我们的测试Juniper的交换机

We assessed Juniper's new enterprise switch using the same methodology we previously used to test other vendors' access switches. The one exception, as noted below, was in our use of IGMPv2 instead of IGMPv3 this time around.

这种方法包括10组测试覆盖L2和L3的单播性能;IGMP组的组播能力;L2和L3组播性能;网络访问控制（NAC）/802.1X;风暴控制;能量消耗;切换管理性，安全性，和可用性;和开关功能。详细的，完整的方法可用here.

In the L2 unicast performance tests, we configured each switch with a single virtual LAN (VLAN) encompassing all ports. We attached a Spirent TestCenter generator/analyzer to all 48 gigabit Ethernet and two 10-Gigabit ports on the switch and ran three sets of tests: all ports, gigabit ports only, and 10-Gigabit ports only. We offered traffic to the gigabit ports in a fully meshed pattern and to the 10-Gigabit ports in a meshed pattern. For each test, we conducted separate 60-second runs with 64-, 256- and 1,518-byte frames, and measured throughput, average latency and maximum latency for each frame length.

The L3 unicast performance tests were similar to the L2 unicast tests, except in this case we configured each switch port to use a different VLAN and IP subnet.

在IGMP组容量测试中，我们恢复到一个L2配置，使能IGMP侦听，并设置开关以用作IGMP查询。在该试验中，48个TestCenter的千兆以太网端口47接合IGMPv2的基团的一些号码;第48 TestCenter的端口充当监视器检测水浸。

After sending group membership (join) messages and waiting at least twice the switch's IGMP query interval, TestCenter's ScriptMaster software then offered multicast traffic to the switch's first 10-Gigabit port, destined for all multicast groups. Per RFC 3918, if all groups received at least one frame, the test iteration was considered a pass. If loss or flooding occurred, the iteration was considered a failure. Using a binary search algorithm, we repeated this procedure to determine multicast group capacity.

In the L2 multicast performance tests, we configured all switch ports to join a single VLAN, to use IGMP snooping, and to act as an IGMP querier. Then TestCenter's 48 gigabit ports joined 500 IGMPv2 groups (or fewer, depending on results from the group capacity test). The Juniper switch did not support IGMPv3 at test time, requiring the use of IGMPv2; this is the one significant departure from earlier tests of access switches.

至少等待了两次交换机的IGMP查询间隔后，TestCenter的ScriptMaster软件则提供多播流量到交换机的第一个10千兆端口，发往所有组播组。使用二进制搜索算法，TestCenter的确定的吞吐率。在一个单独的试验中，在TestCenter的吞吐率测量的平均和最大等待时间。

在L3组播吞吐量和延迟测试中，我们配置的每个交换机端口使用单独的VLAN和IP子网，启用协议无关的多播 - 稀疏模式在每个端口上的路由，并设置开关以用作PIM会合点。测试设置和流量模式是类似于L2多播测试。我们再次确定了吞吐率，并以该速率测量平均和最大延迟。

To assess 802.1X/NAC support, we developed six scenarios that describe roles a switch might play as part of the NAC infrastructure. In this case we attached the switch to a Windows 2003 server running Juniper Steel-Belted Radius Enterprise Edition 6.1 (SBR). The SBR configuration used Windows Active Directory credentials to authenticate users.

In the first scenario, the switch places an authenticated client (in all cases, a PC running Windows XP Professional and Juniper Odyssey client software) into a previously configured VLAN. The second case is like the first, but requires authentication of multiple clients attached to a single port. In the third case, the switch dynamically assigns a VLAN after authentication. In the fourth case, the switch dynamically applies an access control list after authentication. In the fifth case, the switch places a client into a guest or restricted VLAN upon authentication failure. Finally, the sixth case determines whether a switch port concurrently supports 802.1X and media access control authentication support.

To assess storm control, we used common attack techniques such as broadcast and TCP SYN flooding as generated by a Mu Dynamics Mu-4000 security analyzer and by Spirent TestCenter. We configured the Juniper switch to limit forwarding rates of attack traffic, and verified these limits using real-time rate counters in Spirent TestCenter.

We measured power consumption using Fluke 322 and Fluke 335 clamp meters. This test involved three measurements: AC line voltage; AC amperage when idle; and AC amperage when fully loaded. We fully loaded the switch control and data planes by configuring Spirent TestCenter to offer traffic at line rate to all ports consisting of IPv4 packets with IP options set. We derived wattage by multiplying voltage and amperage.

我们的开关可管理性，安全性和可用性的测试，有客观和主观成分。在客观成分，我们确定它的管理方法在支持IPv4和IPv6的交换机，以及其以符合最佳安全实践的能力（例如，通过禁用易受攻击的服务，如telnet和实现安全服务，如SSHv2的）。我们还确定哪些管理方法是默认启用的，并且可以为enabled /用户禁用。此外，我们确定是否擦除配置文件将删除所有个人身份信息，监管要求和安全最佳实践。

The subjective part of our assessment consisted of our judgments on ease of accomplishing these and all other tests described here.

To assess the final area, switch features, we asked vendors to complete a detailed questionnaire. We did not verify every answer to this questionnaire.

< Return to test:瞻博网络交换机被证明是可靠的选择>

了解更多about this topic