3.4.1. Network Performance
The following one-to-one tests have been performed by executing an RTI Perftest C++98 Publisher and Subscriber between two nodes, connected to a switch via Ethernet. The communication has been restricted to a single interface and the transport has been set to UDPv4.
These tests are equivalent to the ones performed in the Core Libraries UDPv4 section (Unkeyed, UDPv4 10Gbps Network, C++98), but additionally enabling different Security Profiles. The “Not using security libraries” values in the graphs below are equivalent to the Core Libraries numbers, so you can compare Connext performance with and without the Security Plugins.
Find information about the hardware, network, and command-line parameters after each of the tests.
The graph below shows the one-way latency without load between a Publisher and a Subscriber running in two Linux nodes in a 10Gbps network. The numbers have been taken using strict reliable reliability for all the different Security Profiles (described below).
Note
We use the median (50th percentile) instead of the average in order to get a more stable measurement that does not account for spurious outliers. We also calculate the average value and other percentile values, which can be seen in the Detailed Statistics section below.
Detailed Statistics
The following tables contain the raw numbers presented by RTI Perftest. These numbers are the exact output with no further processing.
Not using security libraries
Sample Size (Bytes)
Ave (μs)
Std (μs)
Min (μs)
Max (μs)
50% (μs)
90% (μs)
99% (μs)
99.99% (μs)
99.9999% (μs)
32
16
1.0
15
71
16
17
20
46
71
64
16
1.1
15
67
16
17
21
46
67
128
17
1.3
16
68
16
17
23
46
68
256
18
1.9
16
74
17
19
26
47
74
512
20
2.9
17
73
19
21
32
49
73
1024
25
5.0
18
74
26
28
42
57
74
2048
29
32.5
20
5003
30
33
44
68
5003
4096
31
18.5
24
4115
30
36
48
67
4115
8192
41
20.0
35
4465
36
57
65
83
4465
16384
85
25.6
45
164
85
123
136
150
164
32768
172
7.1
74
263
173
174
175
203
263
63000
172
15.2
103
215
182
186
188
214
215
No protection
Sample Size (Bytes)
Ave (μs)
Std (μs)
Min (μs)
Max (μs)
50% (μs)
90% (μs)
99% (μs)
99.99% (μs)
99.9999% (μs)
32
16
1.0
15
67
16
17
20
45
67
64
17
1.1
16
64
16
17
20
46
64
128
17
1.2
16
66
17
17
24
46
66
256
17
1.9
16
68
17
19
26
46
68
512
20
3.0
17
69
19
21
33
49
69
1024
25
4.9
18
77
26
29
42
57
77
2048
29
25.4
20
4871
30
33
42
66
4871
4096
31
22.9
24
4781
30
36
47
69
4781
8192
41
22.8
35
4922
36
57
65
83
4922
16384
89
24.6
45
152
82
121
126
143
152
32768
148
17.4
75
206
146
173
176
199
206
63000
172
15.4
102
230
178
186
189
215
230
RTPS Sign
Sample Size (Bytes)
Ave (μs)
Std (μs)
Min (μs)
Max (μs)
50% (μs)
90% (μs)
99% (μs)
99.99% (μs)
99.9999% (μs)
32
20
1.1
19
75
20
20
24
50
75
64
20
1.2
19
71
20
21
26
50
71
128
20
1.2
19
74
20
21
24
50
74
256
21
1.5
20
75
21
23
28
51
75
512
22
2.3
20
92
21
24
30
51
92
1024
26
8.5
22
4419
26
28
44
57
4419
2048
30
8.4
24
4049
30
32
47
65
4049
4096
31
5.5
29
2109
30
32
47
65
2109
8192
46
7.3
40
119
42
56
76
103
119
16384
96
28.4
53
179
96
138
155
167
179
32768
172
16.2
87
231
183
185
187
213
231
63000
203
2.7
127
263
203
204
208
233
263
RTPS Encrypt
Sample Size (Bytes)
Ave (μs)
Std (μs)
Min (μs)
Max (μs)
50% (μs)
90% (μs)
99% (μs)
99.99% (μs)
99.9999% (μs)
32
20
1.2
19
75
20
21
24
50
75
64
21
1.1
20
62
21
21
25
51
62
128
21
1.2
20
76
21
21
26
51
76
256
22
1.7
20
76
21
23
32
51
76
512
23
2.2
21
77
22
25
31
53
77
1024
26
19.8
22
5043
26
28
43
58
5043
2048
30
13.9
25
4609
30
32
45
65
4609
4096
33
6.9
30
2571
31
40
48
65
2571
8192
47
6.9
42
124
44
55
77
104
124
16384
101
29.6
56
190
101
145
165
178
190
32768
181
15.6
93
243
190
191
194
220
243
63000
215
3.2
131
284
215
216
221
246
284
RTPS Sign with Origin Auth, Data Encrypt
Sample Size (Bytes)
Ave (μs)
Std (μs)
Min (μs)
Max (μs)
50% (μs)
90% (μs)
99% (μs)
99.99% (μs)
99.9999% (μs)
32
25
1.2
24
74
25
25
29
54
74
64
25
1.2
24
80
25
26
29
55
80
128
26
1.4
24
81
26
26
33
55
81
256
26
1.5
24
77
26
26
34
56
77
512
27
1.6
25
86
26
28
35
56
86
1024
29
12.4
27
3780
28
30
38
59
3780
2048
32
3.2
30
91
31
35
46
66
91
4096
38
14.1
35
5038
36
42
51
67
5038
8192
51
5.3
48
124
49
56
79
110
124
16384
110
26.2
63
216
102
147
155
173
216
32768
200
3.6
102
239
201
202
204
231
239
63000
230
3.9
152
266
230
232
238
261
266
RTPS Sign, Submessage Encrypt with Origin Auth, Data Encrypt
Sample Size (Bytes)
Ave (μs)
Std (μs)
Min (μs)
Max (μs)
50% (μs)
90% (μs)
99% (μs)
99.99% (μs)
99.9999% (μs)
32
27
1.2
26
85
27
28
31
57
85
64
27
1.3
26
73
27
28
33
57
73
128
28
5.0
26
2800
27
28
32
58
2800
256
28
1.2
27
81
28
29
33
58
81
512
30
8.6
28
4774
29
30
37
60
4774
1024
32
3.0
29
87
31
34
49
61
87
2048
34
8.8
32
4453
34
36
43
66
4453
4096
41
7.5
38
3332
41
42
59
76
3332
8192
58
8.9
53
138
55
61
102
124
138
16384
118
26.1
71
192
111
154
164
185
192
32768
197
18.3
113
247
201
216
220
244
247
63000
256
3.3
173
318
256
257
264
289
318
RTPS Sign, Submessage Encrypt
Sample Size (Bytes)
Ave (μs)
Std (μs)
Min (μs)
Max (μs)
50% (μs)
90% (μs)
99% (μs)
99.99% (μs)
99.9999% (μs)
32
23
1.1
22
77
23
24
27
53
77
64
23
1.4
22
73
23
23
31
53
73
128
24
1.3
22
78
23
24
29
53
78
256
24
1.5
22
78
23
25
31
53
78
512
25
2.5
23
80
24
28
35
54
80
1024
28
10.8
24
4717
27
30
42
59
4717
2048
31
3.5
27
80
30
33
45
65
80
4096
35
7.6
33
3503
34
38
50
66
3503
8192
50
5.9
45
686
47
56
78
111
686
16384
109
33.1
61
203
109
157
176
186
203
32768
184
17.5
95
229
192
200
203
228
229
63000
207
13.2
152
277
203
228
232
259
277
Perftest Scripts
To produce these tests, we executed RTI Perftest for C++98. The script used to execute the tests can be found here:
1#!/bin/bash 2filename=$0 3script_location=$(cd "$(dirname "$filename")" || exit 255; pwd) 4 5export datasizes="32 64 128 256 512 1024 2048 4096 8192 16384 32768 63000" 6export datasizes_extended="${datasizes} 100000 500000 1048576 1548576 4194304 10485760" 7 8export domain="2" 9export exec_time=20 10export num_reps=1 11export instance_number=100000 12export core=0 13 14# We will use some colors to improve visibility of errors and info messages. 15RED='\033[0;31m' 16GREEN='\033[0;32m' 17YELLOW='\033[0;33m' 18BLUE='\033[0;34m' 19LIGHTBLUE='\033[0;36m' 20NC='\033[0m' 21INFO_TAG="${GREEN}[INFO]:${NC}" 22WARNING_TAG="${YELLOW}[WARNING]:${NC}" 23ERROR_TAG="${RED}[ERROR]:${NC}" 24 25################################################################################ 26 27function disable_colors() { 28 export RED="" 29 export GREEN="" 30 export YELLOW="" 31 export NC="" 32 export BLUE="" 33 export LIGHTBLUE="" 34 export INFO_TAG="${GREEN}[INFO]:${NC}" 35 export WARNING_TAG="${YELLOW}[WARNING]:${NC}" 36 export ERROR_TAG="${RED}[ERROR]:${NC}" 37} 38 39function change_domain() { 40 if [[ "$domain" == "1" ]]; then 41 export domain="2" 42 else 43 export domain="1" 44 fi 45} 46 47# Usage: execute_test <keyed/unkeyed> <rel/be> <datasizes> <batchSize> 48function execute_test() { 49 50 local keyed_unkeyed=$1 51 local rel_be=$2 52 local datasizes_test=$3 53 local other_args=$4 54 local name_suffix=$5 55 56 local commands_string_test=$commands_string 57 local tag="" 58 59 if [[ "${keyed_unkeyed}" == "keyed" ]]; then 60 commands_string_test="${commands_string_test} -keyed -instances $instance_number" 61 tag="[${YELLOW}${transport}${NC}|${BLUE}K${NC}|" 62 else 63 tag="[${YELLOW}${transport}${NC}|${LIGHTBLUE}UK${NC}|" 64 fi 65 66 if [[ "${rel_be}" == "be" ]]; then 67 commands_string_test="${commands_string_test} -bestEffort" 68 tag="${tag}${YELLOW}BE${NC}]" 69 else 70 tag="${tag}${RED}REL${NC}]" 71 fi 72 73 tag="${tag}[${LIGHTBLUE}${lat_thr}${NC}]" 74 75 local output_file=$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}.csv 76 77 if [[ "$role" == "pub" ]]; then 78 echo -e "${YELLOW}[TEST]: $keyed_unkeyed, $rel_be, Is a no-batching test = $no_batching_tests. ${NC}" 79 fi 80 81 if [[ "$NO_TASKSET" == "" ]]; then 82 if [[ "$LANGUAGE" != "java" && "$LANGUAGE" != "cs" ]]; then 83 export pre_command_string="taskset -c $core" 84 fi 85 fi 86 87 if [[ "$LANGUAGE" == "python" ]]; then 88 export pre_command_string="python3 " 89 fi 90 91 if [[ "$DOCKER" == "1" ]]; then 92 export pre_command_string="taskset -c $core docker run --net=host -v /home/perfuser/rti_license_connextpro.dat:/opt/rti.com/rti_connext_dds-7.3.0/rti_license.dat rticom/perftest:7.3.0-EAR " 93 executable="" 94 fi 95 96 # Get the aprox time this will take: 97 total_tests=$((`wc -w <<< "$datasizes_test"` * num_reps)) 98 total_time=$((total_tests * exec_time)) 99 100 touch $output_file 101 local no_headers="" 102 local current_test=0 103 for index in $(seq 1 ${num_reps}); do 104 for DATALEN in ${datasizes_test}; do 105 current_test=$((current_test + 1)) 106 export command="$pre_command_string $executable -domain $domain -dataLen $DATALEN $commands_string_test $other_args $no_headers" 107 if [[ "$role" == "pub" ]]; then 108 echo -e "Test ${tag} (${current_test}/${total_tests}) -- Total time = ${total_time}s" 109 echo -e ${BLUE}$command${NC} 110 else 111 echo -e ${LIGHTBLUE}$command${NC} 112 fi 113 if [[ "$LANGUAGE" == "cs" && "$role" == "pub" ]]; then 114 sleep 3 115 fi 116 if [[ "$raw" == "1" && "$role" == "sub" ]]; then 117 sleep 5 118 fi 119 if [[ "${get_netstat_info}" == "1" ]]; then 120 echo -e "${INFO_TAG} Getting netstat info before" 121 netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt 122 fi 123 eval $command >> $output_file; 124 if [[ "${get_netstat_info}" == "1" ]]; then 125 echo -e "${INFO_TAG} Getting netstat info after" 126 netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt 127 touch "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv" 128 python3 $script_location/../../../tools/diff_netstat_output.py \ 129 -n $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt \ 130 -o $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt \ 131 -d $DATALEN $no_header_netstat \ 132 -csv >> "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv" 133 rm -rf $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_*.txt 134 no_header_netstat=" -nh" 135 fi 136 no_headers=" -noOutputHeaders" 137 138 change_domain 139 done 140 done 141} 142 143################################################################################ 144# PARSE COMMAND LINE OPTIONS: 145 146while [ "$1" != "" ]; do 147 case $1 in 148 --executable) 149 executable=$2 150 shift 151 ;; 152 --docker) 153 DOCKER="1" 154 ;; 155 --output-folder) 156 output_folder=$2 157 shift 158 ;; 159 --sub-folder) 160 sub_folder=$2 161 shift 162 ;; 163 --role) 164 export role=$2 165 shift 166 ;; 167 --core) 168 export core=$2 169 shift 170 ;; 171 --test-kind) 172 export lat_thr=$2 173 shift 174 ;; 175 --interface1) 176 export interface=$2 177 shift 178 ;; 179 --interface2) 180 export interface2=$2 181 shift 182 ;; 183 --ip1) 184 export ip1=$2 185 shift 186 ;; 187 --ip2) 188 export ip2=$2 189 shift 190 ;; 191 --repetitions) 192 export num_reps=$2 193 shift 194 ;; 195 --domain) 196 export domain=$2 197 shift 198 ;; 199 --execution-time) 200 export exec_time=$2 201 shift 202 ;; 203 --transport) 204 export transport=$2 205 shift 206 ;; 207 --datalen) 208 export datalen_input=$2 209 shift 210 ;; 211 --file-suffix) 212 export file_suffix=$2 213 shift 214 ;; 215 --executable-suffix) 216 export executable_suffix=$2 217 shift 218 ;; 219 --extra-arguments) 220 export extra_arguments=$2 221 shift 222 ;; 223 --extra-arguments-pub) 224 export extra_arguments_pub=$2 225 shift 226 ;; 227 --extra-arguments-sub) 228 export extra_arguments_sub=$2 229 shift 230 ;; 231 --skip-no-batching) 232 export skip_no_batching="1" 233 ;; 234 --skip-be) 235 export skip_be_tests="1" 236 ;; 237 --skip-rel) 238 export skip_rel_tests="1" 239 ;; 240 --skip-keyed) 241 export skip_keyed_data="1" 242 ;; 243 --skip-large-data) 244 export skip_large_data="1" 245 ;; 246 --large-data) 247 export large_data="1" 248 ;; 249 --keyed) 250 export skip_unkeyed="1" 251 ;; 252 --unkeyed) 253 export skip_keyed_data="1" 254 ;; 255 --no-batching | --skip-batching) 256 export no_batching_only="1" 257 ;; 258 --reliable) 259 export skip_be_tests="1" 260 ;; 261 --best-effort) 262 export skip_rel_tests="1" 263 ;; 264 --security-gov) 265 export security_only="$2" 266 shift 267 ;; 268 --micro) 269 export micro="1" 270 ;; 271 --cert) 272 export cert="1" 273 ;; 274 --raw | --raw-transport) 275 export raw="1" 276 ;; 277 --tss) 278 export tss="1" 279 ;; 280 --no-colors) 281 export NO_COLORS="1" 282 ;; 283 --language) 284 export LANGUAGE=$2 285 shift 286 ;; 287 --loss-rate) 288 export loss_rate=$2 289 shift 290 ;; 291 --get-netstat-info | --netstat) 292 export get_netstat_info="1" 293 ;; 294 --no-taskset) 295 export NO_TASKSET="1" 296 ;; 297 --reduced-data-sizes-set) 298 export REDUCED_DATA_SIZES_SET="1" 299 ;; 300 *) 301 echo -e "unknown parameter \"$1\"" 302 exit 255 303 ;; 304 esac 305 shift 306done 307 308if [[ "$NO_COLORS" == "1" ]]; then 309 disable_colors 310fi 311 312export folder_base="$(dirname "${executable}")"/../../.. 313 314if [[ $LANGUAGE == "java" || "$LANGUAGE" == "cs" ]]; then 315 export folder_base="$(dirname "${executable}")"/../.. 316fi 317if [[ $tss == "1" ]]; then 318 export folder_base="$(dirname "${executable}")"/../../../../.. 319fi 320 321if [[ "${executable_suffix}" != "" ]]; then 322 export executable="${executable}${executable_suffix}" 323fi 324 325if [[ "${sub_folder}" != "" ]]; then 326 export output_folder="${output_folder}/${sub_folder}" 327fi 328 329echo -e "${INFO_TAG} Perftest executable is: $executable" 330echo -e "${INFO_TAG} Output folder is: $output_folder" 331 332################################################################################ 333 334if [[ "$LANGUAGE" == "python" ]]; then 335 export skip_keyed_data="1" 336 export skip_large_data="1" 337 export skip_be_tests="1" 338 export skip_no_batching="1" 339fi 340 341if [[ "${skip_large_data}" == "1" ]]; then 342 export datasizes_extended=${datasizes} 343elif [[ "${large_data}" == "1" ]]; then 344 export datasizes=${datasizes_extended} 345fi 346 347if [[ "${datalen_input}" != "" ]]; then 348 echo -e "${YELLOW}[TEST] Testing only for ${datalen_input}${NC}" 349 export datasizes=${datalen_input} 350 export datasizes_extended=${datalen_input} 351 if [[ "${no_batching_only}" != "1" ]]; then 352 export skip_large_data="1" 353 fi 354else 355 if [[ "${REDUCED_DATA_SIZES_SET}" != "" ]]; then 356 echo -e "${YELLOW}[TEST] Testing Reduced set of datasizes ${NC}" 357 export datasizes="32 128 512 2048 8192 32768 63000" 358 export datasizes_extended="${datasizes} 102400 1048576 10485760" 359 fi 360fi 361 362if [[ "$role" != "pub" && "$role" != "sub" ]]; then 363 echo -e "${ERROR_TAG} It must be either publisher or subscriber" 364 exit 255 365fi 366 367if [[ "$lat_thr" != "thr" && "$lat_thr" != "lat" ]]; then 368 echo -e "${ERROR_TAG} It must be either lat or thr" 369 exit 255 370fi 371 372if [[ "${interface}" == "" ]]; then 373 echo "Using default nics" 374 export nic_publisher=${ip_machine_1} 375 export nic_subscriber=${ip_machine_2} 376elif [[ "${interface}" == "both" ]]; then 377 export nic_publisher="enp1s0f0,eno1" 378 export nic_subscriber="enp1s0f0,eno1" 379 echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}" 380 echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}" 381else 382 export nic_publisher=$interface 383 echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}" 384 385 if [[ "${interface2}" == "" ]]; then 386 export nic_subscriber=$interface 387 else 388 export nic_subscriber=$interface2 389 fi 390 echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}" 391 392 if [[ "${ip1}" != "" ]]; then 393 export ip_publisher=$ip1 394 echo "Using ip_publisher: ${ip_publisher}" 395 fi 396 397 if [[ "${ip2}" != "" ]]; then 398 export ip_subscriber=$ip2 399 echo "Using ip_subscriber: ${ip_subscriber}" 400 fi 401 402fi 403 404export transport_string="-transport $transport" 405 406if [[ "$transport" == "UDPv4" ]]; then 407 408 export transport_string_pub="$transport_string -nic $nic_publisher" 409 export transport_string_sub="$transport_string -nic $nic_subscriber" 410 411 if [[ "$micro" == "1" || "$raw" == "1" || "$cert" == "1" ]]; then 412 export transport_string_pub="$transport_string_pub -peer ${ip_subscriber}" 413 export transport_string_sub="$transport_string_sub -peer ${ip_publisher}" 414 fi 415 416elif [[ "$transport" == "TCP" ]]; then 417 export transport_string_pub="$transport_string \ 418 -nic $nic_publisher \ 419 -peer 0@tcpv4_lan://${ip_subscriber}:7400" 420 export transport_string_sub="$transport_string \ 421 -nic $nic_subscriber \ 422 -peer 0@tcpv4_lan://${ip_publisher}:7400" 423elif [[ "$transport" == "TLS" ]]; then 424 export transport_string_pub="$transport_string \ 425 -nic $nic_publisher \ 426 -peer tlsv4_lan://${ip_subscriber}:7400" 427 export transport_string_sub="$transport_string \ 428 -nic $nic_subscriber \ 429 -peer tlsv4_lan://${ip_publisher}:7400" 430elif [[ "$transport" == "UDPv4_WAN" ]]; then 431 export transport_string_pub="$transport_string \ 432 -nic $nic_publisher \ 433 -transportPublicAddress $ip_publisher:7400" 434 export transport_string_sub="$transport_string \ 435 -nic $nic_subscriber \ 436 -peer 0@udpv4_wan://${ip_publisher}:7400" 437else 438 export transport_string_pub="$transport_string" 439 export transport_string_sub="$transport_string" 440fi 441 442################################################################################ 443 444export pub_string="-pub \ 445 ${transport_string_pub} \ 446 -noPrintIntervals \ 447 -executionTime $exec_time" 448 449if [[ ${lat_thr} == "lat" ]]; then 450 export pub_string="$pub_string \ 451 -latencyTest" 452fi 453 454export sub_string="-sub \ 455 ${transport_string_sub} \ 456 -noPrintIntervals" 457 458if [[ "$role" == "pub" ]]; then 459 echo -e "$INFO_TAG Publisher side running" 460 export commands_string=${pub_string} 461 export extra_arguments="${extra_arguments} ${extra_arguments_pub}" 462else 463 echo -e "$INFO_TAG Subscriber side running" 464 export commands_string=${sub_string} 465 export extra_arguments="${extra_arguments} ${extra_arguments_sub}" 466fi 467 468############################################################################### 469 470echo -e "${INFO_TAG} Executing: /set_${lat_thr}_mode.sh" 471sudo /set_${lat_thr}_mode.sh 472sleep 5 473 474echo -e "${INFO_TAG} Disabling any loss rate" 475sudo tc qdisc add dev $nic_publisher root netem loss 0% 476sudo tc qdisc del dev $nic_publisher root netem loss 0% 477 478if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then 479 echo -e "${INFO_TAG} Setting loss rate to ${loss_rate}%" 480 sudo tc qdisc add dev $nic_publisher root netem loss $loss_rate% 481fi 482 483cd $folder_base 484echo -e "${INFO_TAG} Folder Base is: $PWD" 485mkdir -p $output_folder 486 487# Tests that may use batching (when doing throughput tests) 488if [[ ${no_batching_only} != "1" ]]; then 489 490 # UNKEYED 491 if [[ "${skip_unkeyed}" == "" ]]; then 492 493 # RELIABLE 494 if [[ "${skip_rel_tests}" == "" ]]; then 495 execute_test "unkeyed" "rel" "${datasizes_extended}" "${extra_arguments}" "$file_suffix" 496 fi 497 498 # BEST EFFORT 499 if [[ "${skip_be_tests}" == "" ]]; then 500 execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix" 501 fi 502 fi 503 504 # KEYED 505 if [[ "${skip_keyed_data}" == "" ]]; then 506 507 # RELIABLE 508 if [[ "${skip_rel_tests}" == "" ]]; then 509 execute_test "keyed" "rel" "${datasizes}" "${extra_arguments}" "$file_suffix" 510 fi 511 512 # BEST EFFORT 513 if [[ "${skip_be_tests}" == "" ]]; then 514 execute_test "keyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix" 515 fi 516 fi 517 518fi 519 520if [[ "${skip_no_batching}" == "" || "${no_batching_only}" == "1" ]]; then 521 no_batching_tests="1" 522fi 523 524# Tests that will not use batching 525if [[ "${lat_thr}" == "thr" && "${no_batching_tests}" == "1" ]]; then 526 527 if [[ "$role" == "pub" ]]; then 528 export commands_string="${commands_string} -batchSize 0" 529 fi 530 531 # UNKEYED 532 if [[ "${skip_unkeyed}" == "" ]]; then 533 534 # RELIABLE 535 if [[ "${skip_rel_tests}" == "" ]]; then 536 execute_test "unkeyed" "rel" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 537 fi 538 539 # BEST EFFORT 540 if [[ "${skip_be_tests}" == "" ]]; then 541 execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 542 fi 543 fi 544 545 # KEYED 546 if [[ "${skip_keyed_data}" == "" ]]; then 547 548 # RELIABLE 549 if [[ "${skip_rel_tests}" == "" ]]; then 550 execute_test "keyed" "rel" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 551 fi 552 553 # BEST EFFORT 554 if [[ "${skip_be_tests}" == "" ]]; then 555 execute_test "keyed" "be" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 556 fi 557 fi 558 559fi 560 561if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then 562 echo -e "${INFO_TAG} Disabling loss rate" 563 sudo tc qdisc del dev $nic_publisher root netem loss $loss_rate% 564fi1#!/bin/bash 2filename=$0 3script_location=$(cd "$(dirname "$filename")" || exit 255; pwd) 4 5export input_params=$@ 6 7while [ "$1" != "" ]; do 8 case $1 in 9 --executable) 10 executable=$2 11 shift 12 ;; 13 --security-gov) 14 export security_only=$2 15 shift 16 ;; 17 --ci) 18 export CI="1" 19 ;; 20 *) 21 ;; 22 esac 23 shift 24done 25 26echo $security_only 27 28export folder_base="$(dirname "${executable}")"/../../.. 29export PATH_TO_GOVERNANCE_FILES_FOLDER=$folder_base/resource/secure 30 31if [[ "${CI}" == "" ]]; then 32 33 if [[ "${security_only}" == "none" || "${security_only}" == "" ]]; then 34 echo -e "[Calling base_script/script.sh] -- No Security" 35 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 36 --skip-no-batching --skip-be --skip-large-data \ 37 --file-suffix "_security_none" 38 sleep 5; 39 fi 40 41 if [[ "${security_only}" == "rtps_sign" || "${security_only}" == "" ]]; then 42 echo -e "[Calling base_script/script.sh] -- RTPS Sign" 43 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 44 --skip-no-batching --skip-be --skip-large-data \ 45 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSign.xml " \ 46 --file-suffix "_security_rtps_sign" 47 fi 48 49 if [[ "${security_only}" == "rtps_sign_submessage_encrypt" || "${security_only}" == "" ]]; then 50 echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt" 51 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 52 --skip-no-batching --skip-be --skip-large-data \ 53 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_SignEncryptSubmessage.xml " \ 54 --file-suffix "_security_rtps_sign_submessage_encrypt" 55 fi 56 57fi 58 59if [[ "${security_only}" == "no_protection" || "${security_only}" == "" ]]; then 60 echo -e "[Calling base_script/script.sh] -- No Protection" 61 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 62 --skip-no-batching --skip-be --skip-large-data \ 63 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_.xml " \ 64 --file-suffix "_security_no_protection" 65fi 66 67if [[ "${security_only}" == "rtps_encrypt" || "${security_only}" == "" ]]; then 68 echo -e "[Calling base_script/script.sh] -- RTPS Encrypt" 69 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 70 --skip-no-batching --skip-be --skip-large-data \ 71 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSEncrypt.xml " \ 72 --file-suffix "_security_rtps_encrypt" 73fi 74 75if [[ "${security_only}" == "rtps_sign_submessage_encrypt_orig_data_encrypt" || "${security_only}" == "" ]]; then 76 echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt with original auth, Data Encrypt" 77 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 78 --skip-no-batching --skip-be --skip-large-data \ 79 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignEncryptSubmessageWithOrigAuthEncryptData.xml " \ 80 --file-suffix "_security_rtps_sign_submessage_encrypt_orig_data_encrypt" 81fi 82 83if [[ "${security_only}" == "rtps_sign_orig_data_encrypt" || "${security_only}" == "" ]]; then 84 echo -e "[Calling base_script/script.sh] -- RTPS Sign with Original auth, Data Encrypt" 85 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 86 --skip-no-batching --skip-be --skip-large-data \ 87 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignWithOrigAuthEncryptData.xml " \ 88 --file-suffix "_security_rtps_sign_orig_data_encrypt" 89 sleep 5; 90fiSecurity Profiles
To test different levels of security, we have selected a well-known set of configurations. These configurations have been defined in the
Governancefiles used by RTI Perftest. With these configurations, we have tested the minimum latency and maximum throughput achievable in different scenarios. The scenarios are described below.The profiles we have used are the following:
Not using security libraries
In this scenario, RTI Security Plugins is not being used, therefore the performance is the same as what the Core Libraries provide in Unkeyed, UDPv4 10Gbps Network, C++98.
No protection
In this scenario, Security Plugins are enabled but no protection is provided at any level. This, as well as the previous scenario, is used as a way to calibrate the impact of using Security Plugins even when no security measures are applied.
The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>TRUE</allow_unauthenticated_participants> <enable_join_access_control>FALSE</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>NONE</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>FALSE</enable_discovery_protection> <enable_read_access_control>FALSE</enable_read_access_control> <enable_write_access_control>FALSE</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign’
This scenario sets the
rtps_protection_kindtoSIGN. This configuration provides protection against outsiders at the lowest cost.The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Encrypt’
This scenario sets the
rtps_protection_kindtoENCRYPT. This configuration is similar to the protectionTLSprovides.The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>ENCRYPT</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign with Origin Authentication’ and Data ‘Encrypt’
This scenario sets the
rtps_protection_kindtoSIGN_WITH_ORIGIN_AUTHENTICATION. It also sets thedata_protection_kindtoENCRYPT. This configuration is the common choice for intra-domain protection and confidentiality.The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN_WITH_ORIGIN_AUTHENTICATION</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>ENCRYPT</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign,’ Submessage ‘Encrypt with Origin Authentication,’ and Data ‘Encrypt’
This scenario sets the
rtps_protection_kindtoSIGN. It also sets thedata_protection_kindtoENCRYPTand themetadata_protection_kindtoENCRYPT_WITH_ORIGIN_AUTHENTICATION. This configuration offers the most robust protection.The governance profile used in this scenario is the following:
<?xml version="1.0" encoding="UTF-8"?> <dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>ENCRYPT_WITH_ORIGINAL_AUTHENTICATION</metadata_protection_kind> <data_protection_kind>ENCRYPT</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign,’ Submessage ‘Encrypt’
This scenario sets the
rtps_protection_kindtoSIGN. It also sets themetadata_protection_kindtoENCRYPT. This configuration allows user data confidentiality (with insiders protection) while keeping Wireshark capabilities.The governance profile used in this scenario is the following:
<?xml version="1.0" encoding="UTF-8"?> <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="dds_security_governance.xsd"> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>ENCRYPT_WITH_ORIGIN_AUTHENTICATION</metadata_protection_kind> <data_protection_kind>ENCRYPT</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
Test Software
The following software was used to perform these tests:
RTI Connext DDS 6.1.2 Host and Target Libraries for x64 Linux (x64Linux4gcc7.3.0)
Test Hardware
The following hardware was used to perform these tests: .. include:: ../../../../hardware/hq_performance_linux_lab.rst .. raw:: html
The graph below shows the expected throughput behavior when performing a 1-1 communication between two Linux nodes in a 10Gbps network. The numbers have been taken using strict reliable reliability for all the different Security Profiles (described below).
Note
By default, RTI Perftest enables batching when performing a Maximum Throughput test. The batching feature allows sending more than one data sample per RTPS packet, improving network performance for small data sizes. See the RTI Connext DDS Core Libraries User’s Manual for more information on batching.
The batch maximum size is set by RTI Perftest to be 8192 bytes; after 8192 bytes, batching is not enabled.
Detailed Statistics
This table contains the raw numbers presented by RTI Perftest. These numbers are the exact output with no further processing.
Not using security libraries
Sample Size (Bytes)
Total Samples
Avg Samples/s
Avg Mbps
Lost Samples
Lost Samples (%)
32
95668781
4778494
1223.3
0
0.00
64
86825598
4335622
2219.8
0
0.00
128
73688400
3679707
3768.0
0
0.00
256
54660881
2729977
5591.0
0
0.00
512
36347040
1815429
7436.0
0
0.00
1024
21574672
1077416
8826.2
0
0.00
2048
11373452
568042
9306.8
0
0.00
4096
5983444
299068
9799.9
0
0.00
8192
3005185
150215
9844.5
0
0.00
16384
1508806
75432
9887.0
0
0.00
32768
756049
37797
9908.4
0
0.00
63000
393534
19674
9915.8
0
0.00
No protection
Sample Size (Bytes)
Total Samples
Avg Samples/s
Avg Mbps
Lost Samples
Lost Samples (%)
32
96016519
4794779
1227.5
0
0.00
64
87084160
4348408
2226.4
0
0.00
128
73603557
3676128
3764.4
0
0.00
256
53606560
2677110
5482.7
0
0.00
512
36503472
1823155
7467.6
0
0.00
1024
21677072
1082547
8868.2
0
0.00
2048
11926704
595692
9759.8
0
0.00
4096
5983126
299063
9799.7
0
0.00
8192
3005032
150207
9844.0
0
0.00
16384
1508821
75432
9887.1
0
0.00
32768
756038
37797
9908.3
0
0.00
63000
393538
19674
9915.8
0
0.00
RTPS Sign
Sample Size (Bytes)
Total Samples
Avg Samples/s
Avg Mbps
Lost Samples
Lost Samples (%)
32
91668212
4577690
1171.9
0
0.00
64
80921985
4040753
2068.9
0
0.00
128
65313414
3261372
3339.6
0
0.00
256
46962401
2345370
4803.3
0
0.00
512
29583056
1477519
6051.9
0
0.00
1024
17150576
856595
7017.2
0
0.00
2048
9152587
457072
7488.7
0
0.00
4096
4745587
237001
7766.1
0
0.00
8192
2621403
130917
8579.8
0
0.00
16384
1502571
75104
9844.2
0
0.00
32768
754474
37715
9886.8
0
0.00
63000
393126
19651
9904.6
0
0.00
RTPS Encrypt
Sample Size (Bytes)
Total Samples
Avg Samples/s
Avg Mbps
Lost Samples
Lost Samples (%)
32
90922718
4540468
1162.4
0
0.00
64
79385152
3963964
2029.5
0
0.00
128
63183808
3155018
3230.7
0
0.00
256
44229281
2208858
4523.7
0
0.00
512
27289777
1363024
5582.9
0
0.00
1024
15768456
787586
6451.9
0
0.00
2048
8543716
426699
6991.0
0
0.00
4096
4410028
220252
7217.2
0
0.00
8192
2459778
122845
8050.8
0
0.00
16384
1501956
75067
9839.3
0
0.00
32768
754347
37705
9884.3
0
0.00
63000
393099
19649
9903.3
0
0.00
RTPS Sign with Origin Auth, Data Encrypt
Sample Size (Bytes)
Total Samples
Avg Samples/s
Avg Mbps
Lost Samples
Lost Samples (%)
32
31568872
1576458
403.6
0
0.00
64
29564754
1476372
755.9
0
0.00
128
27178788
1357209
1389.8
0
0.00
256
21591613
1078358
2208.5
0
0.00
512
15496846
774058
3170.5
0
0.00
1024
10190237
508958
4169.4
0
0.00
2048
5437426
271578
4449.5
0
0.00
4096
2031633
101468
3324.9
0
0.00
8192
1735939
86699
5681.9
0
0.00
16384
1301380
64995
8519.1
0
0.00
32768
753221
37640
9867.3
0
0.00
63000
392786
19631
9894.3
0
0.00
RTPS Sign, Submessage Encrypt with Origin Auth, Data Encrypt
Sample Size (Bytes)
Total Samples
Avg Samples/s
Avg Mbps
Lost Samples
Lost Samples (%)
32
31375740
1566783
401.1
0
0.00
64
29125372
1454398
744.7
0
0.00
128
25691501
1282952
1313.7
0
0.00
256
20368265
1017187
2083.2
0
0.00
512
14250089
711711
2915.2
0
0.00
1024
9199205
459485
3764.1
0
0.00
2048
4604290
229967
3767.8
0
0.00
4096
1779096
88840
2911.1
0
0.00
8192
1468215
73347
4806.9
0
0.00
16384
1050849
52497
6881.0
0
0.00
32768
693127
34627
9077.3
0
0.00
63000
392529
19610
9883.9
0
0.00
RTPS Sign, Submessage Encrypt
Sample Size (Bytes)
Total Samples
Avg Samples/s
Avg Mbps
Lost Samples
Lost Samples (%)
32
88310248
4409938
1128.9
0
0.00
64
74502291
3720218
1904.8
0
0.00
128
57889664
2890686
2960.1
0
0.00
256
40044455
1999733
4095.5
0
0.00
512
24524000
1225671
5020.3
0
0.00
1024
13612016
679847
5569.3
0
0.00
2048
7391560
369179
6048.6
0
0.00
4096
3813037
190441
6240.4
0
0.00
8192
2066962
103229
6765.3
0
0.00
16384
1459187
72877
9552.2
0
0.00
32768
753222
37643
9868.1
0
0.00
63000
392781
19632
9894.7
0
0.00
Perftest Scripts
To produce these tests, we executed RTI Perftest for C++98. The script used to execute the tests can be found here:
1#!/bin/bash 2filename=$0 3script_location=$(cd "$(dirname "$filename")" || exit 255; pwd) 4 5export datasizes="32 64 128 256 512 1024 2048 4096 8192 16384 32768 63000" 6export datasizes_extended="${datasizes} 100000 500000 1048576 1548576 4194304 10485760" 7 8export domain="2" 9export exec_time=20 10export num_reps=1 11export instance_number=100000 12export core=0 13 14# We will use some colors to improve visibility of errors and info messages. 15RED='\033[0;31m' 16GREEN='\033[0;32m' 17YELLOW='\033[0;33m' 18BLUE='\033[0;34m' 19LIGHTBLUE='\033[0;36m' 20NC='\033[0m' 21INFO_TAG="${GREEN}[INFO]:${NC}" 22WARNING_TAG="${YELLOW}[WARNING]:${NC}" 23ERROR_TAG="${RED}[ERROR]:${NC}" 24 25################################################################################ 26 27function disable_colors() { 28 export RED="" 29 export GREEN="" 30 export YELLOW="" 31 export NC="" 32 export BLUE="" 33 export LIGHTBLUE="" 34 export INFO_TAG="${GREEN}[INFO]:${NC}" 35 export WARNING_TAG="${YELLOW}[WARNING]:${NC}" 36 export ERROR_TAG="${RED}[ERROR]:${NC}" 37} 38 39function change_domain() { 40 if [[ "$domain" == "1" ]]; then 41 export domain="2" 42 else 43 export domain="1" 44 fi 45} 46 47# Usage: execute_test <keyed/unkeyed> <rel/be> <datasizes> <batchSize> 48function execute_test() { 49 50 local keyed_unkeyed=$1 51 local rel_be=$2 52 local datasizes_test=$3 53 local other_args=$4 54 local name_suffix=$5 55 56 local commands_string_test=$commands_string 57 local tag="" 58 59 if [[ "${keyed_unkeyed}" == "keyed" ]]; then 60 commands_string_test="${commands_string_test} -keyed -instances $instance_number" 61 tag="[${YELLOW}${transport}${NC}|${BLUE}K${NC}|" 62 else 63 tag="[${YELLOW}${transport}${NC}|${LIGHTBLUE}UK${NC}|" 64 fi 65 66 if [[ "${rel_be}" == "be" ]]; then 67 commands_string_test="${commands_string_test} -bestEffort" 68 tag="${tag}${YELLOW}BE${NC}]" 69 else 70 tag="${tag}${RED}REL${NC}]" 71 fi 72 73 tag="${tag}[${LIGHTBLUE}${lat_thr}${NC}]" 74 75 local output_file=$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}.csv 76 77 if [[ "$role" == "pub" ]]; then 78 echo -e "${YELLOW}[TEST]: $keyed_unkeyed, $rel_be, Is a no-batching test = $no_batching_tests. ${NC}" 79 fi 80 81 if [[ "$NO_TASKSET" == "" ]]; then 82 if [[ "$LANGUAGE" != "java" && "$LANGUAGE" != "cs" ]]; then 83 export pre_command_string="taskset -c $core" 84 fi 85 fi 86 87 if [[ "$LANGUAGE" == "python" ]]; then 88 export pre_command_string="python3 " 89 fi 90 91 if [[ "$DOCKER" == "1" ]]; then 92 export pre_command_string="taskset -c $core docker run --net=host -v /home/perfuser/rti_license_connextpro.dat:/opt/rti.com/rti_connext_dds-7.3.0/rti_license.dat rticom/perftest:7.3.0-EAR " 93 executable="" 94 fi 95 96 # Get the aprox time this will take: 97 total_tests=$((`wc -w <<< "$datasizes_test"` * num_reps)) 98 total_time=$((total_tests * exec_time)) 99 100 touch $output_file 101 local no_headers="" 102 local current_test=0 103 for index in $(seq 1 ${num_reps}); do 104 for DATALEN in ${datasizes_test}; do 105 current_test=$((current_test + 1)) 106 export command="$pre_command_string $executable -domain $domain -dataLen $DATALEN $commands_string_test $other_args $no_headers" 107 if [[ "$role" == "pub" ]]; then 108 echo -e "Test ${tag} (${current_test}/${total_tests}) -- Total time = ${total_time}s" 109 echo -e ${BLUE}$command${NC} 110 else 111 echo -e ${LIGHTBLUE}$command${NC} 112 fi 113 if [[ "$LANGUAGE" == "cs" && "$role" == "pub" ]]; then 114 sleep 3 115 fi 116 if [[ "$raw" == "1" && "$role" == "sub" ]]; then 117 sleep 5 118 fi 119 if [[ "${get_netstat_info}" == "1" ]]; then 120 echo -e "${INFO_TAG} Getting netstat info before" 121 netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt 122 fi 123 eval $command >> $output_file; 124 if [[ "${get_netstat_info}" == "1" ]]; then 125 echo -e "${INFO_TAG} Getting netstat info after" 126 netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt 127 touch "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv" 128 python3 $script_location/../../../tools/diff_netstat_output.py \ 129 -n $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt \ 130 -o $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt \ 131 -d $DATALEN $no_header_netstat \ 132 -csv >> "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv" 133 rm -rf $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_*.txt 134 no_header_netstat=" -nh" 135 fi 136 no_headers=" -noOutputHeaders" 137 138 change_domain 139 done 140 done 141} 142 143################################################################################ 144# PARSE COMMAND LINE OPTIONS: 145 146while [ "$1" != "" ]; do 147 case $1 in 148 --executable) 149 executable=$2 150 shift 151 ;; 152 --docker) 153 DOCKER="1" 154 ;; 155 --output-folder) 156 output_folder=$2 157 shift 158 ;; 159 --sub-folder) 160 sub_folder=$2 161 shift 162 ;; 163 --role) 164 export role=$2 165 shift 166 ;; 167 --core) 168 export core=$2 169 shift 170 ;; 171 --test-kind) 172 export lat_thr=$2 173 shift 174 ;; 175 --interface1) 176 export interface=$2 177 shift 178 ;; 179 --interface2) 180 export interface2=$2 181 shift 182 ;; 183 --ip1) 184 export ip1=$2 185 shift 186 ;; 187 --ip2) 188 export ip2=$2 189 shift 190 ;; 191 --repetitions) 192 export num_reps=$2 193 shift 194 ;; 195 --domain) 196 export domain=$2 197 shift 198 ;; 199 --execution-time) 200 export exec_time=$2 201 shift 202 ;; 203 --transport) 204 export transport=$2 205 shift 206 ;; 207 --datalen) 208 export datalen_input=$2 209 shift 210 ;; 211 --file-suffix) 212 export file_suffix=$2 213 shift 214 ;; 215 --executable-suffix) 216 export executable_suffix=$2 217 shift 218 ;; 219 --extra-arguments) 220 export extra_arguments=$2 221 shift 222 ;; 223 --extra-arguments-pub) 224 export extra_arguments_pub=$2 225 shift 226 ;; 227 --extra-arguments-sub) 228 export extra_arguments_sub=$2 229 shift 230 ;; 231 --skip-no-batching) 232 export skip_no_batching="1" 233 ;; 234 --skip-be) 235 export skip_be_tests="1" 236 ;; 237 --skip-rel) 238 export skip_rel_tests="1" 239 ;; 240 --skip-keyed) 241 export skip_keyed_data="1" 242 ;; 243 --skip-large-data) 244 export skip_large_data="1" 245 ;; 246 --large-data) 247 export large_data="1" 248 ;; 249 --keyed) 250 export skip_unkeyed="1" 251 ;; 252 --unkeyed) 253 export skip_keyed_data="1" 254 ;; 255 --no-batching | --skip-batching) 256 export no_batching_only="1" 257 ;; 258 --reliable) 259 export skip_be_tests="1" 260 ;; 261 --best-effort) 262 export skip_rel_tests="1" 263 ;; 264 --security-gov) 265 export security_only="$2" 266 shift 267 ;; 268 --micro) 269 export micro="1" 270 ;; 271 --cert) 272 export cert="1" 273 ;; 274 --raw | --raw-transport) 275 export raw="1" 276 ;; 277 --tss) 278 export tss="1" 279 ;; 280 --no-colors) 281 export NO_COLORS="1" 282 ;; 283 --language) 284 export LANGUAGE=$2 285 shift 286 ;; 287 --loss-rate) 288 export loss_rate=$2 289 shift 290 ;; 291 --get-netstat-info | --netstat) 292 export get_netstat_info="1" 293 ;; 294 --no-taskset) 295 export NO_TASKSET="1" 296 ;; 297 --reduced-data-sizes-set) 298 export REDUCED_DATA_SIZES_SET="1" 299 ;; 300 *) 301 echo -e "unknown parameter \"$1\"" 302 exit 255 303 ;; 304 esac 305 shift 306done 307 308if [[ "$NO_COLORS" == "1" ]]; then 309 disable_colors 310fi 311 312export folder_base="$(dirname "${executable}")"/../../.. 313 314if [[ $LANGUAGE == "java" || "$LANGUAGE" == "cs" ]]; then 315 export folder_base="$(dirname "${executable}")"/../.. 316fi 317if [[ $tss == "1" ]]; then 318 export folder_base="$(dirname "${executable}")"/../../../../.. 319fi 320 321if [[ "${executable_suffix}" != "" ]]; then 322 export executable="${executable}${executable_suffix}" 323fi 324 325if [[ "${sub_folder}" != "" ]]; then 326 export output_folder="${output_folder}/${sub_folder}" 327fi 328 329echo -e "${INFO_TAG} Perftest executable is: $executable" 330echo -e "${INFO_TAG} Output folder is: $output_folder" 331 332################################################################################ 333 334if [[ "$LANGUAGE" == "python" ]]; then 335 export skip_keyed_data="1" 336 export skip_large_data="1" 337 export skip_be_tests="1" 338 export skip_no_batching="1" 339fi 340 341if [[ "${skip_large_data}" == "1" ]]; then 342 export datasizes_extended=${datasizes} 343elif [[ "${large_data}" == "1" ]]; then 344 export datasizes=${datasizes_extended} 345fi 346 347if [[ "${datalen_input}" != "" ]]; then 348 echo -e "${YELLOW}[TEST] Testing only for ${datalen_input}${NC}" 349 export datasizes=${datalen_input} 350 export datasizes_extended=${datalen_input} 351 if [[ "${no_batching_only}" != "1" ]]; then 352 export skip_large_data="1" 353 fi 354else 355 if [[ "${REDUCED_DATA_SIZES_SET}" != "" ]]; then 356 echo -e "${YELLOW}[TEST] Testing Reduced set of datasizes ${NC}" 357 export datasizes="32 128 512 2048 8192 32768 63000" 358 export datasizes_extended="${datasizes} 102400 1048576 10485760" 359 fi 360fi 361 362if [[ "$role" != "pub" && "$role" != "sub" ]]; then 363 echo -e "${ERROR_TAG} It must be either publisher or subscriber" 364 exit 255 365fi 366 367if [[ "$lat_thr" != "thr" && "$lat_thr" != "lat" ]]; then 368 echo -e "${ERROR_TAG} It must be either lat or thr" 369 exit 255 370fi 371 372if [[ "${interface}" == "" ]]; then 373 echo "Using default nics" 374 export nic_publisher=${ip_machine_1} 375 export nic_subscriber=${ip_machine_2} 376elif [[ "${interface}" == "both" ]]; then 377 export nic_publisher="enp1s0f0,eno1" 378 export nic_subscriber="enp1s0f0,eno1" 379 echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}" 380 echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}" 381else 382 export nic_publisher=$interface 383 echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}" 384 385 if [[ "${interface2}" == "" ]]; then 386 export nic_subscriber=$interface 387 else 388 export nic_subscriber=$interface2 389 fi 390 echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}" 391 392 if [[ "${ip1}" != "" ]]; then 393 export ip_publisher=$ip1 394 echo "Using ip_publisher: ${ip_publisher}" 395 fi 396 397 if [[ "${ip2}" != "" ]]; then 398 export ip_subscriber=$ip2 399 echo "Using ip_subscriber: ${ip_subscriber}" 400 fi 401 402fi 403 404export transport_string="-transport $transport" 405 406if [[ "$transport" == "UDPv4" ]]; then 407 408 export transport_string_pub="$transport_string -nic $nic_publisher" 409 export transport_string_sub="$transport_string -nic $nic_subscriber" 410 411 if [[ "$micro" == "1" || "$raw" == "1" || "$cert" == "1" ]]; then 412 export transport_string_pub="$transport_string_pub -peer ${ip_subscriber}" 413 export transport_string_sub="$transport_string_sub -peer ${ip_publisher}" 414 fi 415 416elif [[ "$transport" == "TCP" ]]; then 417 export transport_string_pub="$transport_string \ 418 -nic $nic_publisher \ 419 -peer 0@tcpv4_lan://${ip_subscriber}:7400" 420 export transport_string_sub="$transport_string \ 421 -nic $nic_subscriber \ 422 -peer 0@tcpv4_lan://${ip_publisher}:7400" 423elif [[ "$transport" == "TLS" ]]; then 424 export transport_string_pub="$transport_string \ 425 -nic $nic_publisher \ 426 -peer tlsv4_lan://${ip_subscriber}:7400" 427 export transport_string_sub="$transport_string \ 428 -nic $nic_subscriber \ 429 -peer tlsv4_lan://${ip_publisher}:7400" 430elif [[ "$transport" == "UDPv4_WAN" ]]; then 431 export transport_string_pub="$transport_string \ 432 -nic $nic_publisher \ 433 -transportPublicAddress $ip_publisher:7400" 434 export transport_string_sub="$transport_string \ 435 -nic $nic_subscriber \ 436 -peer 0@udpv4_wan://${ip_publisher}:7400" 437else 438 export transport_string_pub="$transport_string" 439 export transport_string_sub="$transport_string" 440fi 441 442################################################################################ 443 444export pub_string="-pub \ 445 ${transport_string_pub} \ 446 -noPrintIntervals \ 447 -executionTime $exec_time" 448 449if [[ ${lat_thr} == "lat" ]]; then 450 export pub_string="$pub_string \ 451 -latencyTest" 452fi 453 454export sub_string="-sub \ 455 ${transport_string_sub} \ 456 -noPrintIntervals" 457 458if [[ "$role" == "pub" ]]; then 459 echo -e "$INFO_TAG Publisher side running" 460 export commands_string=${pub_string} 461 export extra_arguments="${extra_arguments} ${extra_arguments_pub}" 462else 463 echo -e "$INFO_TAG Subscriber side running" 464 export commands_string=${sub_string} 465 export extra_arguments="${extra_arguments} ${extra_arguments_sub}" 466fi 467 468############################################################################### 469 470echo -e "${INFO_TAG} Executing: /set_${lat_thr}_mode.sh" 471sudo /set_${lat_thr}_mode.sh 472sleep 5 473 474echo -e "${INFO_TAG} Disabling any loss rate" 475sudo tc qdisc add dev $nic_publisher root netem loss 0% 476sudo tc qdisc del dev $nic_publisher root netem loss 0% 477 478if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then 479 echo -e "${INFO_TAG} Setting loss rate to ${loss_rate}%" 480 sudo tc qdisc add dev $nic_publisher root netem loss $loss_rate% 481fi 482 483cd $folder_base 484echo -e "${INFO_TAG} Folder Base is: $PWD" 485mkdir -p $output_folder 486 487# Tests that may use batching (when doing throughput tests) 488if [[ ${no_batching_only} != "1" ]]; then 489 490 # UNKEYED 491 if [[ "${skip_unkeyed}" == "" ]]; then 492 493 # RELIABLE 494 if [[ "${skip_rel_tests}" == "" ]]; then 495 execute_test "unkeyed" "rel" "${datasizes_extended}" "${extra_arguments}" "$file_suffix" 496 fi 497 498 # BEST EFFORT 499 if [[ "${skip_be_tests}" == "" ]]; then 500 execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix" 501 fi 502 fi 503 504 # KEYED 505 if [[ "${skip_keyed_data}" == "" ]]; then 506 507 # RELIABLE 508 if [[ "${skip_rel_tests}" == "" ]]; then 509 execute_test "keyed" "rel" "${datasizes}" "${extra_arguments}" "$file_suffix" 510 fi 511 512 # BEST EFFORT 513 if [[ "${skip_be_tests}" == "" ]]; then 514 execute_test "keyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix" 515 fi 516 fi 517 518fi 519 520if [[ "${skip_no_batching}" == "" || "${no_batching_only}" == "1" ]]; then 521 no_batching_tests="1" 522fi 523 524# Tests that will not use batching 525if [[ "${lat_thr}" == "thr" && "${no_batching_tests}" == "1" ]]; then 526 527 if [[ "$role" == "pub" ]]; then 528 export commands_string="${commands_string} -batchSize 0" 529 fi 530 531 # UNKEYED 532 if [[ "${skip_unkeyed}" == "" ]]; then 533 534 # RELIABLE 535 if [[ "${skip_rel_tests}" == "" ]]; then 536 execute_test "unkeyed" "rel" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 537 fi 538 539 # BEST EFFORT 540 if [[ "${skip_be_tests}" == "" ]]; then 541 execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 542 fi 543 fi 544 545 # KEYED 546 if [[ "${skip_keyed_data}" == "" ]]; then 547 548 # RELIABLE 549 if [[ "${skip_rel_tests}" == "" ]]; then 550 execute_test "keyed" "rel" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 551 fi 552 553 # BEST EFFORT 554 if [[ "${skip_be_tests}" == "" ]]; then 555 execute_test "keyed" "be" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}" 556 fi 557 fi 558 559fi 560 561if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then 562 echo -e "${INFO_TAG} Disabling loss rate" 563 sudo tc qdisc del dev $nic_publisher root netem loss $loss_rate% 564fi1#!/bin/bash 2filename=$0 3script_location=$(cd "$(dirname "$filename")" || exit 255; pwd) 4 5export input_params=$@ 6 7while [ "$1" != "" ]; do 8 case $1 in 9 --executable) 10 executable=$2 11 shift 12 ;; 13 --security-gov) 14 export security_only=$2 15 shift 16 ;; 17 --ci) 18 export CI="1" 19 ;; 20 *) 21 ;; 22 esac 23 shift 24done 25 26echo $security_only 27 28export folder_base="$(dirname "${executable}")"/../../.. 29export PATH_TO_GOVERNANCE_FILES_FOLDER=$folder_base/resource/secure 30 31if [[ "${CI}" == "" ]]; then 32 33 if [[ "${security_only}" == "none" || "${security_only}" == "" ]]; then 34 echo -e "[Calling base_script/script.sh] -- No Security" 35 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 36 --skip-no-batching --skip-be --skip-large-data \ 37 --file-suffix "_security_none" 38 sleep 5; 39 fi 40 41 if [[ "${security_only}" == "rtps_sign" || "${security_only}" == "" ]]; then 42 echo -e "[Calling base_script/script.sh] -- RTPS Sign" 43 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 44 --skip-no-batching --skip-be --skip-large-data \ 45 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSign.xml " \ 46 --file-suffix "_security_rtps_sign" 47 fi 48 49 if [[ "${security_only}" == "rtps_sign_submessage_encrypt" || "${security_only}" == "" ]]; then 50 echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt" 51 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 52 --skip-no-batching --skip-be --skip-large-data \ 53 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_SignEncryptSubmessage.xml " \ 54 --file-suffix "_security_rtps_sign_submessage_encrypt" 55 fi 56 57fi 58 59if [[ "${security_only}" == "no_protection" || "${security_only}" == "" ]]; then 60 echo -e "[Calling base_script/script.sh] -- No Protection" 61 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 62 --skip-no-batching --skip-be --skip-large-data \ 63 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_.xml " \ 64 --file-suffix "_security_no_protection" 65fi 66 67if [[ "${security_only}" == "rtps_encrypt" || "${security_only}" == "" ]]; then 68 echo -e "[Calling base_script/script.sh] -- RTPS Encrypt" 69 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 70 --skip-no-batching --skip-be --skip-large-data \ 71 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSEncrypt.xml " \ 72 --file-suffix "_security_rtps_encrypt" 73fi 74 75if [[ "${security_only}" == "rtps_sign_submessage_encrypt_orig_data_encrypt" || "${security_only}" == "" ]]; then 76 echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt with original auth, Data Encrypt" 77 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 78 --skip-no-batching --skip-be --skip-large-data \ 79 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignEncryptSubmessageWithOrigAuthEncryptData.xml " \ 80 --file-suffix "_security_rtps_sign_submessage_encrypt_orig_data_encrypt" 81fi 82 83if [[ "${security_only}" == "rtps_sign_orig_data_encrypt" || "${security_only}" == "" ]]; then 84 echo -e "[Calling base_script/script.sh] -- RTPS Sign with Original auth, Data Encrypt" 85 "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \ 86 --skip-no-batching --skip-be --skip-large-data \ 87 --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignWithOrigAuthEncryptData.xml " \ 88 --file-suffix "_security_rtps_sign_orig_data_encrypt" 89 sleep 5; 90fiSecurity Profiles
To test different levels of security, we have selected a well-known set of configurations. These configurations have been defined in the
Governancefiles used by RTI Perftest. With these configurations, we have tested the minimum latency and maximum throughput achievable in different scenarios. The scenarios are described below.The profiles we have used are the following:
Not using security libraries
In this scenario, RTI Security Plugins is not being used, therefore the performance is the same as what the Core Libraries provide in Unkeyed, UDPv4 10Gbps Network, C++98.
No protection
In this scenario, Security Plugins are enabled but no protection is provided at any level. This, as well as the previous scenario, is used as a way to calibrate the impact of using Security Plugins even when no security measures are applied.
The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>TRUE</allow_unauthenticated_participants> <enable_join_access_control>FALSE</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>NONE</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>FALSE</enable_discovery_protection> <enable_read_access_control>FALSE</enable_read_access_control> <enable_write_access_control>FALSE</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign’
This scenario sets the
rtps_protection_kindtoSIGN. This configuration provides protection against outsiders at the lowest cost.The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Encrypt’
This scenario sets the
rtps_protection_kindtoENCRYPT. This configuration is similar to the protectionTLSprovides.The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>ENCRYPT</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign with Origin Authentication’ and Data ‘Encrypt’
This scenario sets the
rtps_protection_kindtoSIGN_WITH_ORIGIN_AUTHENTICATION. It also sets thedata_protection_kindtoENCRYPT. This configuration is the common choice for intra-domain protection and confidentiality.The governance profile used in this scenario is the following:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN_WITH_ORIGIN_AUTHENTICATION</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>ENCRYPT</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign,’ Submessage ‘Encrypt with Origin Authentication,’ and Data ‘Encrypt’
This scenario sets the
rtps_protection_kindtoSIGN. It also sets thedata_protection_kindtoENCRYPTand themetadata_protection_kindtoENCRYPT_WITH_ORIGIN_AUTHENTICATION. This configuration offers the most robust protection.The governance profile used in this scenario is the following:
<?xml version="1.0" encoding="UTF-8"?> <dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>ENCRYPT_WITH_ORIGINAL_AUTHENTICATION</metadata_protection_kind> <data_protection_kind>ENCRYPT</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
RTPS ‘Sign,’ Submessage ‘Encrypt’
This scenario sets the
rtps_protection_kindtoSIGN. It also sets themetadata_protection_kindtoENCRYPT. This configuration allows user data confidentiality (with insiders protection) while keeping Wireshark capabilities.The governance profile used in this scenario is the following:
<?xml version="1.0" encoding="UTF-8"?> <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="dds_security_governance.xsd"> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>false</allow_unauthenticated_participants> <enable_join_access_control>false</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>false</enable_discovery_protection> <enable_liveliness_protection>false</enable_liveliness_protection> <enable_read_access_control>false</enable_read_access_control> <enable_write_access_control>false</enable_write_access_control> <metadata_protection_kind>ENCRYPT_WITH_ORIGIN_AUTHENTICATION</metadata_protection_kind> <data_protection_kind>ENCRYPT</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
Test Software
The following software was used to perform these tests:
RTI Connext DDS 6.1.2 Host and Target Libraries for x64 Linux (x64Linux4gcc7.3.0)
Test Hardware
The following hardware was used to perform these tests: .. include:: ../../../../hardware/hq_performance_linux_lab.rst .. raw:: html