This chapter describes the methodology for measuring the impact of Network Address Translation on the performance of a router. The chapter starts with a description of the various parameters that will be used to characterize the performance impact of NAT on the router and the guidelines used to carry out the performance tests. Next, the performance workloads and the corresponding test cases are defined. Description of the test network used to carry out the performance tests is given next. Finally, the statistics that are collected from the test network and the procedure used to collect them are described.
NAT Performance Characterization
NAT is a software feature of a router. Like any feature, it also has an impact on the router’s performance. To characterize the performance of NAT on a router, clear definitions of the parameters to be collected from the router are needed. As discussed in Chapter 2, a NAT router’s performance is a function of traffic load, traffic type (different applications), number of NAT entries and specific NAT configuration. It can be measured in terms of the following metrics:
Packet Delay: The extra delay introduced by just the NAT feature, not taking into consideration the variable network delay
Throughput: The rate (in bits per second) at which the router forwards packets with NAT
Memory Utilization: Memory consumption by different NAT entries
CPU Utilization: extra CPU utilization introduced by NAT table lookups, especially for packets with embedded IP addresses
There is a set of guiding principles that must be followed throughout the data collection process of the performance experiment. Performance testing uses standard workloads, which are used to determine the capacity limits of a device. These capacity limits can be in terms of certain parameters, like the few that are listed in the previous paragraph. To make realistic assessments of capacity thresholds, extremely high or extremely low input load conditions should be avoided . It is good practice to commence collection of test data after the device has reached steady state. Collection of data should end before the device load is reduced to conclude the test. The testing of several workloads may be necessary to determine an optimal number of readings from which to extrapolate any meaningful conclusions. These guiding principles were put to good use during performance data collection phase for this thesis. A workload is the collection of all individual tasks that are processed by a device during a specific time period. Workloads vary due to the user varying certain configuration parameters for the feature under test, which lead to the creation of individual tasks that devices are expected to process . We characterize the workload using four parameters: traffic volume, traffic type, packet size and bandwidth. The number of possible workloads that can be presented to a NATenabled router can be large. Therefore, standard workloads to be used in performance characterization are first defined. These standard workloads will be used to carry out the performance tests so as to have a common basis for performance evaluation and analysis. The next section describes the design methodology for the test network that was used to carry out the performance tests.
Test Network Design Methodology
The hardware and software specification of each component is described shows the test topology for measurement of traffic delay. The test router has two Fast Ethernet interfaces (FE0 and FE1). FE0 is configured to be the inside network (protected) interface. It is, by definition, the interface through which all internal hosts can reach the outside networks. FE1 is configured to be the interface to the internal network from the outside world. It is, by definition, the interface through which all external hosts can talk with hosts on the inside network. To eliminate network-induced latency, a simple two-node test topology has been adopted. This eliminates the effect of intermediate nodes on the end-to-end packet latency. The time-stamped traffic originating from the packet generator is captured by the packet capture at the egress interface (FE1) of the router under test. In this way, only the increment in delay because of turning on NAT is captured. The “inside” and “outside” interfaces shown as Fast Ethernet interfaces (FE0 and FE1) serve only as examples and are not the norm. These interfaces can also be optical OC3/OC12 or any other high data-rate IP interfaces. The exact interfaces used depend on the transmission media used by a test router and the type of interfaces it can support on its chassis. A two-node topology is also used to simulate a NAT gateway scenario for all other performance tests. It is represented as a three-node topology in Figure 3.2 only to explicitly show the “inside” and “outside” sections of the network. In the test actual setup, a single router with two Fast Ethernet interfaces acts as a packet generator as well as a packet capture tool as shown. Traffic generator is used to generate traffic on the end. Packet generator/capture router will receive and transmit packets simultaneously for bi-directional traffic. The network diagram consists of an outside network (packet generator/capture), a NAT gateway (test router), and an inside network (packet generator/capture). The inside refers to the protected network behind the test router and the outside network refers to the network on the other side of the test router. We designate one Fast Ethernet interface of the test router as « inside » and another Fast Ethernet interface of the same router as « outside » by way of router configuration commands. The address translation will occur from inside to outside interfaces or vice versa. In each of the test scenarios, after the traffic flow is established, the Test Router is polled for various parameters, such as the test router’s CPU utilization and the number of packet drops. The performance test setup includes two routers: one acting as an inside/outside network packet generator/capture and the other as the NAT gateway. Tests are performed with bi-directional traffic streams. Fast Ethernet connections are used between the test router and packet generator/capture, with the test router having a Fast Ethernet Port-Adaptor module.
NAT Configuration Information
This section explains the configuration commands for a test router to enable the Network Address Translation feature. In Cisco routers, there are different levels or modes in which a router may be configured. There is the concept of a global configuration mode, which configures features that apply to the overall operation of the router. Then there are sub-configuration modes such as the interface configuration mode, T1/E1 controller configuration mode, etc., wherein you specify the details of that particular interface or subsystem. Cisco documentation provides further details about router configuration modes. To configure a basic NAT scenario on a router, the basic steps are as follows. One should first designate one Ethernet or Fast Ethernet interface as being “inside” and another as being “outside” on the router. Appropriate IP addresses must then be assigned to these interfaces. Next, in the global configuration mode, one must associate the IP address to the MAC address and specify the Ethernet framing type. This is further explained by the example configuration below, along with comments for each section.
The test network topology for both delay measurements and CPU, memory, and throughput measurements use the same test router and packet generator/capture tool. They only differ in the way in which they are used in these scenarios. These components are described in this section.
The test router used to conduct all performance tests is a Cisco 7206VXR router. The Cisco 7206VXR supports multiprotocol, multimedia routing and bridging with a wide variety of protocols and port adapter combinations available for Cisco 7200 series routers. In addition, the Cisco 7206VXR midplane provides increased support for multiple high-bandwidth port adapters. The Cisco 7206VXR has six slots (slot 1 through slot 6) for port adapters, one slot for an Input/Output (I/O) controller, and one slot for a network processing engine or network services engine. We can place the port adapters in any of the six available slots . The particular test router used to carry out the tests had the Network Processing Engine – 300 (NPE-300). Two of these port adaptors are Fast Ethernet port adaptors, where one is designated as an “inside” interface and the other is an “outside” interface. The network-processing engine maintains and executes the system management functions for the routers. It also shares the system memory and environmental monitoring functions with the I/O controller . The test router was also equipped with 254 MB Dynamic Random Access Memory (DRAM), 40 MB Synchronous Dynamic Random Access Memory (SDRAM), 256 KB Layer-2 cache and 2048 KB Layer-3 cache. The operating system version that was used was Internetworking Operating System version 12.1 (15) Major release. The particular OS image was c7200-js-mz.121-15.bin It is an Enterprise Plus edition (denoted by the “js-mz” portion of the image name), which is a featurerich edition. For details about Cisco’s IOS image version and naming convention the reader should refer to  and . The reason for choosing a major release is that it provides a relatively stable code base and, hence, the chances of an operating system malfunction are much lower. This particular OS image also supports NAT among other features.
Packet Generator/ Capture
To generate traffic streams, a Cisco proprietary IOS-based packet generator called Pagent was used. It is a special IOS image that runs on a number of supported Cisco platforms. Pagent has a packet-generation mode of operation called Traffic Generator mode (or TGN mode), which allows it to generate different types of packet streams. For the purpose of this performance testing study, a Cisco 7206VXR router was used to run the Pagent image. Similarly, Pagent also has a packet-capture mode called PKTS. It captures and displays packets from any combination of interfaces on a router. For the test setup to measure latency shown in Figure 3.1, a timestamp configurable field is included in TGN and PKTS to help measure latency through the test router. When the timestamp field is configured on a TGN traffic stream, TGN puts a timestamp in the packet just before sending it. This occurs before any transport checksums are calculated, so that the timestamp can be added into a valid TCP or UDP packet. When the timestamp field is configured in a PKTS filter, PKTS can extract the timestamp from the packet and compare it to the time it received the packet. It is important that the same router is used to send and receive, so that both the send and receive timestamps come from the same clock source. In the TGN mode, streams with parameters like packet rate, packet size and destination Media Access Control (MAC) addresses and IP addresses can be defined. The PKTS mode allows the IP interface that connects to the test router to be in the promiscuous mode, thus allowing it to capture all incoming packets and store packet statistics such arrival timestamp, incoming packet rate, packet count, etc.
1.2 PROBLEM STATEMENT
1.3 RESEARCH GOALS
1.4 DOCUMENT OVERVIEW
2. NETWORK ADDRESS TRANSLATION
2.1 HOW NAT WORKS
2.2 MERITS AND DEMERITS OF NAT
2.3 CURRENT RESEARCH
3.1 NAT PERFORMANCE CHARACTERIZATION
3.2 TEST NETWORK DESIGN METHODOLOGY
3.3 NAT CONFIGURATION INFORMATION
3.4 NETWORK COMPONENTS
4. OBSERVATIONS AND RESULTS
4.1 DELAY MEASUREMENT.
4.2 THROUGHPUT MEASUREMENT
4.3 MEMORY UTILIZATION
4.4 CPU UTILIZATION
5. ANALYSIS AND CONCLUSIONS
5.1 DELAY MEASUREMENT
5.2 THROUGHPUT MEASUREMENT
5.3 MEMORY UTILIZATION
5.4 CPU UTILIZATION
5.6 SUGGESTED PERFORMANCE ENHANCEMENTS
5.8 FURTHER WORK
GET THE COMPLETE PROJECT
Impact of Network Address Translation on Router Performance