Need suggestions for high performance router testing

[System Error Message]

It seems that my 10Gbe NICs have arrived much faster than i thought and i havent had all the systems up and running(i found 2 not working) however while i do that please reply on what you would like tested.
Currently i have a mikrotik CCR1036 and a ubiquiti edgerouter pro but i can test other routers if supplied with them. I am making a program to perform the tests so i would like to know what tests you would like performed. The software will be in java and will use all the hardware resource it can for tests (meaning multi threading and all that other fancy stuff so it will even run on ARM)

Heres the list of what i've currently planned:
NAT throughput
PPTP VPN throughput (for other VPNs i will need configs to get them working)
Connection flood test
CPU stress test (on some routers full CPU usage can cause reboots)
CPU stress test while performing NAT and firewall

QoS and firewall test based on configs sent by users.

Among the other things that can be tested can be are x86 platforms as routers and in the future GPUs if i get time to write code for them.

Currently i have more than 40Gb/s of NICs

 

[paraplu]

Well, 10gb routing is hardcore stuff which I think is overkill at this moment, for small business use-cases.
Testing gbit throughput of PPPoE (ISP's) wan to lan would be helpful as, in my surroundings, this is the most common scenario.

 

[Nullity]

For QoS testing, iperf and netperf are the leaders (afaik). Unless you are testing layer 7 QoS capabilities, they should suffice.

Respectfully stolen from http://www.iijlab.net/~kjc/software/TIPS.txt, the following script is a good starting point for traffic generation with netperf.

#!/bin/sh
PATH=/bin:/usr/bin:/usr/local/bin
export PATH

dest=dest-host-name
sec=20
win=48K
size=8K
netperf -H $dest -l $sec -- -m $size -s $win -S $win &
sleep 3
netperf -H $dest -l $sec -- -m $size -s $win -S $win &
sleep 3
netperf -H $dest -l $sec -- -m $size -s $win -S $win &
sleep 3
netperf -H $dest -l $sec -- -m $size -s $win -S $win

 

[System Error Message]

I intend to code the test instead of using scripts since i can than use as much hardware resource as possible. Im not sure how i would test layer 7 except for creating a packet with the right hash and configuring layer 7 on the router itself. My plan is to create a program to test network performance and than distribute it for use of testing routers with lots of hardware resource.

but for specific routers i can use user submitted scripts and such.

 

[Nullity]

How will your project differ from things like netperf or iperf?

 

[System Error Message]

can netperf and iperf test the number of connections a router can handle? ASUS used a torrent test but you can create connections by changing the source address and making it last a few days. This helps to test the limit without needing a complicated setup. Another thing i want to do which you cant do properly on iperf/netperf is stress test wifi. I have gotten up to 90% of rated wifi bandwidth before but using a bandwidth tester that was unreliable and CPU intensive. I measured the bandwidth by using the NIC's stats instead. With 5Gb/s of wifi coming out it would be appropriate to be able to test every single thing on it from the wire, CPU and even all the wifi radios. The other point of stress testing is to also how some chips or systems handle too much load whether they freeze up or reboot.

 

[coxhaus]

It will be interesting if you start hitting 90% and above of NIC bandwidth on a constant basis . At that level you may start exposing stuff.

 

[Nullity]

I highly doubt anything could be more efficient than iperf/netperf unless you went to the kernel level. That is kinda the whole point of traffic generators. They are more efficient than having some high-level application creating real data. Only DPI could tell if traffic was generated/simulated vs real anyway.

I thought WiFi stress testing would simply be an extension of traffic generation stress testing.

I got nothing on simultaneous connection stress testing.
Some C program with an open af_inet socket loop?

 

[Nullity]

You might wanna take a closer look a netperf. It does seem to offer a TCP connect/close test. I cannot tell whether it can accomplish your goal.

http://www.netperf.org/svn/netperf2/tags/netperf-2.7.0/doc/netperf.html#TCP_005fCC

netperf is powerful but cryptic (imo). I rarely see it mentioned by anyone expect academians (like ns-2/3).

 

[System Error Message]

what i want to accomplish is considered to be hacking in a sense of giving false packets. So to do a connection test using 1 machine only requires falsifying packets so they appear to be from other hosts so the router. By falsifying packets you not only test security but you can also test performance in various ways.

I know netperf and iperf are efficient but i plan to use java so i can run it off multiple types of machines. This way i could run it off android as well as a way to test wifi. I know there are bandwidth testers for android but i want the same feature set on all machines.

 

[Nullity]

Will this be open-source?

 

[kvic]

what i want to accomplish is considered to be hacking in a sense of giving false packets. So to do a connection test using 1 machine only requires falsifying packets so they appear to be from other hosts so the router. By falsifying packets you not only test security but you can also test performance in various ways.

I know netperf and iperf are efficient but i plan to use java so i can run it off multiple types of machines. This way i could run it off android as well as a way to test wifi. I know there are bandwidth testers for android but i want the same feature set on all machines.

I don't know Java is a system programming language. Can you spoof tcp/ip packets in Java?

 

[System Error Message]

I do know that whether you use C or java you will still have to use the network API and spoofing depends on the API.

 

[sfx2000]

Can you spoof tcp/ip packets in Java?

At an application level - yes..

 

[System Error Message]

Will this be open-source?

It mainly depends on whether it is classified as a hacking software or a testing software and if i have time to set up git.

 

[Nullity]

It mainly depends on whether it is classified as a hacking software or a testing software and if i have time to set up git.

(I am not a lawyer.)

You are safe, neither is illegal. Purely malicious executables, maybe, but even then, it is really the user's responsibility to stay within the law. If you only release source-code, that is very rarely illegal.

Things like packet generators are legal, and they are more capable than a simple IP spoofer.

Does the UK have some overly strict law where they must declare an executable or script as "hacking" or "testing"? Seems implausible.

 

[System Error Message]

i know the UK is full of silly laws and silly efforts of internet but i would have to check the legality of such software. being able to spoof and pretend to be someone else is what would classify it as a hacking software despite it being the easiest way to do a connection limit test.

 

[NickF1227]

Hello my friend,
Are there any updates on your testing here?

 

[System Error Message]

unfortunately no because i have been bogged down with university but there so will be really busy for 2 months.

edit: There is one behaviour i noticed with TILEgx CPUs is that as their temperature increases, their power usage increases. So they start going unstable above 80C which is why the CCR series use the cooling they do. The cooling could be made better though