Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
WHITE PAPER
“Xena recreates complex
traffic so client and server
communicate in exactly
the same order as the
captured traffic to ensure
realistic network scenarios
for the DUT”.
OVERVIEW
Testing new applications, systems, products and protocols allows companies to validate
and verify the system and ensure the application does not result in expensive failures
later in development and deployment.
Analytic traffic models and traffic simulators often fail to provide complex and realistic
traffic. They are usually based on assumptions and simplify the traffic behavior, which
does not provide for a realistic and comprehensive system testing, although they are
very useful in troubleshooting and pinpointing the problem. Testing with realistic
network traffic places the device under test (DUT) in a realistic network environment
and delivers authentic results.
Xena provides an application emulation function and an up-to-date library of real-world
traffic captured in pcap file format so users can emulate live traffic and test products in
a realistic network environment.
APPLICATION EMULATION CREATING REALISTIC TRAFFIC THROUGH APPLICATION EMULATION
IMPROVES TEST RESULT ACCURACY
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
APPLICATION EMULATION
Contents
INTRODUCTION ................................................................................................................... 3
Need for Stateful Traffic Testing ......................................................................................... 4
True Stateful vs. Simulated Stateful .................................................................................... 4
Need For Application Emulation ......................................................................................... 5
XenaAppMix: Pre-defined Library for Application Emulation ............................................. 9
Protocol-oriented Library .......................................................................................... 10
Application-oriented Library ..................................................................................... 15
Traffic Mixes .............................................................................................................. 18
Conclusion ......................................................................................................................... 19
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
INTRODUCTION
Stateless Network vs. Stateful Network
Network has been evolving for decades but the
separation line in the network stack remains between
layer 3 and layer 4 in the OSI model. Below that line,
there are the data link and network layers (stateless),
where Ethernet and IP are in dominance. Stateless
networking requires little participation. It just evaluates
the packet headers and determines where to forward,
e.g. IP routing and Ethernet switching. Little information
extracted from the packets is saved and thus there is no
need for large memory for that purpose. Decisions are
made on a per packet basis, not compared to previous
packets but based on the forwarding table. Therefore, it
is stateless: no communication state is retained.
As moving towards to the upper layers above that separation line, communication becomes
stateful. Here, stateful networking retains certain information extracted from packets and is
required to perform much more complex computing with more memories. This is because
connection-oriented protocols such as TCP try to provide guaranteed message delivery by using
sequence numbers to tackle out-of-order and packet loss. Thus, packets on these layers are not
processed in a per-packet manner but per-session/connection.
The higher the network layer, the more complex it becomes. Application routing based on layer 7
HTTP headers rely on whether the intermediate network device has the ability to maintain the
session state and extract information from the payload of the message. A message on this layer
could consist of several packets due to the limitation of network MTU. This requires that the
intermediate device must be stateful, for it must gather enough information from several packets
before it knows how to process the traffic.
Protocol-wise, layer 2-3 is fixed and standardized while layer 4-7 is more variable and flexible.
Devices at layer 2-3 have highly optimized algorithms closely tied with hardware for packet
forwarding. As networking moves up the protocol stack, such as HTTP, there is a wide variation
on the header content because not all fields are required in the HTTP header. This dynamic
content pattern is what makes the stateful higher layers complex and difficult to test.
Data Link
Network
Transport
Session
Presentation
Application
Physical
stateless
stateful
Figure 1. Moving from stateless to stateful networking
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
NEED FOR STATEFUL TRAFFIC TESTING
Stateless packet generation is useful for many different types of tests: background traffic,
performance stress testing (e.g. packets per second, bits per second, etc.) They are also useful for
QoS testing.
However, stateless packet blasting cannot meet the performance testing requirements of stateful
networking devices such as firewalls, IDS/IPS, packet brokers, and load balancers. It has become
extremely relevant for those stateful devices to inspect stateful application traffic in order to test
the performance before deployment and during the service life time after each upgrade because
stateful devices can become the throughput bottleneck in the network they service.
Dealing with TCP traffic and stateful devices is complex. Stateful firewalls, for example, expect a
TCP three-way handshake and check packets in the established connection, and will open other
ports to allow the connection to be instantiated and maintained. They also retain the state of the
session: if the session is timing out or completed, the firewalls will close the port on the fly. Thus,
simply blasting packets with no awareness of the TCP layer and above (layer 5-7) will certainly fail
to complete an application or security test for data centers, enterprises, and related equipment
manufacturers.
TRUE STATEFUL VS. SIMULATED
STATEFUL
Some open-source traffic generators, e.g. TRex,
claim to generate stateful traffic. However,
they are considered stateless packet
generators with schedulers and realistic
payloads rather than true stateful layer 4-7
traffic and application emulators, because they
do not provide the TCP stack. Without a TCP
stack, these traffic generators have to use a
manually pre-calculated round-trip time (RTT)
between the client and the server to artificially
schedule the transmission order of packets and
prevent the out-of-sequence problem, as shown in Figure 2. If the RTT time is misconfigured
when a device under test (DUT) is in place, then the server may transmit an ACK reply before it
Figure 2. True stateful vs. simulated stateful
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
receives a SYN request (RTT too low), or the delay can be too high to generate any meaningful
results (RTT too high). Due to the lack to TCP stack, these open-source traffic generators fail to
provide layer 4-7 awareness. Applications, especially web browsers, typically fetch data from
multiple servers across the internet: 20 to 50 connections is considered normal, and hundreds is
not unusual. Without a TCP stack and layer 4-7 awareness, it is extremely difficult to emulate
such a traffic profile correctly.
Unlike these open-source traffic generators, Xena provides a better solution – true stateful layer
4-7 application emulation with an extreme-performance built-in TCP stack and the ability to
modify layer 2-3 parameters.
With a TCP stack implemented, there is no need to schedule the sequence of control packets
between the client and the server with a pre-calculated RTT value. The server will not
accidentally send replies prior to the requests from the client, and the test results will be more
accurate and convincing. With full layer 4-7 awareness and a rich application traffic library of live
network traffic capture, the client and server both run in state machines that analyze and
interpret the communications above layer 4 and open/close connections on the fly.
This allows a synchronized dialog between the client and the server meaning no RTT is required
to simulate the dialog. The benefit is significant when complex scenarios and millions of TCP
connections are emulated. Using real live application emulation with complex interactive
sessions, customers can do such security or application testing where stateful traffic is highly
demanded.
To find out if the system or network is handling desired requirements as expected, engineers
need to test it with traffic that is in use on the network. For applications and products in the
domain of networking technology, telecommunication technology, and information technology,
there is a consistent demand for the traffic generation tools that can create various test
conditions close to those experienced in real scenarios.
NEED FOR APPLICATION EMULATION
Analytic traffic models and traffic simulators often fail to provide complex and realistic traffic.
They are usually based on assumptions and simplify the traffic behavior, which does not suffice
for a realistic and comprehensive system testing, although they are very useful in troubleshooting
and pinpointing the problem.
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
By comparison, testing with realistic network traffic places the DUT in a realistic network
environment has a much better chance of generating convincing results. As shown in Figure 4
and Figure 3, real-time entertainment, e.g. YouTube and Netflix, is the top category to the peak
downstream traffic. Web browsing, file sharing, and social networking make up most of the
remaining traffic. In total, these four categories comprise more than 80% of the peak
downstream traffic.
Figure 3. Peak period network traffic composition (Europe)
Source: Global Internet Phenomena Asia-Pacifi & Europe, September 2015, Sandvine
Figure 4. Peak period network traffic composition (North America)
Source: Global Internet Phenomena Latin America & North America, May 2015, Sandvine
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Network testing needs to take traffic composition into account. By replaying the recorded
network traffic, engineers can accurately determine how far they can push the infrastructure
before it fails to meet the expectations, and whether a product can handle customers’ needs.
Traffic capture and replay has become an essential part of application emulation. However, it is
not easy to do it correctly. As mentioned, applications fetch data from more than one server
across the internet, resulting in multiple concurrent connections. When a user opens a Chrome
browser to visit a webpage, for instance, the browser opens not just one connection to the
webserver on port 80 or 433, it also opens connections to download ads images and videos,
and/or connections to content servers. Some state-of-the-art traffic generators can analyze the
captured traffic but they fail to provide concurrent connections, which real applications always
have. These traffic generators usually open a TCP connection for an application session, close it
down, and move to the next session. This is not the correct way to emulate real applications.
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Xena creates multiple concurrent connections for one user application (e.g. Chrome browser
application) according to the captured traffic, shown in Figure 5. These connections have
different start time and duration, and are correlated. As time advances, it opens and closes
connections according to the application profile in the library. This one-user application traffic
emulation can easily scale to millions of users, with up to millions of concurrent connections
running through the DUT.
Using the rich library of different application traffic and protocol traffic profiles, Xena application
emulation allows its customers to perform true stateful traffic test with realistic live network
traffic on DUTs (e.g. firewalls, load balancers, and routers), pushing them to the performance
limit with millions of concurrent connections and connection per seconds.
Time
emulation direction
...
Connection 1
Connection 2
Connection 3
Connection 4
Connection 5
Connection 6
Connection 7
Connection 8
Connection 9
DUTDUT
Figure 5. Multiple concurrent correlated connections per user applications (HTTP, DNS, FTP, etc.). Ability to scale up to millions of users with different addresses.
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
XENAAPPMIX: PRE-DEFINED LIBRARY FOR APPLICATION
EMULATION
Xena offers XenaAppMix, a pre-defined library that customers can use to emulate application
traffic and test DUTs in a realistic network environment. Live network traffic is usually captured
into a pcap (packet capture) file in the format that libpcap and WinPcap use. It contains a
complete record of network activity from layer 2 to layer 7, and can be read by applications such
as tcpdump, Wireshark, CA NetMaster, etc.
XenaAppMix enables users to emulate live traffic and test their products in a realistic network
environment. The library is kept up-to-date with the latest network traffic patterns. XenaAppMix
is categorized into three categories:
• PROTOCOL-ORIENTED LIBRARY. This library contains traffic of specific networking
protocols, e.g. HTTP, IMAP, FTP, etc. The purpose of this library is to provide pure
protocol traffic so that users can build their own applications.
• APPLICATION-ORIENTED LIBRARY. This library contains traffic of internet applications
and mobile applications, e.g. Facebook, Instagram, email, etc. The purpose of this library
is to provide application traffic so that users can perform comprehensive tests or
building their own mixes.
• TRAFFIC MIXES. This library contains mixes of application traffic based on well-
researched results. The purpose of this library is to provide users with pre-defined traffic
composition mix templates for different network environment to verify the performance
variations.
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Protocol-oriented Library
This library contains traffic of specific networking protocols, e.g. HTTP, IMAP, FTP, etc. The
purpose of this library is to provide pure protocol traffic so that users can build their own
applications. Some protocol examples are listed below:
HTTP/HTTPS
The Hypertext Transfer Protocol (HTTP) is an application-layer protocol for distributed and
collaborative information systems. HTTP is the foundation of data communication for the World
Wide Web. An HTTP session is a sequence of network request-response transactions. An HTTP
client initiates a request by establishing a TCP connection to a particular port on a server,
typically port 80.
HTTPS, also known as HTTP over TLS, HTTP over SSL, or HTTP Secure, is a protocol for secure
communication over a computer network. HTTPS consists of communication over HTTP within a
connection encrypted by TLS/SSL. The default port number is 443. The main drive for HTTPS is
authentication of the visited website and protection of the privacy and integrity of the exchanged
data.
Figure 6. Examples of the pre-define library, XenaAppMix, for application emulation
DNS FTP DHCP Telnet MQTT BitTorrent HTTP IMAP SMTP SMB NFS SSL/TLS FIX RTP
Netflix
Youtube
Line
Messenger
Amazon
eBay
Remote Desktop
Skype
Outlook
IoT
Chrome
Comprehensive
AP
PLI
CA
TIO
N-O
RIE
NTE
D L
IBR
AR
Y
PROTOCOL-ORIENTED LIBRARY
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
HTTP/HTTPS dominates 50% to 80% of the global internet traffic according to Sandvine’s latest
research results1,2. The prevalence of HTTP/HTTPS has made them indispensable for network
testing.
SMTP
Simple Mail Transfer Protocol (SMTP) is an internet standard for email transmission. SMTP uses
TCP port 25 by default. For mail submission, it uses port 587. SMTP connections secured by
TTLS/SSL, known as SMTPS, use TCP port 465. User-level client mail applications typically use
SMTP only for sending messages to a mail server for relaying. For retrieving messages, client
applications usually use either POP3 or IMAP.
IMAP
Internet Message Access Protocol (IMAP) is an internet standard protocol used by email clients to
retrieve email messages from a mail server over a TCP connection. An IMAP server typically
listens on port 143. IMAP over SSL (IMAPS) is assigned the port 993.
POP3
The Post Office Protocol (POP) is an application-layer internet standard protocol used by local
email clients to retrieve email from a mail server over a TCP. The version 3 (POP3) is the last
standard in common use. A POP3 server listens on TCP port 110. Encrypted communication for
POP3 uses TLS/SSL on TCP port 995.
1 “Global Internet Phenomena, Latin America & North America”, May 2015, Sandvine
2 “Global Internet Phenomena, Asia-Pacific & Europe”, September 2015, Sandvine
SMTP SMTP
SMTP server
the internet
SMTP
POP/IMAP server
IMAP
25/587
SMTPS465
SMTPS
SMTPS
143
993IMAPS
POP3
Secure POP3
110 995
Figure 7. SMTP, IMAP and POP3
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
MQTT
Message Queueing Telemetry
Transport (MQTT) is client-server
publish/subscribe messaging
transport protocol running on
top of TCP with port number
1883 reserved with IANA. TCP/IP
port 8883 is also registered for
using MQTT over SSL. It is
designed for connections with
remote locations where a “small
code footprint” is required or
the network bandwidth is
limited. Thus, it is ideal for
communication in Machine-to-Machine (M2M) and Internet of Things (IoT).
The publish/subscribe messaging model requires a message broker (server). The broker is
responsible for distributing messages to interested clients based on the topic of a message.
Amazon Web Services (AWS) announced Amazon IoT based on MQTT on October 8, 2015.
Facebook has used some aspects of MQTT in its Facebook Messenger product, though details of
how much of MQTT is used or for what has not been disclosed.
BitTorrent
BitTorrent is a communications protocol of peer-to-peer file sharing used to distribute data over
the Internet. It is one of the most
common protocols for transferring
large files. BitTorrent can be used to
reduce the server and network
impact of distributing large files.
Rather than downloading a file from
a single source server, the BitTorrent
protocol allows users to join a
“swarm” of hosts to upload
to/download from each other
simultaneously. The protocol is an
alternative to the older single source,
Figure 8. MQTT in IoT
Figure 9. BitTorrent in peer-to-peer communication
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
multiple mirror sources technique for distributing data, and can work effectively over networks
with lower bandwidth. BitTorrent traffic accounts for 5% to 30% of internet traffic depending on
region.
Telnet
Telnet is an application-layer protocol used on the internet or local area networks (LAN) to
provide a bidirectional interactive text-oriented communication using a virtual terminal
connection. User data is intermixed in-band with Telnet control information in a byte-oriented
data connection over TCP. Typically, Telnet server uses TCP port number 23 to listen to incoming
connections.
DHCP
The Dynamic Host Configuration Protocol
(DHCP) is a network protocol used on IP
networks for dynamically distributing network
configuration parameters, such as IP addresses
for interfaces and services. Computers request
IP addresses and networking parameters
automatically from a DHCP server, reducing
the need for manual configuration.
DHCP uses a connectionless service model
running on UDP. UDP port number 67 is the destination port of a server, and UDP port number
68 is used by the client.
FTP
File Transfer Protocol (FTP) is used to transfer
computer files between a client and server on a
computer network. FTP uses separate control
and data connections between the client and
the server, and can run in active or passive
mode, which determines how the data
connection is established. In both cases, the
client creates a TCP control connection from a
random, usually an unprivileged, port N to the
FTP server command port 21.
Figure 10. DHCP for dynamical IP address distribution
Figure 11. FTP in active and passive modes
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
In active mode, the client start listening for incoming data from the server on port M. It notifies
the server by sending FTP command PORT M. The server then initiates a data connection to the
client from port 20, FTP server data port.
When the client is unable to receive incoming TCP connections, e.g. behind a firewall, passive
mode is used. The client in passive mode sends FTP command PASV to the server using the
control channel and receives the server IP address and the port number on which the server is
listening. The client then initiate a data connection from a random client port to the server IP
address and server port received from the control channel.
FIX
The Financial Information eXchange (FIX) protocol is an electronic communications protocol
initiated in 1992 for international real-time exchange of information related to the securities
transactions and markets. Managing the delivery of trading applications and keeping latency low
increasingly requires an understanding of the FIX protocol.
RTP/RTCP
The Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over
IP networks. RTP is used extensively in communication and entertainment systems that involve
streaming media, such as telephony, video teleconference applications, television services and
web-based push-to-talk features. RTP typically runs over User Datagram Protocol (UDP). RTP is
used in conjunction with the RTP Control Protocol (RTCP). While RTP carries the media streams
(e.g., audio and video), RTCP is used to monitor transmission statistics and quality of service
(QoS) and aids synchronization of multiple streams. RTP is one of the technical foundations of
Voice over IP and in this context is often used in conjunction with a signaling protocol such as the
Session Initiation Protocol (SIP) which establishes connections across the network.
SIP
The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling
multimedia communication sessions. The most common applications of SIP are in Internet
telephony for voice and video calls, as well as instant messaging, over IP networks. SIP works in
conjunction with several other application layer protocols that identify and carry the session
media. Media identification and negotiation is achieved with the Session Description Protocol
(SDP). For the transmission of media streams (voice, video) SIP typically employs the Real-time
Transport Protocol (RTP) or Secure Real-time Transport Protocol (SRTP). For secure transmissions
of SIP messages, the protocol may be encrypted with Transport Layer Security (TLS).
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
SSDP
The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet
Protocol Suite for advertisement and discovery of network services and presence information. It
accomplishes this without assistance of server-based configuration mechanisms, such as the
Dynamic Host Configuration Protocol (DHCP) or the Domain Name System (DNS), and without
special static configuration of a network host. SSDP is the basis of the discovery protocol of
Universal Plug and Play (UPnP) and is intended for use in residential or small office environments.
NFS
Network File System (NFS) is a distributed file system protocol allowing a user on a client
computer to access files over a computer network much like local storage is accessed. NFS, like
many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC)
system. The NFS is an open standard defined in Request for Comments (RFC), allowing anyone to
implement the protocol.
SMB2
Server Message Block (SMB), one version of which was also known as Common Internet File
System (CIFS), operates as an application-layer network protocol mainly used for providing
shared access to files, printers, and serial ports and miscellaneous communications between
nodes on a network. It also provides an authenticated inter-process communication mechanism.
Application-oriented Library
Chrome: web applications
Google’s browser Chrome was estimated to be used on 60.1% of desktops in March 2016. Users
often install plugins or extensions to Chrome e.g. email, cloud storage, dictionary, etc. As a result,
when Chrome launches, it establishes multiple TCP connections to send and fetch data to and
from remote servers. Thus, Chrome application is essential for user traffic replay because of its
worldwide prevalence. Features of Chrome traffic profile are observed as:
• Large number of connections
• Medium-loaded connection
• Short connection duration
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Streaming: Netflix, YouTube, HBO, iTunes
Streaming applications like Netflix, YouTube, HBO, iTunes, etc., dominate internet traffic due to
their high bandwidth consumption, especially on-demand video streaming. Nearly 70% of
downstream traffic in North America is from real-time streaming and 46% in Europe. It is thus
vital to test networks, servers, routers, switches and other network devices with realistic
streaming traffic portfolio to evaluate their performances. Streaming traffic is typically:
• Small number of connections
• Heavy-loaded connection
• Long connection
• More downstream than upstream
Email: Outlook, Gmail
Email is an indispensable application for everyday life. An email client application, usually on
mobile devices, contains multiple email accounts. When launched, the application initiates
multiple TCP connections to different mail servers. STMP is usually used for sending emails and
POP3/IMAP for receiving. In most cases, secure channels, e.g. TLS, are established before
exchanging data.
Figure 12. Chrome browser opens multiple connections at launch
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Internet of Things
The Internet of Things (IoT) is the network of physical objects or software embedded with
electronics, sensors, and network connectivity, which enables these objects to collect and
exchange data to provide services. IoT applications include parking, trash management, traffic,
lighting, energy, hospital, home automation, campus, agriculture, etc. Enabling technologies,
especially on the connectivity part, include RFID, Bluetooth low energy, ZigBee, Wi-Fi, etc. On the
framework layer, protocols like MQTT is widely used. The publish/subscribe model and the
lightweight feature of MQTT enables both client-server communication as well as machine-to-
machine. Typical IoT applications generate traffic that is:
• Low data rate
• More upstream than downstream
• Great number of data sources
Peer-to-Peer File Sharing
Peer-to-peer file sharing is the distribution and sharing of files using peer-to-peer (P2P)
networking technology. Users are able to share files such as music, movies, software, games, and
books using a P2P program with BitTorrent as the behind-the-scene communication protocol.
Despite the controversial issues, BitTorrent traffic accounts for a large proportion of upstream
traffic, and thus an important traffic pattern to test. Features of BitTorrent traffic include:
• Multiple sources and destinations
• Both upstream and downstream
Figure 13. Email client application uses multiple connections to provide the service.
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Traffic Mixes
Testing with different traffic mixes can provide an in-
depth understanding how the stateful device
performs under different network environments. The
aggregate portfolio composes the traffic based on
Sandvine’s internet traffic observation reports. Users
can choose different profiles accordingly.
Enterprise Mix
The Enterprise Mix provides customizable traffic
profile templates with most commonly used
applications in enterprise/office/SMB (no datacenter
provisioned) scenarios. Figure 14 shows an example
of such a composition. SMB is mainly used for
providing shared access to files, printers, etc. NFS
allows a user on a client computer to access files
over a network like a local storage.
Datacenter Mix
The Datacenter Mix provides customizable traffic profile
templates with most commonly used applications in
large enterprise scenarios where a datacenter is
provisioned. Figure 15 shows an example of such a
composition3.
3 https://www.microsoft.com/en-us/research/wp-content/uploads/2010/11/DC-Network-Characterization-imc2010.pdf
Figure 14. Enterprise traffic mix.
Figure 15. Datacenter traffic mix.
Figure 16. Finance traffic mix.
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
Finance Mix
Finance Mix provides a customizable traffic profile for
testing how a firewall performs with applications used in
financial institutions such as stock exchanges and banks.
Financial Information eXchange (FIX) is the standard
electronic protocol for pre-trade communications and
trade execution. Almost every major stock exchange and
investment bank uses FIX for electronic trading. Figure 16
shows the composition of different FIX versions used by
buyers.
Web Mix
The Web Mix aims at testing firewalls with realistic web traffic composition. According to the
observation from Sandvine4, most of the traffic on the internet is encrypted (SSL/TLS, VPN,
Data compression proxies, and proxy applications), and more encryption techniques such as
SPDY, QUIC and HTTP/2 are emerging. Figure 17 demonstrates the encryption composition in
2016, with Netflix transition to full encryption.
CONCLUSION
To determine if the system or network is handling desired requirements as expected, engineers
need to test it with real-world traffic. The most common way of testing with realistic network
traffic is application emulation.
XenaAppMix is a pre-defined library of selected application traffic captured in pcap file format,
enabling users to emulate and replay live traffic and test their DUTs in a realistic network
environment. The library is continuously updated with the latest network traffic mixes so that
users are able to evaluate with up-to-date traffic pattern and composition. XenaAppMix is
categorized into protocol-oriented, application-oriented and traffic mixes. The protocol-oriented
library aims at providing pure protocol traffic for testing. Users have the full freedom to build up
their own applications by selecting different protocols. The application-oriented is suitable for
4 https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/encrypted-internet-traffic.pdf
Figure 17. Web traffic mix.
WH
ITE
PA
PER
Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com
synergetic tests because one application contains many connections and use different protocols,
e.g. DNS and HTTP, in a correlated fashion. Traffic mixes provide pre-define traffic composition
templates for users to put the DUTs under different network environment for performance
testing. Users are able to customize or build their own mixes for special test scenarios. By
choosing different combinations from XenaAppMix in tandem with Xena L4-7 test platforms, test
engineers are able to perform complex test scenarios and gain in-depth knowledge of the DUT
and the system.
Different from some open-source traffic replay software, Xena is able to regenerate the
comprehensive traffic in a synchronized fashion where the client and server communicate with
each other in the exactly same order as the captured traffic. By engineering this outstanding
feature, Xena Networks is capable of reproducing the realistic network scenarios for the device
under test.