Académique Documents
Professionnel Documents
Culture Documents
Most powerful and flexible solution for testing the real-world performance and stress resilience of network security and application-aware devices and networks.
Key Features
Over 20 supported protocols for unprecedented test realism: - HTTP, HTTPS, FTP, SMTP, POP3, DNS, Telnet, RTSP, RTP, IGMP, SIP, H.323, MGCP, SNMP, NFS, CIFS, ICMP, Traceroute, NNTP, Jabber, DHCP Integrated network access protocols: - IPSec VPN, PPPoE, DHCP, 802.1x, VLANs Comprehensive P2P security and traffic management testing: - Gnutella, BitTorrent, FastTrack/ Kazaa, eDonkey/eMule DoS Attacks, network exploits, Virus and Worm simulation for validation of stress resilience limits under malicious load Stateful and intelligent Capture/ Replay to simulate proprietary protocols and playback problematic traffic 100% real, fully featured and scalable VoIP, VoD and IPTV traffic to simulate Triple-Play service subscribers Unique Transaction Variability feature allows to create multi-protocol traffic mixes indistinguishable from real user traffic Intuitive and user-friendly GUI saves hours of test design and reduces chances of human error State-of-the-art Application Mix Real-World Test Library provides ready-to-run statistics-based tests that save hundreds of hours of real-world test methodology development High-performance high port density 3rd-Generation hardware simulates millions of subscribers generating Gigabits of real-world traffic Modular and distributed architecture delivers linear and virtually unlimited scalability Comprehensive IPv6 and IPSecv6 support enables testing of nextgeneration IPv6 devices and networks
Figure 1: Network Tester accelerates development and deployment of network security and application-aware devices.
Product Overview
The Agilent Network Tester is the most powerful and flexible solution for testing the real-world performance and stress resilience of network security and application-aware devices and networks. Network Equipment Manufacturers, Service Providers and Network Operators use Network Tester to analyze application-aware device real-world performance characteristics under peak levels of load and stress expected in real network environments. This allows test engineers to confidently assess equipments ability to perform without disrupting service or compromising quality of user experience. Network Tester achieves unparalleled testing realism by using real Internet Data, VoIP, VoD and IPTV traffic in realistic protocol and transaction distributions combined with malicious attacks and exploits to subject the devices to complex traffic conditions indistinguishable from real-world network environments. Coupled with the ability to simulate proprietary protocols such as Peer-to-Peer, IM and On-line Gaming, Network Tester provides for the most comprehensive Layer 4-7 performance and stress resilience testing system on the market.
Network Tester key application areas include network security, traffic management and content networking. Typical devices-under-test include Firewalls; Intrusion Detection and Prevention Systems; Virus and Spam Filters; Content Switches and Servers; SSL Accelerators; Load Balancers and IPsec VPN Gateways. As security enforcement and other applicationaware features are integrated into Service/Edge Routers, B-RASs and IP DSLAMs, Network Tester provides perfect match to L4-7 performance and stress testing requirements of those network elements. Network Tester is specifically designed to test integrated devices where point test solutions fall short.
Product Features
Broadest in industry range of native application protocols over 100% standard compliant TCP/IP stack
Due to protocol-specific enforcement and processing features, different application protocols have different performance characteristics on network security and other applicationaware devices. As real-world traffic is always a rich mix of different protocols and application transactions, the realworld traffic profile - its protocol and transaction distribution will ultimately determine the overall real-world performance and stress resilience limits of an application-aware device. Consequently, the only reliable way to measure application-aware device real-world performance and scalability is to subject it to a mix of protocols and transactions that it is expected to process in a real deployment environment. Agilent Network Tester, with its broadest in industry range of natively supported application protocols, both on client and server sides, embraces the concept of real-world testing and allows to precisely simulate any complex network environment. Multi-protocol realistic traffic mixes that follow percentage distributions by generated throughput, transaction rates, transactions executed, bytes transferred or concurrent connections can be created within minutes using Network Tester Client Profile and Throttling features. The unique Network Tester Transaction Variability feature allows to easily create controlled and realistic transaction, protocol options and user behavior distributions within traffic of each protocol.
All application traffic is generated with 100% standard compliant TCP/ IP stack that supports full range of TCP/IP features such as slow start, retransmissions and congestion avoidance. All that ensures that measurements performed with Network Tester reflect the device or system under test realworld performance, scalability and stress resilience limits with highest degree of precision, realism and reliability.
Filters can be configured that will drop, fragment, resequence, replay or corrupt any percentage of transmitted packets on any destination IP address or port number. Packet Disruptor also enables simulation of sophisticated packet fragmentation attacks to validate application-aware device robustness and attack resilience.
100% Triple-Play ready - VoIP, VoD, IPTV and Internet Data on one interface
Modern application-aware devices secure, manage, load-balance or otherwise process traffic from voice, video and data applications simultaneously. With its 100% standard compliant and fully featured support for SIP, H.323, MGCP, RTSP, RTP and IGMP protocols Network Tester can measure the impact of network security, traffic management or other application-aware device functionality on real-world Triple-Play traffic performance and Quality of Experience. Network Tester can generate high volumes of real VoIP calls using H.323, SIP and MGCP protocols at extremely high call rates, using a variety of codecs, with all calls streaming real WAV data. Large numbers of real VoD video streams can be added to the TriplePlay traffic mix using RTSP protocol over TCP or UDP transports. Fully featured IGMP support enables simulating IPTV and data streaming service subscribers changing channels and receiving multicast video feeds. In presence of diverse application traffic, DoS attacks and malicious exploits, Network Tester allows to validate security, robustness, realworld performance and scalability of Triple-Play devices and networks with high degree of precision and reliability.
address may be used across multiple protocols, clients and servers to define the correct test-bed topology. In order to change the topology, the Named Attribute will only need to be changed once and the new value will be propagated across all places in the Test Plan where this router IP address is used. Transaction Variability feature includes support for a number of functions that can generate random or functionally distributed values from the defined range. For example a delay between HTTP GET operations can be randomly set between 5 and 15 seconds, resulting in the average of 10. Also, aggregate maximal throughput generated by a number of users can be plotted for the test duration to include smooth ramp-ups and ramp-downs as well as abrupt spikes to create a realistic load distribution over time.
Figure 2: Create realistic traffic profiles using Network Tester Named Lists, Named Attributes and Functions.
Most of the test parameters can be changed during test run time, taking immediate effect. This provides instant insight into performance impact of different traffic characteristics, such as application transaction size, destination ports or even protocol versions. Legitimate or malicious traffic intensity can be throttled at will during the test, enabling finer analysis of device under test performance limits. Components of Test Plans such as traffic profiles, test interface definitions or virtual client network configurations can be saved and reused in different Test Plans, greatly reducing test development time. Multiple users can execute tests simultaneously logging to the controller remotely from their work places. Network Tester NetPressure graphical user interface is designed to be extremely intuitive, ergonomic and user-friendly, require minimal learning curve to operate even in complex test environments and ultimately save hundreds of hours of test design time.
Figure 3: NetPressure provides powerful, flexible and user-friendly environment: design, manage and run complex and realistic tests all through graphical user interface.
High performance 3rd generation Network Tester hardware Network Tester 3rd generation hardware N4192A provides industry leading traffic generation performance, capacity and port density in a slim 1U form factor. Network Tester is capable of generating multiple Gigabit line rates of diverse application traffic, simulate millions of virtual users, establish thousands of VoIP calls and VoD video streams, completely eliminating the need and hassles associated with an expensive collection of PCs. High-performance Network Tester N4192A modules can be stacked together delivering linear scalability and generating loads that are capable of saturating the largest and most powerful modern devices and networks. Network Tester N4192A modules are equipped with four Gigabit Ethernet test interfaces. Two of the interfaces are RJ-45 based 1000Base-T and 2 are SFP based and can accommodate for either 1000Base-T or 1000Base-SX interfaces. Any combination of SFPs can be used to test different devices without need for interconnecting switches or converters. Each Network Tester N4192A module can be configured to provide client or server side test functionality. Client or server modules can be used individually to test client or server content delivery performance or together to test traffic forwarding devices, such as firewalls, loadbalancers or VPN gateways. This further reduces test bed cost, complexity and footprint.
Comprehensive IPv6 support As the IPv4 address space is running out, modern network devices and networks are transiting to use the IPv6 protocol. Performance and scalability of security and other applicationaware devices with IPv4 traffic is not representative of these devices characteristics in IPv6. New and sophisticated DoS attacks exploit the IPv6 protocol features. Testing is vitally important to ensure smooth transition to IPv6 as well as IPv6 devices and networks security, robustness and performance. Network Tester leads the IPv6 security and L4-7 testing market with broadest native IPv6 application range, IPSecv6 VPN support and comprehensive IPv6 DoS attack generation capabilities. Real-world stateful application traffic can be generated over both IPv4 and IPv6 simultaneously and in controlled distributions to simulate IPv4->IPv6 transition environments. Malicious and DoS IPv6 traffic can be added to the profile to validate future IPv6 networks security and resilience to threats.
Figure 4: Stateful Transaction Spy monitors the state of each executed application transaction in real time.
Powerful test automation Network Tester powerful, flexible and user-friendly graphical user interface eliminates any need for developing scripts even for most complex realistic test scenarios. Basic test automation, repeating loops, access of third-party device from within the test environment (possibly to load a different configuration or security policy) can all be implemented with NetPressure graphical controls without resorting to scripting. For cases when basic automation is not sufficient, Network Tester provides powerful Tcl/Tk API for integration into most complex and sophisticated regression test environments. With Network Tester API, only a few lines of code are necessary to load and run any Test Plans that were previously created using the graphical user interface. Test results can be printed out or saved into a file with standard Tcl functions. This is, by far, the easiest way to automate the testing process. Alternatively, access to complete set of API functions allows for granular control and automation of complex test scenarios and building sophisticated test suites. Tk part of the API library even allows for creating customized high-level graphical user interfaces to existing tests or automated suites. Remote automation allows integrating Network Tester into any third-party distributed test system. For example, an external PC or Unix workstation running Tcl can control Network Tester test execution via its Tcl API.
Test debugging with Stateful Transaction Spy To assist in test design, debugging and analysis, Network Tester provides the capability to capture, decode, and view any test traffic packets in their sequence of arrival. With the integrated industry-standard Ethereal tool, Network Tester state-aware Stateful Transaction Spy feature allows for detailed analysis and troubleshooting of any connection or application session - in real-time, without waiting for tests to complete. The Stateful Transaction Spy feature greatly speeds up your test design and troubleshooting, provides real-time in-depth test monitoring capability, and helps to rapidly find and resolve problems with sophisticated tests running in complex network topologies.
Network Tester Peer-to-Peer Protocol Library Peer-to-Peer (P2P) File Sharing applications such as Kazaa and eDonkey have recently gained tremendous popularity. Traffic generated by these applications may consume significant portions of bandwidth in some networks. Due to its proprietary nature, usage patterns and high bandwidth requirements, P2P File Sharing applications present serious network security and bandwidth management challenges that cannot be addressed without testing. P2P Protocol Library included with Network Tester enables comprehensive performance and stress resilience testing of P2P-aware security and traffic management devices. The P2P Protocol Library is based on Capture/Replay technology and includes support for the following popular applications: Gnutella, BitTorrent, FastTrack/ Kazaa, eDonkey/eMule P2P traffic generated with Network Tester P2P Protocol Library can be easily interleaved with traffic of any of 20 natively supported data, voice or video protocols to measure the P2P operation impact on real-world application performance and QoE.
Agilent Application Mix Real-World Test Library Development of realistic test methodology and test procedures is a complex and lengthy process that includes live network monitoring, statistical analysis and implementation on the testing tool. This process can incur manpower costs comparable with the price of the test instrument. Agilent Application Mix Test Library, included with Network Tester, is a unique repository of state-of-theart ready-to-run tests that allow for measuring the performance, scalability and stress resilience limits of application-aware devices under conditions indistinguishable from realworld networks. Application Mix test methodology uses realistic mixes of data, voice and video application traffic in protocol, transaction and parameters distributions based on extensive statistical analysis of traffic patterns measured in live networks. Application Mix Test Library comes as ready-to-run, well-documented Network Tester Test Plans that save hundreds of man-hours of test design and development.
10
Technical Specifications
N4192A Performance and Traffic Generation Capacity
Concurrent TCP connections HTTP transaction rate HTTPS transaction rate Concurrent VoIP calls VoIP call establishment rate Concurrent IPSec tunnels 1,000,000 Over 70,000 Over 7,000 Over 10,000 Over 7,000 Appr 5,000
Transport
The following transport protocols are supported.
Comments
Application protocols
The following application protocols are supported.
IPv4 Yes
IPv6 Yes
Comments Client only IP, ICMP, UDP and TCP attacks Sample test plans for DoS attacks using these attack bricks are supplied.
IPv6 No No
Yes Yes
No Yes
Client and service Client and service Active and Passive modes
IPSec, IPSecv6
Yes
Yes
Client only For further information please refer IPsec Test Software Technical Datasheet
H.323
Yes
Yes
Client (for client-to-client emulation) For further information please refer to the N4195A VoIP Test Software Technical Datasheet
PPPoE
Yes
No
Client only
Encapsulation
The following VLAN encapsulation features are supported.
Protocol 802.1Q/VLAN
IPv4 Yes
IPv6 Yes
Comments Client and Service support for all protocols except NFS and SAMBA Support for VLAN range definition per client profile 4,096 VLANs per port
HTTP HTTPS
Yes Yes
Yes Yes
Client and Service Client and Service Secure modes supported: SSLv2, SSLv3, TLSv1
Client only Client and Service Client and Service Client only Client only Client and Service Client (send, receive, and bidirectional for client-to-client emulation) RTCP emulation optional; configurable rate
Utility
The following utility protocols are supported.
Yes Yes
No No
RTP
11
RTSP
Yes
No
Client and Service MPEG-II, MPEG-III, MPEG4, MOV and other hinted media files
L4-7 throughput
SAMBA/CIFS SIP
Yes Yes
No Yes
Client only Client (for client-to-client emulation) For further information please refer to the N4195A VoIP Test Software Technical Datasheet Total errors
Client profile Client interface Client resource Test plan Server interface Server resource Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan
Errors
Concurrent connections
Connections
SMTP SNMP
Yes Yes
Yes Yes
Timing Statistics
Statistic Response time (min, max, avg) Aspects Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Units Seconds
Telnet
Yes
Yes
Client only
Measurement statistics collected during a test can be displayed numerically, graphically or saved to a CSV file. Application statistics refer to the application protocol traffic - for example, for the HTTPGet Protocol Brick, application transfers/second refers to HTTP GETs/second. See VoIP data sheet for VoIP-specific statistics
Seconds
General Statistics
The following application protocols are supported. DNS time (min, max, avg)
Seconds
Aspects Client profile Client interface Client resource Test plan Server interface Server resource Client profile Client interface Client resource Test plan Server interface Server resource Client profile Client interface Client resource Test plan Server interface Server resource Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan
Seconds
Authorization time (min, max, avg) Sessions/sec Transfer time (clients) (min, max, avg) Sessions Transfer time (servers) (min, max, avg) Disconnect time (min, max, avg)
Seconds
Session Rate
Seconds
Total sessions
Server interface Server resource Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan
Seconds Seconds
Access/sec
Seconds
Access
12
Interface Statistics
Statistic Interface throughput (Total Mb/s) Aspects Client profile Client interface Client resource Test plan Server interface Server resource Units Megabits/sec
Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan
Packets/sec
Packets
Interface throughput (Mb/s received) Interface throughput (Mb/s transmitted) Interface throughput (Total packets/s)
Client interface Server interface Client interface Server interface Client profile Client interface Client resource Test plan Server interface Server resource
Packets
Seconds
System Configuration
Packets/sec One system controller with NetPressure application software. One management LAN switch Packets/sec One to 32 modules per system with a laptop controller; up to 64 modules per system with a rackmount controller N4192A Traffic Module Hardware Four port module with: 2 x RL45 based 10/100/1000 BASE-T electrical Ethernet test interfaces Collisions and 2 x SFP based 10/100/1000 BASE-T electrical Ethernet or 2 x SFP based 1000BASE-SX optical Ethernet (SC connector) test interfaces Management port 10/100/1000 BASE-T electrical Ethernet (RJ45 connector) interface Console port for recovery and diagnostics (cable provided) USB utility ports Mode configuration Front Panel Indicators Packets/sec Two USB2.0 ports for remote storage and CDROM devices Client/Server mode selectable LCD for module identification, status and diagnostics indication. Link and activity indicators for electrical test ports and management port. Power and disk drive indicators
Interface throughput (Packets/s received) Interface throughput (Packets/s transmitted) Interface errors
Client interface Server interface Client interface Server interface Client profile Client interface Client resource Test plan Server interface Server resource Client profile Client interface Client resource Test plan Server interface Server resource
Errors
Interface collisions
Packet Statistics
Statistic Packet Jitter Time (Avg, Min, Max) Aspects Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Client profile Client interface Client resource Test plan Units Seconds
Seconds
13
Controller PC Portable laptop controller Rack-mount system controller Hi performance rack-mount system controller Supports 1 user Supports 3 concurrent users Supports 5 concurrent users
Rack-mount system controllers support remote access. 8-Port Ethernet Switch Ports Type 24-Port Ethernet Switch Ports Height Type Rackmountable (Included with laptop and rackmount system controllers) 8 Fast Ethernet (Included with high performance rackmount system controller) 24 1U Fast Ethernet Yes; kit not included
N4192 Traffic Generation Module Physical Specifications Dimensions 19 rack mountable 1U high (Mounting kit provided) Width 443 mm Depth 465 mm Height 44 mm 100 to 240V auto-sensing power supply 50/60 Hz 350 W maximum Operating temperature range 5 - 40 degrees Celsius Operating humidity range 20 % to 90% RH Storage temperature range -20 - 70 degrees Celsius Storage humidity range 20% to 90% RH CSA CE ISM 1-A FCC Part 15 Class A UL United States & Canada
14
Configuration
Please see the Network Tester Configuration and Ordering Guide for more information.
N5543C Laptop controller with O/S loaded for Network Tester Includes controller PC, system software and system management Ethernet switch. N5544B Rackmount controller with O/S loaded for Network Tester Includes controller PC, system software, system management Ethernet switch and optional flat panel display.. N5545B High performance rackmount controller with O/S loaded for Network Tester Includes controller PC, system software, system management Ethernet switch and optional flat panel display. N5557A Network Tester Test Solution System bundle includes NetPressure software, choice of controller and hardware modules, user documentation and software media. Additional software licenses and software support options can be added.
Product Numbers
N4192A Network Tester 4 test port 10/100/1000 Base-T and 1000BaseSX Ethernet Traffic Module Stackable 4-port multi-rate traffic generation module. Includes NetPressure software license for this module. N4188A - NetPressure Base Software NetPressure base software that provides all test functionality and protocol support except VoIP, IPsec and IPv6, for which additional licenses have to be included. N4193A NetPressure IPv6 Software License Adds IPv6 protocol emulation to the Network Tester system. N4194A Network Tester IPSec Software License for IPv4/v6 Adds IPsec protocol emulation to the Network Tester system. When combined with the IPv6 software license, IPsecv6 is also provided. N4195A Network Tester VoIP Software License Adds VoIP protocol emulation to the Network Tester system. When combined with the IPv6 software license, VoIPv6 is also provided. When combined with the IPsec software license, VoIPsec (VoIP over IPsec) is also provided. When combined with both the IPv6 and IPsecv6 software licenses, VoIPsecv6 (VoIP over IPsecv6) is also provided.
15
www.agilent.com/find/networktester
Software Updates
With the purchase of any new system controller Agilent will provide 1 year of complimentary software updates. At the end of the first year you can enroll into the Software Enhancement Service (SES) for continuing software product enhancements.
Support
Technical support is available throughout the support life of the product. Support is available to verify that the equipment works properly, to help with product operation, and to provide basic measurement assistance for the use of the specified capabilities, at no extra cost, upon request.
Ordering Information
To order and configure the test solution, consult your local Agilent field engineer.
This information is subject to change without notice. Printed on recycled paper Agilent Technologies, Inc. 2007 Printed in USA January 23, 2007 5989-6060EN