| BreakingPoint Systems |
|
The BreakingPoint BPS is a performance and security testing platform designed specifically for content-aware networks and network equipment. It is designed to stress test the Deep Packet Inspection (DPI) functionality of content-aware equipment such as WAN optimization devices, Firewalls, IPS, UTM, VPN servers, switches and load balancers with converged application traffic and live security attacks at line speed. Two products are currently available:
Both out of the box and custom applications can be accelerated by the BPS Test Expression Engine enabling speeds of up to 20 Gigabits per second, 7.5 million simultaneous TCP sessions and 750,000TCP sessions per second per 10K appliance. The BPS 1000 is capable of 2Gbps, 5 million simultaneous connections and 500,000 connections per second. The BreakingPoint devices also support the generation of multi-gigabit layer 2/3 traffic to determine the maximum raw sustained bits per second or frames per second performance of a DUT. Transmission and verification of up to 60 million packets per second with 64 byte packets is possible. These figures are well in excess of any other test equipment installed in NSS’ lab at the time of writing.  Architecture –Test Expression Engine Software for both devices is identical, with an intuitive flash-based management Graphical User Interface (GUI) providing test automation and device control features. Users can take advantage of the extensive library of hundreds of pre-configured tests or customize their own from scratch. Where there are complex testing requirements which cannot be handled easily by the GUI, a full API to the BreakingPoint management system allows the appliances to be controlled and tests automated via TCL scripts.  BreakingPoint Management Interface – Administration View A great deal of thought has gone into the GUI design making it far simpler to create and modify complex tests that with competing products. For example, the Network Neighborhood configuration (IP addresses, routing information, and so on) is completely abstracted from the main test structure. This makes it a matter of minutes to change an existing test between a switched, routed, NAT or VLAN environment. Changing IP address ranges is also accomplished in moments, and is instantly reflected across all tests. BreakingPoint provides native generation of realistic converged application traffic and live security strikes for complete layer 2-7 testing. 50+ application protocols including Secure Socket Layer (SSL), IPv6, Microsoft CIFS SMB, MS SQL, Oracle, RADIUS, AOL IM, peer to peer applications such as BitTorrent and eDonkey, FIX, and many others. In addition, there are over 3,500 security strikes (live exploits) including contemporary exploits, Microsoft vulnerabilities and Zero-day exploits. Full evasion capabilities (over 80 different techniques at the time of writing) are built in, including stream segmentation, packet fragmentation, URL obfuscation, FTP telnet opcode and space insertion, RPC fragmentation, protocol fuzzing, and so on, and these can be applied to exploits during traffic generation. SYN Flood generation of up to 750,000 false and valid connections per second is also possible, and the latest release we reviewed, v1.2, allows “one armed” traffic generation enabling the user to launch BreakingPoint attacks against live hosts - a unique capability. New applications and strikes are released weekly.  BreakingPoint Application Manager The concept of SuperFlows allows the administrator to create complex real-world transactions which can be saved and re-used across all tests. SuperFlows allow the user to create realistic simulated network and applications testing environments combining application flows and building transaction level interactions to faithfully emulate authentic network traffic. Context can be shared between multiple protocols, and it is possible to define the number of simultaneous sessions, session ramp up rates, and duration of sessions. In addition, the latest release allows the user to upload custom content to the BreakingPoint device to provide the capability of transmitting live virus, spam or legitimate content as part of the test traffic. Once again, amending these parameters after the test has been created – perhaps to alter the protocol mix or change HTTP response sizes – is accomplished quickly and easily in one place and is instantly reflected across all tests which use those SuperFlows. This is a huge leap forward in GUI design for this type of test equipment and has enabled NSS to migrate its test methodologies in a fraction of the time originally anticipated. BreakingPoint has a couple of unique features in the area of traffic capture and replay which set it apart from the traditional replay tools which have limited use in today’s sophisticated testing environments. Firstly, rather than simply replay packets as they exist in the capture file, BreakingPoint strips out the content of the conversation and replays it completely statefully using a live TCP/IP stack, including any retransmissions that may be required. Secondly, where users are struggling to create complex SuperFlows to emulate real-world traffic, BreakingPoint can assist by capturing live traffic from the wire, and then converting it automatically for stateful replay – a huge time-saver. The reports produced at the end of each test are rich in content (both graphical and text-based) and incredibly detailed. Charts can be saved for inclusion in other documents, or entire reports can be exported in a number of different formats (HTML, PDF, Excel, CSV or RTF).  BreakingPoint Reports All test configurations are stored on hard disk within the BreakingPoint appliance, making it quick to run tests. This centralized approach also enables tests to be run from any host on the network without having to install client software, and multiple appliances can be controlled via a single test configuration to scale traffic generation capabilities to enormous levels. Test configurations are stored in one place, meaning there is more control over versioning, and export and backup capabilities are provided to ensure data security. The BreakingPoint equipment is one of only a handful of devices capable of performing this type of “real world” testing concentrating on layer 4 to 7, and is the only one to prove capable of doing it at line speeds in excess of 10Gbps. This type of test tool is essential when attempting to replicate high levels of real-life background traffic in order to adequately test today’s sophisticated network security products. The operation of the GUI has improved significantly from the first release to Version 1.2 (as installed in our lab at the time of writing), and each new release provides a wealth of new features. Still missing from the current release is a complete load profile capability (allowing precise control over ramp up times, steady state times, and so on), but this is promised for the next release. The ability to generate over 20Gbps of traffic, 7.5 million simultaneous connections and 750,000 connections per second in a single chassis makes BreakingPoint an essential part of our standard test rig for layer 4-7 testing. |
