0

In a couple weeks I will load testing a security/gateway appliance. We're a small residential college, and that "residential" means the traffic moving through the appliance is a bit like the Wild West. We have everything from Facebook to World of Warcraft, BitTorrent to Netflix, or Halo to YouTube... basically anything you might find in the home of a high-school or college aged person. Somewhere in there some real academic work gets done as well.

We rely on our current appliance for traffic shaping, antivirus, malware filtering, intrusion detection on our servers, logging and abuse reporting, and even some content filtering. All this puts a decent load when we have students around, and I'm concerned about the ability of the new candidate to keep up. On paper it should handle things, but I'm worried. Prior experience is that vendors greatly over-report what an appliance can handle. The product also includes a licensed session limit, and I'm also worried that just a few misbehaving students could unwittingly bring us to that limit and cause service disruptions. I need to know this will work for our campus in order to commit to it. Going a performance level higher in that product takes the pricing way out of line with what we expect and have done in the past.

What I need is a good way to load test this guy. My problem is that our current level of summer traffic is less than one percent of what it will be when students come back just six weeks from now. Any ideas on how to really stress this thing and see what it can do, in a way that will give me some clear ideas o. How that will scale for our campus?

For the curious, I'm looking at a Watchguard 515, but it could be anything. If I were evaluating a competitor, I'd ask the same question.

Joel Coel
  • 12,932
  • 14
  • 62
  • 100

1 Answers1

0

You are correct to say that most firewall/appliance vendors overestimate the throughput of their devices (some by measuring UDP throughput, rather than TCP).

In any case, if you wanted to load test your device, you would need the ability to generate sufficient and relevant load from inside your networks, which means deploying enough servers with a load testing tool, setting the tool up with your specific test cases, running it and then analysing the results. Sounds like you may have a few test cases, but have a look at this slide deck first and go from there: http://www.slideshare.net/BreakingPoint/resiliency-testing-of-high-performance-firewalls

Analysing the result is usually the most challenging part, because you have to sift through a lot of data to understand what happened (or didn't happen).

You can also hire a 3rd party, however they are usually not cheap (the ones that know what they are doing anyway).

There are commercial tools you can use, such as NeoLoad or free ones such as JMeter. In any case, it is up to you to select the best tool, that closely meets your objective(s).

-- ab1

ab77
  • 625
  • 4
  • 7