- 1.866.352.6691 | INTL 1.512.821.6000
Malformed Traffic to Uncover Previously Undetectable Performance Issues
People tend to make a lot of noise about “real-world traffic” whether hitting on application protocol collections, capacity planning, number of available connections per second or other facets. And each play a role in simulating real-world traffic. However, there is another side to what constitutes the protocol mix representative of the outside world and your network – malformed traffic. In my inaugural blog post I thought I would pass along a tip I provide users to measure performance in the face of malformed traffic.
BreakingPoint's Stack Scrambler provides a solution to create this realistic simulation by sending malformed traffic based on a seed provided at the start of the simulation. You can provide the same network that other components would use (for instance Session Sender or AppSim), an entirely different network, or even a different set of ports. When you look at the traffic you’ll notice a lot going on, therefore the more realistic you can get, the more vulnerabilities you are going to discover within your network equipment. One suggestion I make for our users is to combine the BreakingPoint Stack Scrambler with BreakingPoint AppSim. This powerful combination helps you to trigger specific “star aligning” situations, which can cause failures in reassembly engines. Similarly, just because you can’t cause a crash doesn’t mean you can’t impact traffic. Using AppSim in conjunction with Stack Scrambler allows you to visualize any possible impact on traffic performance.
Here is a great example:
I wish I could take credit for this terrific graphic, but the raw data comes from a BreakingPoint colleague, which he showed to me at a recent conference. The graphic is a fantastic visualization of why being "real" matters. This is a simulation being run against a high-performance load balancer. You can see for the first 10 minutes that it runs at 500,000 transactions per second without issue. However, when you introduce the Stack Scrambler component the performance is immediately halved. But that is not the worst news. About 4.8 hours into the simulation, the device appears to stop sending traffic altogether for a few minutes. The device actually core dumps and this happens again about an hour later.
The real killer of all of this is when you see that Stack Scrambler is only sending out approximately 15 Megabits of traffic. Using this realistic scenario we now know that 15 Mbit/sec halves the performance and causes core dumps! This is what we mean when we say "uncover previously undetectable issues in your network devices". Don’t think you won't meet malformed traffic when you go live. It’s all over the place.
Download the BreakingPoint Server Load Balancer Resiliency Methodology
Google+
Tags: