1.4.2. Discovery Performance
This document describes discovery performance for certain scenarios that use RTI Security Plugins. The methodology and the tests are similar to the ones explained in the Discovery Performance section for the Core Libraries. The “No Security Libraries” values in the graphs below are equivalent to the Core Libraries (multicast) numbers, so you can compare Connext performance with and without the Security Plugins.
These numbers should only be used as a first rough approximation, since the results are highly dependent on the hardware, software configuration, and network infrastructure of the tested system. These numbers are taken with multicast enabled, since this is the default mode used by Connext for discovery.
1.4.2.1. Testing Different Security Governance Configuration Levels
Endpoint Discovery
The following graph displays the time it takes to complete endpoint discovery, per number of participants. There is one endpoint for each participant; across all participants, half the endpoints are DataWriters and half are DataReaders. For each scenario, we graph three values: the maximum, median, and minimum times that the participants took to complete endpoint discovery. (Maximums and minimums are the dashed lines; medians are the solid lines.)
The following graphs display the amount of bytes sent and received until the discovery process completes, per number of participants. There is one endpoint for each participant; across all participants, half the endpoints are DataWriters and half are DataReaders. For each scenario, we graph three values: the maximum, median, and minimum bytes reported by the participants until the completion of endpoint discovery. (Maximums and minimums are the dashed lines; medians are the solid lines.)
Sent
Received
The following graphs display the amount of memory required by the application after completing the discovery process, per number of participants. There is one endpoint for each participant; across all participants, half the endpoints are DataWriters and half are DataReaders. For each scenario, we graph three values: the maximum, median, and minimum bytes reported by the participants until the completion of endpoint discovery. (Maximums and minimums are the dashed lines; medians are the solid lines.)
The parameters for testing this scenario are:
Number of hosts: 12
Participants in the system: <Variable we increase>
Topics in the system: 1
Readers per topic: Half of the Participants
Writers per topic: Half of the Participants
QoS profiles used: DynamicProfile_unicast, DynamicProfile.
Software Information
RTI developed a testing framework specifically designed for discovery benchmarking. This framework was used to perform the tests detailed in this section. This framework is capable of distributing and executing the different DDS entities across the different machines available in RTI’s Performance and Discovery Lab. It will also gather information about the discovery time as well as network usage and memory usage.
Hardware Information
Linux Nodes
Dell R340 Servers (13 Units)
Processor: Intel Xeon E-2278G (3.4-5GHz, 8c/16t, 16MB cache, 2 memory channels @2666MHz)
RAM: 4x 16GB 2666MHz DIMM (64GB RAM)
HD: 480GB SATA SSD
NIC 1: Intel 710 dual port 10Gbps SFP
OS: Ubuntu 20.04 -- gcc 9.3.0
Switch
Dell 2048 -- 10Gbps switch
QoS Used
1<?xml version="1.0"?>
2<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3 xsi:noNamespaceSchemaLocation="https://community.rti.com/schema/6.1.1/rti_dds_qos_profiles.xsd">
4 <qos_library name="QosLibrary">
5
6 <qos_profile name="FactoryDefault" is_default_participant_factory_profile="true">
7 <participant_factory_qos>
8 <entity_factory>
9 <autoenable_created_entities>false</autoenable_created_entities>
10 </entity_factory>
11 <!-- <logging>
12 <verbosity>WARNING</verbosity>
13 </logging> -->
14 </participant_factory_qos>
15 </qos_profile>
16
17 <qos_profile name="DynamicProfile_DefaultQoS" base_name="QosLibrary::FactoryDefault">
18 <participant_qos>
19 <!-- This does not affect performance, but it is needed for > 1000 participants -->
20 <wire_protocol>
21 <rtps_well_known_ports>
22 <domain_id_gain>500</domain_id_gain>
23 </rtps_well_known_ports>
24 </wire_protocol>
25 <!-- To make the test a bit more fair -->
26 <transport_builtin>
27 <mask>UDPv4</mask>
28 </transport_builtin>
29 <property>
30 <value>
31 <element>
32 <name>dds.transport.UDPv4.builtin.parent.allow_interfaces_list</name>
33 <value>enp1s0f0</value>
34 </element>
35 <element>
36 <name>dds.transport.UDPv4.builtin.parent.max_interface_count</name>
37 <value>1</value>
38 </element>
39 <element>
40 <name>dds.participant.property_validation_action</name>
41 <value>1</value>
42 </element>
43 </value>
44 </property>
45 </participant_qos>
46 </qos_profile>
47
48 <qos_profile name="DynamicProfile" base_name="QosLibrary::DynamicProfile_DefaultQoS" is_default_qos="true">
49 <participant_qos>
50 <resource_limits>
51 <type_object_max_serialized_length>0</type_object_max_serialized_length>
52 <type_code_max_serialized_length>0</type_code_max_serialized_length>
53 </resource_limits>
54 <discovery_config>
55 <initial_participant_announcements>3</initial_participant_announcements>
56 <participant_liveliness_lease_duration>
57 <sec>200</sec>
58 <nanosec>0</nanosec>
59 </participant_liveliness_lease_duration>
60 <participant_liveliness_assert_period>
61 <sec>10</sec>
62 <nanosec>0</nanosec>
63 </participant_liveliness_assert_period>
64 <remote_participant_purge_kind>LIVELINESS_BASED_REMOTE_PARTICIPANT_PURGE</remote_participant_purge_kind>
65 <max_liveliness_loss_detection_period>
66 <sec>10</sec>
67 <nanosec>0</nanosec>
68 </max_liveliness_loss_detection_period>
69 </discovery_config>
70 <property>
71 <value>
72 <element>
73 <name>dds.transport.UDPv4.builtin.recv_socket_buffer_size</name>
74 <value>5048576</value>
75 </element>
76 </value>
77 </property>
78 </participant_qos>
79 </qos_profile>
80
81 <qos_profile name="DynamicProfile_unicast" base_name="QosLibrary::DynamicProfile">
82 <participant_qos>
83 <discovery>
84 <initial_peers>
85 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.20</element>
86 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.21</element>
87 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.22</element>
88 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.23</element>
89 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.24</element>
90 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.25</element>
91 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.26</element>
92 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.27</element>
93 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.28</element>
94 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.29</element>
95 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.30</element>
96 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.31</element>
97 </initial_peers>
98 <multicast_receive_addresses></multicast_receive_addresses>
99 </discovery>
100 </participant_qos>
101 </qos_profile>
102
103 <qos_profile name="DynamicProfile_unicast_DefaultQoS" base_name="QosLibrary::DynamicProfile_DefaultQoS">
104 <participant_qos>
105 <discovery>
106 <initial_peers>
107 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.20</element>
108 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.21</element>
109 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.22</element>
110 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.23</element>
111 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.24</element>
112 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.25</element>
113 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.26</element>
114 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.27</element>
115 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.28</element>
116 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.29</element>
117 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.30</element>
118 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.31</element>
119 </initial_peers>
120 <multicast_receive_addresses></multicast_receive_addresses>
121 </discovery>
122 </participant_qos>
123 </qos_profile>
124
125 <qos_profile name="DynamicProfile_unicast_cds" base_name="QosLibrary::DynamicProfile">
126 <participant_qos>
127 <discovery>
128 <initial_peers>
129 <element>rtps@10.2.78.32:7400</element>
130 </initial_peers>
131 <multicast_receive_addresses></multicast_receive_addresses>
132 </discovery>
133 </participant_qos>
134 </qos_profile>
135
136 <qos_profile name="StaticProfile" base_name="QosLibrary::DynamicProfile">
137 <participant_qos>
138 <discovery_config>
139 <builtin_discovery_plugins>SPDP</builtin_discovery_plugins>
140 </discovery_config>
141 <property>
142 <value>
143 <element>
144 <name>dds.discovery.endpoint.lbediscovery.library</name>
145 <value>rtilbedisc</value>
146 </element>
147 <element>
148 <name>dds.discovery.endpoint.lbediscovery.create_function</name>
149 <value>DDS_LBEDiscoveryPlugin_create</value>
150 </element>
151 <element>
152 <name>dds.discovery.endpoint.load_plugins</name>
153 <value>dds.discovery.endpoint.lbediscovery</value>
154 </element>
155 </value>
156 </property>
157 </participant_qos>
158 </qos_profile>
159
160 <!-- Security -->
161 <qos_profile name="DynamicProfileSecurity" base_name="QosLibrary::DynamicProfile">
162 <participant_qos>
163 <property>
164 <value>
165 <element>
166 <name>com.rti.serv.load_plugin</name>
167 <value>com.rti.serv.secure</value>
168 </element>
169 <element>
170 <name>com.rti.serv.secure.library</name>
171 <value>nddssecurity</value>
172 </element>
173 <element>
174 <name>com.rti.serv.secure.create_function</name>
175 <value>RTI_Security_PluginSuite_create</value>
176 </element>
177 <element>
178 <name>com.rti.serv.secure.authentication.ca_file</name>
179 <value>resources/secure/certAuthority/$(discovery_security_algo)/ca/$(discovery_security_algo)RootCaCert.pem</value>
180 </element>
181 <element>
182 <name>com.rti.serv.secure.authentication.private_key_file</name>
183 <value>resources/secure/certAuthority/$(discovery_security_algo)/identities/$(discovery_security_algo)Peer01Key.pem</value>
184 </element>
185 <element>
186 <name>com.rti.serv.secure.authentication.certificate_file</name>
187 <value>resources/secure/certAuthority/$(discovery_security_algo)/identities/$(discovery_security_algo)Peer01Cert.pem</value>
188 </element>
189 <element>
190 <name>com.rti.serv.secure.access_control.permissions_authority_file</name>
191 <value>resources/secure/certAuthority/$(discovery_permissions_authority_file_algo)/ca/$(discovery_permissions_authority_file_algo)RootCaCert.pem</value>
192 </element>
193 <element>
194 <name>com.rti.serv.secure.access_control.governance_file</name>
195 <value>resources/secure/certAuthority/$(discovery_security_algo)/governances/signed_governance_$(security_governance).xml</value>
196 </element>
197 <element>
198 <name>com.rti.serv.secure.access_control.permissions_file</name>
199 <value>resources/secure/certAuthority/$(discovery_security_algo)/signed_myPermissions.xml</value>
200 </element>
201 <element>
202 <name>com.rti.serv.secure.authentication.key_establishment_algorithm</name>
203 <value>auto</value>
204 </element>
205 <element>
206 <name>dds.participant.trust_plugins.authentication_timeout.sec</name>
207 <value>$(discovery_security_authentication_timeout)</value>
208 </element>
209 <element>
210 <name>dds.participant.trust_plugins.authentication_request_delay.sec</name>
211 <value>$(discovery_security_authentication_request_delay)</value>
212 </element>
213 <element>
214 <name>dds.participant.trust_plugins.authentication_request_timeout.sec</name>
215 <value>$(discovery_security_authentication_request_timeout)</value>
216 </element>
217 </value>
218 </property>
219 </participant_qos>
220 </qos_profile>
221
222 </qos_library>
223</dds>
Security Profiles
In this set of tests, we compared the discovery times, increasing the number of endpoints, for different levels of security. We will differentiate among four levels:
No Security Libraries: This test will use RTI Connext Professional without Security Plugins.
Secure Libraries, RTPS None + Discovery None: This test uses Security Plugins and requires authentication, but doesn’t protect any messages (no encryption and no “MAC’ing”). This test uses this governance file:
<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>FALSE</allow_unauthenticated_participants> <enable_join_access_control>TRUE</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>NONE</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>FALSE</enable_discovery_protection> <enable_read_access_control>TRUE</enable_read_access_control> <enable_write_access_control>TRUE</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
Secure Libraries, RTPS Sign + Discovery None This test is similar to the one above but setting the
rtps_protection_kind
toSIGN
:<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>FALSE</allow_unauthenticated_participants> <enable_join_access_control>TRUE</enable_join_access_control> <discovery_protection_kind>NONE</discovery_protection_kind> <liveliness_protection_kind>NONE</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>FALSE</enable_discovery_protection> <enable_read_access_control>TRUE</enable_read_access_control> <enable_write_access_control>TRUE</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
Secure Libraries, RTPS Sign + Discovery Encrypt In this test we set the
rtps_protection_kind
toSIGN
and thediscovery_protection_kind
andliveliness_protection_kind
toENCRYPT
:<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>FALSE</allow_unauthenticated_participants> <enable_join_access_control>TRUE</enable_join_access_control> <discovery_protection_kind>ENCRYPT</discovery_protection_kind> <liveliness_protection_kind>ENCRYPT</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>TRUE</enable_discovery_protection> <enable_read_access_control>TRUE</enable_read_access_control> <enable_write_access_control>TRUE</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
Secure Libraries, RTPS None + Discovery Encrypt In this test we set the
discovery_protection_kind
andliveliness_protection_kind
toENCRYPT
:<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>FALSE</allow_unauthenticated_participants> <enable_join_access_control>TRUE</enable_join_access_control> <discovery_protection_kind>ENCRYPT</discovery_protection_kind> <liveliness_protection_kind>ENCRYPT</liveliness_protection_kind> <rtps_protection_kind>NONE</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>TRUE</enable_discovery_protection> <enable_read_access_control>TRUE</enable_read_access_control> <enable_write_access_control>TRUE</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>
1.4.2.2. Testing Different Digital Signature and Key Establishment Algorithms
Endpoint Discovery
The following graph displays the time it takes to complete endpoint discovery, per number of participants. There is one endpoint for each participant; across all participants, half the endpoints are DataWriters and half are DataReaders. For each scenario, we graph three values: the maximum, median, and minimum times that the participants took to complete endpoint discovery. (Maximums and minimums are the dashed lines; medians are the solid lines.)
The following graphs display the amount of bytes sent and received until the discovery process completes, per number of participants. There is one endpoint for each participant; across all participants, half the endpoints are DataWriters and half are DataReaders. For each scenario, we graph three values: the maximum, median, and minimum bytes reported by the participants until the completion of endpoint discovery. (Maximums and minimums are the dashed lines; medians are the solid lines.)
Sent
Received
The following graphs display the amount of memory required by the application after completing the discovery process, per number of participants. There is one endpoint for each participant; across all participants, half the endpoints are DataWriters and half are DataReaders. For each scenario, we graph three values: the maximum, median, and minimum bytes reported by the participants until the completion of endpoint discovery. (Maximums and minimums are the dashed lines; medians are the solid lines.)
The parameters for testing this scenario are:
Number of hosts: 12
Participants in the system: <Variable we increase>
Topics in the system: 1
Readers per topic: Half of the Participants
Writers per topic: Half of the Participants
QoS profiles used: DynamicProfile_unicast, DynamicProfile.
Software Information
RTI developed a testing framework specifically designed for discovery benchmarking. This framework was used to perform the tests detailed in this section. This framework is capable of distributing and executing the different DDS entities across the different machines available in RTI’s Performance and Discovery Lab. It will also gather information about the discovery time as well as network usage and memory usage.
Hardware Information
Linux Nodes
Dell R340 Servers (13 Units)
Processor: Intel Xeon E-2278G (3.4-5GHz, 8c/16t, 16MB cache, 2 memory channels @2666MHz)
RAM: 4x 16GB 2666MHz DIMM (64GB RAM)
HD: 480GB SATA SSD
NIC 1: Intel 710 dual port 10Gbps SFP
OS: Ubuntu 20.04 -- gcc 9.3.0
Switch
Dell 2048 -- 10Gbps switch
QoS Used
1<?xml version="1.0"?>
2<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3 xsi:noNamespaceSchemaLocation="https://community.rti.com/schema/6.1.1/rti_dds_qos_profiles.xsd">
4 <qos_library name="QosLibrary">
5
6 <qos_profile name="FactoryDefault" is_default_participant_factory_profile="true">
7 <participant_factory_qos>
8 <entity_factory>
9 <autoenable_created_entities>false</autoenable_created_entities>
10 </entity_factory>
11 <!-- <logging>
12 <verbosity>WARNING</verbosity>
13 </logging> -->
14 </participant_factory_qos>
15 </qos_profile>
16
17 <qos_profile name="DynamicProfile_DefaultQoS" base_name="QosLibrary::FactoryDefault">
18 <participant_qos>
19 <!-- This does not affect performance, but it is needed for > 1000 participants -->
20 <wire_protocol>
21 <rtps_well_known_ports>
22 <domain_id_gain>500</domain_id_gain>
23 </rtps_well_known_ports>
24 </wire_protocol>
25 <!-- To make the test a bit more fair -->
26 <transport_builtin>
27 <mask>UDPv4</mask>
28 </transport_builtin>
29 <property>
30 <value>
31 <element>
32 <name>dds.transport.UDPv4.builtin.parent.allow_interfaces_list</name>
33 <value>enp1s0f0</value>
34 </element>
35 <element>
36 <name>dds.transport.UDPv4.builtin.parent.max_interface_count</name>
37 <value>1</value>
38 </element>
39 <element>
40 <name>dds.participant.property_validation_action</name>
41 <value>1</value>
42 </element>
43 </value>
44 </property>
45 </participant_qos>
46 </qos_profile>
47
48 <qos_profile name="DynamicProfile" base_name="QosLibrary::DynamicProfile_DefaultQoS" is_default_qos="true">
49 <participant_qos>
50 <resource_limits>
51 <type_object_max_serialized_length>0</type_object_max_serialized_length>
52 <type_code_max_serialized_length>0</type_code_max_serialized_length>
53 </resource_limits>
54 <discovery_config>
55 <initial_participant_announcements>3</initial_participant_announcements>
56 <participant_liveliness_lease_duration>
57 <sec>200</sec>
58 <nanosec>0</nanosec>
59 </participant_liveliness_lease_duration>
60 <participant_liveliness_assert_period>
61 <sec>10</sec>
62 <nanosec>0</nanosec>
63 </participant_liveliness_assert_period>
64 <remote_participant_purge_kind>LIVELINESS_BASED_REMOTE_PARTICIPANT_PURGE</remote_participant_purge_kind>
65 <max_liveliness_loss_detection_period>
66 <sec>10</sec>
67 <nanosec>0</nanosec>
68 </max_liveliness_loss_detection_period>
69 </discovery_config>
70 <property>
71 <value>
72 <element>
73 <name>dds.transport.UDPv4.builtin.recv_socket_buffer_size</name>
74 <value>5048576</value>
75 </element>
76 </value>
77 </property>
78 </participant_qos>
79 </qos_profile>
80
81 <qos_profile name="DynamicProfile_unicast" base_name="QosLibrary::DynamicProfile">
82 <participant_qos>
83 <discovery>
84 <initial_peers>
85 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.20</element>
86 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.21</element>
87 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.22</element>
88 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.23</element>
89 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.24</element>
90 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.25</element>
91 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.26</element>
92 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.27</element>
93 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.28</element>
94 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.29</element>
95 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.30</element>
96 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.31</element>
97 </initial_peers>
98 <multicast_receive_addresses></multicast_receive_addresses>
99 </discovery>
100 </participant_qos>
101 </qos_profile>
102
103 <qos_profile name="DynamicProfile_unicast_DefaultQoS" base_name="QosLibrary::DynamicProfile_DefaultQoS">
104 <participant_qos>
105 <discovery>
106 <initial_peers>
107 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.20</element>
108 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.21</element>
109 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.22</element>
110 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.23</element>
111 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.24</element>
112 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.25</element>
113 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.26</element>
114 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.27</element>
115 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.28</element>
116 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.29</element>
117 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.30</element>
118 <element>$(participant_locators_id_limit)@builtin.udpv4://10.2.78.31</element>
119 </initial_peers>
120 <multicast_receive_addresses></multicast_receive_addresses>
121 </discovery>
122 </participant_qos>
123 </qos_profile>
124
125 <qos_profile name="DynamicProfile_unicast_cds" base_name="QosLibrary::DynamicProfile">
126 <participant_qos>
127 <discovery>
128 <initial_peers>
129 <element>rtps@10.2.78.32:7400</element>
130 </initial_peers>
131 <multicast_receive_addresses></multicast_receive_addresses>
132 </discovery>
133 </participant_qos>
134 </qos_profile>
135
136 <qos_profile name="StaticProfile" base_name="QosLibrary::DynamicProfile">
137 <participant_qos>
138 <discovery_config>
139 <builtin_discovery_plugins>SPDP</builtin_discovery_plugins>
140 </discovery_config>
141 <property>
142 <value>
143 <element>
144 <name>dds.discovery.endpoint.lbediscovery.library</name>
145 <value>rtilbedisc</value>
146 </element>
147 <element>
148 <name>dds.discovery.endpoint.lbediscovery.create_function</name>
149 <value>DDS_LBEDiscoveryPlugin_create</value>
150 </element>
151 <element>
152 <name>dds.discovery.endpoint.load_plugins</name>
153 <value>dds.discovery.endpoint.lbediscovery</value>
154 </element>
155 </value>
156 </property>
157 </participant_qos>
158 </qos_profile>
159
160 <!-- Security -->
161 <qos_profile name="DynamicProfileSecurity" base_name="QosLibrary::DynamicProfile">
162 <participant_qos>
163 <property>
164 <value>
165 <element>
166 <name>com.rti.serv.load_plugin</name>
167 <value>com.rti.serv.secure</value>
168 </element>
169 <element>
170 <name>com.rti.serv.secure.library</name>
171 <value>nddssecurity</value>
172 </element>
173 <element>
174 <name>com.rti.serv.secure.create_function</name>
175 <value>RTI_Security_PluginSuite_create</value>
176 </element>
177 <element>
178 <name>com.rti.serv.secure.authentication.ca_file</name>
179 <value>resources/secure/certAuthority/$(discovery_security_algo)/ca/$(discovery_security_algo)RootCaCert.pem</value>
180 </element>
181 <element>
182 <name>com.rti.serv.secure.authentication.private_key_file</name>
183 <value>resources/secure/certAuthority/$(discovery_security_algo)/identities/$(discovery_security_algo)Peer01Key.pem</value>
184 </element>
185 <element>
186 <name>com.rti.serv.secure.authentication.certificate_file</name>
187 <value>resources/secure/certAuthority/$(discovery_security_algo)/identities/$(discovery_security_algo)Peer01Cert.pem</value>
188 </element>
189 <element>
190 <name>com.rti.serv.secure.access_control.permissions_authority_file</name>
191 <value>resources/secure/certAuthority/$(discovery_permissions_authority_file_algo)/ca/$(discovery_permissions_authority_file_algo)RootCaCert.pem</value>
192 </element>
193 <element>
194 <name>com.rti.serv.secure.access_control.governance_file</name>
195 <value>resources/secure/certAuthority/$(discovery_security_algo)/governances/signed_governance_$(security_governance).xml</value>
196 </element>
197 <element>
198 <name>com.rti.serv.secure.access_control.permissions_file</name>
199 <value>resources/secure/certAuthority/$(discovery_security_algo)/signed_myPermissions.xml</value>
200 </element>
201 <element>
202 <name>com.rti.serv.secure.authentication.key_establishment_algorithm</name>
203 <value>auto</value>
204 </element>
205 <element>
206 <name>dds.participant.trust_plugins.authentication_timeout.sec</name>
207 <value>$(discovery_security_authentication_timeout)</value>
208 </element>
209 <element>
210 <name>dds.participant.trust_plugins.authentication_request_delay.sec</name>
211 <value>$(discovery_security_authentication_request_delay)</value>
212 </element>
213 <element>
214 <name>dds.participant.trust_plugins.authentication_request_timeout.sec</name>
215 <value>$(discovery_security_authentication_request_timeout)</value>
216 </element>
217 </value>
218 </property>
219 </participant_qos>
220 </qos_profile>
221
222 </qos_library>
223</dds>
Security Profiles
For these specific tests we used the same governance file configuration and we modified the encryption algorithms in use. We used the following governance configuration:
Secure Libraries, RTPS Sign + Discovery Encrypt: In this test we set the
rtps_protection_kind
toSIGN
and thediscovery_protection_kind
andliveliness_protection_kind
toENCRYPT
:<dds> <domain_access_rules> <domain_rule> <domains> <id_range> <min>0</min> </id_range> </domains> <allow_unauthenticated_participants>FALSE</allow_unauthenticated_participants> <enable_join_access_control>TRUE</enable_join_access_control> <discovery_protection_kind>ENCRYPT</discovery_protection_kind> <liveliness_protection_kind>ENCRYPT</liveliness_protection_kind> <rtps_protection_kind>SIGN</rtps_protection_kind> <topic_access_rules> <topic_rule> <topic_expression>*</topic_expression> <enable_discovery_protection>TRUE</enable_discovery_protection> <enable_read_access_control>TRUE</enable_read_access_control> <enable_write_access_control>TRUE</enable_write_access_control> <metadata_protection_kind>NONE</metadata_protection_kind> <data_protection_kind>NONE</data_protection_kind> </topic_rule> </topic_access_rules> </domain_rule> </domain_access_rules> </dds>