarget="RFC8174"/>target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here.</t> </section><!-- [CHECK] The 'Requirements Language' section is optional --></section> <section anchor="problem"title="Pseudorandomnumbered="true" toc="default"> <name>Pseudorandom Port Numbers and StatefulTranslation">Translation</name> <t>In its appendix, <xreftarget="RFC2544"/> has definedtarget="RFC2544" format="default"/> defines a frame format for testframesframes, including specific source and destination port numbers. <xreftarget="RFC4814"/>target="RFC4814" format="default"/> recommends using pseudorandom and uniformly distributed values for both source and destination port numbers. However, stateful NATxy(NAT44,(such as NAT44, NAT64, and NAT66) solutions use the port numbers to identify connections. The usage of pseudorandom port numbers causes different problems depending on thedirection. <list style="symbols"> <t> As fordirection: </t> <ul spacing="normal"> <li> <t>For the client-to-server direction, pseudorandom source and destination port numbers could beused,used; however, this approach would be adenial of servicedenial-of-service attack against the stateful NATxy gateway, because it would exhaust its connection tracking table capacity. To that end, let us see some calculations using the recommendations ofRFC 4814: <list style="symbols"><xref target="RFC4814" format="default"/>: </t> <ul spacing="normal"> <li> <t>The recommended source port rangeis: 1024-65535, thusis 1024-65535; thus, its sizeis:is 64512.</t> </li> <li> <t>The recommended destination port rangeis: 1-49151, thusis 1-49151; thus, its sizeis:is 49151.</t> </li> <li> <t>The number of source and destination port number combinationsis:is 3,170,829,312.</t></list></li> </ul> <t> It should be noted that the usage of different source and destination IP addresses further increases the number of connection tracking table entries.</t><t>As for</li> <li> <t>For the server-to-client direction, the statefulDUT (DeviceDevice UnderTest)Test (DUT) would drop any packets that do not belong to an existingconnection,connection; therefore, the direct usage of pseudorandom port numbers from theabove-mentionedranges mentioned above is not feasible.</t></list> </t></li> </ul> </section> <section anchor="setup_term"title="Testnumbered="true" toc="default"> <name>Test Setup andTerminology"> <t>Section 12 of <xref target="RFC2544"/>Terminology</name> <t><xref target="RFC2544" sectionFormat="of" section="12"/> requires testingfirstusing a single protocol source and destination address pairanfirst and then also using multiple protocol addresses. The same approach is followed: first, a single source and destination IP address pair is used, and then it is explained how to use multiple IP addresses.</t> <section anchor="setup_term_single"title="Whennumbered="true" toc="default"> <name>When Testing with a Single IP AddressPair">Pair</name> <t>The methodology works with any IPversionsversion to benchmark stateful NATxy gateways, where x and y are in {4, 6}. To facilitate an easy understanding, two typical examples are used: stateful NAT44 and statefulNAT64. </t>NAT64.</t> <t>TheTest Setuptest setup for the well-known stateful NAT44 (also calledNAPT:Network Address and PortTranslation)Translation (NAPT)) solution is shown in <xreftarget="test_setup_sfnat44"/>.</t>target="test_setup_sfnat44" format="default"/>.</t> <t>Note that the<xref target="RFC1918"/>private IP addresses from <xref target="RFC1918" format="default"/> are used to facilitate an easy understanding of theexample. Andexample, and the usage of the IP addresses reserved for benchmarking is absolutely legitimate.</t> <t keepWithNext="true"/> <figureanchor="test_setup_sfnat44" align="center" title="Test setupanchor="test_setup_sfnat44"> <name>Test Setup forbenchmarking statefulBenchmarking Stateful NAT44gateways"> <preamble></preamble>Gateways</name> <artworkalign="left"><![CDATA[align="left" name="" type="" alt=""><![CDATA[ +--------------------------------------+ 10.0.0.2 |Initiator Responder| 198.19.0.2 +-------------| Tester |<------------+ | private IPv4| [state table]| public IPv4 | | +--------------------------------------+ | | | | +--------------------------------------+ | | 10.0.0.1 | DUT: | 198.19.0.1 | +------------>| Stateful NAT44 gateway |-------------+ private IPv4| [connection tracking table] | public IPv4 +--------------------------------------+ ]]></artwork><postamble></postamble></figure><t> The Test Setup<t keepWithPrevious="true"/> <t>The test setup for thealso widely usedstateful NAT64<xref target="RFC6146"/>solution <xref target="RFC6146" format="default"/>, which is also widely used, is shown in <xreftarget="test_setup_sfnat64"/>.</t>target="test_setup_sfnat64" format="default"/>.</t> <t keepWithNext="true"/> <figureanchor="test_setup_sfnat64" align="center" title="Test setupanchor="test_setup_sfnat64"> <name>Test Setup forbenchmarking statefulBenchmarking Stateful NAT64gateways"> <preamble></preamble>Gateways</name> <artworkalign="left"><![CDATA[align="left" name="" type="" alt=""><![CDATA[ +--------------------------------------+ 2001:2::2 |Initiator Responder| 198.19.0.2 +-------------| Tester |<------------+ | IPv6 address| [state table]| IPv4 address| | +--------------------------------------+ | | | | +--------------------------------------+ | | 2001:2::1 | DUT: | 198.19.0.1 | +------------>| Stateful NAT64 gateway |-------------+ IPv6 address| [connection tracking table] | IPv4 address +--------------------------------------+ ]]></artwork><postamble></postamble></figure> <t keepWithPrevious="true"/> <t>As for the transport layer protocol, <xreftarget="RFC2544"/>target="RFC2544" format="default"/> recommended testing with UDP, and it waskeptalso kept in <xreftarget="RFC8219"/>. For the general recommendation,target="RFC8219" format="default"/>. UDP is alsokept, thuskept for a general recommendation; thus, the port numbers in the following text are to be understood as UDP port numbers. The rationale and limitations of this approach are discussed in <xreftarget="udp_or_tcp"/>.</t>target="udp_or_tcp" format="default"/>.</t> <t>The most important elements of the proposed benchmarking system are defined asfollows. <list style="symbols"> <t>Connection:follows:</t> <!-- [rfced] In the sentence below, may we clarify "also in the case of UDP using the same kind of entries as in the case of TCP" as follows? Original: * Connection: Although UDP itself is a connection-less protocol, stateful NATxy gateways keep track of their translation mappings in the form of a "connection" also in the case of UDP using the same kind of entries as in the case ofTCP.</t> <t>ConnectionTCP. Perhaps: Connection: Although UDP itself is a connectionless protocol, stateful NATxy gateways keep track of their translation mappings in the form of a "connection" as well as in the case of UDP using the same kind of entries as in TCP. --> <dl newline="false" spacing="normal"> <dt>Connection:</dt> <dd>Although UDP itself is a connectionless protocol, stateful NATxy gateways keep track of their translation mappings in the form of a "connection" also in the case of UDP using the same kind of entries as in the case of TCP.</dd> <dt>Connection trackingtable: Thetable:</dt> <dd>The stateful NATxy gateway uses a connection tracking table to be able to perform the stateful translation in theserver to clientserver-to-client direction. Its size, policy, and content are unknown to theTester.</t> <t>Four tuple: TheTester.</dd> <dt>Four tuple:</dt> <dd>The four numbers that identify a connection are source IP address, source port number, destination IP address, and destination portnumber.</t> <t>State table: Thenumber.</dd> <dt>State table:</dt> <dd>The Responder of the Tester extracts the four tuple from each received test frame and stores it in its state table.RecommendationA recommendation is given for the writing and reading order of the state table in <xreftarget="st_wr_order"/>.</t> <t>Initiator: Thetarget="st_wr_order" format="default"/>.</dd> <dt>Initiator:</dt> <dd>The port of the Tester that may initiate a connection through the stateful DUT in the client-to-server direction. Theoretically, it can use any source and destination port numbers from the ranges recommended by <xreftarget="RFC4814"/>:target="RFC4814" format="default"/>: if the used four tuple does not belong to an existing connection, the DUT will register a new connection into its connection trackingtable.</t> <t>Responder: Thetable.</dd> <dt>Responder:</dt> <dd>The port of the Tester that may not initiate a connection through the stateful DUT in the server-to-client direction. It maysendonly send frames that belong to an existing connection. To that end, it uses four tuples that have been previously extracted from the received test frames andstoredstores in its statetable.</t> <t>Testtable.</dd> <dt>Test phase1: Test1:</dt> <dd>The test frames are sent only by the Initiator to the Responder through the DUT to fill both the connection tracking table of the DUT and the state table of the Responder. This is a newly introduced operation phase for stateful NATxy benchmarking. The necessity of this test phase is explained in <xreftarget="prelim"/>.</t> <t>Testtarget="prelim" format="default"/>.</dd> <dt>Test phase2: The2:</dt> <dd>The measurement procedures defined by <xreftarget="RFC8219"/> (e.g.target="RFC8219" format="default"/> (e.g., throughput, latency, etc.) are performed in this test phase after the completion of test phase 1. Test frames are sent as required(e.g.(e.g., a bidirectional test or a unidirectional test in any of the twodirections).</t> </list> </t> <t> Onedirections).</dd> </dl> <t>One further definition is used in the text of thisdocument: <list style="symbols"> <t> Blackdocument:</t> <dl newline="false" spacing="normal"> <dt>Black boxtesting: It is atesting:</dt> <dd>A testing approach when the Tester is not aware of the details of the internal structure and operation of the DUT. It can send input to the DUT and observe the output of theDUT.</t> </list> </t>DUT.</dd> </dl> </section> <section anchor="setup_term_multiple"title="Whennumbered="true" toc="default"> <name>When Testing with Multiple IPAddresses"> <t>TheAddresses</name> <t>This section considers the number of the necessary and available IPaddresses are considered.</t>addresses.</t> <t>In <xreftarget="test_setup_sfnat44"/>,target="test_setup_sfnat44" format="default"/>, the single 198.19.0.1 IPv4 address is used on the WAN side port of the stateful NAT44 gateway. However, in practice, it is not a single IP address, but rather an IP address range that is assigned to the WAN side port of the stateful NAT44 gateways. Its required size depends on the number of client nodes and on the type of the stateful NAT44 algorithm. (The traditional algorithm always replaces the source portnumber,number when a new connection is established.ThusThus, it requires a larger range than the extended algorithm, which replaces the source port number only when it is necessary. Please refer toTableTables 1 andTable2 of <xreftarget="LEN2015"/>.)</t>target="LEN2015" format="default"/>.)</t> <t>When router testing is done,section 12 of<xreftarget="RFC2544"/>target="RFC2544" sectionFormat="of" section="12"/> requires testingfirstusing a single source and destination IP addresspair,pair first and then using destination IP addresses from 256 different networks. The 16-23 bits of the 198.18.0.0/24 and 198.19.0.0/24 addresses can be used to express the 256 networks. As this document does not deal with router testing, no multiple destination networks areneeded,needed; therefore, these bits are available for expressing multiple IP addresses that belong to the same "/16" network. Moreover, both the 198.18.0.0/16 and the 198.19.0.0/16 networks can be used on the right side of the testsetupsetup, as private IP addresses from the 10.0.0.0/16 network are used on its left side.</t> <t keepWithNext="true"/> <figureanchor="test_setup_sfnat44_multi" align="center" title="Test setupanchor="test_setup_sfnat44_multi"> <name>Test Setup forbenchmarking statefulBenchmarking Stateful NAT44gateways using multipleGateways Using Multiple IPv4addresses"> <preamble></preamble>Addresses</name> <artworkalign="left"><![CDATA[align="left" name="" type="" alt=""><![CDATA[ 10.0.0.2/16–- 10.0.255.254/16 198.19.0.0/15 - 198.19.255.254/15 \ +--------------------------------------+ / \ |Initiator Responder| / +-------------| Tester |<------------+ | private IPv4| [state table]| public IPv4 | | +--------------------------------------+ | | | | +--------------------------------------+ | | 10.0.0.1/16 | DUT: | public IPv4 | +------------>| Stateful NAT44 gateway |-------------+ private IPv4| [connection tracking table] | \ +--------------------------------------+ \ 198.18.0.1/15 - 198.18.255.255/15 ]]></artwork><postamble></postamble></figure> <t keepWithPrevious="true"/> <t>A possible solution for assigning multiple IPv4 addresses is shown in <xreftarget="test_setup_sfnat44_multi"/>.target="test_setup_sfnat44_multi" format="default"/>. On the left side, the private IP address range is abundantly large. (The 16-31 bits were used for generating nearly 64k potential different source addresses, but the 8-15 bits are also available if needed.) On the right side, the 198.18.0.0./15 network is used, and it was cut into two equal parts. (Asymmetric division is also possible, if needed.)</t> <t>It should be noted that these are the potential address ranges. The actual address ranges to be used are discussed in <xreftarget="restr_port_range"/>.</t>target="restr_port_range" format="default"/>.</t> <t>In the case of stateful NAT64, a single "/64" IPv6 prefix contains a high number of bits to express different IPv6 addresses. <xreftarget="test_setup_sfnat64_multi"/>target="test_setup_sfnat64_multi" format="default"/> shows anexample,example where bits 96-111 are used for that purpose. </t> <t keepWithNext="true"/> <figureanchor="test_setup_sfnat64_multi" align="center" title="Testanchor="test_setup_sfnat64_multi"> <name>Test Setup forbenchmarking statefulBenchmarking Stateful NAT64gateways using multipleGateways Using Multiple IPv6 and IPv4addresses"> <preamble></preamble>Addresses</name> <artworkalign="left"><![CDATA[align="left" name="" type="" alt=""><![CDATA[ 2001:2::[0000-ffff]:0002/64 198.19.0.0/15 - 198.19.255.254/15 \ +--------------------------------------+ / IPv6 \ |Initiator Responder| / +-------------| Tester |<------------+ | addresses | [state table]| public IPv4 | | +--------------------------------------+ | | | | +--------------------------------------+ | | 2001:2::1/64| DUT: | public IPv4 | +------------>| Stateful NAT64 gateway |-------------+ IPv6 address | [connection tracking table] | \ +--------------------------------------+ \ 198.18.0.1/15 - 198.18.255.255/15 ]]></artwork><postamble></postamble></figure> <t keepWithPrevious="true"/> </section> </section> <section anchor="method"title="Recommendednumbered="true" toc="default"> <name>Recommended BenchmarkingMethod">Method</name> <section anchor="restr_port_range"title="Restrictednumbered="true" toc="default"> <name>Restricted Number of NetworkFlows">Flows</name> <t>When a single IP address pair is used fortestingtesting, then the number of network flows is determined by the number of sourceport numberand destination port number combinations. </t> <!-- [rfced] For clarity, may we update "in the order of a few times ten thousand" to "in the order of a few tens of thousands"? Original: If it is possible, the size of the source port number range SHOULD be larger (e.g. in the order of a few times ten thousand), whereas the size of the destination port number range SHOULD be smaller (may vary from a few to several hundreds or thousands as needed). Perhaps: If it is possible, the size of the source port number range SHOULD be larger (e.g., in the order of a few tens of thousands), whereas the size of the destination port number range SHOULD be smaller (may vary from a few to several hundreds or thousands as needed). --> <t>The InitiatorSHOULD<bcp14>SHOULD</bcp14> use restricted ranges for source and destination port numbers to avoid the exhaustion of the connection tracking table capacity of the DUT as described in <xreftarget="problem"/>.target="problem" format="default"/>. If it is possible, the size of the source port number rangeSHOULD<bcp14>SHOULD</bcp14> be larger(e.g.(e.g., in the order of a few times ten thousand), whereas the size of the destination port number rangeSHOULD<bcp14>SHOULD</bcp14> be smaller(may(e.g., it may vary from a few to several hundreds or thousands as needed). The rationale is that source and destination port numbers that can be observed intheInternet traffic are not symmetrical. Whereas source port numbers may be random, there are a few very popular destination port numbers(e.g. 443, 80, etc.,(e.g., 443 or 80; see <xreftarget="IIR2020"/>),target="IIR2020" format="default"/>), and others hardly occur.AndAdditionally, it was found that their role is also asymmetric in the Linux kernel routing hash function <xreftarget="LEN2020"/>.</t>target="LEN2020" format="default"/>.</t> <t>However, in some special cases, the size of the source port range is limited.E.g.For example, when benchmarking theCECustomer Edge (CE) andBRBorder Relay (BR) of aMAP-T <xref target="RFC7599"/>Mapping of Address and Port using Translation (MAP-T) system <xref target="RFC7599" format="default"/> together (as a compound system performing stateful NAT44),thenthe source port range is limited to the number of source port numbers assigned to each subscriber. (It could be as low as 2048ports.) </t> <t>Whenports.)</t> <!-- [rfced] FYI - To improve readability, we have reformatted the text below to read as a bulleted list. Please let us know any objections. Original: When multiple IP addresses are used, then the port number ranges should be even more restricted, as the number of potential network flows is the product of the size of the source IP address range, the size of the source port number range, the size of the destination IP address range, and the size of the destination port number range.AndCurrent: When multiple IP addresses are used, then the port number ranges should be even more restricted, as the number of potential network flows is the product of the size of: * the source IP address range, * the source port number range, * the destination IP address range, and * the destination port number range. --> <t>When multiple IP addresses are used, then the port number ranges should be even more restricted, as the number of potential network flows is the product of the size of:</t> <ul> <li>the source IP address range,</li> <li>the source port number range,</li> <li>the destination IP address range, and</li> <li>the destination port number range.</li> </ul> <t>In addition, the recommended method requires the enumeration of all their possible combinations in test phase 1 as described in <xreftarget="ctrl_conntrack"/>.</t>target="ctrl_conntrack" format="default"/>.</t> <t>The number of network flows can be used as a parameter. The performance of the stateful NATxy gatewayMAY<bcp14>MAY</bcp14> be examined as a function of this parameter as described in <xreftarget="sc_net_flows"/>.</t>target="sc_net_flows" format="default"/>.</t> </section> <section anchor="prelim"title="Testnumbered="true" toc="default"> <name>Test Phase1">1</name> <t>Test phase 1 serves two purposes:</t> <!-- [rfced] How may we clarify "that is throughput" in the text below? Original: Test phase 1 serves two purposes:<list style="numbers"> <t>The1. The connection tracking table of the DUT is filled. It is important, because its maximum connection establishment rate may be lower than its maximum frame forwarding rate (that is throughput). Perhaps: Test phase 1 serves two purposes: 1. The connection tracking table of the DUT is filled. This is important because its maximum connection establishment rate may be lower than its maximum frame forwarding rate (that is, its throughput). --> <ol spacing="normal" type="1"> <li> <t>The connection tracking table of the DUT is filled. This is important because its maximum connection establishment rate may be lower than its maximum frame forwarding rate (that is throughput).</t> </li> <li> <t>The state table of the Responder is filled with valid four tuples. It is a precondition for the Responder to be able to transmit frames that belong to connections that exist in the connection tracking table of the DUT.</t></list> Whereas</li> </ol> <t>Whereas the above two things are always necessary before test phase 2, test phase 1 can be used without test phase 2.ItThis is donesowhen the maximum connection establishment rate is measured (as described in <xreftarget="meas_max_conn_est_rate"/>). </t>target="meas_max_conn_est_rate" format="default"/>).</t> <t>Test phase 1MUST<bcp14>MUST</bcp14> be performed before all tests are performed in test phase 2. The following things happen in test phase1: <list style="numbers">1:</t> <ol spacing="normal" type="1"> <li> <t>The Initiator sends test frames to the Responder through the DUT at a specific frame rate.</t> </li> <li> <t>The DUT performs the stateful translation of the testframesframes, and it also stores the new connections in its connection tracking table.</t> </li> <li> <t>The Responder receives the translated test frames and updates its state table with the received four tuples. TheresponderResponder transmits no test frames during test phase 1.</t></list> </t></li> </ol> <t>When test phase 1 is performed in preparation for test phase 2, the applied frame rateSHOULD<bcp14>SHOULD</bcp14> be safely lower than the maximum connection establishment rate. (It implies that maximum connection establishment rate measurementMUST<bcp14>MUST</bcp14> be performed first.) Please refer to <xreftarget="ctrl_conntrack"/>target="ctrl_conntrack" format="default"/> for further conditions regarding timeout and the enumeration of all possible four tuples.</t> </section> <section anchor="consider_stateful"title="Considerationnumbered="true" toc="default"> <name>Consideration of the Cases of StatefulOperation">Operation</name> <t>The authors consider the most important events that may happen during the operation of a stateful NATxygateway,gateway and the Actions of the gateway asfollows. <list style="numbers">follows.</t> <ol> <li> <t>EVENT: A packet not belonging to an existing connection arrives in the client-to-serverdirection. ACTION:direction.</t> <t>ACTION: A new connection is registered into the connection trackingtabletable, and the packet is translated and forwarded.</t> </li> <li> <t>EVENT: A packet not belonging to an existing connection arrives in the server-to-clientdirection. ACTION:direction.</t> <t>ACTION: The packet is discarded.</t> </li> <li> <t>EVENT: A packet belonging to an existing connection arrives (in anydirection). ACTION:direction).</t> <t>ACTION: The packet is translated andforwardedforwarded, and the timeout counter of the corresponding connection tracking table entry is reset.</t> </li> <li> <t>EVENT: A connection tracking table entry timesout. ACTION:out.</t> <t>ACTION: The entry is deleted from the connection tracking table.</t></list> </t></li> </ol> <t>Due to "black box" testing, the Tester is not able to directly examine (or delete) the entries of the connection tracking table.ButHowever, the entries canbeandMUST<bcp14>MUST</bcp14> be controlled by setting an appropriate timeout value and carefully selecting the port numbers of the packets (as described in <xreftarget="ctrl_conntrack"/>)target="ctrl_conntrack" format="default"/>) to be able to produce meaningful and repeatable measurementresults. </t>results.</t> <t>This document aims to support the measurement of the following performance characteristics of a stateful NATxygateway: <list style="numbers">gateway:</t> <ul spacing="normal"> <li> <t>maximum connection establishment rate</t> </li> <li> <t>all "classic" performance metrics like throughput, frame loss rate, latency, etc.</t> </li> <li> <t>connection tear-down rate</t> </li> <li> <t>connection tracking table capacity</t></list> </t></li> </ul> </section> <section anchor="ctrl_conntrack"title="Controlnumbered="true" toc="default"> <name>Control of the Connection Tracking TableEntries">Entries</name> <t>It is necessary to control the connection tracking table entries of the DUT to achieve clear conditions for the measurements. One can simply achieve the following two extremesituations: <list style="numbers"> <t>Allsituations:</t> <ol spacing="normal"> <li> All frames create a new entry in the connection tracking table of theDUTDUT, and no old entries are deleted during the test. This is required for measuring the maximum connection establishmentrate.</t> <t>Norate. </li> <li> No new entries are created in the connection tracking table of theDUTDUT, and no old ones are deleted during the test. This is ideal for the measurements to be executed in phase 2, like throughput, latency,etc.</t> </list> </t>etc. </li> </ol> <t>From this point, the following two assumptions areused: <list style="numbers"> <t>Theused:</t> <ol spacing="normal" type="1"> <li anchor="assumption1"> The connection tracking table of the stateful NATxy is large enough to store all connections defined by the different fourtuples.</t> <t>Eachtuples. </li> <li anchor="assumption2"> Each experiment is started with an empty connection tracking table.(It(This can be ensured by deleting its content before theexperiment.)</t> </list> </t>experiment.) </li> </ol> <t>The first extreme situation can be achievedby <list style="symbols">by:</t> <ul spacing="normal"> <li> <t>using different four tuples for every single test frame in test phase 1 and</t><t> setting</li> <li> <t>setting the UDP timeout of the NATxy gateway to a value higher than the length of test phase 1.</t></list> </t></li> </ul> <t>The second extreme situation can be achievedby <list style="symbols">by:</t> <ul spacing="normal"> <li> <t>enumerating all possible four tuples in test phase 1 and</t> </li> <li> <t>setting the UDP timeout of the NATxy gateway to a value higher than the length of test phase 1 plus the gap between the two phases plus the length of test phase 2.</t></list> </t> <t> <xref target="RFC4814"/></li> </ul> <!--[rfced] As "REQUIRES" is not a key word per RFCs 2119/8174, may we rephrase this sentence to use "REQUIRED"? Original: [RFC4814] REQUIRES pseudorandom port numbers, which the authors believe is a good approximation of the distribution of the source port numbers a NATxy gateway on the Internet may face with. Perhaps: As described in [RFC4814], pseudorandom port numbers are REQUIRED, which the authors believe is a good approximation of the distribution of the source port numbers a NATxy gateway on the Internet may face with. --> <t><xref target="RFC4814" format="default"/> REQUIRES pseudorandom port numbers, which the authors believe is a good approximation of the distribution of the source port numbers a NATxy gateway on the Internet may be faced with. </t><t><!-- [rfced] For clarity, how may we rephrase "it may be computing efficiently generated by preparing" in the text below? Original: Itshouldmay benoted that althoughcomputing efficiently generated by preparing a random permutation of the previously enumerated all possible four tuples using Durstenfeld's random shuffle algorithm [DUST1964]. Perhaps: Efficient computing may be generated by preparing a random permutation of the previously enumerated all possible four tuples using Durstenfeld's random shuffle algorithm [DUST1964]. --> <t>Although the enumeration of all possible four tuples is not a requirement for the first extreme situation and the usage of different four tuples in test phase 1 is not a requirement for the second extreme situation, pseudorandom enumeration of all possible four tuples in test phase 1 is a good solution in both cases. It may be computing efficiently generated by preparing a random permutation of the previously enumerated all possible four tuples usingDustenfeld'sDurstenfeld's random shuffle algorithm <xreftarget="DUST1964"/>. </t>target="DUST1964" format="default"/>.</t> <t>The enumeration of the four tuples in increasing or decreasing order (or in any other specific order)MAY<bcp14>MAY</bcp14> be used as an additionalmeasurement. </t>measurement.</t> </section> <section anchor="meas_max_conn_est_rate"title="Measurementnumbered="true" toc="default"> <name>Measurement of the Maximum Connection EstablishmentRate">Rate</name> <t>The maximum connection establishment rate is an important characteristic of the stateful NATxygatewaygateway, and its determination is necessary for the safe execution of test phase 1 (without frame loss) before test phase 2. </t> <t>The measurement procedure of the maximum connection establishment rate is very similar to the throughput measurement procedure defined in <xreftarget="RFC2544"/>.target="RFC2544" format="default"/>. </t><t>Procedure:<!-- [rfced] FYI - We have reformatted the text below to read as a bulleted list to improve readability. Please review and let us know of any objections. Original: Procedure: The Initiator sends a specific number of test frames using all different four tuples at a specific rate through the DUT. The Responder counts the frames that are successfully translated by the DUT. If the count of offered frames is equal to the count of received frames, the rate of the offered stream is raised and the test is rerun. If fewer frames are received than were transmitted, the rate of the offered stream is reduced and the test is rerun.</t>Current: The procedure is as follows: * The Initiator sends a specific number of test frames using all different four tuples at a specific rate through the DUT. * The Responder counts the frames that are successfully translated by the DUT. * If the count of offered frames is equal to the count of received frames, the rate of the offered stream is raised and the test is rerun. * If fewer frames are received than were transmitted, the rate of the offered stream is reduced and the test is rerun. --> <t>The procedure is as follows:</t> <ul> <li>The Initiator sends a specific number of test frames using all different four tuples at a specific rate through the DUT.</li> <li>The Responder counts the frames that are successfully translated by the DUT.</li> <li>If the count of offered frames is equal to the count of received frames, the rate of the offered stream is raised and the test is rerun.</li> <li>If fewer frames are received than were transmitted, the rate of the offered stream is reduced and the test is rerun.</li> </ul> <t>The maximum connection establishment rate is the fastest rate at which the count of test frames successfully translated by the DUT is equal to the number of test frames sent to it by the Initiator. </t> <!-- [rfced] Please review whether any of the notes in this document should be in the <aside> element. It is defined as "a container for content that is semantically less important or tangential to the content that surrounds it" (https://authors.ietf.org/en/rfcxml-vocabulary#aside). --> <t>Note: In practice, the usage of binary search isRECOMMENDED.</t><bcp14>RECOMMENDED</bcp14>.</t> </section> <section anchor="validation_of_conn"title="Validationnumbered="true" toc="default"> <name>Validation of ConnectionEstablishment">Establishment</name> <t>Due to "black box" testing, the entries of the connection tracking table of the DUT may not be directlyexamined, butexamined. However, the presence of the connections can be checked easily by sending frames from the Responder to the Initiator in test phase 2 using all four tuples stored in the state table of the Tester (at a low enough frame rate). The arrival of all test frames indicates that the connections are indeed present. </t><t>Procedure: When<t>The procedure is as follows:</t> <t>When all the desired N number of test frameswereare sent by the Initiator to the Receiver at frame rate R in test phase 1 for the maximum connection establishment ratemeasurement,measurement and the Receiver has successfully received all the N frames, the establishment of the connections is checked in test phase 2 asfollows: <list style="symbols"> <t>Thefollows:</t> <ul> <li> The Responder sends test frames to the Initiator at frame rater=R*alpha,r=R*alpha for the duration ofN/rN/r, using a different four tuple from its state table for each testframe.</t> <t>Theframe. </li> <li> The Initiator counts the received frames, and if all N framesare arrivedhave arrived, then the R frame rate of the maximum connection establishment rate measurement (performed in test phase 1) is raised for the nextiteration, otherwiseiteration; otherwise, it is lowered (as well as in the caseifthat test frames were missing in the preliminary testphase).</t> </list> </t> <t>Notes: <list style="symbols"> <t>Thephase, as well). </li> </ul> <t>Notes:</t> <ul spacing="normal"> <li> The alpha is a kind of "safetyfactor",factor"; it aims to make sure that the frame rate used for the validation is not too high, and the test may fail only in the case of if at least one connection is not present in the connection tracking table of the DUT.(So(Therefore, alpha should be typically less than 1,e.g.e.g., 0.8 or 0.5.)</t> <t>The</li> <li> The duration of N/r and the frame rate of r means that N frames are sent forvalidation.</t> <t>Thevalidation. </li> <li> The order of four tuple selection isarbitraryarbitrary, provided that all four tuplesMUST<bcp14>MUST</bcp14> beused.</t> <t>Pleaseused. </li> <li> Please refer to <xreftarget="meas_contr_capacity"/>target="meas_contr_capacity" format="default"/> for a short analysis of the operation of the measurement and what problems mayoccur.</t> </list> </t>occur. </li> </ul> </section> <section anchor="real_test"title="Testnumbered="true" toc="default"> <name>Test Phase2">2</name> <t>As for the traffic direction, there are three possible cases during test phase2: <list style="symbols"> <t>bidirectional2:</t> <ol spacing="normal" type="1"> <li> <t>Bidirectional traffic: The Initiator sends test frames to theResponderResponder, and the Responder sends test frames to the Initiator.</t><t>unidirectional</li> <li> <t>Unidirectional traffic from the Initiator to the Responder: The Initiator sends test frames to theResponderResponder, but the Responder does not send test frames to the Initiator.</t><t>unidirectional</li> <li> <t>Unidirectional traffic from the Responder to the Initiator: The Responder sends test frames to theInitiatorInitiator, but the Initiator does not send test frames to the Responder.</t></list> </t></li> </ol> <t>If the Initiator sends test frames, then it uses pseudorandom source port numbers and destination port numbers from the restricted port number ranges. (If it uses multiple source and/or destination IP addresses, then their ranges are also limited.) TheresponderResponder receives the test frames, updates its state table, and processes the test frames as required by the given measurement procedure(e.g.(e.g., only counts them for the throughput test, handles timestamps for latency or PDV tests,etc.). </t>etc.).</t> <t>If the Responder sends test frames, then it uses the four tuples from its state table. The reading order of the state table may follow different policies (discussed in <xreftarget="st_wr_order"/>).target="st_wr_order" format="default"/>). The Initiator receives the test frames and processes them as required by the given measurementprocedure. </t> <t> Asprocedure.</t> <t>As for the actual measurement procedures, the usage of the updated ones fromSection 7 of<xreftarget="RFC8219"/>target="RFC8219" sectionFormat="of" section="7"/> isRECOMMENDED. </t><bcp14>RECOMMENDED</bcp14>.</t> </section> <section anchor="meas_conn_tear_down_rate"title="Measurementnumbered="true" toc="default"> <name>Measurement of the ConnectionTear-down Rate">Tear-Down Rate</name> <t>Connection tear-down can cause significant load for the NATxy gateway. The connection tear-down performance can be measured asfollows: <list style="numbers"> <t>Loadfollows:</t> <ol spacing="normal" type="1"> <li>Load a certain number of connections (N) into the connection tracking table of the DUT (in the same way as done to measure the maximum connection establishmentrate).</t> <t>Record TimestampA.</t> <t>Deleterate).</li> <li>Record TimestampA.</li> <li>Delete the content of the connection tracking table of theDUT.</t> <t>Record TimestampB.</t> </list> TheDUT.</li> <li>Record TimestampB.</li> </ol> <t>The connection tear-down rate can be computedas: </t> <t>connectionas:</t> <t indent="5">connection tear-down rate = N / ( TimestampB -TimestampA) </t>TimestampA)</t> <t>The connection tear-down rateSHOULD<bcp14>SHOULD</bcp14> be measured for various values ofN. </t>N.</t> <t>It is assumed that the content of the connection tracking table may be deleted by an out-of-band control mechanism specific to the given NATxy gatewayimplementation. (E.g.implementation (e.g., by removing the appropriate kernel module underLinux.) </t>Linux).</t> <t>It is noted that the performance of removing the entire content of the connection tracking table at one time may be different from removing all the entries one byone. </t>one.</t> </section> <section anchor="meas_contr_capacity"title="Measurementnumbered="true" toc="default"> <name>Measurement of the Connection Tracking TableCapacity">Capacity</name> <t>The connection tracking table capacity is an important metric of stateful NATxy gateways. Its measurement is not easy, because an elementary step of a validated maximum connection establishment rate measurement (defined in <xreftarget="validation_of_conn"/>)target="validation_of_conn" format="default"/>) may have only a few distinct observable outcomes, but some of them may have different rootcauses: <list style="numbers">causes:</t> <ul spacing="normal"> <li> <t>During test phase 1, the number of test frames received by the Responder is less than the number of test frames sent by the Initiator. It may have different root causes,including: <list style="numbers">including:</t> <ul spacing="normal"> <li> <t>The R frame sending rate was higher than the maximum connection establishment rate. (Note that now the maximum connection establishment rate is considered unknown because onecan notcannot measure the maximum connection establishment withoutassumption 1<xref target="assumption1" format="none">assumption 1</xref> in <xreftarget="ctrl_conntrack"/>!)target="ctrl_conntrack" format="default"/>.) This root cause may be eliminated by lowering the R rate and re-executing the test. (This step may be performed multipletimes,times whileR>0.)</t>R>0.)</t> </li> <li> <t>The capacity of the connection tracking table of the DUT has beenexhausted. (Andexhausted (and either the DUT does not want to delete connections or the deletion of the connections makes itslower. Thisslower; this case is not investigated further in test phase1.)</t> </list> </t>1).</t> </li> </ul> </li> <li> <t>During test phase 1, the number of test frames received by the Responder equals the number of test frames sent by the Initiator. In this case, the connections are validated in test phase 1. The validation may have two kinds of observableresults: <list style="numbers">results:</t> <ol spacing="normal" type="1"> <li> <t>The number of validation frames received by the Initiator equals the number of validation frames sent by the Responder. (It proves that the capacity of the connection tracking table of the DUT is enough and both R and r were chosen properly.)</t> </li> <li> <t>The number of validation frames received by the Initiator is less than the number of validation frames sent by the Responder. This phenomenon may have various rootcauses: <list style="numbers">causes:</t> <ul spacing="normal"> <li> <t>The capacity of the connection tracking table of the DUT has been exhausted. (It does notmatter,matter whether some existing connections are discarded and new ones arestored,stored or if the new connections are discarded. Some connections are lost anyway, and it makes validation fail.)</t> </li> <li> <t>The R frame sending rate used by the Initiator was too high in test phase1 and thus1; thus, some connections were notestablished,established even though all test frames arrived at the Responder. This root cause may be eliminated by lowering the R rate and re-executing the test. (This step may be performed multipletimes,times whileR>0.)</t>R>0.)</t> </li> <li> <t>The r frame sending rate used by the Responder was too high in test phase2 and thus2; thus, some test frames did not arrive at theInitiator,Initiator even though all connections were present in the connection tracking table of the DUT. This root cause may be eliminated by lowering the r rate and re-executing the test. (This step may be performed multipletimes,times whiler>0.)</t> </list> And herer>0.)</t> </li> </ul> <t>This is the problem:asAs the above three root causes are indistinguishable, it is not easy todecide,decide whether R or r should bedecreased. </t> </list> </t> </list> </t>decreased.</t> </li> </ol> </li> </ul> <t>Experience shows that the DUT may collapse if its memory is exhausted. Such a situation may make the connection tracking table capacity measurements rather inconvenient. This possibility is included in the recommended measurement procedure, but the detection and elimination of such a situation is notaddressed. (E.g.addressed (e.g., how the algorithm can reset theDUT.) </t>DUT).</t> <t>For the connection tracking table size measurement,firstfirst, one needs a safe number: C0. It is aprecondition,precondition that C0 number of connections can surely be stored in the connection tracking table of the DUT. Using C0, one can determine the maximum connection establishment rate using C0 number of connections. It is done with a binary search using validation. The result is R0. The values C0 and R0 will serve as "safe" starting values for the following twosearches. </t>searches.</t> <t>First, an exponential search is performed to find the order of magnitude of the connection tracking table capacity. The search stops if the DUT collapses OR the maximum connection establishment rate severely drops(e.g.(e.g., to its one tenth) due to doubling the number ofconnections. </t>connections.</t> <t>Then, the result of the exponential search gives the order of magnitude of the size of the connection tracking table. Before disclosing the possible algorithms to determine the exact size of the connection tracking table, three possible replacement policies for the NATxy gateway areconsidered: <list style="numbers">considered:</t> <ol spacing="normal" type="1"> <li> <t>The gateway does not delete any live connections until their timeout expires.</t> </li> <li> <t>The gateway replaces the live connections according toLRU (least recently used)the Least Recently Used (LRU) policy.</t> </li> <li> <t>The gateway does a garbage collection when its connection tracking table is full and a frame with a new four tuple arrives. During the garbage collection, it deletes the Kleast recently usedLRU connections, where K is greater than 1.</t></list> Now,</li> </ol> <t>Now, it is examined what happens and how many validation frames arrive in thetherethree cases. Let the size of the connection tracking table beS,S and the number of preliminary frames be N, where S is less thanN. <list style="numbers">N.</t> <ol spacing="normal" type="1"> <li> <t>The connections defined by the first S test frames are registered into the connection tracking table of the DUT, and the last N-S connections are lost. (It is another question if the last N-S test frames are translated and forwarded in test phase 1 or simply dropped.) During validation, the validation frames with four tuples corresponding to the first S test frames will arrive at the Initiator and the other N-S validation frames will be lost.</t> </li> <li> <t>All connections are registered into the connection tracking table of the DUT, but the first N-S connections are replaced (and thus lost). During validation, the validation frames with four tuples corresponding to the last S test frames will arrive to the Initiator, and the other N-S validation frames will belost. </t>lost.</t> </li> <li> <t>Depending on the values of K, S, and N, maybe less than S connections will survive. In the worst case, only S-K+1 validation frames arrive, eventhough,though the size of the connection tracking table is S.</t></list> If</li> </ol> <t>If one knows that the stateful NATxy gateway uses the first or second replacement policy and one also knows that both R and r rates are low enough, then the final step of determining the size of the connection tracking table is simple. If the Responder sent N validation frames and the Initiator received N' of them, then the size of the connection tracking table isN'. </t>N'.</t> <t>In the general case, a binary search is performed to find the exact value of the connection tracking table capacity within E error. The search chooses the lower half of the interval if the DUT collapses OR the maximum connection establishment rate severely drops(e.g.(e.g., to itshalf) otherwisehalf); otherwise, it chooses the higher half. The search stops if the size of the interval is less than the Eerror. </t>error.</t> <t>The algorithms for the general case are defined usingCC, like the pseudocode in <xreftarget="meas_contr_capacity_algo"/>.target="meas_contr_capacity_algo" format="default"/>. In practice, this algorithm may be made more efficient inathe way that the binary search for the maximum connection establishment ratestops,stops if an elementary test fails at a rate under RS*beta or RS*gamma during the external search or during the final binary search for the capacity of the connection tracking table, respectively. (This saves a high amount of execution time by eliminating the long-lasting tests at low rates.) </t> <figureanchor="meas_contr_capacity_algo" align="center" title="Measurementanchor="meas_contr_capacity_algo"> <name>Measurement of the Connection Tracking TableCapacity">Capacity</name> <sourcecode type="pseudocode"><![CDATA[ // The binarySearchForMaximumConnectionCstablishmentRate(c,r) // function performs a binary search for the maximum connection // establishment rate in the [0, r] interval using c number of // connections. // This is an exponential search for finding the order of magnitude // of the connection tracking table capacity // Variables: // C0 and R0 are beginning safe values for the connection // tracking table size and connection establishment rate, // respectively // CS and RS are their currently used safe values // CT and RT are their values for the current examination // beta is a factor expressing an unacceptable drop in R(e.g.(e.g., // beta=0.1) // maxrate is the maximum frame rate for the media R0=binarySearchForMaximumConnectionCstablishmentRate(C0,maxrate); for ( CS=C0, RS=R0; 1; CS=CT, RS=RT ) { CT=2*CS; RT=binarySearchForMaximumConnectionCstablishmentRate(CT,RS); if ( DUT_collapsed || RT < RS*beta ) break; } // At this point, the size of the connection tracking table is // between CS and CT. // This is the final binary search for finding the connection // tracking table capacity within E error // Variables: // CS and RS are the safe values for connection tracking table size // and connection establishment rate, respectively // C and R are the values for the current examination // gamma is a factor expressing an unacceptable drop in R //(e.g.(e.g., gamma=0.5) for ( D=CT-CS; D>E; D=CT-CS ) { C=(CS+CT)/2; R=binarySearchForMaximumConnectionCstablishmentRate(C,RS); if ( DUT_collapsed || R < RS*gamma ) CT=C; // take the lower half of the interval else CS=C,RS=R; // take the upper half of the interval } // At this point, the size of the connection tracking table is // CS within E error. ]]></sourcecode><postamble></postamble></figure> <t keepWithPrevious="true"/> </section> <section anchor="st_wr_order"title="Writingnumbered="true" toc="default"> <name>Writing and Reading Order of the StateTable">Table</name> <t>As for the writing policy of the state table of the Responder, round robin isRECOMMENDED,<bcp14>RECOMMENDED</bcp14>, because it ensures that its entries are automatically kept fresh and consistent with that of the connection tracking table of the DUT. </t> <t>The Responder can read its state table in various orders, for example:<list style="symbols"> <t>pseudorandom</t> <t>round-robin</t> </list></t><t> Pseudorandom<ul spacing="normal"> <li> <t>pseudorandom</t> </li> <li> <t>round robin</t> </li> </ul> <t>Pseudorandom isRECOMMENDED<bcp14>RECOMMENDED</bcp14> to follow the approach of <xreftarget="RFC4814"/>. Round-robintarget="RFC4814" format="default"/>. Round robin may be used as a computationally cheaper alternative. </t> </section> </section> <section anchor="meas_scalability"title="Scalability Measurements">numbered="true" toc="default"> <name>Scalability Measurements</name> <!--[rfced] May we clarify the singular/plural usage in this sentence as follows?? Original: ...but it is RECOMMENDED to perform measurement series through which the value of one or more parameter(s) is/are changed to discover how the various values of the given parameter(s) influence the performance of the DUT. Perhaps: ...but it is RECOMMENDED to perform measurement series through which the value of each parameter is changed to discover how the various values of the each given parameter influences the performance of the DUT. --> <t>As for scalability measurements, no new types of performance metrics are defined, but it isRECOMMENDED<bcp14>RECOMMENDED</bcp14> to perform measurement series through which the value of one or more parameter(s)is/areare changed to discover how the various values of the given parameter(s) influence the performance of the DUT. </t> <section anchor="sc_net_flows"title="Scalabilitynumbered="true" toc="default"> <name>Scalability Against the Number of NetworkFlows">Flows</name> <t>The scalability measurements aim to quantify how the performance of the stateful NATxy gateways degrades with the increase of the number of network flows.</t> <t>As for the actual values for the number of network flows to be used during the measurement series, it isRECOMMENDED<bcp14>RECOMMENDED</bcp14> to use some representative values from the range of the potential number of network flows the DUT may be faced with during its intended usage.</t> <t>It isimportant,important how the given number of network flows are generated. The sizes of the ranges of the source and destination IP addresses and port numbers are essential parameters to be reported together with the results. Pleaseseealso see <xreftarget="reporting_format"/>target="reporting_format" format="default"/> about the reporting format.</t> <t>If a single IP address pair is used, then it isRECOMMENDED<bcp14>RECOMMENDED</bcp14> touse <list style="symbols">use: </t> <ul spacing="normal"> <li> <t>a fixed, larger source port number range (e.g., a few times10,000)</t>10,000) and</t> </li> <li> <t>avariable sizevariable-size destination port number range(e.g. 10; 100; 1,000;(e.g., 10, 100, 1,000, etc.), where its expedient granularity depends on the purpose.</t></list> </t></li> </ul> </section> <section anchor="sc_cpu_cores"title="Scalabilitynumbered="true" toc="default"> <name>Scalability Against the Number of CPUCores">Cores</name> <t>Stateful NATxy gateways are often implemented in software thatareis not bound to a specific hardware but can be executed by commodity servers. To facilitate the comparison of their performance, it can be useful todetermine <list style="symbols">determine: </t> <ul spacing="normal"> <li> <t>the performance of the various implementations using a single core of a well-knownCPU</t>CPU and</t> </li> <li> <t>the scale-up of the performance of the various implementations with the number of CPU cores.</t></list> </t></li> </ul> <t>If the number of the available CPU cores is a power of two, then it isRECOMMENDED<bcp14>RECOMMENDED</bcp14> to perform the tests with 1, 2, 4, 8, 16, etc. number of active CPU cores of the DUT.</t> </section> </section> <section anchor="reporting_format"title="Reporting Format">numbered="true" toc="default"> <name>Reporting Format</name> <t>MeasurementsMUST<bcp14>MUST</bcp14> be executed multiple times. The necessary number of repetitions to achieve statistically reliable results may depend on the consistent or scattered nature of the results. The report of the resultsMUST<bcp14>MUST</bcp14> contain the number of repetitions of the measurements.MedianThe median isRECOMMENDED<bcp14>RECOMMENDED</bcp14> as the summarizing function of the results complemented with the first percentile and the 99th percentile as indices of the dispersion of the results.AverageThe average and standard deviationMAY<bcp14>MAY</bcp14> also be reported. </t> <t>All parameters and settings that may influence the performance of the DUTMUST<bcp14>MUST</bcp14> be reported. Some of them may be specific to the given NATxy gateway implementation, like the "hashsize" (hash table size) and "nf_conntrack_max" (number of connection tracking table entries) values for iptables or the limit of the number of states for OpenBSD PF (set by the "set limit states number" command in the pf.conf file). </t><figure<t keepWithNext="true"/> <table anchor="iptables-conn-scale"align="center" title="Example table:align="left"> <name>Example Table of the Maximumconnection establishment rateConnection Establishment Rate ofiptables againstIptables Against thenumberNumber ofsessions"> <preamble></preamble> <artwork align="left"><![CDATA[ numberSessions</name> <tbody> <tr> <td align="left">number of sessions(req.) 0.4M 4M 40M 400M source(req.)</td> <td align="right">0.4M</td> <td align="right">4M</td> <td align="right">40M</td> <td align="right">400M</td> </tr> <tr> <td align="left">source port numbers(req.) 40,000 40,000 40,000 40,000 destination(req.)</td> <td align="right">40,000</td> <td align="right">40,000</td> <td align="right">40,000</td> <td align="right">40,000</td> </tr> <tr> <td align="left">destination port numbers(req.) 10 100 1,000 10,000 "hashsize" (i.s.) 2^17 2^20 2^23 2^27 "nf_conntrack_max" (i.s.) 2^20 2^23 2^26 2^30 num.(req.)</td> <td align="right">10</td> <td align="right">100</td> <td align="right">1,000</td> <td align="right">10,000</td> </tr> <tr> <td align="left">"hashsize" (i.s.)</td> <td align="right">2<sup>17</sup></td> <td align="right">2<sup>20</sup></td> <td align="right">2<sup>23</sup></td> <td align="right">2<sup>27</sup></td> </tr> <tr> <td align="left">"nf_conntrack_max" (i.s.)</td> <td align="right">2<sup>20</sup></td> <td align="right">2<sup>23</sup></td> <td align="right">2<sup>26</sup></td> <td align="right">2<sup>30</sup></td> </tr> <tr> <td align="left">num. sessions / "hashsize"(i.s.) 3.05 3.81 4.77 2.98 number(i.s.)</td> <td align="right">3.05</td> <td align="right">3.81</td> <td align="right">4.77</td> <td align="right">2.98</td> </tr> <tr> <td align="left">number of experiments(req.) 10 10 10 10 error(req.)</td> <td align="right">10</td> <td align="right">10</td> <td align="right">10</td> <td align="right">10</td> </tr> <tr> <td align="left">error of binary search(req.) 1,000 1,000 1,000 1,000 connections/s(req.)</td> <td align="right">1,000</td> <td align="right">1,000</td> <td align="right">1,000</td> <td align="right">1,000</td> </tr> <tr> <td align="left">connections/s median(req.) connections/s(req.)</td> <td></td> <td></td> <td></td> <td></td> </tr> <tr> <td align="left">connections/s 1st perc.(req.) connections/s(req.)</td> <td></td> <td></td> <td></td> <td></td> </tr> <tr> <td align="left">connections/s 99th perc.(req.) ]]></artwork> <postamble></postamble> </figure>(req.)</td> <td></td> <td></td> <td></td> <td></td> </tr> </tbody> </table> <t keepWithPrevious="true"/> <t><xreftarget="iptables-conn-scale"/>target="iptables-conn-scale" format="default"/> shows an example of table headings for reporting the measurement resultsforregarding the scalability of the iptables stateful NAT44 implementation against the number of sessions. The table indicates thealwaysrequired fields (req.) and the implementation-specific ones (i.s.). A computed value was also added in row 6; it is the number of sessions per hashsize ratio, which helps the reader to interpret the achieved maximum connection establishment rate. (A lower value results in shorter linked lists hanging on the entries of the hashtabletable, thus facilitating higher performance. The ratio is varying, because the number of sessions is always a power of 10, whereas the hash table size is a power of 2.) To reflect the accuracy of the results, the table contains the value of the "error" of the binary search, which expresses the stopping criterion for the binary search. The binary searchstops,stops when the difference between the "higher limit" and "lower limit" of the binary search is less than or equal to the "error". </t><t> The<t>The tableMUST<bcp14>MUST</bcp14> be complemented with reporting the relevant parameters of the DUT. If the DUT is a general-purpose computer and some software NATxy gateway implementation is tested, then the hardware descriptionSHOULD<bcp14>SHOULD</bcp14> include: the computer type, CPUtype,type and number of active CPU cores, memory type, size and speed, network interface card type(reflecting also(also reflecting the speed), the fact that direct cable connections wereused orused, and the type of the switch used for interconnecting the Tester and the DUT.OperatingThe operating system type and version, kernel version, andtheversion of the NATxy gateway implementation (including the last commit date and number if applicable)SHOULD<bcp14>SHOULD</bcp14> also be given. </t> </section> <section anchor="impl_exp"title="Implementationnumbered="true" toc="default"> <name>Implementation andExperience">Experience</name> <t>The stateful extension of siitperf <xreftarget="SIITPERF"/>target="SIITPERF" format="default"/> is an implementation of this concept. Its first version that onlysupportingsupports multiple port numbers is documented in this (open access)paperpaper: <xreftarget="LEN2022"/>.target="LEN2022" format="default"/>. Its extended version that alsosupportingsupports multiple IP addresses is documented in this (open access)paperpaper: <xreftarget="LEN2024b"/>.target="LEN2024b" format="default"/>. </t><t> The<t>The proposed benchmarking methodology has been validated by performing benchmarking measurements with three radically different stateful NAT64 implementations (Jool, tayga+iptables, and OpenBSD PF) in this (open access)paperpaper: <xreftarget="LEN2023"/>. </t>target="LEN2023" format="default"/>.</t> <t>Further experience with this methodology of using siitperf for measuring the scalability of the iptables stateful NAT44 and Jool stateful NAT64 implementations are described in <xreftarget="I-D.lencse-v6ops-transition-scalability"/>. </t>target="I-D.lencse-v6ops-transition-scalability" format="default"/>.</t> <t>This methodology was successfully applied for the benchmarking of variousIPv4aas (IPv4-as-a-Service)IPv4-as-a-Service (IPv4aas) technologies without the usage of technology-specific Testers by reducing the aggregate of theirCE (Customer Edge) and PE (Provider Edge)Customer Edge (CE) and Provider Edge (PE) devices to a stateful NAT44 gateway documented in this (open access)paperpaper: <xreftarget="LEN2024a"/>. </t>target="LEN2024a" format="default"/>.</t> </section> <section anchor="udp_or_tcp"title="Limitationsnumbered="true" toc="default"> <name>Limitations ofusingUsing UDP as a Transport LayerProtocol">Protocol</name> <t>The test frame format defined inRFC 2544<xref target="RFC2544"/> exclusively uses UDP (and not TCP) as a transport layer protocol. Testing with UDP was kept in bothRFC 5180<xref target="RFC5180"/> andRFC 8219<xref target="RFC8219"/> regarding the standard benchmarking procedures (throughput, latency, frame loss rate, etc.). The benchmarking methodology proposed in this document follows thislong establishedlong-established benchmarking tradition using UDP as a transport layer protocol, too. The rationale for this is that the standard benchmarking procedures require sending frames at arbitrary constant frame rates, which would violate the flow control and congestion control algorithms of the TCP protocol. TCP connection setup (using the three-way handshake) would further complicatetesting. </t>testing.</t> <t>Further potential transport layerprotocolsprotocols, e.g.,DCCP <xref target="RFC4340"/> and SCTPthe Datagram Congestion Control Protocol (DCCP) <xref target="RFC4340" format="default"/> and the Stream Control Transmission Protocol (SCTP) <xreftarget="RFC9260"/>target="RFC9260" format="default"/>, are outside of the scope of this document, as thewidely-usedwidely used stateful NAT44 and stateful NAT64 implementations do not support them. Although QUIC <xreftarget="RFC9000"/>target="RFC9000" format="default"/> is also considered a transport layer protocol,butQUIC packets are carried in UDPdatagrams thusdatagrams; thus, QUIC does not need a specialhandling. </t>handling.</t> <t>Some stateful NATxy solutions handle TCP and UDP differently,e.g.e.g., iptablesusesuse a 30s timeout for UDP and a 60s timeout for TCP.ThusThus, benchmarking results produced using UDP do not necessarily characterize the performance of a NATxy gateway well enough when they are used for forwarding Internet traffic. As for the given example, timeout values of the DUT may be adjusted, but it requires extraconsideration. </t>consideration.</t> <t>Other differences in handling UDP or TCP are also possible. Thus, the authors recommend that further investigations should be performed in thisfield. </t>field.</t> <t>As a mitigation of this problem, this document recommends that testing with protocols using TCP (like HTTP and HTTPS up to version 2) can be performed as described in <xreftarget="RFC9411"/>.target="RFC9411" format="default"/>. This approach also solves the potential problem of protocol helpers that may be present in the statefulDUT. </t>DUT.</t> <t>As for HTTP/3, it uses QUIC, which uses UDP as stated above. It should be noted that QUIC is treated as any other UDP payload. The proposed measurement method does not aim to measure the performance of QUIC,ratherrather, it aims to measure the performance of the stateful NATxygateway. </t>gateway.</t> </section> <sectionanchor="Acknowledgements" title="Acknowledgements"> <t>The authors would like to thank Al Morton, Sarah Banks, Edwin Cordeiro, Lukasz Bromirski, Sándor Répás, Tamás Hetényi, Timothy Winters, Eduard Vasilenko, Minh Ngoc Tran, Paolo Volpato, Zeqi Lai, and Bertalan Kovács for their comments.</t> <t>The authors thank Warren Kumari, Michael Scharf, Alexey Melnikov, Robert Sparks, David Dong, Roman Danyliw, Erik Kline, Murray Kucherawy, Zaheduzzaman Sarker, and Éric Vyncke for their reviews and comments.</t> <t>This work was supported by the Japan Trust International Research Cooperation Program of the National Institute of Information and Communications Technology (NICT), Japan.</t> </section> <!-- Possibly a 'Contributors' section ... --> <sectionanchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t>This documentdoes not make any request to IANA.</t>has no IANA actions.</t> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>This document has no further security considerations beyond that of <xreftarget="RFC8219"/>.target="RFC8219" format="default"/>. They should be cited here so that they can be applied not only for the benchmarking of IPv6 transition technologies but also for the benchmarking of any stateful NATxy gateways (allowing for x=y, too).</t> </section> </middle><!-- *****BACK MATTER ***** --><back> <displayreference target="I-D.lencse-v6ops-transition-scalability" to="SCALABILITY"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1918.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2544.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3022.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4340.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4814.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5180.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6146.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7599.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8219.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9000.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9260.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9411.xml"/> </references> <references> <name>Informative References</name> <!--References split into informative and normative --> <!-- There are 2 ways to insert reference entries from the citation libraries: 1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown) 2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here (for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml") Both are cited textually in the same manner: by using xref elements. If you use the PI option, xml2rfc will, by default, try to find included files in the same directory[I-D.lencse-v6ops-transition-scalability] IESG state: Expired asthe including file. You can also define the XML_LIBRARY environment variable with a value containing a setofdirectories to search. These can be either in the local filing system or remote ones accessed by http (http://domain/dir/... ).--> <references title="Normative References"> <!--?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?--> &RFC2119; &RFC1918; &RFC2544; &RFC3022; &RFC4340; &RFC4814; &RFC5180; &RFC6146; &RFC7599; &RFC8174; &RFC8219; &RFC9000; &RFC9260; &RFC9411; </references> <references title="Informative References"> <!-- Here we use entities that we defined at the beginning. --> <?rfc include='reference.I-D.lencse-v6ops-transition-scalability'?>06/19/24--> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/draft-lencse-v6ops-transition-scalability.xml"/> <reference anchor="DUST1964"target="https://dl.acm.org/doi/10.1145/364520.364540">target="https://dl.acm.org/doi/pdf/10.1145/364520.364540"> <front> <title>Algorithm 235: Random permutation </title> <author initials="R." surname="Durstenfeld"><organization></organization><organization/> </author> <dateday=""month="July" year="1964"/> </front><seriesInfo name="" value="Communications<refcontent>Communications of the ACM, vol. 7, no. 7,p.420."/>p. 420</refcontent> <seriesInfo name="DOI" value="10.1145/364520.364540"/> </reference> <reference anchor="IIR2020" target="https://www.iij.ad.jp/en/dev/iir/pdf/iir_vol49_report_EN.pdf"> <front> <title>Periodicobservation report:Observation Report: InternettrendsTrends asseenSeen from IIJinfrastructureInfrastructure - 2020 </title> <author initials="T." surname="Kurahashi"><organization></organization><organization/> </author> <author initials="Y." surname="Matsuzaki"><organization></organization><organization/> </author> <author initials="T." surname="Sasaki"><organization></organization><organization/> </author> <author initials="T." surname="Saito"><organization></organization><organization/> </author> <author initials="F." surname="Tsutsuji"><organization></organization><organization/> </author> <dateday="" month="Dec"month="December" year="2020"/> </front><seriesInfo name="" value="Internet<refcontent>Internet Initiative Japan Inc.</refcontent> <refcontent>Internet Infrastructure Review, vol.49"/>49</refcontent> </reference> <reference anchor="LEN2015"target="http://www.hit.bme.hu/~lencse/publications/e98-b_8_1580.pdf">target="https://www.hit.bme.hu/~lencse/publications/e98-b_8_1580.pdf"> <front> <title>Estimation of the Port Number Consumption of Web Browsing </title> <author initials="G." surname="Lencse"><organization></organization><organization/> </author> <dateday="1" month="8"month="August" year="2015"/> </front><seriesInfo name="" value="IEICE<refcontent>IEICE Transactions on Communications, vol. E98-B, no. 8. pp.1580-1588"/>1580-1588</refcontent> <seriesInfo name="DOI"value="DOI: 10.1587/transcom.E98.B.1580"/>value="10.1587/transcom.E98.B.1580"/> </reference> <reference anchor="LEN2020" target="http://ijates.org/index.php/ijates/article/view/291"> <front> <title>Adding RFC 4814 Random Port Feature to Siitperf: Design, Implementation and Performance Estimation </title> <author initials="G." surname="Lencse"><organization></organization><organization/> </author> <dateday="" month=""month="November" year="2020"/> </front><seriesInfo name="" value="International<refcontent>International Journal of Advances in Telecommunications, Electrotechnics, Signals and Systems, vol 9, no 3, pp.18-26."/>18-26.</refcontent> <seriesInfo name="DOI" value="10.11601/ijates.v9i3.291"/> </reference> <reference anchor="LEN2022" target="https://www.sciencedirect.com/science/article/pii/S0140366422001803"> <front> <title>Design and Implementation of a Software Tester for Benchmarking Stateful NAT64xy Gateways: Theory and Practice of Extending Siitperf for Stateful Tests </title> <author initials="G." surname="Lencse"><organization></organization><organization/> </author> <dateday="1"month="August" year="2022"/> </front><seriesInfo name="" value="Computer<refcontent>Computer Communications, vol.172, no. 1,192, pp.75-88"/>75-88</refcontent> <seriesInfo name="DOI" value="10.1016/j.comcom.2022.05.028"/> </reference> <reference anchor="LEN2023" target="https://www.sciencedirect.com/science/article/pii/S0140366423002931"> <front> <title>Benchmarking methodology for stateful NAT64 gateways </title> <author initials="G." surname="Lencse"><organization></organization><organization/> </author> <author initials="K." surname="Shima"><organization></organization><organization/> </author> <author initials="K." surname="Cho"><organization></organization><organization/> </author> <dateday="1"month="October" year="2023"/> </front><seriesInfo name="" value="Computer<refcontent>Computer Communications, vol. 210,no. 1,pp.256-272"/>256-272</refcontent> <seriesInfo name="DOI" value="10.1016/j.comcom.2023.08.009"/> </reference> <reference anchor="LEN2024a" target="https://www.sciencedirect.com/science/article/pii/S0140366424000999"> <front> <title>Benchmarking methodology for IPv4aaS technologies: Comparison of the scalability of the Jool implementation of 464XLAT and MAP-T </title> <author initials="G." surname="Lencse"><organization></organization><organization/> </author> <author initials="Á." surname="Bazsó"><organization></organization><organization/> </author> <dateday="1"month="April" year="2024"/> </front><seriesInfo name="" value="Computer<refcontent>Computer Communications, vol. 219,no. 1,pp.243-258"/>243-258</refcontent> <seriesInfo name="DOI" value="10.1016/j.comcom.2024.03.007"/> </reference> <reference anchor="LEN2024b" target="https://www.sciencedirect.com/science/article/abs/pii/S0140366424001993"> <front> <title>Making stateless and stateful network performance measurements unbiased </title> <author initials="G." surname="Lencse"><organization></organization><organization/> </author><!--<dateday="1" month="April"month="September" year="2024"/>--></front><seriesInfo name="" value="Computer Communications"/><refcontent>Computer Communications, vol. 225, pp. 141-155</refcontent> <seriesInfo name="DOI" value="10.1016/j.comcom.2024.05.018"/> </reference> <reference anchor="SIITPERF" target="https://github.com/lencsegabor/siitperf"> <front> <title>Siitperf: An RFC 8219 compliant SIIT and stateful NAT64/NAT44 testerwritten in C++ using DPDK</title><author initials="G." surname="Lencse"> <organization></organization><author> <organization/> </author> <dateday="" month="" year="2019-2023" />month="September" year="2023"/> </front><seriesInfo name="" value="source code"/> <seriesInfo name="" value="available from GitHub"/><refcontent>commit 165cb7f</refcontent> </reference><!-- --></references> </references> <sectionanchor="change_log" title="Change Log"> <section title="00"> <t>Initial version. </t> </section> <section title="01"> <t>Updates based on the comments received on the BMWG mailing listanchor="Acknowledgements" numbered="false" toc="default"> <name>Acknowledgements</name> <t>The authors would like to thank <contact fullname="Al Morton"/>, <contact fullname="Sarah Banks"/>, <contact fullname="Edwin Cordeiro"/>, <contact fullname="Lukasz Bromirski"/>, <contact fullname="Sándor Répás"/>, <contact fullname="Tamás Hetényi"/>, <contact fullname="Timothy Winters"/>, <contact fullname="Eduard Vasilenko"/>, <contact fullname="Minh Ngoc Tran"/>, <contact fullname="Paolo Volpato"/>, <contact fullname="Zeqi Lai"/>, and <contact fullname="Bertalan Kovács"/> for their comments.</t> <t>The authors thank <contact fullname="Warren Kumari"/>, <contact fullname="Michael Scharf"/>, <contact fullname="Alexey Melnikov"/>, <contact fullname="Robert Sparks"/>, <contact fullname="David Dong"/>, <contact fullname="Roman Danyliw"/>, <contact fullname="Erik Kline"/>, <contact fullname="Murray Kucherawy"/>, <contact fullname="Zaheduzzaman Sarker"/>, and <contact fullname="Éric Vyncke"/> for their reviews andminor corrections. </t> </section> <section title="02"> <t><xref target="ctrl_conntrack"/>comments.</t> <t>This work wascompletely re-written. As a consequence, the occurrences of the now undefined "mostly different" source port number destination port number combinations were deleted from <xref target="meas_max_conn_est_rate"/>, too. </t> </section> <section title="03"> <t>Added <xref target="consider_stateful"/> about the consideration of the cases of stateful operation. </t> <t>Consistency checking. Removal of some parts obsoletedsupported by theprevious re-writing of <xref target="ctrl_conntrack"/>. </t> <t>Added <xref target="meas_conn_tear_down_rate"/> about the method for measuring connection tear-down rate. </t> <t>Updates for <xref target="impl_exp"/> about the implementation and experience. </t> </section> <section title="04"> <t>UpdateJapan Trust International Research Cooperation Program of theabstract. </t> <t>Added <xref target="validation_of_conn"/> about validationNational Institute ofconnection establishment. </t> <t>Added <xref target="meas_contr_capacity"/> about the method for measuring connection tracking table capacity. </t> <t>Consistency checkingInformation andcorrections. </t>Communications Technology (NICT), Japan.</t> </section><section title="00</back> <!-- [rfced] FYI -WG item"> <t>Added measurement setupWe have added expansions forStateful NAT64 gateways. </t> <t>Consistency checking and corrections. </t> </section> <section title="01"> <t>Addedabbreviations upon first use per Section4.5.1 about typical types3.6 ofmeasurement series and reporting format. </t> </section> <section title="02"> <t>AddedRFC 7322 ("RFC Style Guide"). Please review each expansion in theusagedocument carefully to ensure correctness. Border Relay (BR) Mapping ofmultiple IP addresses.</t> <t>Section 4.5.1 was removed and split into two Sections: <xref target="meas_scalability"/> about scalability measurementsAddress and<xref target="reporting_format"/> about reporting format. </t> </section> <section title="03"> <t>UpdatedPort using Translation (MAP-T) Datagram Congestion Control Protocol (DCCP) Stream Control Transmission Protocol (SCTP) --> <!-- [rfced] Please review theusage"Inclusive Language" portion ofmultiple IP addresses.</t> <t>Test phases were renamed as follows: <list style="symbols"> <t>preliminary test phase --> test phase 1</t> <t>real test phase --> test phase 2.</t> </list> </t> </section> <section title="04"> <t>Minor updates to <xref target="setup_term_multiple"/> and <xref target="impl_exp"/>.</t> </section> <section title="05"> <t>Minor updates addressing WGLC nits (addingthedefinitiononline Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. Updates of"black box",this nature typically result in more precise language, which is helpful for readers. a. For example, please consider whether "black" should be updated. b. In addition, please consider whether "tradition" andperforming"traditional" should be updated for clarity. While the NIST website <https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions#table1> indicates that this term is potentially biased, it is also ambiguous. "Tradition" is ahigh amount of grammatical corrections).</t> </section> <section title="06"> <t>Language editing addressing preliminary AD review comments by eliminatingsubjective term, as it is not theoccurrences of first person singular ("we", "our").</t> </section> <section title="07"> <t>Updates addressing IESG Last Call comments.</t> </section> </section> </back>same for everyone. --> </rfc>