* benchmark tool for netfilter - any recommendations ?
@ 2002-06-18 12:11 Filip Sneppe (Cronos)
2002-06-18 17:38 ` Rodrigo Senra
0 siblings, 1 reply; 2+ messages in thread
From: Filip Sneppe (Cronos) @ 2002-06-18 12:11 UTC (permalink / raw)
To: netfilter
Hi,
I am looking for a traffic generator type aplication that can
generate a realistic workload to test a netfilter firewall.
There are some cool tools out there for throughput measurements,
like netpipe, etc. but they are not ideal to test connection
tracking performance. The way I see it, you either have tools
that:
- flood the network with traffic over just one TCP connection
or UDP stream. Not a lot of use in testing connection tracking
performance as it's just one ESTABLISHED connection.
or
- flood the network with more or less random crap as far as IP
addresses/ports is concerned. Not a very realistic workload
either.
IMHO a realistic workload for testing connection tracking
performance is a workload that has a limited number of IP
addresses on one side of the firewall (a DMZ with 64 hosts,
or a LAN with 100-500 hosts) and a wide range of IP addresses
at the other side (the Internet). The tool should be able
to mimic normal network behavior like short connections (http)
vs. longer lived connection (ftp download), etc.
It would be nice to have a client/server tool that you could be
used in this type of setup:
client ------ FW ------ server
and where either client and/or server could generate traffic
from various IP addresses/ports in a controlled way.
I am currently looking at Web-Polygraph (www.web-polygraph.org)
from the Squid developers, but upon installation, I realized
the license doesn't allow the publishing of the results.
Are there any tools worth looking at ? Is there anything else a
decent netfilter (firewall ?) performance benchmarking tool
should be able to do ?
Regards,
Filip
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: benchmark tool for netfilter - any recommendations ?
2002-06-18 12:11 benchmark tool for netfilter - any recommendations ? Filip Sneppe (Cronos)
@ 2002-06-18 17:38 ` Rodrigo Senra
0 siblings, 0 replies; 2+ messages in thread
From: Rodrigo Senra @ 2002-06-18 17:38 UTC (permalink / raw)
To: netfilter
|On 18 Jun 2002 14:11:22 +0200
|"Filip Sneppe (Cronos)" <filip.sneppe@cronos.be> wrote
| about benchmark tool for netfilter - any recommendations ?:
>> Hi,
>
> I am looking for a traffic generator type aplication that can
> generate a realistic workload to test a netfilter firewall.
We are building a tool for such goal. It is based in libnet.
We parse several parameters such as: Protocol distribution (X% HTTP,
Y% FTP, Z%H.323, etc), connection burst or not, num packets, etc
Then we build in-memory descriptors of the traffic, to later dump
full packets to the table. A second machine is prepared behind the
firewall to answer part of the traffic in order to activate contrack
mechanism of a netfilter/iptables firewall in between.
Is this what you were looking for ? It should be finished in early july.
I do not know yet if my boss will allows us to release it as open source.
If so I'll announce it here, otherwise get in thouch with us by then that
I'll read the price tag for you ;o)
best regards
Senra
--
Rodrigo Senra
MSc Computer Engineer (GPr Sistemas Ltda) rodsenra@gpr.com.br
http://www.ic.unicamp.br/~921234 (LinUxer 217.243) (ICQ 114477550)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-06-18 17:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-18 12:11 benchmark tool for netfilter - any recommendations ? Filip Sneppe (Cronos)
2002-06-18 17:38 ` Rodrigo Senra
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.