WHITE PAPER · forwarding. As networking moves up the protocol stack, such as HTTP, there is a wide variation on the header content because not all fields are required in the HTTP

WH

ITE

PA

PER

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

“Xena recreates complex

traffic so client and server

communicate in exactly

the same order as the

captured traffic to ensure

realistic network scenarios

for the DUT”.

OVERVIEW

Testing new applications, systems, products and protocols allows companies to validate

and verify the system and ensure the application does not result in expensive failures

later in development and deployment.

Analytic traffic models and traffic simulators often fail to provide complex and realistic

traffic. They are usually based on assumptions and simplify the traffic behavior, which

does not provide for a realistic and comprehensive system testing, although they are

very useful in troubleshooting and pinpointing the problem. Testing with realistic

network traffic places the device under test (DUT) in a realistic network environment

and delivers authentic results.

Xena provides an application emulation function and an up-to-date library of real-world

traffic captured in pcap file format so users can emulate live traffic and test products in

a realistic network environment.

APPLICATION EMULATION CREATING REALISTIC TRAFFIC THROUGH APPLICATION EMULATION

IMPROVES TEST RESULT ACCURACY

WH

ITE

PA

PER


APPLICATION EMULATION

Contents

INTRODUCTION ................................................................................................................... 3

Need for Stateful Traffic Testing ......................................................................................... 4

True Stateful vs. Simulated Stateful .................................................................................... 4

Need For Application Emulation ......................................................................................... 5

XenaAppMix: Pre-defined Library for Application Emulation ............................................. 9

Protocol-oriented Library .......................................................................................... 10

Application-oriented Library ..................................................................................... 15

Traffic Mixes .............................................................................................................. 18

Conclusion ......................................................................................................................... 19

WH

ITE

PA

PER


INTRODUCTION

Stateless Network vs. Stateful Network

Network has been evolving for decades but the

separation line in the network stack remains between

layer 3 and layer 4 in the OSI model. Below that line,

there are the data link and network layers (stateless),

where Ethernet and IP are in dominance. Stateless

networking requires little participation. It just evaluates

the packet headers and determines where to forward,

e.g. IP routing and Ethernet switching. Little information

extracted from the packets is saved and thus there is no

need for large memory for that purpose. Decisions are

made on a per packet basis, not compared to previous

packets but based on the forwarding table. Therefore, it

is stateless: no communication state is retained.

As moving towards to the upper layers above that separation line, communication becomes

stateful. Here, stateful networking retains certain information extracted from packets and is

required to perform much more complex computing with more memories. This is because

connection-oriented protocols such as TCP try to provide guaranteed message delivery by using

sequence numbers to tackle out-of-order and packet loss. Thus, packets on these layers are not

processed in a per-packet manner but per-session/connection.

The higher the network layer, the more complex it becomes. Application routing based on layer 7

HTTP headers rely on whether the intermediate network device has the ability to maintain the

session state and extract information from the payload of the message. A message on this layer

could consist of several packets due to the limitation of network MTU. This requires that the

intermediate device must be stateful, for it must gather enough information from several packets

before it knows how to process the traffic.

Protocol-wise, layer 2-3 is fixed and standardized while layer 4-7 is more variable and flexible.

Devices at layer 2-3 have highly optimized algorithms closely tied with hardware for packet

forwarding. As networking moves up the protocol stack, such as HTTP, there is a wide variation

on the header content because not all fields are required in the HTTP header. This dynamic

content pattern is what makes the stateful higher layers complex and difficult to test.

Data Link

Network

Transport

Session

Presentation

Application

Physical

stateless

stateful

Figure 1. Moving from stateless to stateful networking

WH

ITE

PA

PER


NEED FOR STATEFUL TRAFFIC TESTING

Stateless packet generation is useful for many different types of tests: background traffic,

performance stress testing (e.g. packets per second, bits per second, etc.) They are also useful for

QoS testing.

However, stateless packet blasting cannot meet the performance testing requirements of stateful

networking devices such as firewalls, IDS/IPS, packet brokers, and load balancers. It has become

extremely relevant for those stateful devices to inspect stateful application traffic in order to test

the performance before deployment and during the service life time after each upgrade because

stateful devices can become the throughput bottleneck in the network they service.

Dealing with TCP traffic and stateful devices is complex. Stateful firewalls, for example, expect a

TCP three-way handshake and check packets in the established connection, and will open other

ports to allow the connection to be instantiated and maintained. They also retain the state of the

session: if the session is timing out or completed, the firewalls will close the port on the fly. Thus,

simply blasting packets with no awareness of the TCP layer and above (layer 5-7) will certainly fail

to complete an application or security test for data centers, enterprises, and related equipment

manufacturers.

TRUE STATEFUL VS. SIMULATED

STATEFUL

Some open-source traffic generators, e.g. TRex,

claim to generate stateful traffic. However,

they are considered stateless packet

generators with schedulers and realistic

payloads rather than true stateful layer 4-7

traffic and application emulators, because they

do not provide the TCP stack. Without a TCP

stack, these traffic generators have to use a

manually pre-calculated round-trip time (RTT)

between the client and the server to artificially

schedule the transmission order of packets and

prevent the out-of-sequence problem, as shown in Figure 2. If the RTT time is misconfigured

when a device under test (DUT) is in place, then the server may transmit an ACK reply before it

Figure 2. True stateful vs. simulated stateful

WH

ITE

PA

PER


receives a SYN request (RTT too low), or the delay can be too high to generate any meaningful

results (RTT too high). Due to the lack to TCP stack, these open-source traffic generators fail to

provide layer 4-7 awareness. Applications, especially web browsers, typically fetch data from

multiple servers across the internet: 20 to 50 connections is considered normal, and hundreds is

not unusual. Without a TCP stack and layer 4-7 awareness, it is extremely difficult to emulate

such a traffic profile correctly.

Unlike these open-source traffic generators, Xena provides a better solution – true stateful layer

4-7 application emulation with an extreme-performance built-in TCP stack and the ability to

modify layer 2-3 parameters.

With a TCP stack implemented, there is no need to schedule the sequence of control packets

between the client and the server with a pre-calculated RTT value. The server will not

accidentally send replies prior to the requests from the client, and the test results will be more

accurate and convincing. With full layer 4-7 awareness and a rich application traffic library of live

network traffic capture, the client and server both run in state machines that analyze and

interpret the communications above layer 4 and open/close connections on the fly.

This allows a synchronized dialog between the client and the server meaning no RTT is required

to simulate the dialog. The benefit is significant when complex scenarios and millions of TCP

connections are emulated. Using real live application emulation with complex interactive

sessions, customers can do such security or application testing where stateful traffic is highly

demanded.

To find out if the system or network is handling desired requirements as expected, engineers

need to test it with traffic that is in use on the network. For applications and products in the

domain of networking technology, telecommunication technology, and information technology,

there is a consistent demand for the traffic generation tools that can create various test

conditions close to those experienced in real scenarios.

NEED FOR APPLICATION EMULATION

Analytic traffic models and traffic simulators often fail to provide complex and realistic traffic.

They are usually based on assumptions and simplify the traffic behavior, which does not suffice

for a realistic and comprehensive system testing, although they are very useful in troubleshooting

and pinpointing the problem.

WH

ITE

PA

PER


By comparison, testing with realistic network traffic places the DUT in a realistic network

environment has a much better chance of generating convincing results. As shown in Figure 4

and Figure 3, real-time entertainment, e.g. YouTube and Netflix, is the top category to the peak

downstream traffic. Web browsing, file sharing, and social networking make up most of the

remaining traffic. In total, these four categories comprise more than 80% of the peak

downstream traffic.

Figure 3. Peak period network traffic composition (Europe)

Source: Global Internet Phenomena Asia-Pacifi & Europe, September 2015, Sandvine

Figure 4. Peak period network traffic composition (North America)

Source: Global Internet Phenomena Latin America & North America, May 2015, Sandvine

WH

ITE

PA

PER


Network testing needs to take traffic composition into account. By replaying the recorded

network traffic, engineers can accurately determine how far they can push the infrastructure

before it fails to meet the expectations, and whether a product can handle customers’ needs.

Traffic capture and replay has become an essential part of application emulation. However, it is

not easy to do it correctly. As mentioned, applications fetch data from more than one server

across the internet, resulting in multiple concurrent connections. When a user opens a Chrome

browser to visit a webpage, for instance, the browser opens not just one connection to the

webserver on port 80 or 433, it also opens connections to download ads images and videos,

and/or connections to content servers. Some state-of-the-art traffic generators can analyze the

captured traffic but they fail to provide concurrent connections, which real applications always

have. These traffic generators usually open a TCP connection for an application session, close it

down, and move to the next session. This is not the correct way to emulate real applications.

WH

ITE

PA

PER


Xena creates multiple concurrent connections for one user application (e.g. Chrome browser

application) according to the captured traffic, shown in Figure 5. These connections have

different start time and duration, and are correlated. As time advances, it opens and closes

connections according to the application profile in the library. This one-user application traffic

emulation can easily scale to millions of users, with up to millions of concurrent connections

running through the DUT.

Using the rich library of different application traffic and protocol traffic profiles, Xena application

emulation allows its customers to perform true stateful traffic test with realistic live network

traffic on DUTs (e.g. firewalls, load balancers, and routers), pushing them to the performance

limit with millions of concurrent connections and connection per seconds.

Time

emulation direction

...

Connection 1

Connection 2

Connection 3

Connection 4

Connection 5

Connection 6

Connection 7

Connection 8

Connection 9

DUTDUT

Figure 5. Multiple concurrent correlated connections per user applications (HTTP, DNS, FTP, etc.). Ability to scale up to millions of users with different addresses.

WH

ITE

PA

PER


XENAAPPMIX: PRE-DEFINED LIBRARY FOR APPLICATION

EMULATION

Xena offers XenaAppMix, a pre-defined library that customers can use to emulate application

traffic and test DUTs in a realistic network environment. Live network traffic is usually captured

into a pcap (packet capture) file in the format that libpcap and WinPcap use. It contains a

complete record of network activity from layer 2 to layer 7, and can be read by applications such

as tcpdump, Wireshark, CA NetMaster, etc.

XenaAppMix enables users to emulate live traffic and test their products in a realistic network

environment. The library is kept up-to-date with the latest network traffic patterns. XenaAppMix

is categorized into three categories:

• PROTOCOL-ORIENTED LIBRARY. This library contains traffic of specific networking

protocols, e.g. HTTP, IMAP, FTP, etc. The purpose of this library is to provide pure

protocol traffic so that users can build their own applications.

• APPLICATION-ORIENTED LIBRARY. This library contains traffic of internet applications

and mobile applications, e.g. Facebook, Instagram, email, etc. The purpose of this library

is to provide application traffic so that users can perform comprehensive tests or

building their own mixes.

• TRAFFIC MIXES. This library contains mixes of application traffic based on well-

researched results. The purpose of this library is to provide users with pre-defined traffic

composition mix templates for different network environment to verify the performance

variations.

WH

ITE

PA

PER


Protocol-oriented Library

This library contains traffic of specific networking protocols, e.g. HTTP, IMAP, FTP, etc. The

purpose of this library is to provide pure protocol traffic so that users can build their own

applications. Some protocol examples are listed below:

HTTP/HTTPS

The Hypertext Transfer Protocol (HTTP) is an application-layer protocol for distributed and

collaborative information systems. HTTP is the foundation of data communication for the World

Wide Web. An HTTP session is a sequence of network request-response transactions. An HTTP

client initiates a request by establishing a TCP connection to a particular port on a server,

typically port 80.

HTTPS, also known as HTTP over TLS, HTTP over SSL, or HTTP Secure, is a protocol for secure

communication over a computer network. HTTPS consists of communication over HTTP within a

connection encrypted by TLS/SSL. The default port number is 443. The main drive for HTTPS is

authentication of the visited website and protection of the privacy and integrity of the exchanged

data.

Figure 6. Examples of the pre-define library, XenaAppMix, for application emulation

DNS FTP DHCP Telnet MQTT BitTorrent HTTP IMAP SMTP SMB NFS SSL/TLS FIX RTP

Netflix

Youtube

Facebook

WeChat

Line

Instagram

Messenger

Amazon

eBay

Remote Desktop

Skype

LinkedIn

Outlook

IoT

Chrome

Comprehensive

AP

PLI

CA

TIO

N-O

RIE

NTE

D L

IBR

AR

Y

PROTOCOL-ORIENTED LIBRARY

WH

ITE

PA

PER


HTTP/HTTPS dominates 50% to 80% of the global internet traffic according to Sandvine’s latest

research results1,2. The prevalence of HTTP/HTTPS has made them indispensable for network

testing.

SMTP

Simple Mail Transfer Protocol (SMTP) is an internet standard for email transmission. SMTP uses

TCP port 25 by default. For mail submission, it uses port 587. SMTP connections secured by

TTLS/SSL, known as SMTPS, use TCP port 465. User-level client mail applications typically use

SMTP only for sending messages to a mail server for relaying. For retrieving messages, client

applications usually use either POP3 or IMAP.

IMAP

Internet Message Access Protocol (IMAP) is an internet standard protocol used by email clients to

retrieve email messages from a mail server over a TCP connection. An IMAP server typically

listens on port 143. IMAP over SSL (IMAPS) is assigned the port 993.

POP3

The Post Office Protocol (POP) is an application-layer internet standard protocol used by local

email clients to retrieve email from a mail server over a TCP. The version 3 (POP3) is the last

standard in common use. A POP3 server listens on TCP port 110. Encrypted communication for

POP3 uses TLS/SSL on TCP port 995.

1 “Global Internet Phenomena, Latin America & North America”, May 2015, Sandvine

2 “Global Internet Phenomena, Asia-Pacific & Europe”, September 2015, Sandvine

SMTP SMTP

SMTP server

the internet

SMTP

POP/IMAP server

IMAP

25/587

SMTPS465

SMTPS

SMTPS

143

993IMAPS

POP3

Secure POP3

110 995

Figure 7. SMTP, IMAP and POP3

WH

ITE

PA

PER


MQTT

Message Queueing Telemetry

Transport (MQTT) is client-server

publish/subscribe messaging

transport protocol running on

top of TCP with port number

1883 reserved with IANA. TCP/IP

port 8883 is also registered for

using MQTT over SSL. It is

designed for connections with

remote locations where a “small

code footprint” is required or

the network bandwidth is

limited. Thus, it is ideal for

communication in Machine-to-Machine (M2M) and Internet of Things (IoT).

The publish/subscribe messaging model requires a message broker (server). The broker is

responsible for distributing messages to interested clients based on the topic of a message.

Amazon Web Services (AWS) announced Amazon IoT based on MQTT on October 8, 2015.

Facebook has used some aspects of MQTT in its Facebook Messenger product, though details of

how much of MQTT is used or for what has not been disclosed.

BitTorrent

BitTorrent is a communications protocol of peer-to-peer file sharing used to distribute data over

the Internet. It is one of the most

common protocols for transferring

large files. BitTorrent can be used to

reduce the server and network

impact of distributing large files.

Rather than downloading a file from

a single source server, the BitTorrent

protocol allows users to join a

“swarm” of hosts to upload

to/download from each other

simultaneously. The protocol is an

alternative to the older single source,

Figure 8. MQTT in IoT

Figure 9. BitTorrent in peer-to-peer communication

WH

ITE

PA

PER


multiple mirror sources technique for distributing data, and can work effectively over networks

with lower bandwidth. BitTorrent traffic accounts for 5% to 30% of internet traffic depending on

region.

Telnet

Telnet is an application-layer protocol used on the internet or local area networks (LAN) to

provide a bidirectional interactive text-oriented communication using a virtual terminal

connection. User data is intermixed in-band with Telnet control information in a byte-oriented

data connection over TCP. Typically, Telnet server uses TCP port number 23 to listen to incoming

connections.

DHCP

The Dynamic Host Configuration Protocol

(DHCP) is a network protocol used on IP

networks for dynamically distributing network

configuration parameters, such as IP addresses

for interfaces and services. Computers request

IP addresses and networking parameters

automatically from a DHCP server, reducing

the need for manual configuration.

DHCP uses a connectionless service model

running on UDP. UDP port number 67 is the destination port of a server, and UDP port number

68 is used by the client.

FTP

File Transfer Protocol (FTP) is used to transfer

computer files between a client and server on a

computer network. FTP uses separate control

and data connections between the client and

the server, and can run in active or passive

mode, which determines how the data

connection is established. In both cases, the

client creates a TCP control connection from a

random, usually an unprivileged, port N to the

FTP server command port 21.

Figure 10. DHCP for dynamical IP address distribution

Figure 11. FTP in active and passive modes

WH

ITE

PA

PER


In active mode, the client start listening for incoming data from the server on port M. It notifies

the server by sending FTP command PORT M. The server then initiates a data connection to the

client from port 20, FTP server data port.

When the client is unable to receive incoming TCP connections, e.g. behind a firewall, passive

mode is used. The client in passive mode sends FTP command PASV to the server using the

control channel and receives the server IP address and the port number on which the server is

listening. The client then initiate a data connection from a random client port to the server IP

address and server port received from the control channel.

FIX

The Financial Information eXchange (FIX) protocol is an electronic communications protocol

initiated in 1992 for international real-time exchange of information related to the securities

transactions and markets. Managing the delivery of trading applications and keeping latency low

increasingly requires an understanding of the FIX protocol.

RTP/RTCP

The Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over

IP networks. RTP is used extensively in communication and entertainment systems that involve

streaming media, such as telephony, video teleconference applications, television services and

web-based push-to-talk features. RTP typically runs over User Datagram Protocol (UDP). RTP is

used in conjunction with the RTP Control Protocol (RTCP). While RTP carries the media streams

(e.g., audio and video), RTCP is used to monitor transmission statistics and quality of service

(QoS) and aids synchronization of multiple streams. RTP is one of the technical foundations of

Voice over IP and in this context is often used in conjunction with a signaling protocol such as the

Session Initiation Protocol (SIP) which establishes connections across the network.

SIP

The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling

multimedia communication sessions. The most common applications of SIP are in Internet

telephony for voice and video calls, as well as instant messaging, over IP networks. SIP works in

conjunction with several other application layer protocols that identify and carry the session

media. Media identification and negotiation is achieved with the Session Description Protocol

(SDP). For the transmission of media streams (voice, video) SIP typically employs the Real-time

Transport Protocol (RTP) or Secure Real-time Transport Protocol (SRTP). For secure transmissions

of SIP messages, the protocol may be encrypted with Transport Layer Security (TLS).

WH

ITE

PA

PER


SSDP

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet

Protocol Suite for advertisement and discovery of network services and presence information. It

accomplishes this without assistance of server-based configuration mechanisms, such as the

Dynamic Host Configuration Protocol (DHCP) or the Domain Name System (DNS), and without

special static configuration of a network host. SSDP is the basis of the discovery protocol of

Universal Plug and Play (UPnP) and is intended for use in residential or small office environments.

NFS

Network File System (NFS) is a distributed file system protocol allowing a user on a client

computer to access files over a computer network much like local storage is accessed. NFS, like

many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC)

system. The NFS is an open standard defined in Request for Comments (RFC), allowing anyone to

implement the protocol.

SMB2

Server Message Block (SMB), one version of which was also known as Common Internet File

System (CIFS), operates as an application-layer network protocol mainly used for providing

shared access to files, printers, and serial ports and miscellaneous communications between

nodes on a network. It also provides an authenticated inter-process communication mechanism.

Application-oriented Library

Chrome: web applications

Google’s browser Chrome was estimated to be used on 60.1% of desktops in March 2016. Users

often install plugins or extensions to Chrome e.g. email, cloud storage, dictionary, etc. As a result,

when Chrome launches, it establishes multiple TCP connections to send and fetch data to and

from remote servers. Thus, Chrome application is essential for user traffic replay because of its

worldwide prevalence. Features of Chrome traffic profile are observed as:

• Large number of connections

• Medium-loaded connection

• Short connection duration

WH

ITE

PA

PER


Streaming: Netflix, YouTube, HBO, iTunes

Streaming applications like Netflix, YouTube, HBO, iTunes, etc., dominate internet traffic due to

their high bandwidth consumption, especially on-demand video streaming. Nearly 70% of

downstream traffic in North America is from real-time streaming and 46% in Europe. It is thus

vital to test networks, servers, routers, switches and other network devices with realistic

streaming traffic portfolio to evaluate their performances. Streaming traffic is typically:

• Small number of connections

• Heavy-loaded connection

• Long connection

• More downstream than upstream

Email: Outlook, Gmail

Email is an indispensable application for everyday life. An email client application, usually on

mobile devices, contains multiple email accounts. When launched, the application initiates

multiple TCP connections to different mail servers. STMP is usually used for sending emails and

POP3/IMAP for receiving. In most cases, secure channels, e.g. TLS, are established before

exchanging data.

Figure 12. Chrome browser opens multiple connections at launch

WH

ITE

PA

PER


Internet of Things

The Internet of Things (IoT) is the network of physical objects or software embedded with

electronics, sensors, and network connectivity, which enables these objects to collect and

exchange data to provide services. IoT applications include parking, trash management, traffic,

lighting, energy, hospital, home automation, campus, agriculture, etc. Enabling technologies,

especially on the connectivity part, include RFID, Bluetooth low energy, ZigBee, Wi-Fi, etc. On the

framework layer, protocols like MQTT is widely used. The publish/subscribe model and the

lightweight feature of MQTT enables both client-server communication as well as machine-to-

machine. Typical IoT applications generate traffic that is:

• Low data rate

• More upstream than downstream

• Great number of data sources

Peer-to-Peer File Sharing

Peer-to-peer file sharing is the distribution and sharing of files using peer-to-peer (P2P)

networking technology. Users are able to share files such as music, movies, software, games, and

books using a P2P program with BitTorrent as the behind-the-scene communication protocol.

Despite the controversial issues, BitTorrent traffic accounts for a large proportion of upstream

traffic, and thus an important traffic pattern to test. Features of BitTorrent traffic include:

• Multiple sources and destinations

• Both upstream and downstream

Figure 13. Email client application uses multiple connections to provide the service.

WH

ITE

PA

PER


Traffic Mixes

Testing with different traffic mixes can provide an in-

depth understanding how the stateful device

performs under different network environments. The

aggregate portfolio composes the traffic based on

Sandvine’s internet traffic observation reports. Users

can choose different profiles accordingly.

Enterprise Mix

The Enterprise Mix provides customizable traffic

profile templates with most commonly used

applications in enterprise/office/SMB (no datacenter

provisioned) scenarios. Figure 14 shows an example

of such a composition. SMB is mainly used for

providing shared access to files, printers, etc. NFS

allows a user on a client computer to access files

over a network like a local storage.

Datacenter Mix

The Datacenter Mix provides customizable traffic profile

templates with most commonly used applications in

large enterprise scenarios where a datacenter is

provisioned. Figure 15 shows an example of such a

composition3.

3 https://www.microsoft.com/en-us/research/wp-content/uploads/2010/11/DC-Network-Characterization-imc2010.pdf

Figure 14. Enterprise traffic mix.

Figure 15. Datacenter traffic mix.

Figure 16. Finance traffic mix.

WH

ITE

PA

PER


Finance Mix

Finance Mix provides a customizable traffic profile for

testing how a firewall performs with applications used in

financial institutions such as stock exchanges and banks.

Financial Information eXchange (FIX) is the standard

electronic protocol for pre-trade communications and

trade execution. Almost every major stock exchange and

investment bank uses FIX for electronic trading. Figure 16

shows the composition of different FIX versions used by

buyers.

Web Mix

The Web Mix aims at testing firewalls with realistic web traffic composition. According to the

observation from Sandvine4, most of the traffic on the internet is encrypted (SSL/TLS, VPN,

Data compression proxies, and proxy applications), and more encryption techniques such as

SPDY, QUIC and HTTP/2 are emerging. Figure 17 demonstrates the encryption composition in

2016, with Netflix transition to full encryption.

CONCLUSION

To determine if the system or network is handling desired requirements as expected, engineers

need to test it with real-world traffic. The most common way of testing with realistic network

traffic is application emulation.

XenaAppMix is a pre-defined library of selected application traffic captured in pcap file format,

enabling users to emulate and replay live traffic and test their DUTs in a realistic network

environment. The library is continuously updated with the latest network traffic mixes so that

users are able to evaluate with up-to-date traffic pattern and composition. XenaAppMix is

categorized into protocol-oriented, application-oriented and traffic mixes. The protocol-oriented

library aims at providing pure protocol traffic for testing. Users have the full freedom to build up

their own applications by selecting different protocols. The application-oriented is suitable for

4 https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/encrypted-internet-traffic.pdf

Figure 17. Web traffic mix.

WH

ITE

PA

PER


synergetic tests because one application contains many connections and use different protocols,

e.g. DNS and HTTP, in a correlated fashion. Traffic mixes provide pre-define traffic composition

templates for users to put the DUTs under different network environment for performance

testing. Users are able to customize or build their own mixes for special test scenarios. By

choosing different combinations from XenaAppMix in tandem with Xena L4-7 test platforms, test

engineers are able to perform complex test scenarios and gain in-depth knowledge of the DUT

and the system.

Different from some open-source traffic replay software, Xena is able to regenerate the

comprehensive traffic in a synchronized fashion where the client and server communicate with

each other in the exactly same order as the captured traffic. By engineering this outstanding

feature, Xena Networks is capable of reproducing the realistic network scenarios for the device

under test.

Documents

WHITE PAPER · forwarding. As networking moves up the protocol stack, such as HTTP, there is a wide variation on the header content because not all fields are required in the HTTP