Products Xena Networks Vulcan L4/7 – Stateful Traffic Generator

Cost-efficient Ethernet Layer 4-7 test equipment for powerful generation of stateful traffic

Overview – Xena’s Layer 4-7 Test Platform

Xena’s L4-7 test platform is used for generating stateful Layer 4-7 Ethernet traffic (at 1GE, 2.5GE, 5GE, 10GE, 25GE & 40GE) and analyzing how advanced networking devices and infrastructure perform in a wide range of real-world scenarios.

VulcanBay, Xena’s L4-7 test platform, offers big-scale ultra-high performance testing. A flexible licensing system for enabling up to 28 Packet Engines ensures scalable test performance.

The traffic generation and analysis capabilities of the VulcanBay are accessed via VulcanManager, a Windows GUI client provided for ad-hoc test execution, and remote management of test equipment located in multiple locations.

Scripting and test automation are also supported by the Xena L4-7 platform.

Xena’s L4-7 test platform distinguishes itself from its competitors by its ease-of-use, highly scalable performance, real-world applications and future-proof cost-efficiency.

Super friendly

Xena’s L4-7 test platform is the industry’s easiest to deploy. Here are some examples:

  • Centralized upgrades make it quick and easy to install the latest software across multiple testers for immediate access to the newest features and bug fixes.
  • All devices can be administered from the same user-friendly GUI to ensure fast, efficient testing – without the big learning curve that go with our competitors’ products.
  • To make remote testing even easier, Xena offers Phantom – a browser-based (HTML5) user-interface that lets engineers access their test system from any OS.
  • Xena’s L4-7test solutions are also ready for virtualization ensuring low-cost future-proof migration to cloud-based testing.

L4-7 Hardware

VulcanBay offers extreme performance Gigabit TCP test chassis for stateful traffic load testing, analysis and characterization of Ethernet equipment and network infrastructure.

VulcanBay

This 19” rack-mountable chassis has 28 Packet Engines and comes in three port configurations: 12x10GE ports, 12x25GE ports or a combination of 8x25GE + 2x40GE ports. Speeds are enabled via upgradeable licenses.

Massive Performance Testing:

Xena’s L4-7 test platform delivers blistering performance and capacity. This means
realistic 1G/2.5G/5G/10G/25G/40G traffic generation: 

  • 24 million Concurrent Connections (CC)*
  • 6 million Connections Per Second (CPS)**
  • 1.2 million Concurrent TLS Sessions, 14,000 TLS Sessions Per Second
  • 6 million HTTP Connections Per Second, 7 million HTTP Transactions Per Second (TPS)***
  • Capture capacity: 40 million x 128 bytes buffers / 4 million full-size buffers

* 24M TCP Clients and 24M TCP Servers on one XenaScale
** Measured at 1M CC per 10G port
*** Measured at 10 transactions per connection

L4-7 Software

Included with VulcanBay chassis is a valuable portfolio of software. You also receive one year’s free software maintenance, plus of course the option for extending licensing.

VulcanBay

VulcanBay

VulcanManager

VulcanAppMix

VulcanManager is a Windows-based GUI used to configure, generate and analyze traffic via the L4-7 hardware. It is used for application emulation, testing TLS, performance verification, load testing, analysis and characterization of Ethernet equipment and network infrastructure. This includes firewalls, switches, routers, NAT routers, proxies, load-balancers, bandwidth shapers, and more.

VulcanAppMix (VAM) is a library of application traffic and protocols in pcap format. VAM makes it easy to set up large-scale realistic traffic from various applications, using pre-defined and customizable mix templates. Up to 200 pre-defined application scenarios can be played simultaneously, each covering a one-client-to-multiple-servers communications scenario that can be scaled up to millions of connections with real-world traffic.

ValkyrieCLI is a free text-based Command Line Interface (CLI) API that makes test automation on Xena testers easy to script from any scripting environment that supports TCP/IP. You can download it from Xena’s website.

Applications

TLS Middlebox Performance Testing

Testing TLS performance is vital for balancing security and performance. It is essential that the test equipment can get the encrypted TLS traffic through the DUT that is operating in the TLS middlebox/proxy mode. Otherwise, the test will be invalid.

Adopting the latest encryption standard, Xena TLS gives users high-performance test solutions that can reveal the performance bottleneck of their TLS/HTTPS middleboxes/proxies, address security performance testing requirements, and optimize their security parameters.

Key test parameters are:

  • TLS handshake per second
  • TLS throughput
  • HTTPS connection per second
  • HTTPS transactions per second
  • TLS record size optimization
  • TLS cipher suites and key size impact

Application Emulation and Advanced Replay

The Vulcan L4-7 test platform delivers highly scalable application emulation based on a pre-defined library of application traffic and protocols called VulcanAppMix. Enabled in VulcanManager, up to 200 pre-defined application scenarios can be played simultaneously, each covering one-to-many communication scenarios that can scale up to millions of connections with real-world traffic.

With pre-defined traffic mixes for specific segments e.g. enterprise and finance, users can test DUT throughput performance, which can vary dramatically under different traffic profiles.

Users can also replay their own pcap files on the DUT to verify performance and validate network behavior, using Xena advanced Layer 4 replay function. Being able to choose different replay modes, users can reconstruct the real-world scenarios, or create their own traffic mixes for realistic throughput verification.

Connection-Oriented Traffic Generation

TCP connections can be customized by modifying the MAC/IP/TCP headers to create variations in the generated packets. Traffic rates are specified as a percentage of line rate, frames per second or bit-rate, and traffic generation is controlled by a load profile specifying the speed with which connections are established and terminated. The TCP payload can be automatically generated (random, incrementing) or customized. Payloads can also be loaded from files and different congestion control algorithms can be used to test network behavior.

Transaction-based Traffic Generation

The Vulcan L4-7 test platform provides great flexibility for users to emulate transaction-based traffic based on the request-response communication model. With the customizable HTTP template and configuration transactions per TCP connection, users can create millions of HTTP transactions for HTTP capacity testing, e.g. HTTP connections per second, HTTP transactions per second, and HTTP throughput at various response sizes.

Lab-based Performance Testing

The Vulcan L4-7 test platform is ideal for validating network device performance in development and production environments. High port density means large port-count test beds can be set up at a fraction of the cost of existing test solutions with test topologies ranging from L2 forwarding such switches, over packet routing, to caching and network application servers. These can be tested individually or combined into functional networks.

Lab-based testing during development is used to load routers and other forwarding devices with large-scale, realistic stateful TCP sessions to verify forwarding performance. Key metrics are:

  • maximum number of concurrent TCP connections (TCP CC),
  • maximum connections per second (TCP CPS),
  • maximum HTTP connections per second (HTTP CPS),
  • maximum HTTP transactions per second (HTTP TPS),
  • throughput and packet forwarding rates at various TCP segment sizes.

Network Infrastructure Test

The Vulcan L4-7 test platform can do capacity and performance testing for service providers and large enterprise networks. Here the focus is less on the individual forwarding devices and servers and more on system-wide performance.

Examples of relevant parameters are optimal MSS, prioritization of different types of network traffic using Differentiated Services (DS) and other QoS mechanisms, and to verify guaranteed bandwidths according to SLAs. For carriers, testing is done to qualify performance before service roll out. Network infrastructure testing can also take place over large geographical distances requiring simultaneous control over multiple traffic generators.

Ease of Use & Debug

The Vulcan L4-7 test platform is scalable and can be used to quickly and easily generate millions of TCP connections with specified load profiles and configurable IP/TCP/Payload parameters. Real time stats and test reports provide an in-depth overview of the DUT/SUT characteristics.

Vulcan L4-7 test modules are suited for multi-user environments at the level of per-port reservation. Packet Engines (PE’s) mean performance can be allocated individually depending on the test scenario, for full operational flexibility.

Enabling the capturing function, users can record communication traffic between test ports as a pcap file for in-depth analysis of the network behavior of the DUT/SUT.

Wire-Speed Software Packet Processing

Xena’s L4-7 solutions use the state-of-the-art technologies in software-based packet processing. The platform is based on Intel x86-64 and achieves wire-speed performance using a combination of hardware-based offloading technologies, distributed processing and advanced algorithms.

VulcanBay

VulcanBay is a scalable Gigabit TCP test chassis that offers extreme performance for stateful traffic load testing, analysis and characterizing of Ethernet equipment and network infrastructure. It supports 1/2.5/5/10/25/40GE L4-7 interfaces and can be used for simulating millions of real-world end-user environments to test and validate infrastructure, a single device, or an entire system.

Vulcanbay offers stateful end-to-end testing of network appliances such as switches, firewalls, routers, NAT routers, proxies, bandwidth shapers, and more. The platform is also suitable to characterize entire network infrastructure performance.

Developers of Ethernet-based network appliances can characterize their performance by measuring connection establishment and teardown rates, packet forwarding rate at large numbers of connections and identify performance bottlenecks. The platform is also ideal for rapid validation of performance or regression testing.

Developers of stateful network security devices such as next-generation firewalls (NGFW) can measure TLS handshake rate, TLS throughput, TCP CC/CPS, and HTTP CPS/TPS. Users can also replay their own PCAP files to the DUT for performance verification.

Flexible upgrade path

VulcanBay can be easily upgraded for greater performance thanks to Xena’s flexible licensing model which lets you easily upgrade VulcanBay by simply updating your license. This helps you protect your investment by spreading out capital expenditure across multiple quarters, and optimize your budget by purchasing additional performance when required.

Top Features

  • Stateful TCP traffic load generation with extreme performance – 24 million TCP connections *
  • High throughput of TLS encrypted traffic
  • Scalable performance via license upgrade
  • Supports 1/2.5/5/10/25/40GE optical or copper Ethernet interfaces for L4-7
  • Configuration and tuning of Ethernet, IP and TCP header fields for advanced traffic scenarios
  • Extensive live stats and test reports
  • Wire-speed traffic capture with up to 4 million packets capacity
  • Switched and routed network topologies, TCP proxy and NAT support
  • Free traffic generation and analysis software included (VulcanManager)
  • Scalable application emulation for performance testing with real-world protocols, applications, and traffic mixes from VulcanAppMix

VulcanBay Product Numbers:


Vul-28PE-10G-CU
VulcanBay 2U chassis (non-modular), unit controller, AC power, excl. tvcrs.
Equipped with 12 x 1/2.5/5/10G L4-7 Test Ports (12 x RJ45 10000/5000/2500/1000 BaseT), and 28 Packet Engines.


Vul-28PE-25G
VulcanBay 2U chassis (non-modular), unit controller, AC power, excl. tvcrs.
Equipped with 12 x 1/10/25G L4-7 Test Ports (12 x 25GBASE-SR4/LR4 SFP28), and 28 Packet Engines.


Vul-28PE-40G
VulcanBay 2U chassis (non-modular), unit controller, AC power, excl. tvcrs.
Equipped with 8 x 1/10/25G L4-7 Test Ports (4 x 25GBASE-SR4/LR4 SFP28), 2 x 40G L4-7 Test Ports (2 x 40GBASE-SR4/LR4/DAC QSFP+), and 28 Packet Engines.


PORT & SPEED LICENSES 

  • Vul-V1G-P – Perpetual license to enable 1 x L4-7 Test Port to operate at 1GE (port must support the speed)
  • Vul-V10G-P – Perpetual license to enable 1 x L4-7 Test Port to operate at 1GE/2.5GE/5GE/10GE (port must support the speed)
  • Vul-V25G-P – Perpetual license to enable 1 x L4-7 Test Port to operate at 1GE/2.5GE/5GE/10GE/25GE (port must support the speed)
  • Vul-V40G-P – Perpetual license to enable 1 x L4-7 Test Port to operate at 1GE/2.5GE/5GE/10GE/25GE/40GE (port must support the speed)


FEATURE LICENSES 

  • Vul-Sec-P – Perpetual license to enable security features (TLS traffic generation) on the chassis


VulcanBay versions:

VulcanManager

VulcanManager is a user-friendly test application for managing the Vulcan Layer 4-7 Gigabit TCP test solutions.

It is used for application emulation, performance verification, load testing, analysis and characterization of Ethernet equipment and network infrastructure.

VulcanManager

Core Functions

VulcanManager is a free Windows-based application for managing Vulcan extreme-performance L4-7 test platforms. It is used for stateful end-to-end testing of network devices such as firewalls, SSL/TLS proxies, switches, routers, NAT routers, load-balancers, bandwidth shapers, and more.

VulcanManager is suitable for characterizing network baseline performance for TCP. This is done by measuring connection establishment and teardown rates, number of concurrent connections/transactions, packet forwarding rate at large numbers of connections and identify performance bottlenecks.

With Xena’s TLS 1.2 support, users can do TLS performance testing e.g. handshakes per second, TLS throughput, concurrent TLS connections, etc., with different cipher suites and certificate key sizes on a DUT that decrypts traffic on one side and encrypts on the other.

With VulcanAppMix, the platform allows users to run realistic application traffic mixes for performance verification of content-aware networks and application-aware network devices. This is extremely useful when verifying the performance of network security devices with application-awareness, such as next-generation firewalls, IPS, etc., in both network pre-production and post-production phases of enterprises. VulcanManager also allow users to replay their own captured traffic and scale up to millions of connections.

VulcanManager supports ad-hoc test execution and remote management of test equipment located in multiple locations. Xena also offers an open scripting API (ValkyrieCLI) for automated testing.

  • Wire-speed stateful TCP traffic generation and analysis
  • TLS performance testing with different cipher suites and certificates
  • Application emulation with real-world application traffic mixes enabled by VulcanAppMix
  • Replay captured traffic at scale
  • Configuration and tuning of Ethernet, IP and TCP header fields for advanced traffic scenarios
  • Stateful TCP connection
  • Extensive live stats and test reports
  • Configurable allocation of processing resources to Ethernet test ports
  • Wire-speed traffic capture
  • Switched and routed network topologies, NAT support
  • Export packet capture to industry standard pcap/Wireshark

Application Emulation

VulcanManager lets you create complex traffic scenarios via VulcanAppMix which is a library containing hundreds of pcaps files of real-world applications. This makes it easy to verify the performance of application-aware networks and devices. With VulcanAppMix’s pre-defined library, different traffic mixes can be loaded and customized for various network environments, etc. enterprise environment and financial institutions.

TLS Performance Testing

VulcanManager lets you select TLS as a layer above TCP to carry out performance testing. With different TLS ciphers suites and various key sizes from TLS certificates, you can test TLS performance such as TLS handshakes per second, concurrent TLS connections, TLS throughput, TLS alerts, etc. Easy to configure and use, Xena’s native TLS makes it quick and easy to test a device that acts in TLS proxy mode, where the device decrypts traffic on one side and encrypts on the other.

TCP Traffic Generation

VulcanManager makes it easy to customize TCP connections by modifying the MAC/IP/TCP headers to create variations in the generated packets.

Traffic rates are specified as a percentage of line rate, frames per second or bit-rate, and traffic generation is controlled by a load profile specifying the speed with which connections are established and terminated.

The TCP payload can be automatically generated (random, incrementing) or customized by the user via a graphical payload editor. Payloads can also be loaded from file.

Stateful Payload Replay

VulcanManager allows users to replay their own captured network traffic on the test networks and devices. The replay is done on the Layer-4 payload level and parameters of the layers below are configurable. The replayed traffic can be scaled up to millions of connections for extreme performance verification. Users can define how to duplicate the captured connections/transactions, i.e. with unique MAC and IP addresses.

Generic Load Testing

Using VulcanManager, test engineers can quickly generate millions of TCP flows with specified load profiles and configurable IP/TCP/Payload parameters. Real time statistics and test reports provide an overview of the system or device characteristics.

Multi-user and Port Reservation

VulcanManager supports multi-user environments at the level of per port reservation. Packet Engines (PE’s) can be reserved and allocated individually, depending on the test scenario, for full operational flexibility and performance.

Report Generation

VulcanManager includes a report generation function that makes it easy to document results as attractive, simple-to-view PDFs.

API Scripting Made Easy

ValkyrieCLI is a text-based Command Line Interface (CLI) API that makes test automation easy to script from any scripting environment that supports TCP/IP.

Browser-based UI

For additional testing convenience, VulcanManager can be used via Phantom, enabling engineers to conduct tests via any HTML5-based browser.

Functional Specifications – VulcanManager
Application EmulationProtocol-oriented
• Stand-alone application-layer protocol traffic, e.g. HTTP/S, IMAP, MQTT, SMB, FTP, FIX, etc.
Application-oriented
• Application traffic with various protocols, e.g. email, web browser, IoT, etc.
Application Mixes
• Application traffic mixes for different network environments
• Enterprise mix
• Web mix
• Finance mix
• Data center mix
TLS Performance Testing• Cipher encryption, 128-bit and 256-bit AES, in the CBC and GCM modes, ChaCha20, 3DES, and RC4.
• Forward secrecy, both DHE and ECDHE
• Asymmetric cipher suites on the client and server sides
• Customizable cipher suites preference list
• Certificate key sizes from 1KB to 8KB
• Maximum TLS record size of 16KB
• 1.2 million TLS concurrent connections, 14K TLS connections per second
Traffic-Replay• Replay captured traffic from industry-standard pcap files
• Scale up connections to millions
• Configurable traffic composition
TCP Connection GenerationTCP Applications
• Open/close – for CPS and CC testing
• Bulk data transfer – for emulation of raw TCP network traffic

TCP Application Behavior
• Upload (client -> server)
• Download (Server -> Client)
• Bidirectional (server <-> client)

Basic L4+ Emulation
• Custom HTTP header
• Request/response protocol exchange with custom payload

TCP Payload
• Finite / Infinite lengths
• Custom/increment/random

Bandwidth Specification
• Per Connection Group
• Loads specified in percent of line rate

TCP Options and configuration
• MSS, window scale, window size

MAC/IP/TCP configuration
• Ethernet address
• VLAN ID/Priority
•IP address (src/dst)
• IP DS/ECN
• TCP port (src/dst)

Control Protocols• ARP reply from hosts
• ARP request for hosts/GW’s
• ICMP Echo replies from hosts
Per Port Statistics• Runtime and post-run stats
• Packets/bytes (Rx/Tx), packet/byte rates (Rx/Tx), FCS errors
• Packet checksum errors (IP + TCP)
• Protocol counters (IP, TCP, ARP, ICMP)
Per Connection Group statisticsGroup statistics• Runtime and post-run stats
• TCP state counters
• TCP state rates
• Total Rx/Tx packets/bytes
• TCP Retransmissions counters
• Packet size distribution
• Histograms
• Connection establishment/ teardown times (max/min/avg)
Network Topologies• Switched and routed networks
• NAT-routing
• TCP-Proxy
System Requirements:• CPU: Intel Core i5
• RAM: 4 GB
• Required hard disk space: 175 MB
• Screen Size: 1280×768
• Operating System: Windows 7 SP1, (Windows Server 2012 SP2 Standard) – Updated

Recommended:
• CPU: Intel Core i7
• RAM: 8 GB
• Required hard disk space: 175 MB
• Screen Size: 1280×768
• Operating System: Windows 10, (Windows Server 2016 Standard)

Vulcan Bay

VulcanBay is a scalable Gigabit TCP test chassis that offers extreme performance for stateful traffic load testing, analysis and characterizing of Ethernet equipment and network infrastructure. It supports 1/2.5/5/10/25/40GE L4-7 interfaces and can be used for simulating millions of real-world end-user environments to test and validate infrastructure, a single device, or an entire system.

Vulcanbay offers stateful end-to-end testing of network appliances such as switches, firewalls, routers, NAT routers, proxies, bandwidth shapers, and more. The platform is also suitable to characterize entire network infrastructure performance.

Developers of Ethernet-based network appliances can characterize their performance by measuring connection establishment and teardown rates, packet forwarding rate at large numbers of connections and identify performance bottlenecks. The platform is also ideal for rapid validation of performance or regression testing.

Developers of stateful network security devices such as next-generation firewalls (NGFW) can measure TLS handshake rate, TLS throughput, TCP CC/CPS, and HTTP CPS/TPS. Users can also replay their own PCAP files to the DUT for performance verification.

VulcanManager is included for ad-hoc test execution and remote management of test equipment located in multiple locations. VulcanAppMix helps to test with real-world applications and protocols for highly scalable application emulation.

VulcanBay

VulcanManager

VulcanAppMix

We are happy to advise you and look forward to

hearing from you!