《BPS_DPI_Test_Methodology.pdf》由会员分享,可在线阅读,更多相关《BPS_DPI_Test_Methodology.pdf(35页珍藏版)》请在三一文库上搜索。
1、 2008 BreakingPoint Systems, Inc. All rights reserved. Test Methodology for Deep Packet Inspection BreakingPoint Systems DPI Test Methodology i Table of Contents About this Test Methodology. 1 Purpose 1 Sources . 1 Target Audience . 1 Related Documentation 1 BreakingPoint Labs 1 BreakingPoint Suppo
2、rt 2 Overview 3 DPI Overview 3 Purpose of Testing . 3 Test Environment . 3 General Notes about the BreakingPoint Systems Testing Platform. 3 Maximum Performance 5 Objective . 5 Test Setup 5 Results 6 Maximum Performance Using Jumbo Frames . 7 Objective . 7 Test Setup 7 Results 8 Maximum TCP Connecti
3、on Rate 9 Objective . 9 Test Setup 9 Results 11 Maximum Concurrent TCP Connections 12 Objective . 12 Test Setup 12 Results 13 Strikes Blocking 14 Objective . 14 Test Setup 14 Results 15 Strike Blocking with IP Fragments 16 BreakingPoint Systems DPI Test Methodology ii Objective . 16 Test Setup . 16
4、 Results 17 SYN Flood 18 Objective . 18 Test Setup 18 Results 20 Inappropriate Content Filtering . 21 Objective . 21 Test Setup . 21 Results 24 Spam Email Blocking . 25 Objective . 25 Test Setup . 25 Results 28 Suspicious Content Detection . 29 Objective . 29 Test Setup . 29 Results 32 BreakingPoint
5、 Systems DPI Test Methodology 1 About this Test Methodology Purpose Organizations and service providers must be able to differentiate traffic types based upon the contents of the application payload in order to exercise sound bandwidth and security controls. This ability to perform “deep packet ins
6、pection” or DPI is critical in maintaining network performance and security. This document will provide several test plans that can be used to test devices under varying conditions, including the unique capabilities provided by BreakingPoint Systems to comprehensively test deep packet inspection (DP
7、I) functionality of network devices. Sources The perils of deep packet inspection by Dr. Thomas Porter Wikipedia Resources on deep packet inspection Target Audience This test methodology is intended for users of all skill levels who wish to use the BreakingPoint testing platform to generate differen
8、t types of application traffic. Related Documentation Table 1 lists any documentation for BreakingPoint Systems products. Must log in to BreakingPoint Labs () to access. Table 1: Related Documentation Documentation Location BPS 1K Network Test Appliance Installation Guide (PDF) https:/ Guide_1.2.1.p
9、df BPS1K System User Guide (PDF) https:/ 1.2.1.pdf BPS 10K Network Test Appliance Installation Guide (PDF) https:/ uide_1.2.1.pdf BPS 10K System User Guide (PDF) https:/ 1.2.1.pdf BreakingPoint Labs BreakingPoint Labs is BreakingPoint Systems online portal for product updates and industry informatio
10、n. You can access the Strike Center using a Web browser and the following URL: http:/ BreakingPoint Systems DPI Test Methodology 2 From BreakingPoint Labs, you can: Download the latest software for your system. Obtain the latest updates, which contain more than 50 application protocols and 3,500 se
11、curity strikes to use in testing. Download PDF versions of documentation. Find contact information for Customer Support, Sales, and Corporate Facilities. Access the online ordering form for all BreakingPoint products and services. BreakingPoint Support Please contact customer support using one of th
12、e methods listed in Table 2. Table 2: BreakingPoint Support Contact Information Method Contact Information E-mail Telephone 1-866-352-6691, prompt 4 To expedite your support issue, have the following information available: 1. BreakingPoint Customer Number Located on your Customer Support Agreement
13、and on the shipping invoice for your system. 2. Serial Number Located on the label on the left side of the system. 3. Software Versions Located from the Help Menu in the BreakingPoint Control Center (select Help About). BreakingPoint Systems DPI Test Methodology 3 Overview DPI Overview Deep Packet
14、Inspection (DPI) technology has been implemented to look at Layers 2-7, so it can examine actual payloads, headers, and protocol structures. Employing DPI functionality, companies can identify end-user application usage and whats being sent across the network. This functionality has been viewed, in
15、some circles, as intrusive, but in reality the technology is extremely effective in preventing buffer overflow attacks, denial of service (DoS) attacks, intrusions, and a small percentage of worms that fit within a single packet. The focus today is on whether DPI is an infringement on privacy rights
16、, but the real debate should be over how well DPI technology works once it has been implemented. What happens if the DPI equipment does not recognize traffic that it needs to stop, or if the hardware doesnt provide enough resources to support DPI technology? Logic tells us that if you are going to t
17、est DPI functionality you must test with real, stateful traffic. This test methodology shows you how to leverage the natively generated application traffic from BreakingPoint to test DPI functionality, while also blending application traffic with live security strikes. Purpose of Testing The purpose
18、 for testing is to help you determine if your device truly supports DPI. We will do this by evaluating the device under test (DUT) for: Performance capabilities Security attack blocking mechanisms Application content policy enforcement capabilities Surveillance capabilities Each test plan has been d
19、evised solely to help you determine the devices true capabilities whether its figuring out the maximum TCP connection rate or identifying whether the device blocks unwanted traffic. Test Environment The test environment should emulate the deployment environment as closely as possible, which of cours
20、e means actual application traffic and live security strikes. Directly connected devices may affect packet loss, latency and data integrity. If it is not feasible to recreate the deployment environment, it is recommended that the system be directly connected to the device. All devices being evaluate
21、d must use the same test environment to ensure accurate results. General Notes about the BreakingPoint Systems Testing Platform Consider the following factors when setting up each test: When using multiple components in a test, the sum of the data rates configured for each test component must not ex
22、ceed the total amount of bandwidth available for the interface. This is particularly important in cases where the maximum presets for a component are used. For example, the maximum presets for components like BreakingPoint Bit Blaster and BreakingPoint Systems DPI Test Methodology 4 BreakingPoint R
23、outing Robot features use the maximum data rate; therefore, it is important to adjust the data rates for these components so that they do no exceed the interfaces allotted bandwidth. The number of test components that can be added to a single test depends on the components being added to the test as
24、 well as the hardware resources that are allocated to that component. For more information on hardware resources allocations per component, please see the systems user guide. Any combination of interfaces can be assigned to act as the server and the client. The only exception is when the External in
25、terface is used. In the instance where the External interface is used, no other interfaces should be enabled as the server; however, any number of client interfaces can be enabled. Each component in a test, regardless of the number of server/client interfaces selected, counts as one component. The c
26、onfiguration you have defined for the test component will be used to generate all network traffic transmitted from any of the client interfaces. BreakingPoint Systems DPI Test Methodology 5 Maximum Performance Objective This test plan will test the maximum bandwidth in terms of Mbps (Megabits per s
27、econd) or pps (packet per second) that the device under test can pass through using real stateful application data. In this test plan, we will create a test called DPI MAX BW; this test will be referenced and reused in other test plans. RFC-2544 recommends that we use Layers 2-3 traffic, but this RF
28、C was probably written before there were test tools that could generate application traffic. You are no longer limited to generating just Layers 2-3 traffic, so we will use real traffic instead. Test Setup 1. Create a new test by selecting Test New Test from the Menu bar. 2. Click Select DUT/Network
29、 from the Test Quick Steps Menu. 3. Choose the DUT Profile and Network Neighborhood that the test will use and click the Accept button. 4. Click Add a Test Component from the Test Quick Steps Menu. 5. Select Application Simulator. Figure 1: DPI MAX BW Test Setup 6. Click the Presets tab. 7. Select M
30、ax Bandwidth from the Component Presets list. This preset uses the BreakingPoint Bandwidth Application Profile, which attempts to achieve the maximum transmission rate by using mix of HTTP traffic and P2P traffic from BitTorrent and eDonkey. 8. Click the Apply Changes button. BreakingPoint Systems D
31、PI Test Methodology 6 Figure 2: DPI MAX BW Test Setup 9. Click the Parameters tab. 10. Configure any of the parameters as you desire. These parameters should be configured to match your devices abilities. 11. Click Save and Run from the Test Quick Steps Menu. 12. Save the test as DPI MAX BW and cli
32、ck OK. Results Figure 3: DPI MAX BW Test Results The Megabits/S graph represents the maximum bandwidth supported by the device under test (DUT). Any peaks in the graph should not be accounted for in the final results. BreakingPoint Systems DPI Test Methodology 7 Maximum Performance Using Jumbo Fram
33、es Objective This test plan will test the maximum bandwidth in terms of Mbps (Megabits per second) or pps (packets per second) that the device under test can pass through using real stateful application data and jumbo frames. This test plan will use the DPI MAX BW test created in the Maximum Perform
34、ance test plan as a template. Test Setup 1. Select Test Open Test from the Menu bar. 2. Select DPI MAX BW (created in the Maximum Performance test plan) and click the Open button. 3. Click the Parameters tab. 4. Select the TCP Configuration.Maximum Segment Size parameter. 5. Enter an integer value b
35、etween 1,522-9,146 in the Maximum Segment Size (MSS) field. Typically, for jumbo frames, it is recommended that you use several different MSSs such as 4,096, 8,192, and 9,000 plus. 6. Select Test Save Test As from the Menu bar. 7. Save the test as DPI MAX BW JUMBO. 8. Click Save and Run from the Tes
36、t Quick Steps Menu. Figure 4: DPI MAX BW JUMBO BreakingPoint Systems DPI Test Methodology 8 Results Figure 5: DPI MAX BW JUMBO Test Results The Megabits/S graph represents the maximum bandwidth supported by the device under test. You can compare the test results from the DPI MAX BW test to the DPI
37、MAX BW JUMBO test to see how the device handles jumbo frames versus regular sized frames. BreakingPoint Systems DPI Test Methodology 9 Maximum TCP Connection Rate Objective This test plan will test the maximum peak rate of new connections that the device under test can pass through using real state
38、ful TCP application data. This test plan will determine the devices processing power, ability to establish new connections, and stress its processor. In this test plan, we will create a test called DPI MAX TCP Rate that will be reused in later test plans. Test Setup 1. Create a new test by selecting
39、 Test New Test from the Menu bar. 2. Click Select DUT/Network from the Test Quick Steps Menu. 3. Choose the DUT Profile and Network Neighborhood that the test will use and click the Accept button. 4. Click Add a Test Component from the Test Quick Steps Menu. 5. Select Application Simulator. Figure 6
40、: DPI MAX TCP Rate Test Setup 6. Click the Presets tab. 7. Select one of the following: Service Provider Apps HTTP, MAIL, P2P, FTP Enterprise apps HTTP, MAIL, P2P, FTP, Database, VoIP Higher Education Apps HTTP, MAIL, P2P, FTP Small to Medium Business Apps HTTP, MAIL, P2P, Terminal, FTP, Database, V
41、oIP Note: If these App Profiles do not fit your needs, you can use the Application Manager to customize your own application traffic. BreakingPoint Systems DPI Test Methodology 10 8. Click the Apply Changes button. 9. Click the Parameters tab. 10. Configure any of the parameters as you desire. Thes
42、e parameters should be configured to match your devices abilities. For example, if a device is expected to reach 500,000 sessions per second, then the system should be configured as follows: Session Configuration.Maximum Simultaneous Sessions 5,000,000 (for the BreakingPoint BPS 1K) or 7,500,000 (fo
43、r the BreakingPoint BPS 10K System) Session Configuration.Maximum Sessions Per Second 500,000 Session Ramp Distribution.Ramp Up Seconds 25 seconds Ramp Up Profile.Ramp Up Profile Type Stair Step Ramp Up Profile.Minimum Connection Rate 50,000 Ramp Up Profile.Maximum Connection Rate 500,000 Ramp Up Pr
44、ofile.Increment N Connections per second 50,000 Ramp Up Profile.Every N seconds 1 Figure 7: DPI MAX TCP Rate Test Setup 11. Click Save and Run from the Test Quick Steps Menu. 12. Save the test as DPI MAX TCP Rate and click OK. BreakingPoint Systems DPI Test Methodology 11 Results Figure 8: DPI MAX
45、TCP Rate Results To view the results for the test, you must have the TCP Sessions/s tab selected while the test is running. You can determine the maximum TCP connection per second rate by locating the exact position where the Established TCP Rate graph is breaking out from the Attempted TCP Rate gra
46、ph. If there is no break, then the DUT did not fail with the load. BreakingPoint Systems DPI Test Methodology 12 Maximum Concurrent TCP Connections Objective This test plan will test the maximum number of established TCP connections that the device under test can hold using real stateful applicatio
47、n data. This test plan will use the DPI MAX TCP Rate test created in the Maximum TCP Connections test plan. Test Setup 1. Select Test Open Test from the Menu bar. 2. Select DPI MAX TCP Rate from the Name list. 3. Click the Open button. 4. Click the Parameters tab. 5. Configure any of the parameters as you desire. These parameters should be configured to match your devices abilities. For example, if a device is expected to reach 5,00