2.4.1. Network Performance¶

The following one-to-one tests have been performed by executing an RTI Perftest C++98 Publisher and Subscriber between two nodes, connected to a switch via Ethernet. The communication has been restricted to a single interface and the transport has been set to UDPv4.

These tests are equivalent to the ones performed in the Core Libraries UDPv4 section (Unkeyed, UDPv4 10Gbps Network, C++98), but additionally enabling different Security Profiles. The “Not using security libraries” values in the graphs below are equivalent to the Core Libraries numbers, so you can compare Connext performance with and without the Security Plugins.

Find information about the hardware, network, and command-line parameters after each of the tests.

The graph below shows the one-way latency without load between a Publisher and a Subscriber running in two Linux nodes in a 10Gbps network. The numbers have been taken using strict reliable reliability for all the different Security Profiles (described below).

Note

We use the median (50th percentile) instead of the average in order to get a more stable measurement that does not account for spurious outliers. We also calculate the average value and other percentile values, which can be seen in the Detailed Statistics section below.

Detailed Statistics

The following tables contain the raw numbers presented by RTI Perftest. These numbers are the exact output with no further processing.

Not using security libraries

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)
32	16	1.0	15	71	16	17	20	46	71
64	16	1.1	15	67	16	17	21	46	67
128	17	1.3	16	68	16	17	23	46	68
256	18	1.9	16	74	17	19	26	47	74
512	20	2.9	17	73	19	21	32	49	73
1024	25	5.0	18	74	26	28	42	57	74
2048	29	32.5	20	5003	30	33	44	68	5003
4096	31	18.5	24	4115	30	36	48	67	4115
8192	41	20.0	35	4465	36	57	65	83	4465
16384	85	25.6	45	164	85	123	136	150	164
32768	172	7.1	74	263	173	174	175	203	263
63000	172	15.2	103	215	182	186	188	214	215

No protection

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)
32	16	1.0	15	67	16	17	20	45	67
64	17	1.1	16	64	16	17	20	46	64
128	17	1.2	16	66	17	17	24	46	66
256	17	1.9	16	68	17	19	26	46	68
512	20	3.0	17	69	19	21	33	49	69
1024	25	4.9	18	77	26	29	42	57	77
2048	29	25.4	20	4871	30	33	42	66	4871
4096	31	22.9	24	4781	30	36	47	69	4781
8192	41	22.8	35	4922	36	57	65	83	4922
16384	89	24.6	45	152	82	121	126	143	152
32768	148	17.4	75	206	146	173	176	199	206
63000	172	15.4	102	230	178	186	189	215	230

RTPS Sign

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)
32	20	1.1	19	75	20	20	24	50	75
64	20	1.2	19	71	20	21	26	50	71
128	20	1.2	19	74	20	21	24	50	74
256	21	1.5	20	75	21	23	28	51	75
512	22	2.3	20	92	21	24	30	51	92
1024	26	8.5	22	4419	26	28	44	57	4419
2048	30	8.4	24	4049	30	32	47	65	4049
4096	31	5.5	29	2109	30	32	47	65	2109
8192	46	7.3	40	119	42	56	76	103	119
16384	96	28.4	53	179	96	138	155	167	179
32768	172	16.2	87	231	183	185	187	213	231
63000	203	2.7	127	263	203	204	208	233	263

RTPS Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)
32	20	1.2	19	75	20	21	24	50	75
64	21	1.1	20	62	21	21	25	51	62
128	21	1.2	20	76	21	21	26	51	76
256	22	1.7	20	76	21	23	32	51	76
512	23	2.2	21	77	22	25	31	53	77
1024	26	19.8	22	5043	26	28	43	58	5043
2048	30	13.9	25	4609	30	32	45	65	4609
4096	33	6.9	30	2571	31	40	48	65	2571
8192	47	6.9	42	124	44	55	77	104	124
16384	101	29.6	56	190	101	145	165	178	190
32768	181	15.6	93	243	190	191	194	220	243
63000	215	3.2	131	284	215	216	221	246	284

RTPS Sign with Origin Auth, Data Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)
32	25	1.2	24	74	25	25	29	54	74
64	25	1.2	24	80	25	26	29	55	80
128	26	1.4	24	81	26	26	33	55	81
256	26	1.5	24	77	26	26	34	56	77
512	27	1.6	25	86	26	28	35	56	86
1024	29	12.4	27	3780	28	30	38	59	3780
2048	32	3.2	30	91	31	35	46	66	91
4096	38	14.1	35	5038	36	42	51	67	5038
8192	51	5.3	48	124	49	56	79	110	124
16384	110	26.2	63	216	102	147	155	173	216
32768	200	3.6	102	239	201	202	204	231	239
63000	230	3.9	152	266	230	232	238	261	266

RTPS Sign, Submessage Encrypt with Origin Auth, Data Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)
32	27	1.2	26	85	27	28	31	57	85
64	27	1.3	26	73	27	28	33	57	73
128	28	5.0	26	2800	27	28	32	58	2800
256	28	1.2	27	81	28	29	33	58	81
512	30	8.6	28	4774	29	30	37	60	4774
1024	32	3.0	29	87	31	34	49	61	87
2048	34	8.8	32	4453	34	36	43	66	4453
4096	41	7.5	38	3332	41	42	59	76	3332
8192	58	8.9	53	138	55	61	102	124	138
16384	118	26.1	71	192	111	154	164	185	192
32768	197	18.3	113	247	201	216	220	244	247
63000	256	3.3	173	318	256	257	264	289	318

RTPS Sign, Submessage Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)
32	23	1.1	22	77	23	24	27	53	77
64	23	1.4	22	73	23	23	31	53	73
128	24	1.3	22	78	23	24	29	53	78
256	24	1.5	22	78	23	25	31	53	78
512	25	2.5	23	80	24	28	35	54	80
1024	28	10.8	24	4717	27	30	42	59	4717
2048	31	3.5	27	80	30	33	45	65	80
4096	35	7.6	33	3503	34	38	50	66	3503
8192	50	5.9	45	686	47	56	78	111	686
16384	109	33.1	61	203	109	157	176	186	203
32768	184	17.5	95	229	192	200	203	228	229
63000	207	13.2	152	277	203	228	232	259	277

Perftest Scripts

To produce these tests, we executed RTI Perftest for C++98. The script used to execute the tests can be found here:

#!/bin/bash
filename=$0
script_location=$(cd "$(dirname "$filename")" || exit 255; pwd)

export datasizes="32 64 128 256 512 1024 2048 4096 8192 16384 32768 63000"
export datasizes_extended="${datasizes} 100000 500000 1048576 1548576 4194304 10485760"

export domain="2"
export exec_time=20
export num_reps=1
export instance_number=100000
export core=0

# We will use some colors to improve visibility of errors and info messages.
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
BLUE='\033[0;34m'
LIGHTBLUE='\033[0;36m'
NC='\033[0m'
INFO_TAG="${GREEN}[INFO]:${NC}"
WARNING_TAG="${YELLOW}[WARNING]:${NC}"
ERROR_TAG="${RED}[ERROR]:${NC}"

export ip_machine_1="10.2.78.20"
export ip_machine_2="10.2.78.21"
export if10Gbps="enp1s0f0"
export if1Gbps="eno1"

################################################################################

function disable_colors() {
    export RED=""
    export GREEN=""
    export YELLOW=""
    export NC=""
    export BLUE=""
    export LIGHTBLUE=""
    export INFO_TAG="${GREEN}[INFO]:${NC}"
    export WARNING_TAG="${YELLOW}[WARNING]:${NC}"
    export ERROR_TAG="${RED}[ERROR]:${NC}"
}

function change_domain() {
    if [[ "$domain" == "1" ]]; then
        export domain="2"
    else
        export domain="1"
    fi
}

# Usage: execute_test <keyed/unkeyed> <rel/be> <datasizes> <batchSize>
function execute_test() {

    local keyed_unkeyed=$1
    local rel_be=$2
    local datasizes_test=$3
    local other_args=$4
    local name_suffix=$5

    local commands_string_test=$commands_string
    local tag=""

    if [[ "${keyed_unkeyed}" == "keyed" ]]; then
        commands_string_test="${commands_string_test} -keyed -instances $instance_number"
        tag="[${YELLOW}${transport}${NC}|${BLUE}K${NC}|"
    else
        tag="[${YELLOW}${transport}${NC}|${LIGHTBLUE}UK${NC}|"
    fi

    if [[ "${rel_be}" == "be" ]]; then
        commands_string_test="${commands_string_test} -bestEffort"
        tag="${tag}${YELLOW}BE${NC}]"
    else
        tag="${tag}${RED}REL${NC}]"
    fi

    tag="${tag}[${LIGHTBLUE}${lat_thr}${NC}]"

    local output_file=$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}.csv

    if [[ "$role" == "pub" ]]; then
        echo -e "${YELLOW}[TEST]: $keyed_unkeyed, $rel_be. ${NC}"
    fi

    if [[ "$NO_TASKSET" == "" ]]; then
        if [[ "$LANGUAGE" != "java" && "$LANGUAGE" != "cs" ]]; then
            export pre_command_string="taskset -c $core"
        fi
    fi

    if [[ "$LANGUAGE" == "python" ]]; then
        export pre_command_string="python3 "
    fi

    if [[ "$DOCKER" == "1" ]]; then
        export pre_command_string="taskset -c $core docker run --net=host -v /home/perfuser/rti_license_connextpro.dat:/opt/rti.com/rti_connext_dds-7.3.0/rti_license.dat rticom/perftest:7.3.0-EAR "
        executable=""
    fi

    # Get the aprox time this will take:
    total_tests=$((`wc -w <<< "$datasizes_test"` * num_reps))
    total_time=$((total_tests * exec_time))

    touch $output_file
    local no_headers=""
    local current_test=0
    for index in $(seq 1 ${num_reps}); do
        for DATALEN in ${datasizes_test}; do
            current_test=$((current_test + 1))
            export command="$pre_command_string $executable -domain $domain -dataLen $DATALEN $commands_string_test $other_args $no_headers"
            if [[ "$role" == "pub" ]]; then
                echo -e "Test ${tag} (${current_test}/${total_tests}) -- Total time = ${total_time}s"
                echo -e ${BLUE}$command${NC}
            else
                echo -e ${LIGHTBLUE}$command${NC}
            fi
            if [[ "$LANGUAGE" == "cs" && "$role" == "pub" ]]; then
                sleep 3
            fi
            if [[ "$raw" == "1" && "$role" == "sub" ]]; then
                sleep 5
            fi
            if [[ "${get_netstat_info}" == "1" ]]; then
                echo -e "${INFO_TAG} Getting netstat info before"
                netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt
            fi
            eval $command >> $output_file;
            if [[ "${get_netstat_info}" == "1" ]]; then
                echo -e "${INFO_TAG} Getting netstat info after"
                netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt
                touch "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv"
                python3 $script_location/../../../tools/diff_netstat_output.py \
                    -n $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt \
                    -o $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt \
                    -d $DATALEN $no_header_netstat \
                    -csv >> "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv"
                rm -rf $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_*.txt
                no_header_netstat=" -nh"
            fi
            no_headers=" -noOutputHeaders"

            change_domain
        done
    done
}

################################################################################
# PARSE COMMAND LINE OPTIONS:

while [ "$1" != "" ]; do
    case $1 in
        --executable)
            executable=$2
            shift
            ;;
        --docker)
            DOCKER="1"
            ;;
        --output-folder)
            output_folder=$2
            shift
            ;;
        --sub-folder)
            sub_folder=$2
            shift
            ;;
        --role)
            export role=$2
            shift
            ;;
        --core)
            export core=$2
            shift
            ;;
        --test-kind)
            export lat_thr=$2
            shift
            ;;
        --interface1)
            export interface=$2
            shift
            ;;
        --interface2)
            export interface2=$2
            shift
            ;;
        --ip1)
            export ip1=$2
            shift
            ;;
        --ip2)
            export ip2=$2
            shift
            ;;
        --repetitions)
            export num_reps=$2
            shift
            ;;
        --domain)
            export domain=$2
            shift
            ;;
        --execution-time)
            export exec_time=$2
            shift
            ;;
        --transport)
            export transport=$2
            shift
            ;;
        --datalen)
            export datalen_input=$2
            shift
            ;;
        --file-suffix)
            export file_suffix=$2
            shift
            ;;
        --executable-suffix)
            export executable_suffix=$2
            shift
            ;;
        --extra-arguments)
            export extra_arguments=$2
            shift
            ;;
        --extra-arguments-pub)
            export extra_arguments_pub=$2
            shift
            ;;
        --extra-arguments-sub)
            export extra_arguments_sub=$2
            shift
            ;;
        --skip-no-batching)
            export skip_no_batching="1"
            ;;
        --skip-be)
            export skip_be_tests="1"
            ;;
        --skip-rel)
            export skip_rel_tests="1"
            ;;
        --skip-keyed)
            export skip_keyed_data="1"
            ;;
        --skip-large-data)
            export skip_large_data="1"
            ;;
        --large-data)
            export large_data="1"
            ;;
        --keyed)
            export skip_unkeyed="1"
            ;;
        --unkeyed)
            export skip_keyed_data="1"
            ;;
        --no-batching | --skip-batching)
            export no_batching_only="1"
            ;;
        --reliable)
            export skip_be_tests="1"
            ;;
        --best-effort)
            export skip_rel_tests="1"
            ;;
        --security)
            export security_only="$2"
            shift
            ;;
        --micro)
            export micro="1"
            ;;
        --raw | --raw-transport)
            export raw="1"
            ;;
        --tss)
            export tss="1"
            ;;
        --no-colors)
            export NO_COLORS="1"
            ;;
        --language)
            export LANGUAGE=$2
            shift
            ;;
        --loss-rate)
            export loss_rate=$2
            shift
            ;;
        --get-netstat-info | --netstat)
            export get_netstat_info="1"
            ;;
        --no-taskset)
            export NO_TASKSET="1"
            ;;
        *)
            echo -e "unknown parameter \"$1\""
            exit 255
            ;;
    esac
    shift
done

if [[ "$NO_COLORS" == "1" ]]; then
    disable_colors
fi

export folder_base="$(dirname "${executable}")"/../../..

if [[ $LANGUAGE == "java"  || "$LANGUAGE" == "cs" ]]; then
    export folder_base="$(dirname "${executable}")"/../..
fi
if [[ $tss == "1" ]]; then
    export folder_base="$(dirname "${executable}")"/../../../../..
fi

if [[ "${executable_suffix}" != "" ]]; then
    export executable="${executable}${executable_suffix}"
fi

if [[ "${sub_folder}" != "" ]]; then
    export output_folder="${output_folder}/${sub_folder}"
fi

echo -e "${INFO_TAG} Perftest executable is: $executable"
echo -e "${INFO_TAG} Output folder is: $output_folder"

################################################################################

if [[ "$LANGUAGE" == "python" ]]; then
    export skip_keyed_data="1"
    export skip_large_data="1"
    export skip_be_tests="1"
    export skip_no_batching="1"
fi

if [[ "${skip_large_data}" == "1" ]]; then
    export datasizes_extended=${datasizes}
elif [[ "${large_data}" == "1" ]]; then
    export datasizes=${datasizes_extended}
fi

if [[ "${datalen_input}" != "" ]]; then
    echo -e "${YELLOW}[TEST] Testing only for ${datalen_input}${NC}"
    export datasizes=${datalen_input}
    export datasizes_extended=${datalen_input}
    if [[ "${no_batching_only}" != "1" ]]; then
        export skip_large_data="1"
    fi
fi

if [[ "$role" != "pub" && "$role" != "sub" ]]; then
    echo -e "${ERROR_TAG} It must be either publisher or subscriber"
    exit 255
fi

if [[ "$lat_thr" != "thr" && "$lat_thr" != "lat" ]]; then
    echo -e "${ERROR_TAG} It must be either lat or thr"
    exit 255
fi

if [[ "${interface}" == "" ]]; then
    echo "Using default nics"
    export nic_publisher=${ip_machine_1}
    export nic_subscriber=${ip_machine_2}
elif [[ "${interface}" == "both" ]]; then
    export nic_publisher="enp1s0f0,eno1"
    export nic_subscriber="enp1s0f0,eno1"
    echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}"
    echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}"
else
    export nic_publisher=$interface
    echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}"

    if [[ "${interface2}" == "" ]]; then
        export nic_subscriber=$interface
    else
        export nic_subscriber=$interface2
    fi
    echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}"

    if [[ "${ip1}" != "" ]]; then
        export ip_publisher=$ip1
        echo "Using ip_publisher: ${ip_publisher}"
    fi

    if [[ "${ip2}" != "" ]]; then
        export ip_subscriber=$ip2
        echo "Using ip_subscriber: ${ip_subscriber}"
    fi

fi

export transport_string="-transport $transport"

if [[ "$transport" == "UDPv4" ]]; then

    export transport_string_pub="$transport_string -nic $nic_publisher"
    export transport_string_sub="$transport_string -nic $nic_subscriber"

    if [[ "$micro" == "1" || "$raw" == "1" ]]; then
        export transport_string_pub="$transport_string_pub -peer ${ip_subscriber}"
        export transport_string_sub="$transport_string_sub -peer ${ip_publisher}"
    fi

elif [[ "$transport" == "TCP" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -peer 0@tcpv4_lan://${ip_subscriber}:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer 0@tcpv4_lan://${ip_publisher}:7400"
elif [[ "$transport" == "TLS" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -peer tlsv4_lan://${ip_subscriber}:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer tlsv4_lan://${ip_publisher}:7400"
elif [[ "$transport" == "UDPv4_WAN" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -transportPublicAddress $ip_publisher:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer 0@udpv4_wan://${ip_publisher}:7400"
else
    export transport_string_pub="$transport_string"
    export transport_string_sub="$transport_string"
fi

################################################################################

export pub_string="-pub \
        ${transport_string_pub} \
        -noPrintIntervals \
        -executionTime $exec_time"

if [[ ${lat_thr} == "lat" ]]; then
    export pub_string="$pub_string \
        -latencyTest"
fi

export sub_string="-sub \
        ${transport_string_sub} \
        -noPrintIntervals"

if [[ "$role" == "pub" ]]; then
    echo -e "$INFO_TAG Publisher side running"
    export commands_string=${pub_string}
    export extra_arguments="${extra_arguments} ${extra_arguments_pub}"
else
    echo -e "$INFO_TAG Subscriber side running"
    export commands_string=${sub_string}
    export extra_arguments="${extra_arguments} ${extra_arguments_sub}"
fi

###############################################################################

echo -e "${INFO_TAG} Executing: /set_${lat_thr}_mode.sh"
sudo /set_${lat_thr}_mode.sh
sleep 5

echo -e "${INFO_TAG} Disabling any loss rate"
sudo tc qdisc add dev $nic_publisher root netem loss 0%
sudo tc qdisc del dev $nic_publisher root netem loss 0%

if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then
    echo -e "${INFO_TAG} Setting loss rate to ${loss_rate}%"
    sudo tc qdisc add dev $nic_publisher root netem loss $loss_rate%
fi

cd $folder_base
echo -e "${INFO_TAG} Folder Base is: $PWD"
mkdir -p $output_folder

# Tests that may use batching (when doing throughput tests)
if [[ ${no_batching_only} != "1" ]]; then

    # UNKEYED
    if [[ "${skip_unkeyed}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "unkeyed" "rel" "${datasizes_extended}" "${extra_arguments}" "$file_suffix"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi
    fi

    # KEYED
    if [[ "${skip_keyed_data}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "keyed" "rel" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "keyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi
    fi

fi

if [[ "${skip_no_batching}" == "" || "${no_batching_only}" == "1" ]]; then
    no_batching_tests="1"
fi

# Tests that will not use batching
if [[ "${lat_thr}" == "thr" && "${no_batching_tests}" == "1" ]]; then

    if [[ "$role" == "pub" ]]; then
        export commands_string="${commands_string} -batchSize 0"
    fi

    # UNKEYED
    if [[ "${skip_unkeyed}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "unkeyed" "rel" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}"
        fi
    fi
fi

if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then
    echo -e "${INFO_TAG} Disabling loss rate"
    sudo tc qdisc del dev $nic_publisher root netem loss $loss_rate%
fi

#!/bin/bash
filename=$0
script_location=$(cd "$(dirname "$filename")" || exit 255; pwd)

export input_params=$@

while [ "$1" != "" ]; do
    case $1 in
        --executable)
            executable=$2
            shift
            ;;
        --security)
            export security_only=$2
            shift
            ;;
        *)
            ;;
    esac
    shift
done

echo $security_only

export folder_base="$(dirname "${executable}")"/../../..
export PATH_TO_GOVERNANCE_FILES_FOLDER=$folder_base/resource/secure

if [[ "${security_only}" == "none" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- No Security"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --file-suffix "_security_none"
    sleep 5;
fi

if [[ "${security_only}" == "no_protection" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- No Protection"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_.xml " \
        --file-suffix "_security_no_protection"
fi

if [[ "${security_only}" == "rtps_sign" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSign.xml " \
        --file-suffix "_security_rtps_sign"
fi

if [[ "${security_only}" == "rtps_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSEncrypt.xml " \
        --file-suffix "_security_rtps_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_submessage_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_SignEncryptSubmessage.xml " \
        --file-suffix "_security_rtps_sign_submessage_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_submessage_encrypt_orig_data_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt with original auth, Data Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignEncryptSubmessageWithOrigAuthEncryptData.xml " \
        --file-suffix "_security_rtps_sign_submessage_encrypt_orig_data_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_orig_data_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign with Original auth, Data Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignWithOrigAuthEncryptData.xml " \
        --file-suffix "_security_rtps_sign_orig_data_encrypt"
    sleep 5;
fi

Security Profiles

To test different levels of security, we have selected a well-known set of configurations. These configurations have been defined in the Governance files used by RTI Perftest. With these configurations, we have tested the minimum latency and maximum throughput achievable in different scenarios. The scenarios are described below.

The profiles we have used are the following:

Not using security libraries

In this scenario, RTI Security Plugins is not being used, therefore the performance is the same as what the Core Libraries provide in Unkeyed, UDPv4 10Gbps Network, C++98.

No protection

In this scenario, Security Plugins are enabled but no protection is provided at any level. This, as well as the previous scenario, is used as a way to calibrate the impact of using Security Plugins even when no security measures are applied.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>TRUE</allow_unauthenticated_participants>
        <enable_join_access_control>FALSE</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>NONE</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>FALSE</enable_discovery_protection>
            <enable_read_access_control>FALSE</enable_read_access_control>
            <enable_write_access_control>FALSE</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>NONE</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign’

This scenario sets the rtps_protection_kind to SIGN. This configuration provides protection against outsiders at the lowest cost.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>NONE</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Encrypt’

This scenario sets the rtps_protection_kind to ENCRYPT. This configuration is similar to the protection TLS provides.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>ENCRYPT</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>NONE</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign with Origin Authentication’ and Data ‘Encrypt’

This scenario sets the rtps_protection_kind to SIGN_WITH_ORIGIN_AUTHENTICATION. It also sets the data_protection_kind to ENCRYPT. This configuration is the common choice for intra-domain protection and confidentiality.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN_WITH_ORIGIN_AUTHENTICATION</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>ENCRYPT</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign,’ Submessage ‘Encrypt with Origin Authentication,’ and Data ‘Encrypt’

This scenario sets the rtps_protection_kind to SIGN. It also sets the data_protection_kind to ENCRYPT and the metadata_protection_kind to ENCRYPT_WITH_ORIGIN_AUTHENTICATION. This configuration offers the most robust protection.

The governance profile used in this scenario is the following:

<?xml version="1.0" encoding="UTF-8"?>

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>ENCRYPT_WITH_ORIGINAL_AUTHENTICATION</metadata_protection_kind>
            <data_protection_kind>ENCRYPT</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign,’ Submessage ‘Encrypt’

This scenario sets the rtps_protection_kind to SIGN. It also sets the metadata_protection_kind to ENCRYPT. This configuration allows user data confidentiality (with insiders protection) while keeping Wireshark capabilities.

The governance profile used in this scenario is the following:

<?xml version="1.0" encoding="UTF-8"?>

<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="dds_security_governance.xsd">

    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>ENCRYPT_WITH_ORIGIN_AUTHENTICATION</metadata_protection_kind>
            <data_protection_kind>ENCRYPT</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

Test Software

The following software was used to perform these tests:

RTI Connext DDS 6.1.2 Host and Target Libraries for x64 Linux (x64Linux4gcc7.3.0)

Test Hardware

The following hardware was used to perform these tests: .. include:: ../../../../hardware/hq_performance_linux_lab.rst .. raw:: html

The graph below shows the expected throughput behavior when performing a 1-1 communication between two Linux nodes in a 10Gbps network. The numbers have been taken using strict reliable reliability for all the different Security Profiles (described below).

Note

By default, RTI Perftest enables batching when performing a Maximum Throughput test. The batching feature allows sending more than one data sample per RTPS packet, improving network performance for small data sizes. See the RTI Connext DDS Core Libraries User’s Manual for more information on batching.

The batch maximum size is set by RTI Perftest to be 8192 bytes; after 8192 bytes, batching is not enabled.

Detailed Statistics

This table contains the raw numbers presented by RTI Perftest. These numbers are the exact output with no further processing.

Not using security libraries

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps
32	95668781	4778494	1223.3
64	86825598	4335622	2219.8
128	73688400	3679707	3768.0
256	54660881	2729977	5591.0
512	36347040	1815429	7436.0
1024	21574672	1077416	8826.2
2048	11373452	568042	9306.8
4096	5983444	299068	9799.9
8192	3005185	150215	9844.5
16384	1508806	75432	9887.0
32768	756049	37797	9908.4
63000	393534	19674	9915.8

No protection

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps
32	96016519	4794779	1227.5
64	87084160	4348408	2226.4
128	73603557	3676128	3764.4
256	53606560	2677110	5482.7
512	36503472	1823155	7467.6
1024	21677072	1082547	8868.2
2048	11926704	595692	9759.8
4096	5983126	299063	9799.7
8192	3005032	150207	9844.0
16384	1508821	75432	9887.1
32768	756038	37797	9908.3
63000	393538	19674	9915.8

RTPS Sign

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps
32	91668212	4577690	1171.9
64	80921985	4040753	2068.9
128	65313414	3261372	3339.6
256	46962401	2345370	4803.3
512	29583056	1477519	6051.9
1024	17150576	856595	7017.2
2048	9152587	457072	7488.7
4096	4745587	237001	7766.1
8192	2621403	130917	8579.8
16384	1502571	75104	9844.2
32768	754474	37715	9886.8
63000	393126	19651	9904.6

RTPS Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps
32	90922718	4540468	1162.4
64	79385152	3963964	2029.5
128	63183808	3155018	3230.7
256	44229281	2208858	4523.7
512	27289777	1363024	5582.9
1024	15768456	787586	6451.9
2048	8543716	426699	6991.0
4096	4410028	220252	7217.2
8192	2459778	122845	8050.8
16384	1501956	75067	9839.3
32768	754347	37705	9884.3
63000	393099	19649	9903.3

RTPS Sign with Origin Auth, Data Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps
32	31568872	1576458	403.6
64	29564754	1476372	755.9
128	27178788	1357209	1389.8
256	21591613	1078358	2208.5
512	15496846	774058	3170.5
1024	10190237	508958	4169.4
2048	5437426	271578	4449.5
4096	2031633	101468	3324.9
8192	1735939	86699	5681.9
16384	1301380	64995	8519.1
32768	753221	37640	9867.3
63000	392786	19631	9894.3

RTPS Sign, Submessage Encrypt with Origin Auth, Data Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps
32	31375740	1566783	401.1
64	29125372	1454398	744.7
128	25691501	1282952	1313.7
256	20368265	1017187	2083.2
512	14250089	711711	2915.2
1024	9199205	459485	3764.1
2048	4604290	229967	3767.8
4096	1779096	88840	2911.1
8192	1468215	73347	4806.9
16384	1050849	52497	6881.0
32768	693127	34627	9077.3
63000	392529	19610	9883.9

RTPS Sign, Submessage Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps
32	88310248	4409938	1128.9
64	74502291	3720218	1904.8
128	57889664	2890686	2960.1
256	40044455	1999733	4095.5
512	24524000	1225671	5020.3
1024	13612016	679847	5569.3
2048	7391560	369179	6048.6
4096	3813037	190441	6240.4
8192	2066962	103229	6765.3
16384	1459187	72877	9552.2
32768	753222	37643	9868.1
63000	392781	19632	9894.7

Perftest Scripts

To produce these tests, we executed RTI Perftest for C++98. The script used to execute the tests can be found here:

#!/bin/bash
filename=$0
script_location=$(cd "$(dirname "$filename")" || exit 255; pwd)

export datasizes="32 64 128 256 512 1024 2048 4096 8192 16384 32768 63000"
export datasizes_extended="${datasizes} 100000 500000 1048576 1548576 4194304 10485760"

export domain="2"
export exec_time=20
export num_reps=1
export instance_number=100000
export core=0

# We will use some colors to improve visibility of errors and info messages.
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
BLUE='\033[0;34m'
LIGHTBLUE='\033[0;36m'
NC='\033[0m'
INFO_TAG="${GREEN}[INFO]:${NC}"
WARNING_TAG="${YELLOW}[WARNING]:${NC}"
ERROR_TAG="${RED}[ERROR]:${NC}"

export ip_machine_1="10.2.78.20"
export ip_machine_2="10.2.78.21"
export if10Gbps="enp1s0f0"
export if1Gbps="eno1"

################################################################################

function disable_colors() {
    export RED=""
    export GREEN=""
    export YELLOW=""
    export NC=""
    export BLUE=""
    export LIGHTBLUE=""
    export INFO_TAG="${GREEN}[INFO]:${NC}"
    export WARNING_TAG="${YELLOW}[WARNING]:${NC}"
    export ERROR_TAG="${RED}[ERROR]:${NC}"
}

function change_domain() {
    if [[ "$domain" == "1" ]]; then
        export domain="2"
    else
        export domain="1"
    fi
}

# Usage: execute_test <keyed/unkeyed> <rel/be> <datasizes> <batchSize>
function execute_test() {

    local keyed_unkeyed=$1
    local rel_be=$2
    local datasizes_test=$3
    local other_args=$4
    local name_suffix=$5

    local commands_string_test=$commands_string
    local tag=""

    if [[ "${keyed_unkeyed}" == "keyed" ]]; then
        commands_string_test="${commands_string_test} -keyed -instances $instance_number"
        tag="[${YELLOW}${transport}${NC}|${BLUE}K${NC}|"
    else
        tag="[${YELLOW}${transport}${NC}|${LIGHTBLUE}UK${NC}|"
    fi

    if [[ "${rel_be}" == "be" ]]; then
        commands_string_test="${commands_string_test} -bestEffort"
        tag="${tag}${YELLOW}BE${NC}]"
    else
        tag="${tag}${RED}REL${NC}]"
    fi

    tag="${tag}[${LIGHTBLUE}${lat_thr}${NC}]"

    local output_file=$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}.csv

    if [[ "$role" == "pub" ]]; then
        echo -e "${YELLOW}[TEST]: $keyed_unkeyed, $rel_be. ${NC}"
    fi

    if [[ "$NO_TASKSET" == "" ]]; then
        if [[ "$LANGUAGE" != "java" && "$LANGUAGE" != "cs" ]]; then
            export pre_command_string="taskset -c $core"
        fi
    fi

    if [[ "$LANGUAGE" == "python" ]]; then
        export pre_command_string="python3 "
    fi

    if [[ "$DOCKER" == "1" ]]; then
        export pre_command_string="taskset -c $core docker run --net=host -v /home/perfuser/rti_license_connextpro.dat:/opt/rti.com/rti_connext_dds-7.3.0/rti_license.dat rticom/perftest:7.3.0-EAR "
        executable=""
    fi

    # Get the aprox time this will take:
    total_tests=$((`wc -w <<< "$datasizes_test"` * num_reps))
    total_time=$((total_tests * exec_time))

    touch $output_file
    local no_headers=""
    local current_test=0
    for index in $(seq 1 ${num_reps}); do
        for DATALEN in ${datasizes_test}; do
            current_test=$((current_test + 1))
            export command="$pre_command_string $executable -domain $domain -dataLen $DATALEN $commands_string_test $other_args $no_headers"
            if [[ "$role" == "pub" ]]; then
                echo -e "Test ${tag} (${current_test}/${total_tests}) -- Total time = ${total_time}s"
                echo -e ${BLUE}$command${NC}
            else
                echo -e ${LIGHTBLUE}$command${NC}
            fi
            if [[ "$LANGUAGE" == "cs" && "$role" == "pub" ]]; then
                sleep 3
            fi
            if [[ "$raw" == "1" && "$role" == "sub" ]]; then
                sleep 5
            fi
            if [[ "${get_netstat_info}" == "1" ]]; then
                echo -e "${INFO_TAG} Getting netstat info before"
                netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt
            fi
            eval $command >> $output_file;
            if [[ "${get_netstat_info}" == "1" ]]; then
                echo -e "${INFO_TAG} Getting netstat info after"
                netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt
                touch "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv"
                python3 $script_location/../../../tools/diff_netstat_output.py \
                    -n $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt \
                    -o $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt \
                    -d $DATALEN $no_header_netstat \
                    -csv >> "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv"
                rm -rf $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_*.txt
                no_header_netstat=" -nh"
            fi
            no_headers=" -noOutputHeaders"

            change_domain
        done
    done
}

################################################################################
# PARSE COMMAND LINE OPTIONS:

while [ "$1" != "" ]; do
    case $1 in
        --executable)
            executable=$2
            shift
            ;;
        --docker)
            DOCKER="1"
            ;;
        --output-folder)
            output_folder=$2
            shift
            ;;
        --sub-folder)
            sub_folder=$2
            shift
            ;;
        --role)
            export role=$2
            shift
            ;;
        --core)
            export core=$2
            shift
            ;;
        --test-kind)
            export lat_thr=$2
            shift
            ;;
        --interface1)
            export interface=$2
            shift
            ;;
        --interface2)
            export interface2=$2
            shift
            ;;
        --ip1)
            export ip1=$2
            shift
            ;;
        --ip2)
            export ip2=$2
            shift
            ;;
        --repetitions)
            export num_reps=$2
            shift
            ;;
        --domain)
            export domain=$2
            shift
            ;;
        --execution-time)
            export exec_time=$2
            shift
            ;;
        --transport)
            export transport=$2
            shift
            ;;
        --datalen)
            export datalen_input=$2
            shift
            ;;
        --file-suffix)
            export file_suffix=$2
            shift
            ;;
        --executable-suffix)
            export executable_suffix=$2
            shift
            ;;
        --extra-arguments)
            export extra_arguments=$2
            shift
            ;;
        --extra-arguments-pub)
            export extra_arguments_pub=$2
            shift
            ;;
        --extra-arguments-sub)
            export extra_arguments_sub=$2
            shift
            ;;
        --skip-no-batching)
            export skip_no_batching="1"
            ;;
        --skip-be)
            export skip_be_tests="1"
            ;;
        --skip-rel)
            export skip_rel_tests="1"
            ;;
        --skip-keyed)
            export skip_keyed_data="1"
            ;;
        --skip-large-data)
            export skip_large_data="1"
            ;;
        --large-data)
            export large_data="1"
            ;;
        --keyed)
            export skip_unkeyed="1"
            ;;
        --unkeyed)
            export skip_keyed_data="1"
            ;;
        --no-batching | --skip-batching)
            export no_batching_only="1"
            ;;
        --reliable)
            export skip_be_tests="1"
            ;;
        --best-effort)
            export skip_rel_tests="1"
            ;;
        --security)
            export security_only="$2"
            shift
            ;;
        --micro)
            export micro="1"
            ;;
        --raw | --raw-transport)
            export raw="1"
            ;;
        --tss)
            export tss="1"
            ;;
        --no-colors)
            export NO_COLORS="1"
            ;;
        --language)
            export LANGUAGE=$2
            shift
            ;;
        --loss-rate)
            export loss_rate=$2
            shift
            ;;
        --get-netstat-info | --netstat)
            export get_netstat_info="1"
            ;;
        --no-taskset)
            export NO_TASKSET="1"
            ;;
        *)
            echo -e "unknown parameter \"$1\""
            exit 255
            ;;
    esac
    shift
done

if [[ "$NO_COLORS" == "1" ]]; then
    disable_colors
fi

export folder_base="$(dirname "${executable}")"/../../..

if [[ $LANGUAGE == "java"  || "$LANGUAGE" == "cs" ]]; then
    export folder_base="$(dirname "${executable}")"/../..
fi
if [[ $tss == "1" ]]; then
    export folder_base="$(dirname "${executable}")"/../../../../..
fi

if [[ "${executable_suffix}" != "" ]]; then
    export executable="${executable}${executable_suffix}"
fi

if [[ "${sub_folder}" != "" ]]; then
    export output_folder="${output_folder}/${sub_folder}"
fi

echo -e "${INFO_TAG} Perftest executable is: $executable"
echo -e "${INFO_TAG} Output folder is: $output_folder"

################################################################################

if [[ "$LANGUAGE" == "python" ]]; then
    export skip_keyed_data="1"
    export skip_large_data="1"
    export skip_be_tests="1"
    export skip_no_batching="1"
fi

if [[ "${skip_large_data}" == "1" ]]; then
    export datasizes_extended=${datasizes}
elif [[ "${large_data}" == "1" ]]; then
    export datasizes=${datasizes_extended}
fi

if [[ "${datalen_input}" != "" ]]; then
    echo -e "${YELLOW}[TEST] Testing only for ${datalen_input}${NC}"
    export datasizes=${datalen_input}
    export datasizes_extended=${datalen_input}
    if [[ "${no_batching_only}" != "1" ]]; then
        export skip_large_data="1"
    fi
fi

if [[ "$role" != "pub" && "$role" != "sub" ]]; then
    echo -e "${ERROR_TAG} It must be either publisher or subscriber"
    exit 255
fi

if [[ "$lat_thr" != "thr" && "$lat_thr" != "lat" ]]; then
    echo -e "${ERROR_TAG} It must be either lat or thr"
    exit 255
fi

if [[ "${interface}" == "" ]]; then
    echo "Using default nics"
    export nic_publisher=${ip_machine_1}
    export nic_subscriber=${ip_machine_2}
elif [[ "${interface}" == "both" ]]; then
    export nic_publisher="enp1s0f0,eno1"
    export nic_subscriber="enp1s0f0,eno1"
    echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}"
    echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}"
else
    export nic_publisher=$interface
    echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}"

    if [[ "${interface2}" == "" ]]; then
        export nic_subscriber=$interface
    else
        export nic_subscriber=$interface2
    fi
    echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}"

    if [[ "${ip1}" != "" ]]; then
        export ip_publisher=$ip1
        echo "Using ip_publisher: ${ip_publisher}"
    fi

    if [[ "${ip2}" != "" ]]; then
        export ip_subscriber=$ip2
        echo "Using ip_subscriber: ${ip_subscriber}"
    fi

fi

export transport_string="-transport $transport"

if [[ "$transport" == "UDPv4" ]]; then

    export transport_string_pub="$transport_string -nic $nic_publisher"
    export transport_string_sub="$transport_string -nic $nic_subscriber"

    if [[ "$micro" == "1" || "$raw" == "1" ]]; then
        export transport_string_pub="$transport_string_pub -peer ${ip_subscriber}"
        export transport_string_sub="$transport_string_sub -peer ${ip_publisher}"
    fi

elif [[ "$transport" == "TCP" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -peer 0@tcpv4_lan://${ip_subscriber}:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer 0@tcpv4_lan://${ip_publisher}:7400"
elif [[ "$transport" == "TLS" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -peer tlsv4_lan://${ip_subscriber}:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer tlsv4_lan://${ip_publisher}:7400"
elif [[ "$transport" == "UDPv4_WAN" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -transportPublicAddress $ip_publisher:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer 0@udpv4_wan://${ip_publisher}:7400"
else
    export transport_string_pub="$transport_string"
    export transport_string_sub="$transport_string"
fi

################################################################################

export pub_string="-pub \
        ${transport_string_pub} \
        -noPrintIntervals \
        -executionTime $exec_time"

if [[ ${lat_thr} == "lat" ]]; then
    export pub_string="$pub_string \
        -latencyTest"
fi

export sub_string="-sub \
        ${transport_string_sub} \
        -noPrintIntervals"

if [[ "$role" == "pub" ]]; then
    echo -e "$INFO_TAG Publisher side running"
    export commands_string=${pub_string}
    export extra_arguments="${extra_arguments} ${extra_arguments_pub}"
else
    echo -e "$INFO_TAG Subscriber side running"
    export commands_string=${sub_string}
    export extra_arguments="${extra_arguments} ${extra_arguments_sub}"
fi

###############################################################################

echo -e "${INFO_TAG} Executing: /set_${lat_thr}_mode.sh"
sudo /set_${lat_thr}_mode.sh
sleep 5

echo -e "${INFO_TAG} Disabling any loss rate"
sudo tc qdisc add dev $nic_publisher root netem loss 0%
sudo tc qdisc del dev $nic_publisher root netem loss 0%

if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then
    echo -e "${INFO_TAG} Setting loss rate to ${loss_rate}%"
    sudo tc qdisc add dev $nic_publisher root netem loss $loss_rate%
fi

cd $folder_base
echo -e "${INFO_TAG} Folder Base is: $PWD"
mkdir -p $output_folder

# Tests that may use batching (when doing throughput tests)
if [[ ${no_batching_only} != "1" ]]; then

    # UNKEYED
    if [[ "${skip_unkeyed}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "unkeyed" "rel" "${datasizes_extended}" "${extra_arguments}" "$file_suffix"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi
    fi

    # KEYED
    if [[ "${skip_keyed_data}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "keyed" "rel" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "keyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi
    fi

fi

if [[ "${skip_no_batching}" == "" || "${no_batching_only}" == "1" ]]; then
    no_batching_tests="1"
fi

# Tests that will not use batching
if [[ "${lat_thr}" == "thr" && "${no_batching_tests}" == "1" ]]; then

    if [[ "$role" == "pub" ]]; then
        export commands_string="${commands_string} -batchSize 0"
    fi

    # UNKEYED
    if [[ "${skip_unkeyed}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "unkeyed" "rel" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}"
        fi
    fi
fi

if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then
    echo -e "${INFO_TAG} Disabling loss rate"
    sudo tc qdisc del dev $nic_publisher root netem loss $loss_rate%
fi

#!/bin/bash
filename=$0
script_location=$(cd "$(dirname "$filename")" || exit 255; pwd)

export input_params=$@

while [ "$1" != "" ]; do
    case $1 in
        --executable)
            executable=$2
            shift
            ;;
        --security)
            export security_only=$2
            shift
            ;;
        *)
            ;;
    esac
    shift
done

echo $security_only

export folder_base="$(dirname "${executable}")"/../../..
export PATH_TO_GOVERNANCE_FILES_FOLDER=$folder_base/resource/secure

if [[ "${security_only}" == "none" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- No Security"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --file-suffix "_security_none"
    sleep 5;
fi

if [[ "${security_only}" == "no_protection" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- No Protection"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_.xml " \
        --file-suffix "_security_no_protection"
fi

if [[ "${security_only}" == "rtps_sign" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSign.xml " \
        --file-suffix "_security_rtps_sign"
fi

if [[ "${security_only}" == "rtps_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSEncrypt.xml " \
        --file-suffix "_security_rtps_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_submessage_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_SignEncryptSubmessage.xml " \
        --file-suffix "_security_rtps_sign_submessage_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_submessage_encrypt_orig_data_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt with original auth, Data Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignEncryptSubmessageWithOrigAuthEncryptData.xml " \
        --file-suffix "_security_rtps_sign_submessage_encrypt_orig_data_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_orig_data_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign with Original auth, Data Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignWithOrigAuthEncryptData.xml " \
        --file-suffix "_security_rtps_sign_orig_data_encrypt"
    sleep 5;
fi

Security Profiles

To test different levels of security, we have selected a well-known set of configurations. These configurations have been defined in the Governance files used by RTI Perftest. With these configurations, we have tested the minimum latency and maximum throughput achievable in different scenarios. The scenarios are described below.

The profiles we have used are the following:

Not using security libraries

In this scenario, RTI Security Plugins is not being used, therefore the performance is the same as what the Core Libraries provide in Unkeyed, UDPv4 10Gbps Network, C++98.

No protection

In this scenario, Security Plugins are enabled but no protection is provided at any level. This, as well as the previous scenario, is used as a way to calibrate the impact of using Security Plugins even when no security measures are applied.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>TRUE</allow_unauthenticated_participants>
        <enable_join_access_control>FALSE</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>NONE</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>FALSE</enable_discovery_protection>
            <enable_read_access_control>FALSE</enable_read_access_control>
            <enable_write_access_control>FALSE</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>NONE</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign’

This scenario sets the rtps_protection_kind to SIGN. This configuration provides protection against outsiders at the lowest cost.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>NONE</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Encrypt’

This scenario sets the rtps_protection_kind to ENCRYPT. This configuration is similar to the protection TLS provides.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>ENCRYPT</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>NONE</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign with Origin Authentication’ and Data ‘Encrypt’

This scenario sets the rtps_protection_kind to SIGN_WITH_ORIGIN_AUTHENTICATION. It also sets the data_protection_kind to ENCRYPT. This configuration is the common choice for intra-domain protection and confidentiality.

The governance profile used in this scenario is the following:

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN_WITH_ORIGIN_AUTHENTICATION</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>NONE</metadata_protection_kind>
            <data_protection_kind>ENCRYPT</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign,’ Submessage ‘Encrypt with Origin Authentication,’ and Data ‘Encrypt’

This scenario sets the rtps_protection_kind to SIGN. It also sets the data_protection_kind to ENCRYPT and the metadata_protection_kind to ENCRYPT_WITH_ORIGIN_AUTHENTICATION. This configuration offers the most robust protection.

The governance profile used in this scenario is the following:

<?xml version="1.0" encoding="UTF-8"?>

<dds>
    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>ENCRYPT_WITH_ORIGINAL_AUTHENTICATION</metadata_protection_kind>
            <data_protection_kind>ENCRYPT</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

RTPS ‘Sign,’ Submessage ‘Encrypt’

This scenario sets the rtps_protection_kind to SIGN. It also sets the metadata_protection_kind to ENCRYPT. This configuration allows user data confidentiality (with insiders protection) while keeping Wireshark capabilities.

The governance profile used in this scenario is the following:

<?xml version="1.0" encoding="UTF-8"?>

<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="dds_security_governance.xsd">

    <domain_access_rules>
      <domain_rule>
        <domains>
          <id_range>
            <min>0</min>
          </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>false</enable_join_access_control>
        <discovery_protection_kind>NONE</discovery_protection_kind>
        <liveliness_protection_kind>NONE</liveliness_protection_kind>
        <rtps_protection_kind>SIGN</rtps_protection_kind>
        <topic_access_rules>
          <topic_rule>
            <topic_expression>*</topic_expression>
            <enable_discovery_protection>false</enable_discovery_protection>
            <enable_liveliness_protection>false</enable_liveliness_protection>
            <enable_read_access_control>false</enable_read_access_control>
            <enable_write_access_control>false</enable_write_access_control>
            <metadata_protection_kind>ENCRYPT_WITH_ORIGIN_AUTHENTICATION</metadata_protection_kind>
            <data_protection_kind>ENCRYPT</data_protection_kind>
          </topic_rule>
        </topic_access_rules>
      </domain_rule>
    </domain_access_rules>
</dds>

Test Software

The following software was used to perform these tests:

RTI Connext DDS 6.1.2 Host and Target Libraries for x64 Linux (x64Linux4gcc7.3.0)

Test Hardware

The following hardware was used to perform these tests: .. include:: ../../../../hardware/hq_performance_linux_lab.rst .. raw:: html