Server Load Balancer Test Methodology

www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.

1

Rethink Server Load Balancer Testing

Rethink Server Load Balancer TestingA methodology to measure the performance, security, and stability of server load balancers under real-world network conditions


2


Table of ContentsIntroduction .................................................................................................................................................................................................................... 3

Layer 4 Top TC ................................................................................................................................................................................................................ 5

HTTP Load Balancer Test............................................................................................................................................................................................. 26

HTTPS/SSL ....................................................................................................................................................................................................................... 52

HTTP Caching ................................................................................................................................................................................................................. 74

Dual Traffic HTTP and IMAP ....................................................................................................................................................................................... 96

BlockFuzzer ..................................................................................................................................................................................................................... 127

Load Balancer Configuration .................................................................................................................................................................................... 135

About BreakingPoint ................................................................................................................................................................................................... 137


3


IntroductionToday’s network is under higher demand than ever before, each day handling ever growing and more complex business and Web

applications. A single server will not be able to handle the load demand required; multiple servers are needed and must be used to

meet the demand. For ease of use, a single IP address or domain name must be used; however, if several servers are required, this adds

complexity. Using a load balancer can ease the complexity of the network setup.

With the continued development of web applications, virtualization, cloud computing and more, a load balancer has become an integral

piece of networking equipment. With the use of a load balancer, a single service can be provided from multiple servers. A load balancer runs

on Layers 4 through 7 of the OSI Model, and some of the common protocols that are usually load balanced are HTTP, IRC, FTP, NNTP and

DNS. When in use, a load balancer is placed in front of a server farm on the network. The load balancer listens on the needed port, and when

a request comes in for the service, the load balancer will forward the request to one of the available servers. When the back-end server

receives the request from the load balancer, it will respond to the load balancer. In turn, the load balancer will respond to the client that

made the initial request. This makes the load balancer an invisible piece of networking equipment to the client.

Load balancers are aware of the requested protocol and will forward the connection to the correct server. Since not every server will be on

equal hardware or be able to handle equal loads, load balancers can be configured with an assigned weight for each server. For example,

a single core server can be configured with a lower weight than a quad core server because the quad core server will be able to handle a

higher offered load. This ensures that each client will receive the same experience as the next.

Another added benefit of using a load balancer is it helps maintain uptime of the requested services. If one server fails or is taken down for

an upgrade, the remaining servers are able to maintain and handle the load until the downed server is online again.

Not all load balancers are created equal. Some have more features than others, but a set of common features does exist between them.

As expected, load balancers support all TCP and UDP protocols. A form of SSL acceleration is usually available to improve the speed of

encryption. Another common feature is content caching: The load balancer will store objects that are frequently used. When this object is

requested, the load balancer will speed up the process by sending the object instead of asking a server for it. Other common features that

load balancers support are content compression, session persistence and bandwidth management.

The following Resiliency Methodology will demonstrate how to configure a load balancer and set up the BreakingPoint Storm CTM. This

Resiliency Methodology contains five different measurements and each are given a brief outline below.

Test 1: Layer 4 TCP

This test will determine the number of TCP connections per second that the load balancer is able to handle. Also, the TCP setup

time will be analyzed to determine how a greater number of TCP connections per second affects the time it takes to establish the TCP

connection. This test is also a baseline measurement for tests 2-5.

Test 2: HTTP

This test will determine the number of HTTP connections per second the load balancer is able to handle. Also, the BreakingPoint

Storm CTM will be configured to serve out five different sized HTTP pages. The overall bandwidth that the load balancer is able to support

will be determined.

Test 3: HTTPS

This is the same test as the HTTP , except encryption will be used. Normally, the HTTPS connection is made with the load balancer, and

the connection between the load balancer and the server is not encrypted, taking away the overhead of encryption.


4


Test 4: HTTP Caching

As load balancers are able to locally cache objects, the BreakingPoint Storm CTM will be configured to send out dynamic pages and

image files. The TCP connection setup time will be analyzed to make sure the load balancer is locally caching the needed files.

Test 5: Dual Traffic HTTP and IMAP

Load balancers are able to handle multiple protocols at a time. The BreakingPoint Storm CTM will be configured to use both HTTP

and IMAP protocols. This helps determine the load balancer’s ability to handle multiple protocols while being stressed. Data rates and TCP

setup times are a couple of the results analyzed at the end of the test.

Test 6: Fuzzer

This test is an add-on test to the previous ones. This test will ensure that the load balancer is able to handle malformed packets or errors

within the packet. Results will be examined to determine the load balancer’s ability.


5


Layer 4 Top TC

RFC:• RFC 793 – Transmission Control Protocol

Overview:

A basic Layer 4 TCP measurement will be performed. The load balancer should be configured with an open port of 80, as this is the port that

will be used during the test. The load balancer also should be configured with a range of IP Addresses that amounts to about 5% of the total

supported back-end servers to act as the end points for the TCP measurement. The BreakingPoint Storm CTM will act as both the clients

and the servers during the measurement. The BreakingPoint Storm CTM will be configured to use the Session Sender test component to

generate and receive the TCP requests.

Objective:

Determine the maximum number of TCP connections per second a load balancer is able to handle before dropping requests.

Setup:


6


1. OpenyourfavoriteWebbrowserandconnecttotheBreakingPointStormCTM.Oncethepagehasloaded,selectStart BreakingPoint Systems Control Center.

2. LogintotheBreakingPointStormCTMbyenteringyourLoginIDandPassword.Oncedone,clicktheLoginbutton.


7


3. Reservetherequiredportstorunthetest.

4. Next,selectTestNew Testtostartwithconfiguringthetest.


8


5. Selectthefirstitemfromthelist,Select the DUT/NetworklocatedintheTestQuickSteps.

6. SelectOpen network neighborhood screentocreateaNetworkNeighborhoodforthetest.


9


7. SelecttheCreate a new Network Neighborhood (‘+’)button.

8. Enteraneasy-to-recallnameforthenewNetworkNeighborhoodandclickOK.


10


9. Noticetheinterfacelistatthetopofthescreen.ItlistsInterfaces1-4andanExternal;onlytwointerfacesandtheexternalarerequiredforthistest.Delete Interface 3 and Interface 4byselectingtheinterfaceandthenclicking the close buttonthatappearsonthetab.Whenpromptedabouttheremovaloftheinterface,selectYes.


11


10. ConfigurealltherequiredIPinformationforInterface1.OncealltheIPinformationhasbeenentered,clicktheApply ChangesbuttonandthentheSave Networkbutton.

11. SelecttheInterface 2tabandagainconfigurealltherequiredIPinformation,makingsuretochangetheTypefromVirtual RoutertoHost.Oncetheconfigurationhasbeencompleted,clickApply ChangesandtheSave Networkbutton.


12


12. SelecttheExternaltab.AnentryisalreadypresentintheSubnetsection.Deletethisentrybyselectingthetrashcanbutton.

13. Oncetheentryisdeleted,anewentrymustbecreated.EnterintheIPaddressinformationintheMinimum IP AddressandMaximum IP Addressfields.ClicktheAdd Rangebuttononcecompleted.Again,clicktheSave Networkbutton.


13


14. SelecttheReturn to PreviousScreenbutton.

15. UnderDevice Under Test(s),verifythatBreakingPoint Defaultisselected,andunderNetwork Neighborhood(s)verifythatthenewlycreatedoneisselected.ClickAcceptoncecompleted.

16. WhenpromptedaboutswitchingNetworkNeighborhoodsbecausethecurrentonehasmoreinterfacesselectYes.


14


17. SelectAdd a Test ComponentfromTestQuickSteps.

18. SelectSession Sender (L4)fromtheSelect a component typewindow.


15


19. Wewillnowperformstep3oftheTestQuickSteps.RenamethecomponentfromSession SendertoTCP Sessions.VerifythattheActivecheckboxisselected.ClickApply Changesoncecompleted.

20. SelecttheInterfacestab.VerifythattheExternal Servercheckboxisselected.ForInterface1,verifythattheClientcheckboxisselected,andforInterface2verifythattheServercheckboxisselected.ClickApply Changesoncecompleted.

21. SelecttheParameterstab.Thisiswhereallthetestcriteriawillbedefinedandconfiguredforthistest.


16


22. Noteveryparameterwillbechanged.ThefirstonethatshouldbechangedisTCP Session Duration (segments).Changethevaluefrom20to0.ThiswillallowforahigherrateofTCPconnectionspersecondtobeestablished.ClickApply Changesoncecompleted.

23. ThenextparameterthatneedstobechangedistheMinimum data rate.Itiscurrentlysetto200andneedstobechangedto1000.ThisvalueisinMegabits/second.Again,clickApply Changesoncecompleted.

24. ThenextparameterthatneedstobechangedisthePort distribution typeunderDestination Port.UsethedropdownmenuandchangethevaluetoConstant.Also,changetheMinimum port numberfrom6to80(oraknownopenportonyourloadbalancer).ClickApplyChangesoncecompleted.


17


25. UnderSessionRampDistribution,changetheRamp Up BehaviorfromFull Open toFull Open + Data + Close.ForRamp Up Seconds,enteravalueof148010.Thisisacalculatedvalue;wewishtoattempttoconnect750,000TCPconnections/second.Initially,10,000connectionswillbeestablished,andthenanother50every10secondsthereafter.Weadd10secondsfortheinitial10,000TCPconnections.Asamathematicalexpressionitwouldlooklikethis:((((750000-10000)/50)*10)+10.WemustmakesuretheRamp Up Secondsisalongenoughperiodoftimetocompletethisprocess.Provide30secondsfortheRamp Downperiod.Youwillhavetoscrolldownforthisfield.ClickApply Changes.

26. ScrolldowntotheRampUpProfile.UsetheRamp Up Profile TypedropdownmenuandchangethevaluetoStair Step.TheMinimum Connection RateisthenumberofTCPconnectionsthatwillbeusedatthestartofthetest.Enteravalueof10000.AswewishtodeterminethemaximumnumberofTCPconnectionsthatarepossiblepersecondenteravalueof750000intheMaximum Connection Rate.Enteravalueof50fortheIncrement N connections per secondandenteravalueof10forEvery N seconds.Thiswilladdanadditional50TCPconnectionattemptsevery10seconds.Thisvaluecanbeincreasedforashortertest,buttheresultsmightnotbeasaccurate.Pleasenote,youwillneedtoscrolldowntolocatesomeofthesefields.ClickApply Changesoncecompleted.


18


27. UnderSession Configuration,setbothMaximum Simultaneous SessionsandMaximum Sessions Per Secondtotheirmaximumvalues.ClickApply Changesoncecompleted.

28. Nootherparametersneedtobeconfigured.MakesuretheTest Statushasagreencheckmarknexttoit.Ifthereisnot,determinewhatiswrongbyselectingTest Statusandviewingtheerrors.

29. BeforeweselectSaveandRunfromTestQuickSteps,edittheTest Information Description.


19


30. SelectSave and RunfromTest Quick Steps.

31. Ifthetesthasnotpreviouslybeensaved,enteranameforthetestandclickSave.


20


32. Whilethetestisrunning,selecttheTCP tab.

33. Oncethetesthascompletedrunning,verifythatitsuccessfullypassed.ClickClose.


21


34. InthelowerleftcorneroftheReal Time Statisticswindow,selectthegraphbuttontoviewdetailedresults.Thiswillopentheresultsinanewbrowserwindow.

35. Gotothebrowser.Ontheleftsideisthenavigationpanel,whereyoucannavigateandbrowsetheresults.Theresultsandtestinformationwillbedisplayedontherightsideofthebrowser.

36. ExpandtheTest Results for TCP Sessionsfolder,andthenexpandtheDetailsfolder.SelectTCP Connection Rate.


22


37. OnceTCP Connection Ratehasbeenselected,agraphwilldisplaytheClientandServerattemptrate,establishrateandcloserate.Also,atableisdisplayedshowingthevaluesusedtocreatethegraph.


23


38. Usingthetable,itispossibletodeterminethemaximumTCP Connection Rate.FromtheClient establish rate (TCP Sessions/s) column,locatethehighestvalue.Usingthegraph,findthehighestClientestablishratetodeterminethetimethehighestClientestablishratehappened.WiththeDUTusedinthistest,itlookslikeithappenedatabout11,270secondswitharateof75,237.9TCPSessions/s.


24


39. AnotherinterestingmetricistheTCP Response Time.SelecttheTCP Response Timeinthenavigationalpanel.ThisgraphshowsthetimeittookforaTCPresponsetobemade.Thequickertheresponsetimes,thebetter.

40. SelectTCP Concurrent ConnectionsundertheDetailfolder.Agraphandatableoftheresultswillbedisplayed.Thegraphisbasedontheresultsfoundinthetable.TheybothprovideavalueforthenumberofClientconcurrentTCPsessions.


25


41. AnotherinterestingmetricthatcanbeviewedistheFrame Data Rate.Again,thisisundertheDetailfolder.TheFrame Data Ratewillshowthedata transmit rateandthedata receive ratethatoccurredthroughoutthetest.

This test is just a starting point. Other more complex Layer 4 tests are possible. The following are some examples:

• Maximum TCP Open Rate (full open of clients, do not close client connections)

• Maximum TCP with Opening and Closing clients at same time.

• Throughput tests with varying number of clients.

• Increased number of supported back-end servers to 10%, 25%, 50%, 75% and 100%.


26


HTTP Load Balancer Test

RFC:• RFC 1945 – Hypertext Transfer Protocol – HTTP/1.0

• RFC 2616 – Hypertext Transfer Protocol – HTTP/1.1

Overview:

The BreakingPoint Storm CTM will simulate the HTTP protocol. The BreakingPoint Storm CTM will simulate both the client and the server.

The server will respond with different page sizes to help mimic a more realistic Web browsing session. The load balancer will distribute the

connections to the simulated Web servers, and we can determine the number of connections per second possible with the configuration of

the load balancer.

Objective:

Determine the number of HTTP connections per second possible.

Setup:


27


1. OpenyourfavoriteWebbrowserandconnecttotheBreakingPointStormCTM.Oncethepagehasloaded,selectStart BreakingPoint Systems Control Center.

2. LogintotheBreakingPointdevicebyenteringyourLogin IDandPassword.Oncedone,selecttheLoginbutton.


28



4. Next,selectTestNew Testtostartwithconfiguringthetest.


29


5. Toconfigurethetest,wewillusetheTest Quick Steps.SelectSelect the DUT/Networkfromthelist.

6. Intheprevioustest,wecreatedaNetworkNeighborhood;sincethetestsetuphasnotchanged,itispossibletoreusethatNetworkNeighborhood.SelectBreakingPoint DefaultastheDevice Under Test(s)andthepreviouslycreatedNetwork Neighborhood.ClickAcceptoncecompleted.


30


7. UsingtheTest Quick Steps,selectAdd a Test Component.

8. SelectApplication Simulator (L7)asthecomponenttype.ClickCloseonceselected.


31


9. UndertheInformationtab,enteranamefortheApplicationSimulatorcomponentandClickApply Changes.

10. SelecttheInterfacestab.EnabletheExternal ServerandmakesureInterface1issetasaClientandInterface2issetasaServer.OncecompletedclickApply Changes.


32


11. BeforetheParametersofthetestcanbeconfigured,SuperFlowsmustbecreatedandconfigured.FromtheManagersdropdownmenu,selectApplication Manager.

12. Whenpromptedaboutsavingthetest,selectYes.


33


13. EnteranameforthetestintherequiredfieldandclickSave.

14. SelecttheSuperFlowstab.


34


15. AnewSuperFlowmustbecreated.ClicktheCreate a new Super Flow (‘+’)button(locatedunderthelistofSuperFlows).

16. EnteranamefortheSuperFlowthatwillbeeasytorecallwhencreatingtheAppProfile.ClickOKoncecompleted.


35


17. ClicktheManage HostsbuttonunderStep 1 – Define Hosts.

18. Aclientandaserverhostshouldalreadybecreated.Nootherhostsarerequired.ClickCloseoncecompleted.

19. Next,theflowsmustbedefined.InStep 2 – Define Flows,makesureClientissettoClientandServerissettoServer.UsetheProtocoldropdownmenutoselectHTTPandthenclickAdd Flow (‘+’).


36


20. Next,anactionforthisflowmustbedefined.InStep 3 – Define Actions,usetheActiondropdownmenuandselectClient: GET,andthenselectServer: Response 200 (OK).Afterselectingeachaction,makesuretoclicktheAdd Action (‘+’)button.Also,makesurethattheFlowisselectedfromStep2oryouwillnotbeabletoaddanaction.

21. Next,theActionsmustbeconfigured.SelecttheClient GETaction(firstoneinthelist)andselectthe{…}button.


37


22. MakesureTransaction FlagisenabledandsettoContinueandthatEnable persistent HTTP sessionsisenabledandsettooff.Everythingelseshouldbedisabled.OncetheconfigurationiscompletedclickApply Changes.

23. SelectServer Response 200 (OK)intheActionlistandclickthe{…}button.


38


24. Mostofthedefaultsarealreadyconfiguredcorrectly.DoublechecktomakesureTransactionFlagissettoContinue,HTTPCompressionissettonone,Keep Aliveisoff,Generate ‘Content-MD5’ headerisoff,andEnable chunked encodingisoff.Also,makesureHTTP chunk response sizeissetto64.Scrolldownsotherestofthelistisvisible.

25. SetRandom response min lengthtoavalueof1024.Thiswillmaketheserverrespondwitha1kpage.DisableRandom response max length.ClickApply Changesoncecompleted.


39


26. TheconfigurationforthisSuperFlowiscomplete.ClickSave Super Flow.

27. Repeatsteps14to25creating 3 new Super FlowsandeachshouldhaveauniquenameandbeconfiguredwithaRandom response min lengthvalueof4k,8k,or12k.


40


28. OnelastSuperFlowneedstobecreated.ThisSuperFlowwilltransmitFlashdatafromtheservertotheclient.Repeatsteps14to22.OnceintheResponse200(OK)editorchangeTransaction FlagtoEnd.Also,makesureHTTP Compressionissettonone,Keep Aliveissettooff,Generate ‘Content-MD5’ headerissettooff,andEnable chunked encodingissettooff.Next,changeContent-Typetovideo/flvandFile GeneratortoFlash (video/flv).Scrolldownuntiltherestoftheparametersarevisible.

29. SetRandom response min lengthtoavalueof102400anddisableRandom response max length.ClickApplyChangesoncecompleted.


41


30. TheconfigurationoftheFlashSuperFlowiscomplete.ClickSave Super Flow.

31. SelecttheApp Profilestab.


42


32. AnewApplication Profilemustbecreated.TotheApplicationProfile,wewilladdallthenewlycreatedSuperFlows.ThisallowstheabilitytocreateamorecomplextestandhavedifferentSuperFlowsthatcancontaindifferentprotocols.Inthistestscenario,weareusingonlyHTTPtraffic.Selectthe(‘+’)buttontocreateanewApplicationProfile.

33. WhenpromptedenteranamefortheApplication Profile,somethingeasytorememberasthiswillbeusedagainshortly.ClickOKoncecompleted.


43


34. LocatethelistofAvailable Super Flows.ThefiveSuperFlowsjustcreatedshouldbeinthelist.Also,thelistmightbelongerthanonepage,somakesuretonavigatethroughallthepagesifneeded.LocateeachofthenewlycreatedSuperFlows,andthenclick the down arrowbuttontoaddtotheApplicationProfile.UsetheShiftbuttontoselectmultipleSuperFlows.

35. SavetheApplicationProfilebyclickingtheSave App Profilebutton.

36. NowthatalltheSuperFlowsandtheApplicationProfilehavebeenconfigured,clicktheReturn to previous screenbuttontoconfiguretherestofthetestparameters.


44


37. SelecttheParameterstab.

38. IntheDataRatesection,changeMinimum data rateto1000.ThiswillchangethelinespeedtoGigabit.ClickApply Changesoncecompleted.

39. UndertheSession Ramp Distributionsection,severalparametersneedtobechanged.UsingtheRamp Up Behaviordrop-downmenu,selectFull Open + Data + Close.Next,changeRamp Up Seconds to1460(again,thisisacalculatedvalue;seethefirsttestforhowtocalculateit)andverifySteady-State BehaviorissettoOpen and Close Sessions.Finally,scrolldownuntilthefinalthreeparametersarevisible.ChangeSteady-State Secondsto120,Ramp Down BehaviortoFull CloseandRamp Down Secondsto30.


45


40. ChangesarerequiredintheRamp Up Profile.ChangeRamp Up Profile TypetoStair Step.SettheMinimum Connection Rateto500,thiswillbetheinitialnumberofconnectionsattempted.Next,settheMaximum Connection Rateto7300.Scrolldowntoconfigurethelasttwoparameters.SettheIncrement N connections per secondto50.Finally,setEvery N secondsto10.Thelasttwoparametersconfiguredwilladd50newconnectionattemptsevery10seconds.ClickApply Changeswhendone.

41. UndertheSession Configuration,setMaximum Simultaneous Sessionsto7500000andMaximum Sessions Per Secondto750000.ClickApply Changesoncecompleted.

42. Finally,scrolldowntotheApplication Profileparameter.Usingthedrop-downmenu,selectthenewlycreatedApplication ProfileandclickApply Changes.


46


43. VerifytheTestStatushasagreencheckmark.Ifitdoesnot,clicktheTest Statuslinkandmaketherequiredchanges.

44. UnderTest Quick Steps,selectthefourthoption,Save and Run.

45. Whentheteststarts,theSummarytabdisplaysandprovidesaniceoverviewofwhatishappeningwithinthetest.


47


46. SelecttheTCPtabandverifythatconnectionsarebeingsuccessfullyestablished.

47. AnotherniceresourcetoviewistheApplicationtab.Thisprovidesinformationabouteachprotocol(ifmultipleprotocolsarebeingrun).Inthiscase,asonlyHTTPisbeinguseditprovidesthesameinformationascanbeseenontheSummaryandTCPtab.


48


48. SelecttheTCPtabtoviewtheTCP Connections per second.Althoughthistestdoestakeawhiletorun,besuretomonitorthetest.Atsomepointduringthetest,theAttemptedandSuccessfulrateshoulddiffer.Ifthesestatesdonotdiffer,waituntilthetesthascompleted,andthenredotheparametersandincreasetheMaximum Connection RateandtheRamp Up SecondsaccordinglyasthetestdidnotreachthelimittheLoadbalancerwasabletohandle.

49. Letthetestfinish.Youwillbenotifiedthetestfailed;thisisokay.SelecttheClosebutton.


49


50. SelecttheView the reportbutton.

51. ExpandtheTest Results for HTTP TrafficandthenexpandtheDetailsfolder.SelectSuperflow Summaryinthenavigationpanel.Thiswillshowtheweightofeachpageasconfigured(sinceitwasleftasdefault,eachshouldhaveaweightof20%)andtheEffectiveWeight.TheEffectiveWeightistheactualweightthatwastransmittedtotheDUT.

52. Next,selectComponent Concurrent Flows.ThiswilldisplayagraphandatableofhowmanyTCPFlowswereactiveataspecifictimeduringthetest.


50


53. SelectTCP Connection Rate.Again,agraphandatablewillbedisplayed.ThisviewdisplaysverydetailedinformationabouttheclientandserverTCPestablish,closeandattemptedrate.


51


54. SelecttheFrame Data Rateview.Thiswilldisplayagraphandtableofthedatarateatcertainintervals.

Other tests can be performed using:

• Different sizes of HTTP pages.

• More or fewer HTTP pages.

• Different types of HTTP pages.

• Increased numbers of supported back-end servers to 10%, 25%, 50%, 75% and 100%.


52


HTTPS/SSL

RFC:• RFC 2818 – HTTP Over TLS

Overview:

Load balancers can use SSL to help relieve some of the processing required of a Web server to handle SSL. The client makes an SSL request

to the load balancer, and the load balancer makes a normal unencrypted HTTP request to the Web server. The BreakingPoint Storm CTM will

be configured with two test components. One will be the SSL Clients, and the other will be a Web server. This test will help determine the

load balancer’s ability to offload SSL from the Web server.

Objective:

Determine the ability of the load balancer to handle SSL connections and the rate of SSL Connections per second it can handle.

Setup:


53


1. LogintotheBreakingPointStormCTM.



54


3. SelectTestNew Test.

4. SelectSelect the DUT/NetworkfromTest Quick Steps.


55


5. ItmightbepossibletoreusetheNetwork Neighborhoodcreatedinthefirsttest.Ifyourconfigurationallowsforthis,youshouldselecttheNetwork Neighborhoodcreatedintheprevioustest.Then,undertheDevice Under Test(s),selecttheBreakingPointDefaultoption.ClickAcceptoncecompletedandgotoStep11. IfyourconfigurationdoesnotallowforthereuseofanexistingNetworkNeighborhood,continuetothenextstep.


56


6. ClickOpen network neighborhood screen.

7. LocatetheNetworkNeighborhoodcreatedinthefirsttestandthenclicktheSave Aslink.Thiswillcreateaduplicateforeasierconfigurationchanges.


57


8. EnteranameofLoad Balancer SSLforeasyrecognitionforlateruseandclickOK.

9. SelecttheInterface 2tab.MakechangestotheMinimum IP AddressandMaximum IP Addressasrequired.ClickApply ChangesandthenSave Network(thiswillbeenabledafteryouhaveappliedthechanges).

10. ClicktheReturn to previous screenbutton.


58


11. SelectBreakingPoint DefaultfortheDevice Under Test(s).FortheNetwork Neighborhood(s),selecttheNetworkNeighborhoodthatwasjustcreated.ClickAcceptoncecompleted.

12. Whenpromptedaboutthecurrenttestsetupcontainingmoreinterfacesthanthenewlyselectedone,selectYes.


59


13. SelectAdd a Test ComponentfromTest Quick Steps.

14. SelectSession Sender (L4)forthecomponenttype.


60


15. EnteranameofSSL ClientundertheInformationtabandclickApply Changes.

16. SelecttheInterfacestab.EnabletheExternal ServeranddisabletheInterface 2 Serverforthistestcomponent.AnothertestcomponentwillbecreatedlaterthatwillbeusedastheInterface2Server.ClickApply Changesoncecompleted.



61


18. UndertheData Ratesection,changetheMinimum data rateto1000andclickApply Changes.

19. UndertheDestination Portsection,changethePort distribution typefromRandomtoConstant.Also,changetheMinimum port numberto443sincethisisthestandardportforHTTPS.ClickApply Changesoncecompleted.

20. IntheSession Ramp Distributionsection,changetheRamp Up BehaviortoFull Open + Data + Close.Also,changetheRamp Up Secondsto600.Sincethistestinvolvesonlytherampup,nosteady-stateisrequired.ChangetheSteady-State Secondsto0.Finally,changetheRamp Down Secondsto30andclickApply Changes.


62


21. UndertheRamp Up Profilesection,changetheRamp Up Profile TypetoStair Step.SettheMinimum Connection Rateto2,asthetestwillstep2connectionsevery1second.Also,settheMaximum Connection Rateto1200.Asstatedpreviously,setIncrement N connections per secondto2andtheEvery N secondsto1.

22. SincetheMaximum Connection Rateis1200,youwillneedtosetMaximum Simultaneous SessionsandMaximum Sessions per Secondto15000(thisisthemaximumforSSL/TLS,buttheserateswillnotbereachedinthistest).Also,changetheTarget Minimum Simultaneous SessionsandTarget Minimum Sessions Per Secondto0.ClickApply Changesoncecomplete.


63


23. SettheSSL/TLS Configuration.EnabledparametertotrueandchangeMinimum VersiontoTLSv1.ClickApply Changes.

24. LocatetheCA CertificatefieldandselecttheImportlink.


64


25. Inthepagethatopens,usetheChoose FilebuttontoselecttheCAcertificatelocatedonyoursystem.ClicktheUploadbuttononceselected.Ifthepagedoesnotopenup,checkthebrowsersettingsanddisablepopupblocking.

26. Backinthemainconfigurationscreen,usetheCA Certificatedrop-downmenutoselectthecertificatejustuploadedtothesystem.ClickApply Changesoncecompleted.


65


27. Next,theHTTP Serverneedstobecreated.Sincemostoftheparameterswillbethesame,itiseasiertoclonethetestcomponentyoujustcreated.Right-clickonSSL ClientandselectClone Component.

28. SelectthenewcomponentandthentheInformationtab.

29. EnteranameofHTTP ServerforthistestcomponentandclickApply Changes.


66


30. SelecttheInterfacestabandmakesureonlyInterface 2 Serverisenabled.ClickApply Changesoncecompleted.

31. SelecttheParameterstab.Onemodificationwillbemadetotheexistingparameters.

32. IntheDestination Portsection,locatetheMinimum port number.Thisvalueneedstobechangedto443.ThisisbecauseWebserversdonothandleanyoftheencryption;theloadbalancerhandlestheentireencryptionload.ClickApply Changes.


67


33. VerifythattheTest Statushasagreencheckmarknexttoit.Ifitdoesnot,selecttheTest Statuslinktoviewtheconfiguration.

34. SelectSave and RunfromTest Quick Steps.

35. Enteranameforthetest,suchasLoad Balancer SSL,andclickSave.


68


36. SelecttheTCPtabandmakesureconnectionsarebeingsuccessfullyestablished.

37. Next,selecttheEncryptiontab.VerifythatSSLhandshakesarebeingsuccessfullycompletedfromtheSSL Handshakes per Secondgraph.


69


38. ClicktheClosebuttonwhenthetestcompletes.

39. SelecttheView the reportbutton.ThereportwillopeninaWebbrowser.


70


40. IntheWebbrowserthatappears,expandTest Results for SSL Client,andthenexpandtheDetailsfolder.NoticealltheSSL/TLSresultsthatarecollected.


71


41. ThefirstSSL/TLSresultofinterestistheSSL/TLS Handshake Rate.ThisresultistherateatwhichtheloadbalancerisabletohandleSSL/TLSconnections.SelectSSL/TLS Handshake Ratetoviewtheresults.

42. Noticethatagraphandatableofresultsareloaded.Usingjustthegraph,itispossibletodeterminethatthemostHandshakes Started/soccurredrightaround100secondsbeforeanyHandshakes Aborted/sstartedtooccur.


72


43. Scrolldowntothetimestampjustnoted.LocatethevaluerightbeforeanyHandshakesAborted/soccurs(thelastcolumn).Wearelookingforthisvaluebecauseifaconnectionisaborted,thentheloadbalancerisnotabletohandleanymoreSSLconnectionspersecond.Inthecurrentexample,about196SSLHandshakes/sarepossiblefortheloadbalancertohandle.

44. Next,selecttheSSL/TLSHandshakesview.Agraphandtablewillload.Again,locatethevaluerightbeforeanyHandshakes Abortedhappened.ThisisthemaximumnumberofSSL/TLSconnectionstheloadbalancerisabletohandlebeforeconnectionsareaborted.


73


45. SelectSSL/TLS Transactionsnext.ThisresultviewwillshowabreakdownofSSLtransactionsstartedandfinishedinagraphandtableview.

46. Next,selecttheSSL/TLS Data Ratesview.Thiswillprovideabreakdownoftheprotocoldataratewithtimestamps.YoucanseehowaddedSSLconnectionswillstresstheloadbalancer’snetworkingcapability.

Additional variations of this test can be performed using:

• Different encryption algorithm.

• Different types of Certificates.

• Increased the numbers of supported back-end servers to 10%, 25%, 50%, 75% and 100%


74


HTTP Caching


Overview:

To help relieve some of the stress on Web servers, load balancers are able to cache static items. The test will be configured with two test

components. One will be configured with static data, and the second will be configured with dynamic data. This test will use several images

and several Web pages to help determine a load balancer’s ability to cache the required items.

Objective:

Determine the ability of a load balancer to cache static data and relieve stress from Web servers.

Setup:

This test will require the use of several images. Before starting with the test configuration, either find or create images of

the following sizes:

• 4k

• 8k

• 16k

• 24k

• 188k

• 476k

• 720k


75


1. LogintotheBreakingPointStormCTMSystem.

2. StartanewtestbyselectingTestNew Test.


76


3. Select the DUT/NetworkfromTest Quick Steps.

4. SelectBreakingPoint DefaultastheDevice Under Test(s).FortheNetwork Neighborhood(s)selecttheNetworkNeighborhoodcreatedduringthefirsttest.ClickAcceptoncecompleted.

5. Ifpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,selectYes.


77


6. SelectAdd a Test ComponentfromTest Quick Steps.

7. SelectApplication Simulator (L7)fromtheSelect a component typewindow.

8. Twotestcomponentswillberequiredforthistest.Again,selectAdd a Test ComponentandselectApplication Simulator (L7).Onewillbeusedfortheimagingcachingandtheotherwillbeusedfordynamicdata.Whenthetestconfigurationisdone,therewillbetwoApplicationSimulatorsinthetest.


78


9. SelectthefirstApplication SimulatorcomponentandchangethenametoNon Caching ImagesandclickApply Changes.

10. SelectthesecondApplication SimulatorandchangethenametoCaching Images.ClickApply Changesoncecompleted.


79


11. SuperFlowswillneedtobecreatedusingseveraldifferentimagesofdifferentsizes.FortheNon Caching Imagescomponent,wecanreusetheonecreatedfortheHTTPtest.Select ManagersApplication Manager.

12. Whenpromptedaboutsavingthetest,selectYes.

13. EnteranameofImage CachingwhenpromptedintheSave Test Asdialogbox.ClickSaveoncefinished.


80


14. SelecttheSuper Flowstab.

15. LocateandselectoneoftheSuper Flowscreatedduringthefirsttest.ThenselecttheSave Asoption.ThiswillcreateacopyoftheselectedSuperFlow,allowingforquickerconfiguration.


81


16. Enteraneasy-to-remembernamefortheSuperFlow,suchas4kImage.ClickOKoncefinished.

17. UnderStep 3 – Define Actions,selecttheseconditem.Selectthe{…}buttontoedittheaction.


82


18. Scrolldowntothebottomofthenewwindow.DisableRandom response min length.SelecttheImport URI for response datalink.ThiswillopenanewwindowthatwillallowfortheimagestobeuploadedtotheBreakingPointStormCTM.

19. Inthenewlyopenedpage,clicktheChoose Filebutton.


83


20. Browsetothelocationofthestoredimagesandchoosethecorrectone.Oncecompleted,clicktheUploadbutton.

21. Repeatthepreviousstepwiththeremainingimages.ThiscanalsobedonewhencreatingeachSuperFlow.Whenyouaredoneuploadingalltheimages,closetheWebpage.

22. Enablethe“URIforresponsedata”andusingthedropdownmenu,selectthecorrectimagefile.Oncecompletedclick“ApplyChanges”.


84


23. Clickthe“SaveSuperFlow”buttonwhendone.

24. Repeatsteps16–18and23–24withtheremainingimagefiles.

25. OncealltheSuperFlowshavebeencreated,selecttheAppProfiletab.


85


26. Selectthe“CreateanewApplicationProfile(‘+’)”button.

27. Enteranameforeasyrecognitionlater,suchas“NonImageCache”.


86


28. SelectallthenewlycreatedSuperFlowsandclickthedownarrowbutton.

29. MakesurealltheSuperFlowshavebeenaddedandthenclickthe“SaveAppProfile”button.

30. Clickthe“Returntopreviousscreen”button.


87


31. TheNonCachingImagestestcomponentwillbeconfiguredfirst.MakesurethefirsttestcomponentisselectedandthenselecttheInterfacestab.EnabletheExternalServerandthenclick“ApplyChanges”.

32. Next,selecttheParameterstab.

33. UnderDataRate,changethe“Minimumdatarate”to“500”andclick“ApplyChanges”.


88


34. SeveralchangesarerequiredundertheSessionRampDistributionsection.First,changethe“RampUpSeconds”to“5”.Changethe“Steady-StateSeconds”to“600”andthe“RampDownBehavior”to“30”.Oncecompleted,click“ApplyChanges”.

35. SeveralchangesarerequiredundertheSessionConfigurationsection.First,changethe“MaximumSimultaneousSessions”to“1500”and“MaximumSessionsPerSecond”to“100”.Next,changethe“TargetMinimumSessionsPerSecond”to“1500”.Click“ApplyChanges”whendone.

36. For“ApplicationProfile”,selectthenewlycreatedApplicationProfileandclick“ApplyChanges”.


89


37. SelecttheCachingImagestestcomponentandrepeatsteps32to36sincetheconfigurationisexactlythesame.

38. For“ApplicationProfile”,selecttheApplicationProfilecreatedinthefirsttest.Click“ApplyChanges”oncecompleted.

39. VerifythattheTestStatushasagreencheckmark.Ifitdoesnot,clicktheTestStatuslinkandfixtheindicatedproblems.

40. Ifdesired,enteraDescriptionunderTestInformation.

41. Finally,click“SaveandRun”fromTestQuickSteps.


90


42. Oncetheteststarts,selecttheTCPtab.Verifythatconnectionsarebeingsuccessfullyestablished.

43. Oncethetesthascompleted,closethedialogbox.


91


44. Clickthe“Viewthereport”button.

45. Eachtestcomponentwillcontainitsownresultssection.


92


46. First,expandTestResultsfor“NonCachingImages”andthenexpandthe“Detail”folder.Select“TCPServerStateMachine”fromthelist.


93


47. ThegraphshowsthatServerState“ESTABLISHED”(TCPSessions)isstableduringtherunningofthetest.Also,scrolldowntheServerState“ESTABLISHED”(TCPSessions)columntoverifytherequestsweremadetotheserverforthepages.


94


48. Next,expandTestResultsfor“CachingImages”andthenexpandthe“Detail”folder.Select“TCPServerStateMachine”fromthelist.


95


49. Thegraphshowstheinitial‘ServerState“ESTABLISHED”(TCPSessions)’connections,andoncetheloadbalancerstartstocachethepages,theconnectionsstop.Scrolldownthe‘ServerState“ESTABLISHED”(TCPSessions)’columntoverifythatlargeamountsofrequestswerenotmadetotheserverforthepages.

Variations of this test can be performed as follows:

• Larger number of images

• Larger number of static pages

• Longer test duration

• Increase the number of supported backend servers to 10%, 25%, 50%, 75% and 100%


96


Dual Traffic HTTP and IMAP


• RFC 3501 – Internet Massage Access Protocol – Version 4rev1

Overview:

The load balancer should be configured with both port 80 (default HTTP) and 143 (default IMAP) open. The BreakingPoint Storm CTM

will be configured with two test components. The first test component will use the HTTP protocol and the second one will use IMAP. The

BreakingPoint Storm CTM will act as both the client and server for each protocol. Each test component will be configured to step the

connection rate at a different interval. The results will be viewed to determine how the load balancer is able to handle multiple traffic streams

from multiple protocols.

Objective:

Determine the load balancer’s ability to handle multiple protocols and process the incoming data at a reasonable rate.

Setup:

1. LogintotheBreakingPointStormCTM.


97



3. SelectTestNewTest.


98


4. “SelecttheDUT/Network”fromTestQuickSteps.

5. ThistestwillrequirebothHTTPandIMAPservers,soanewNetworkNeighborhoodwillbecreated.Clickthe“Opennetworkneighborhoodscreen”link.

6. SelecttheNetworkNeighborhoodcreatedinthefirsttestandselect“SaveAs”.


99


7. WhenpromptedforanewnamefortheNetworkNeighborhood,enterin“IMAP/HTTP”foreasyrecognitionlater.

8. Interface1isalreadyconfiguredcorrectly.SelecttheInterface2tabandclickthe“Createanewdomain(‘+’)”button.


100


9. Whenpromptedforaname,enter“IMAP”andclick“OK”.

10. Mostoftheconfigurationiscorrect.Updatethe“MinimumIPAddress”andthe“MaximumIPAddress”asrequired.


101


Click“ApplyChanges”oncecompleted.

11.SelecttheExternaltabandclickthe“Createanewdomain(‘+’)”button.

12. Whenpromptedforaname,enter“IMAP”andclick“OK”.

13. SelectIMAPfromtheDomainslistandselecttheentryintheSubnetsection.Clickthe“Delete”buttontodeletethe


102


entry.

14. Forthenewsubnet,disablethe“UseAddressRange”option.EnterintheconfiguredIPAddressoftheexternalinterfacetouse.Click“AddRange”oncecompleted.

15. VerifythattheIPhasbeenaddedtotheSubnetfield,andthenselectthe“TestPaths”button.


103


16. Select“Specificallydefinedtestpaths”.Then,usingthedropdownmenus,makesurethefirstoneissetto“Interface1:default”andthesecondoneissetto“External:IMAP”.Click“Add”toaddthetestpath.Click“Close”oncecompleted.

17. Finally,clickthe“SaveNetwork”button.


104


18. Clickthe“Returntopreviousscreen”button.


105


19. IntheDeviceUnderTest(s)section,select“BreakingPointDefault”.IntheNetworkNeighborhood(s)sectionselectthenewlycreatedIMAP/HTTPNetworkNeighborhood.Click“Accept”.

20. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,click“Yes”.


106


21. Select“AddaTestComponent”fromTestQuickSteps.Thistestrequirestwotestcomponents.YouwillconfiguretheHTTPcomponentfirst.

22. Inthe“Selectacomponenttype”window,select“ApplicationSimulator(L7)”.


107


23. UndertheInformationtab,enter“HTTP”asthenameofthetestcomponentandclick“ApplyChanges”.

24. SelecttheInterfacestab.EnabletheExternalServerandmakesureInterface1ClientisenabledandInterface2Serverisenabled.Also,verifyeachdomainissettodefault.Click“ApplyChanges”oncefinished.

25. Next,selecttheParameterstab.


108


26. Changethe“Minimumdatarate”to“700”andclick“ApplyChanges”.

27. UndertheSessionRampDistributionsection,change“RampUpBehavior”to“FullOpen+Data+Close”.Changethe“RampUpSeconds”to“600”andchangethe“Steady-StateSeconds”to“0”,andchange“RampDownSeconds”to“30”.Click“ApplyChanges”whendone.

28. UndertheRampUpProfilesection,changethe“RampUpProfileType”to“StairStep”..Also,changethe“MinimumConnectionRate”to“25”andthe“MaximumConnectionRate”to“1525”(600seconds/10seconds=60*25=1500+25initialconnections).Updatethe“IncrementNconnectionspersecond”to“25”and“EveryNseconds”to“10”.Someoftheparameterchangeswillrequirescrolling.Click“ApplyChanges”whendone.


109


29. Change“ApplicationProfile”to“HTTPLoadBalancer”andclick“ApplyChanges”.

30. SelectManagersApplicationManager.

31. Whenpromptedaboutunsaveddataforthelastselectedtest,select“Yes”.


110


32. Savethetestas“DualTrafficHTTPIMAP”.

33. SuperFlowsneedtobecreatedbeforetheApplicationProfilecanbeconfigured.SelecttheSuperFlowstab.


111


34. Clickthe“CreateanewSuperFlow(‘+)”button.

35. WhenpromptedtonametheSuperFlow,enter“IMAPLoadBalancer”andclick“OK”.


112


36. Clickthe“ManageHosts”buttonunder“Step1–DefineHosts”.

37. Twohostsshouldalreadybecreated:aClientandaServer.Click“Close”.

38. In“Step2–DefineHosts”,select“Client”astheClientand“Server”astheServer.FortheProtocol,select“IMAPv4-Advanced”andclickthe“AddFlow(‘+’)”button.


113


39. In“Step3–DefineActions”,usingthe“CreateaNewAction”dropdownmenu,select“Client:Login”andclickthe“AddAction(‘+’)”button.Repeatthisstepwiththe“Client:RetrieveMail”and“Client:Quit”Actions.

40. Selectthe“Login”actionandselectthe{…}button.


114


41. IntheLoginwindowthatappears,makesurethe“TransactionFlag”isenabledandsetto“Continue”.Verify”StartingTagvalue(0==Random)isenabledandsetto“1”.Click“ApplyChanges”.

42. Selectthe“RetrieveMailAction”andclickthe{…}button.


115


43. IntheRetrieveMailwindow,makesurethe“TransactionFlag”isenabledandsetto“Continue”.Verify“StartingTagvalue(0==Random)”isenabledandsetto“15”.Nothingelseshouldbeenabled.Click“ApplyChanges”.

44. Selectthe“QuitAction”andclickthe{…}.


116


45. IntheQuitwindow,verifythatthe“TransactionFlag”isenabledandsetto“Continue”.Verify“StartingTagvalue(0==Random)”isenabledandsetto“23”.Click“ApplyChanges”.

46. Oncealltheconfigurationof“Step3–DefineActions”hasbeencompleted,clickthe“SaveSuperFlow”button.

47. SelecttheAppProfilestab.


117


48. Clickthe“CreateanewAppProfile(‘+’)”button.

49. EnteraneasytorecallnameforthenewAppProfile(e.g.,IMAPLoadBalancer).


118


50. SelectthenewlycreatedSuperFlowandclickthedownarrowbutton.NavigatingthelistofSuperFlowsmightberequiredtolocatethenewlycreatedSuperFlow.

51. Clickthe“SaveAppProfile”button.

52. Clickthe“Returntopreviousscreen”button.Thiswillbringyoubacktothemainconfigurationscreen.


119


53. Right-clickonthe“HTTP”testcomponentandselect“CloneComponent”.

54. SelectthenewtestcomponentandclickontheInformationtab.


120


55. Renamethetestcomponentto“IMAP”andclick“ApplyChanges”.

56. SelecttheInterfacestab.MakesureExternalisenabledandsettoIMAP,Interface1Clientisenabledandsettodefault.Finally,makesureInterface2ServerisenabledandsettoIMAP.Click“ApplyChanges”.



121


58. Underthe“DataRate”section,changethe“Minimumdatarate”to“300”andclick“ApplyChanges”.

59. UndertheRampUpProfilesection,change“MinimumConnectionRate”to“3”and“MaximumConnectionRate”to“1803”(600seconds*3newconnectionsper1+3initialconnections).Update“IncrementNconnectionspersecond”to“3”and“EveryNseconds”to“”1.Click“ApplyChanges”oncecompleted.

60. ScrolldowntotheApplicationProfilesection.Usingthe“ApplicationProfile”dropdownmenu,selectthe“IMAPLoadBalancer”profile.


122


61. Verifythatthe“TestStatus”isagreencheckmark.Ifitisnot,selectthe“TestStatus”linktoviewtheproblems.Thesemustbecorrectedbeforethetestcanberun.

62. Editthetestdescriptionbyclickingthe“EditDescription”linklocatedundertheDescriptionareaoftheTestInformationsection.

63. Select“SaveandRun”fromTestQuickSteps.


123


64. Whentheteststartsrunning,theSummarytabwillbevisible.ThisviewprovidesgreatdetailfortheentiretestfromTCPConnectionRatetoBandwidth.

65. Formorein-depthinformationoneachprotocol,selectthe“Application”tab.MakesureundertheApplicationscolumn“imapadv”and“httpadv”areselected.Thisviewwillprovidedetailsabouteachprotocolbeingtransmitted.

66. Oncethetestfinishes,awindowwillappearwithanotificationthatthetesthaspassed.Click“Close”.


124


67. Clickthe“Viewthereport”button.

68. AWebbrowserpagewillopen.NoticeinthenavigationpanelthatresultsarepresentforHTTP,IMAPandaggregatedstatistics.

69. Expandthe“TestresultsforIMAP”folderandselect“TCPSetupTime”.Ashortersetuptimeissuperiorastheloadbalancerisabletohandletheloadandstillquicklyreacttonewincomingconnections.


125


70. Select“TCPCloseTime”.Again,ashorterclosetimeisbetterastheTCPconnectionclosesandfreesthoseresources.

71. ExpandtheDetailsfolderandselect“TCPConnectionRate”.Agraphandatableoftheresultswillbevisible.ThisresultviewshowshowtheconnectionratewassteppedupandhowtheClientandtheServerhandledthem.


126


72. Selectthe“FrameDataRate”view.Thiswillshowagraphandatable.Fromthisview,itispossibletodeterminethedatatransmitanddatareceiverateatspecificintervalsthroughoutthetests.

73. Repeatthepreviousfourstepsexpectunderthe“TestResultsforIMAP”toviewtheIMAPresults.

74. Finally,expandthe“TestResultsforAggregateStatistics”andexpandthe“Detail”folder.Selectthe“EthernetDataRates”view.Thisviewwillshowtransmitandreceiveratesforbothprotocolscombined.

Other mixed traffic tests can also be performed, below are some examples:

• Increase the number of connections to greater stress the load balancer

• A longer test run time

• Create an Application Profile that uses mix traffic

• Use different protocols to test how they affect the Load balancer

• Increase the number of supported backend servers to 10%, 25%, 50%, 75% and 100%


127


BlockFuzzer

Overview:

A Security test component will be added to the test. The Security test component will be configured to transmit a security Strike. This

provides the ability to test a load balancer’s capability to handle malformed packets or errors within the packets. The results will be

examined to determine the load balancer’s ability to block the Strikes.

Objective:

Determine the ability of the load balancer to handle malformed packets.

Setup:


128


1. Witheachtest,afuzzerportionshouldbeaddedaftertheinitialtesttotesttheloadbalancer’sabilitytohandleerrors.

2. SelectMangersAttackManager.

3. Clickthe“Createanewattackseries”buttonunderthe“AttackSeries”listtocreateanewAttackSeries.

4. Whenprompted,enteranameforthenewAttackSeriesandclick“Ok”.


129


5. Next,clickthe“Addnewstrike/strikeset”buttonunderthe“StrikesandStrikesets”listtoopentheStrikeBrowser.

6. Selectthe“Strikes”radiobuttonforthe“ReturnType”andintheKeywordslocate“fuzzer”.Clickthe“Search”button.Inthereturnedlist,locate“/strikes/fuzzers/flowfuzzer/blocktypes.xml”.


130


7. ClicktherightarrowbuttontoaddtheStriketothe“Strike/Strikesets”list.Clickthe“AddStrike”buttononcecompleted.

8. OncebackinthemainAttackManagerwindow,clickthe{…}button.


131


9. Locatethe“SELF.AppSimSmartflow”optionandsetittothedesiredSuperFlow.Click“ApplyChanges”andthen“Close”.

10. Clickthe“Returntopreviousscreenbutton”.Thiswillbringyoubacktothecurrenttestconfiguration.

11. Select“AddaTestComponent”optionintheTestQuickStepssection.


132


12. SelectaSecuritytestcomponent.

13. UndertheInformationTaboftheSecuritytestcomponent,enteranameandclick“ApplyChanges”.

14. SelecttheInterfacestab.VerifythattheExternalServerisenabled,Interface1Clientisenabled,andInterface2Serverisdisabled.Click“ApplyChanges”.


133


15. SelecttheParameterstabandlocatetheAttackSeriesoption.Usingthedropdownmenu,locatethenewlycreatedAttackSeriesandclick“ApplyChanges”oncecompleted.

16. UndertheApplicationSimulatortestcomponent,decreasethe“Minimumdatarate”undertheParameterstab.Click“ApplyChanges”oncecompleted.

17. VerifytheTestStatushasagreencheckmark,andthenclick“SaveandRun”underTestQuickSteps.


134


18. Afterlookingattheothermetricswhilethetestisunderway,selecttheAttackstab.VerifytheAttackhasbeenblocked.

19. Oncethetesthasruntocompletion,viewtheresultsthesamewaywaspreviouslydone.

20. Testresultswillbeavailableforthe“FuzzerHTTPFlash”testcomponent(oryourdefinednamed).

21. Expandthe“TestResultsforFuzzerHTTPFlash”folderandselect“StrikeResults”.Verifythe“TotalStrikeCount”hasavalueof1Strikeand“StrikeBlocked”hasavalueof1Striketoo.


135


Load Balancer Configuration

The configuration used in these tests is not very complex. Three different clusters were configured, one for HTTP, one for Mail, and finally

one for SSL. Each cluster contains 6 servers.

The Mail Cluster has an external IP address of 10.0.255.20 and uses only port 143.


136


Each of the 6 mail servers has a unique IP Address and uses port 143.

The only difference with the HTTP Cluster is an external IP address of 10.0.255.10 and uses port 80. Also, the only difference with the SSL

Cluster is an external IP address of 10.0.255.30 and the use of port 443. Also, the SSL Cluster requires a Certificate to use.


137


About BreakingPointBreakingPoint pioneered the first and only Cyber Tomography Machine

(CTM) to expose previously impossible-to-detect stress fractures within

cyber infrastructure components before they are exploited to compromise

customer data, corporate assets, brand reputation and even national security.

BreakingPoint products are the standard by which the world’s governments,

enterprises, and service providers optimize the resiliency of their cyber

infrastructures. For more information, visit www.breakingpoint.com.

BreakingPoint Storm CTM

BreakingPoint has pioneered Cyber Tomography with the introduction of

the BreakingPoint Storm CTM, enabling users to see for the first time the

virtual stress fractures lurking within their cyber infrastructure through the

simulation of crippling attacks, high-stress traffic load and millions of users.

BreakingPoint Storm CTM is a three-slot chassis that provides the equivalent

performance and simulation of racks and racks of servers, including:

• 40 Gigabits per second of blended stateful application traffic

• 30 million concurrent TCP sessions

• 1.5 million TCP sessions per second

• 600,000+ complete TCP sessions per second

• 80,000+ SSL sessions per second

• 100+ stateful applications

• 4,500+ live security strikes

BreakingPoint Resources

Hardening cyber infrastructure is not easy work, but nothing that is this

important has ever been easy. Enterprises, service providers, government

agencies and equipment vendors are under pressure to establish a cyber

infrastructure that can not only repel attack but is resilient to application

sprawl and maximum load. BreakingPoint’s Cyber Tomography Machine

(CTM) provides the technology and solutions that allow these organizations

to create a hardened and resilient cyber infrastructure. BreakingPoint also

provides the very latest industry resources to make this process that much

easier, including Resiliency Methodologies, How-to Guides, white papers,

webcasts, and a newsletter. To learn more, visit

www.breakingpoint.com/resources.

BreakingPoint Labs Community

Join discussions on the latest developments in hardening cyber

infrastructure. BreakingPoint Labs brings together a diverse community of

people leveraging the most current insight to harden cyber infrastructure to

withstand crippling attack and high-stress application load.

Visit www.breakingpointlabs.com.

Contact BreakingPoint

Learn more about BreakingPoint

products and services by contacting a

representative in your area.

1.866.352.6691 U.S. Toll Free

www.breakingpoint.com

BreakingPoint Global Headquarters

3900 North Capital of Texas Highway

Austin, TX 78746

email: [email protected]

tel: 512.821.6000

toll-free: 866.352.6691

BreakingPoint EMEA Sales Office

Paris, France


tel: + 33 6 08 40 43 93

BreakingPoint APAC Sales Office

Suite 2901, Building #5, Wanda Plaza

No. 93 Jianguo Road

Chaoyang District, Beijing, 100022, China


tel: + 86 10 5960 3162

Technology

Server Load Balancer Test Methodology