Your SlideShare is downloading. ×
Rethink Deep Packet Inspection (DPI) Testing  Rethink Deep Packet Inspection Testing  A Methodology to measure the perform...
Rethink Deep Packet Inspection (DPI) Testing  Table of Contents              Introduction ...................................
Rethink Deep Packet Inspection (DPI) Testing  Introduction  Deep Packet Inspection (DPI) functionality enables network dev...
Rethink Deep Packet Inspection (DPI) Testing  Maximum Concurrent TCP Connections  This test will validate the DPI device p...
Rethink Deep Packet Inspection (DPI) Testing  Maximum Performance  RFC:     •        RFC 768 – User Datagram Protocol     ...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        5.	   Under	the	Network Neighborhoods	heading,	click	the	Create a new ...
Rethink Deep Packet Inspection (DPI) Testing        7.	   Four	interface	tabs	are	available	for	configuration.	Only	two	ar...
Rethink Deep Packet Inspection (DPI) Testing        9.	   Select	the	Interface 2	tab.	Configure	the	Network	IP	Address,	Ne...
Rethink Deep Packet Inspection (DPI) Testing        11.	 Click	Select the DUT/Network	under	the	Test Quick Steps menu.    ...
Rethink Deep Packet Inspection (DPI) Testing        14.	 Select	Add a Test Component	from	the	Test Quick Steps	menu.      ...
Rethink Deep Packet Inspection (DPI) Testing        17.	 Select	the	Interfaces	tab.	Verify	that	Interface 1 Client	and	Int...
Rethink Deep Packet Inspection (DPI) Testing        20.	 Click	Edit Description	to	edit	the	test	description	in	the	Test I...
Rethink Deep Packet Inspection (DPI) Testing        24.	 The	Summary	tab	initially	will	be	displayed	once	the	test	starts....
Rethink Deep Packet Inspection (DPI) Testing        26.	 When	the	test	is	completed,	a	window	appears	stating	that	the	tes...
Rethink Deep Packet Inspection (DPI) Testing        28.	 Expand	the	Test Results for Max Bandwidth	section.	Next,	expand	t...
Rethink Deep Packet Inspection (DPI) Testing  Maximum Performance Using Jumbo Frames  RFC:     •        RFC 768 – User Dat...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        5.	   Click	Save Test As.	              	        6.	   When	prompted	t...
Rethink Deep Packet Inspection (DPI) Testing        8.	   If	desired,	edit	the	test	description	in	the	Test Information	se...
Rethink Deep Packet Inspection (DPI) Testing        12.	 Select	the	TCP	tab.	This	will	display	the	number	of	both	attempte...
Rethink Deep Packet Inspection (DPI) Testing        14.	 Click	the	View the report	button.		This	will	open	up	more	detaile...
Rethink Deep Packet Inspection (DPI) Testing  Maximum TCP Connection Rate  RFC:     •        RFC 793 – Transmission Contro...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        6.	   In	the	Choose a device under test and network neighborhood	windo...
Rethink Deep Packet Inspection (DPI) Testing        9.	   Select	Application Simulator (L7)	from	the	Select a component ty...
Rethink Deep Packet Inspection (DPI) Testing        12.	 Select	the	Parameters	tab.	Several	different	parameters	will	be	c...
Rethink Deep Packet Inspection (DPI) Testing        15.	 In	the	Session Configuration	section,	enter	7500000	as	the	Maximu...
Rethink Deep Packet Inspection (DPI) Testing        19.	 When	prompted	for	a	name	to	Save Test As,	enter	DPI	Max	TCP	Rate	...
Rethink Deep Packet Inspection (DPI) Testing        22.	 When	the	test	is	completed,	a	window	will	appear	stating	whether	...
Rethink Deep Packet Inspection (DPI) Testing        24.	 Expand	Test Results for Maximum TCP Connection Rate	folder	and	se...
Rethink Deep Packet Inspection (DPI) Testing        26.	 Select	Frame Latency Summary.	Smaller	frame	latency	measurements	...
Rethink Deep Packet Inspection (DPI) Testing  Maximum Concurrent TCP Connections  RFC:     •        RFC 793 – Transmission...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        5.	   Click	Save Test As.        6.	   When	prompted	for	a	name	to	sav...
Rethink Deep Packet Inspection (DPI) Testing        8.	   Select	the	Parameters	tab.	Several	parameters	will	be	changed	in...
Rethink Deep Packet Inspection (DPI) Testing        11.	 If	desired,	edit	the	test	description	in	the	Test Information	sec...
Rethink Deep Packet Inspection (DPI) Testing        14.	 The	Summary	tab	initially	will	be	displayed	once	the	test	starts....
Rethink Deep Packet Inspection (DPI) Testing        16.	 When	the	test	is	completed,	a	window	will	appear	stating	whether	...
Rethink Deep Packet Inspection (DPI) Testing        19.	 Next,	select	TCP Response Time.	Shorter	response	times	allow	the	...
Rethink Deep Packet Inspection (DPI) Testing        21.	 Expand	the	Detail	folder.	Select	TCP Concurrent Connections	from	...
Rethink Deep Packet Inspection (DPI) Testing  Strike Mitigation  RFC:     •        RFC 768 – User Datagram Protocol       ...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        6.	   In	the	Choose a device under test and network neighborhood	windo...
Rethink Deep Packet Inspection (DPI) Testing        9.	   Select	the	Security	component	from	the	Select a component type	w...
Rethink Deep Packet Inspection (DPI) Testing        12.	 If	desired,	edit	the	test	description	under	the	Test Information	...
Rethink Deep Packet Inspection (DPI) Testing        16.	 Once	the	test	starts	to	run,	select	the	Attacks	tab.	This	will	di...
Rethink Deep Packet Inspection (DPI) Testing        18.	 Click	the	View the report	button	to	view	detailed	results	in	a	br...
Rethink Deep Packet Inspection (DPI) Testing  Strikes Blocking with IP Fragmentation  RFC:     •        RFC 768 – User Dat...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        6.	   Enter	DPI	Strike	Detection	Fragmentation	as	the	name	and	click	S...
Rethink Deep Packet Inspection (DPI) Testing        10.	 Under	the	Test Quick Steps menu,	click	Save and Run.        11.	 ...
Rethink Deep Packet Inspection (DPI) Testing        12.	 Once	the	test	is	completed,	a	window	will	appear	stating	that	the...
Rethink Deep Packet Inspection (DPI) Testing              Variations of this test that can be run include:                ...
Rethink Deep Packet Inspection (DPI) Testing  SYN Flood  RFC:     •        RFC 793 – Transmission Control Protocol       •...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.	        4.	   Select...
Rethink Deep Packet Inspection (DPI) Testing        6.	   In	the	Choose a device under test and network neighborhood	windo...
Rethink Deep Packet Inspection (DPI) Testing        9.	   Select	Session Sender (L4) from	the	Select a component type	wind...
Rethink Deep Packet Inspection (DPI) Testing        12.	 Select	the	Parameters	tab.	Several	changes	will	be	made	in	this	s...
Rethink Deep Packet Inspection (DPI) Testing        15.	 Verify	that	the	Test Status	has	a	green	checkmark	next	to	it.	If	...
Rethink Deep Packet Inspection (DPI) Testing        18.	 The	Summary	tab	will	automatically	be	displayed	when	the	test	sta...
Rethink Deep Packet Inspection (DPI) Testing        20.	 Once	the	test	is	completed,	a	window	will	appear	stating	that	the...
Rethink Deep Packet Inspection (DPI) Testing  Inappropriate Content Filtering  RFC:     •        RFC 768 – User Datagram P...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        5.	   Select	the	Super Flows	tab	and	locate	the	BreakingPoint HTTP Tex...
Rethink Deep Packet Inspection (DPI) Testing        7.	   In	the	Define Actions	section,	locate	the	Server: Response 200 (...
Rethink Deep Packet Inspection (DPI) Testing        10.	 Select	the	App Profiles	tab	and	click	the	Create a new applicatio...
Rethink Deep Packet Inspection (DPI) Testing        12.	 Locate	the	newly	created	Super	Flow	in	the	list	of	Available	Supe...
Rethink Deep Packet Inspection (DPI) Testing        15.	 Select	Test		New Test.        16.	 Under	the	Test Quick Steps se...
Rethink Deep Packet Inspection (DPI) Testing        18.	 When	prompted	that	the	current	test	setup	contains	more	interface...
Rethink Deep Packet Inspection (DPI) Testing        21.	 The	Information	tab	should	already	be	selected.	Enter	Inappropria...
Rethink Deep Packet Inspection (DPI) Testing        24.	 If	desired,	in	the	Test Information	section,	edit	the	test	descri...
Rethink Deep Packet Inspection (DPI) Testing        28.	 Once	the	test	starts,	the	Summary	tab	will	be	displayed.	It	conta...
Rethink Deep Packet Inspection (DPI) Testing        30.	 When	the	test	is	completed,	a	window	will	appear	stating	that	the...
Rethink Deep Packet Inspection (DPI) Testing        32.	 Expand	Test Results for Inappropriate Content	and	select	App Summ...
Rethink Deep Packet Inspection (DPI) Testing  Spam Email Blocking  RFC:     •        RFC 768 – User Datagram Protocol     ...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        5.	   Select	the	Super Flows	tab	and	locate	the	BreakingPoint SMTP Ema...
Rethink Deep Packet Inspection (DPI) Testing        7.	   In	the	Step 3 – Define Actions	section,	locate	Client: Send Emai...
Rethink Deep Packet Inspection (DPI) Testing        9.	   Click	the	Choose File	button	to	browse	your	file	system	to	locat...
Rethink Deep Packet Inspection (DPI) Testing        12.	 Using	the	Attachment Data	drop-down	menu,	select	the	newly	upload...
Rethink Deep Packet Inspection (DPI) Testing        14.	 Select	the	App Profiles	tab	and	click	the	Create a new applicatio...
Rethink Deep Packet Inspection (DPI) Testing        16.	 From	the	Available Super Flows	list,	locate	the	newly	created	Sup...
Rethink Deep Packet Inspection (DPI) Testing        19.	 Select	Test		New Test.        20.	 Under	the	Test Quick Steps me...
Rethink Deep Packet Inspection (DPI) Testing        22.	 When	prompted	that	the	current	test	setup	contains	more	interface...
Rethink Deep Packet Inspection (DPI) Testing        25.	 The	Information	tab	should	already	be	selected.	Enter	Spam	Email	...
Rethink Deep Packet Inspection (DPI) Testing        28.	 If	desired,	in	the	Test Information	section,	edit	the	test	descri...
Rethink Deep Packet Inspection (DPI) Testing        31.	 Enter	DPI	Spam	Email	when	prompted	for	a	name.	Click	Save.       ...
Rethink Deep Packet Inspection (DPI) Testing        34.	 When	the	test	is	completed,	a	window	will	appear	stating	that	the...
Rethink Deep Packet Inspection (DPI) Testing        36.	 Expand	Test Results for Spam Email Content	and	select	App Summary...
Rethink Deep Packet Inspection (DPI) Testing  Suspicious Content Detection  RFC:     •        RFC 768 – User Datagram Prot...
Rethink Deep Packet Inspection (DPI) Testing        1.	   Launch	a	Web	browser	and	connect	to	the	BreakingPoint	Storm	CTM....
Rethink Deep Packet Inspection (DPI) Testing        3.	   Reserve	the	required	ports	to	run	the	test.        4.	   Select	...
Rethink Deep Packet Inspection (DPI) Testing        5.	   Select	the	Super Flows	tab	and	locate	BreakingPoint DB2 Database...
Rethink Deep Packet Inspection (DPI) Testing        7.	   Make	sure	the	second	item	is	selected	under	the	Define Flows	sec...
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
Upcoming SlideShare
Loading in...5
×

Deep Packet Inspection (DPI) Test Methodology

2,552

Published on

DPI test methodology provides step-by-step directions on how to properly test content-aware DPI devices with real-world network traffic.

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,552
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
270
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Deep Packet Inspection (DPI) Test Methodology"

  1. 1. Rethink Deep Packet Inspection (DPI) Testing Rethink Deep Packet Inspection Testing A Methodology to measure the performance, security, and stability of deep packet inspection (DPI) devices under realistic conditionswww.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 1All other trademarks are the property of their respective owners.
  2. 2. Rethink Deep Packet Inspection (DPI) Testing Table of Contents Introduction .................................................................................................................................................................................................................... 3 Maximum Performance ............................................................................................................................................................................................. 5 Maximum Performance Using Jumbo Frames ................................................................................................................................................... 18 Maximum TCP Connection Rate .............................................................................................................................................................................. 25 Maximum Concurrent TCP Connections .............................................................................................................................................................. 36 Strike Mitigation ............................................................................................................................................................................................................ 46 Strikes Blocking with IP Fragmentation ................................................................................................................................................................ 54 SYN Flood......................................................................................................................................................................................................................... 61 Inappropriate Content Filtering............................................................................................................................................................................... 70 Spam Email Blocking ................................................................................................................................................................................................... 84 Suspicious Content Detection.................................................................................................................................................................................. 100 Webmail Phrase Detection ........................................................................................................................................................................................ 114 About BreakingPoint ................................................................................................................................................................................................... 129www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 2All other trademarks are the property of their respective owners.
  3. 3. Rethink Deep Packet Inspection (DPI) Testing Introduction Deep Packet Inspection (DPI) functionality enables network devices such as content-aware switches and routers, next generation firewalls, intrusion prevention systems (IPS), and application delivery controllers to inspect and take action based on the content and context of packets as they travel across the network. DPI functionality goes well beyond the protocol header into data protocol structures and the actual payload of the message. This allows DPI-capable devices to identify and classify traffic, providing a granular level of packet inspection to help mitigate buffer overflow attacks, Denial of Service (DoS) attacks, intrusions, worms and even spam. DPI technology also enables solutions such as metering to ensure quality of service, lawful intercept of information and data leak prevention. DPI has become a mainstream technology and something that businesses and individuals traversing networks come across, albeit unintentionally, every day. One of the more high profile uses of DPI involves service providers who leverage DPI to ensure quality of service to customers in the face of an explosion of peer-to-peer (P2P) traffic. Using DPI technology, service providers better manage bandwidth in real time, allowing for non essential services such as P2P file sharing applications while giving priority to essential services during peak times. Since DPI plays such an important role in providing increased network security, tiered Internet services and data loss prevention, the ability to test DPI functionality is critical. The following BreakingPoint Deep Pack Inspection Resiliency Methodology demonstrates how to create realistic global network simulations in order to properly verify the DPI capabilities of your device. Performing these series of tests using the BreakingPoint Storm CTM™ on a DPI device will help determine the device’s actual abilities under different circumstances. For example, the DPI device may perform as expected under a light traffic load but when under a higher load perform to a fraction of its stated ability. Performing these tests will help you better understand the impact of different scenarios and the reasons behind the results. Realism is key in network simulation; therefore, we recommend that the test environment emulate the deployment environment as closely as possible. Directly connected devices such as routers, switches and firewalls impact packet loss latency and data integrity. Additionally, the number of advertised host IP and MAC addresses, VLAN Tagging and NAT can also affect the performance of the DPI. If it is not feasible to recreate the deployment environment, we recommend connecting the BreakingPoint Storm CTM directly to the device under test (DUT). Regardless of how your deployment environment is set up, be certain that all DPI devices and builds that are under evaluation use the same test environment to ensure consistent results. Recommended tests included in the methodology: Maximum Performance This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect each packet’s content. The overall throughput that the DPI device is able to support will be determined. Maximum Performance Using Jumbo Frames This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect the contents of each jumbo frame. The overall throughput that the DPI device is able to support will be determined. Maximum TCP Connection Rate This test will validate DPI device performance by using only good traffic without requiring the DPI device to inspect each packet. Various TCP metrics will be analyzed to determine how a greater number of TCP connections per second affects the time it takes to establish a new TCP connection.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 3All other trademarks are the property of their respective owners.
  4. 4. Rethink Deep Packet Inspection (DPI) Testing Maximum Concurrent TCP Connections This test will validate the DPI device performance by using only good traffic and without requiring the DPI device to inspect each packet. Various TCP metrics will be analyzed to determine how a greater number of TCP connections affects the time it takes to establish a new TCP connection. Strike Mitigation This test validates the ability of the DPI device to remain stable while vulnerabilities, worms and backdoors are transmitted. To perform this test, an Attack Series will be used that includes high-risk vulnerabilities, worms and backdoors. The number of attacks blocked by the DPI device will be determined as well as the number of attacks that were successfully able to pass through. Strike Blocking with IP Fragmentation This test is identical to the “Strike Mitigation” test, except that IP fragmentation will be utilized as an evasion technique. SYN Flood This test determines how the DPI device performs when subjected to a SYN flood. The device should be able to detect and block the SYN flood. Inappropriate Content Filtering This will test the DPI unit’s ability to recognize and block any session that contains inappropriate material. A major part of DPI functionality is the ability to filter content that is either harmful or not supposed to be on the network. The ability to filter out packets that contain blacklisted words is a major part of DPI. Spam Email Blocking This test will determine the DPI device’s ability to recognize and block spam emails. With the growing amount of spam email on today’s networks, it is important to limit the number of spam emails that are able to reach an inbox. Another part of DPI is the ability to recognize and block spam emails. Suspicious Content Detection This test will help determine the DPI device’s ability to recognize, record and audit any suspicious content seen. Not all content is harmful to the network, but some could be suspicious in its contents. Webmail Phrase Detection This test will determine the DPI device’s ability to inspect and record any Webmail emails that have either keywords or a key phrase in the message. With more and more people using Web-based email products, it is important to be able to inspect the contents of the emails being sent because they could contain information that should not be made public.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 4All other trademarks are the property of their respective owners.
  5. 5. Rethink Deep Packet Inspection (DPI) Testing Maximum Performance RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol • RFC 2068 – Hypertext Transfer Protocol Overview: This test will use the Application Simulator test component and make use of a Max Bandwidth preset. The preset uses the BreakingPoint Bandwidth Application Profile that attempts to achieve the maximum transmission rate using both HTTP and P2P traffic. Objective: Test the maximum bandwidth in terms of Mbps (Megabits per second) that the DUT can pass through using real application traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 5All other trademarks are the property of their respective owners.
  6. 6. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 6All other trademarks are the property of their respective owners.
  7. 7. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Control Center  Network Neighborhood.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 7All other trademarks are the property of their respective owners.
  8. 8. Rethink Deep Packet Inspection (DPI) Testing 5. Under the Network Neighborhoods heading, click the Create a new network neighborhood button. 6. In the Give the new network neighborhood a name box, enter DPI Tests as the name. Click OK.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 8All other trademarks are the property of their respective owners.
  9. 9. Rethink Deep Packet Inspection (DPI) Testing 7. Four interface tabs are available for configuration. Only two are required for the tests. Click the X to delete Interface process until only two interfaces remain. 1. When prompted about removing the interface, click Yes. The remaining interfaces will be renamed. Repeat this 8. With Interface 1 selected, configure the Network IP Address, Netmask, Gateway IP Address, Router IP Address, Minimum IP Address and Maximum IP Address. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 9All other trademarks are the property of their respective owners.
  10. 10. Rethink Deep Packet Inspection (DPI) Testing 9. Select the Interface 2 tab. Configure the Network IP Address, Netmask and Gateway IP Address. Using the Type drop- down menu, select Host. Configure the Minimum IP Address and the Maximum IP Address. Click Apply Changes and then click Save Network. 10. Now that the Network Neighborhood has been created, you can configure the test. Select Test  New Test.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 10All other trademarks are the property of their respective owners.
  11. 11. Rethink Deep Packet Inspection (DPI) Testing 11. Click Select the DUT/Network under the Test Quick Steps menu. 12. In the Choose a device under test and network neighborhood window, under the Device Under Test(s) section, verify that BreakingPoint Default is selected, and that under Network Neighborhood(s), the newly created one is selected. Click Accept. 13. When prompted about switching Network Neighborhoods because the new test setup has fewer interfaces, click Yes. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 11All other trademarks are the property of their respective owners.
  12. 12. Rethink Deep Packet Inspection (DPI) Testing 14. Select Add a Test Component from the Test Quick Steps menu. 15. Select Application Simulator (L7) from the Select a component type window. 16. The Information tab should already be selected. Enter Max Bandwidth as the name and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 12All other trademarks are the property of their respective owners.
  13. 13. Rethink Deep Packet Inspection (DPI) Testing 17. Select the Interfaces tab. Verify that Interface 1 Client and Interface 2 Server are enabled. 18. Select the Presets tab and choose the 1Gbps Max Bandwidth option. Click Apply Changes. 19. Select the Parameters tab. Make any required changes to the parameters to match your device’s ability. For example, the Minimum data rate might need to be changed. If any changes are made, make sure to click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 13All other trademarks are the property of their respective owners.
  14. 14. Rethink Deep Packet Inspection (DPI) Testing 20. Click Edit Description to edit the test description in the Test Information section. 21. Verify that the Test Status has a green checkmark. If it does not, click Test Status and make the required changes. 22. In the Test Quick Steps menu, click Save and Run. 23. When prompted to Save Test As, enter DPI Max Bandwidth as the name and click Save.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 14All other trademarks are the property of their respective owners.
  15. 15. Rethink Deep Packet Inspection (DPI) Testing 24. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP, and Ethernet statistics in a tabular form. 25. Select the TCP tab. This tab displays the number of both attempted and successful TCP connections.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 15All other trademarks are the property of their respective owners.
  16. 16. Rethink Deep Packet Inspection (DPI) Testing 26. When the test is completed, a window appears stating that the test passed. Click Close. 27. Click the View the report button. This provides more detailed results in your browser.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 16All other trademarks are the property of their respective owners.
  17. 17. Rethink Deep Packet Inspection (DPI) Testing 28. Expand the Test Results for Max Bandwidth section. Next, expand the Details folder. Select the Frame Data Rate result view. Using the chart and the graph, determine the maximum bandwidth the DUT is able to handle. Variations of this test that can be run include: • Step both Maximum Simultaneous Sessions and Maximum Sessions per Second by 10% until 80% has been reached. • Use different presets, such as the Service Provider App or a custom application profile. • Increase the duration of the test time.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 17All other trademarks are the property of their respective owners.
  18. 18. Rethink Deep Packet Inspection (DPI) Testing Maximum Performance Using Jumbo Frames RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol • RFC 894 – A Standard for the Transmission of IP Datagrams over Ethernet • RFC 2068 – Hypertext Transfer Protocol Overview: This test will use the Application Simulator test component and make use of a Max Bandwidth preset. The preset uses the BreakingPoint Bandwidth Application Profile that attempts to achieve the maximum transmission rate using both HTTP and P2P traffic. Objective: Test the maximum bandwidth in terms of Mbps (Megabits per second) that the DUT can pass through using real state data and jumbo frames. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 18All other trademarks are the property of their respective owners.
  19. 19. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 19All other trademarks are the property of their respective owners.
  20. 20. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent  DPI Max Bandwidth.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 20All other trademarks are the property of their respective owners.
  21. 21. Rethink Deep Packet Inspection (DPI) Testing 5. Click Save Test As. 6. When prompted to Save Test As, enter DPI Performance Jumbo Frames as the name. Click Save. 7. Select the Parameters tab. Locate the TCP Configuration Maximum Segment Size parameter and enter a value of 4096. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 21All other trademarks are the property of their respective owners.
  22. 22. Rethink Deep Packet Inspection (DPI) Testing 8. If desired, edit the test description in the Test Information section. 9. Verify that the Test Status contains a green checkmark. If it does not, click Test Status and make the required changes. 10. Under the Test Quick Steps menu, click Save and Run. 11. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP, and Ethernet statistics in a tabular form.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 22All other trademarks are the property of their respective owners.
  23. 23. Rethink Deep Packet Inspection (DPI) Testing 12. Select the TCP tab. This will display the number of both attempted and successful TCP connections. 13. When the test is completed, a window will appear stating whether the test passed or failed. Click Close.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 23All other trademarks are the property of their respective owners.
  24. 24. Rethink Deep Packet Inspection (DPI) Testing 14. Click the View the report button. This will open up more detailed results in your browser. 15. Expand Test Results for Max Bandwidth and then expand the Detail folder. Select the Frame Data Rate result view. Using the chart and the graph, determine the maximum bandwidth the DUT is able to handle. Variations of this test that can be run include: • Step both Maximum Simultaneous Sessions and Maximum Sessions per Second by 10% until 80% has been reached. • Use different presets, such as the Service Provider App or a custom application profile. • Increase the duration of the test time.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 24All other trademarks are the property of their respective owners.
  25. 25. Rethink Deep Packet Inspection (DPI) Testing Maximum TCP Connection Rate RFC: • RFC 793 – Transmission Control Protocol Overview: This test will utilize an Application Simulator. The Application Simulator will be configured with the Service Provider Apps preset. The Service Provider Apps preset contains HTTP, different Mail protocols, P2P and FTP traffic. This test will determine the maximum TP connections per second using a stepping technique and values that match the DUT’s (Device Under Test) ability. Objective: Test the maximum peak rate of new connections that the DUT can handle using real stateful application traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 25All other trademarks are the property of their respective owners.
  26. 26. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 26All other trademarks are the property of their respective owners.
  27. 27. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  New Test. 5. Under the Test Quick Steps menu, click Select the DUT/Network.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 27All other trademarks are the property of their respective owners.
  28. 28. Rethink Deep Packet Inspection (DPI) Testing 6. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. 7. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 8. Under the Test Quick Steps menu, click Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 28All other trademarks are the property of their respective owners.
  29. 29. Rethink Deep Packet Inspection (DPI) Testing 9. Select Application Simulator (L7) from the Select a component type window. 10. The Information tab should already be selected. Enter Max TCP Connection Rate as the name and click Apply Changes. 11. Select the Presets tab. Select Service Provider Apps as the component preset and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 29All other trademarks are the property of their respective owners.
  30. 30. Rethink Deep Packet Inspection (DPI) Testing 12. Select the Parameters tab. Several different parameters will be changed in this section. Change these parameters to match your DUT’s ability. First, change the Minimum data rate to 100% of the DUT’s ability. Click Apply. 13. Next, change the Ramp Up Seconds in the Session Ramp Distribution section to 25 and click Apply. 14. In the Ramp Up Profile, several parameters will be changed. You may need to scroll in order to change each one of them. First, use the Ramp Up Profile Type drop-down menu and select Stair Step. For the Minimum Connection connection rate for the Maximum Connection Rate. Again, enter 10% of the DUT’s stated maximum connection rate Rate, enter a value that is 10% of the DUT’s stated maximum connection rate. Enter the DUT’s stated maximum for the Increment N connections per second parameter, and a value of 1 for Every N seconds. Once completed, click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 30All other trademarks are the property of their respective owners.
  31. 31. Rethink Deep Packet Inspection (DPI) Testing 15. In the Session Configuration section, enter 7500000 as the Maximum Simultaneous Sessions and the DUT’s stated maximum connection rate in the Maximum Sessions Per Second. Click Apply Changes. 16. If desired, edit the test Description in the Test Information section. 17. Verify that the Test Status contains a green checkmark. If it does not, click Test Status and make the required changes. 18. Under the Test Quick Steps menu, click Save and Run.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 31All other trademarks are the property of their respective owners.
  32. 32. Rethink Deep Packet Inspection (DPI) Testing 19. When prompted for a name to Save Test As, enter DPI Max TCP Rate and click Save. 20. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP, and Ethernet statistics in a tabular form. 21. Select the TCP tab. This will display the number of both attempted and successful TCP connections.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 32All other trademarks are the property of their respective owners.
  33. 33. Rethink Deep Packet Inspection (DPI) Testing 22. When the test is completed, a window will appear stating whether the test passed or failed. Click Close. 23. When the test is completed, click the View the report button.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 33All other trademarks are the property of their respective owners.
  34. 34. Rethink Deep Packet Inspection (DPI) Testing 24. Expand Test Results for Maximum TCP Connection Rate folder and select TCP Setup Time. Because shorter TCP setup times allow the DUT to respond quickly and handle incoming connection requests, they are preferable to longer TCP setup times. 25. Next, select TCP Response Time. Because shorter response times allow the DUT to respond quickly to requests and continue normal operation, they are preferable to longer response times. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 34All other trademarks are the property of their respective owners.
  35. 35. Rethink Deep Packet Inspection (DPI) Testing 26. Select Frame Latency Summary. Smaller frame latency measurements mean the frames are arriving quickly without much delay through the device. 27. Expand the Detail folder. Select TCP Connection Rate from the list of available results. Using the graph and the table, determine the maximum TCP connection rate the DUT is able to handle. Other tests can also be performed. The following are some examples that can be run: • Vary the TCP Segment size. • Change the Distribution type to random. • Change the TCP Session Duration (segments). • Increase the test time for a longer test.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 35All other trademarks are the property of their respective owners.
  36. 36. Rethink Deep Packet Inspection (DPI) Testing Maximum Concurrent TCP Connections RFC: • RFC 793 – Transmission Control Protocol Overview: This test is very similar to the previous test configuration though a calculated Ramp Up Profile will be used. Also, the results from the Maximum TCP Connection Rate test will be used in the Maximum Sessions Per Second parameter. Objective: Test the maximum number of established TCP connections the DUT could hold using real stateful application traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 36All other trademarks are the property of their respective owners.
  37. 37. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 37All other trademarks are the property of their respective owners.
  38. 38. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent  DPI Max TCP Rate.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 38All other trademarks are the property of their respective owners.
  39. 39. Rethink Deep Packet Inspection (DPI) Testing 5. Click Save Test As. 6. When prompted for a name to save the test as, enter Max Concurrent TCP Connections and click Save. 7. Under the Information tab, change the name to Max TCP Connections and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 39All other trademarks are the property of their respective owners.
  40. 40. Rethink Deep Packet Inspection (DPI) Testing 8. Select the Parameters tab. Several parameters will be changed in this section. First, using the Ramp Up Profile Type drop-down menu, change the value to Calculated in the Ramp Up Profile section. Click Apply Changes. 9. Next, in the Session Configuration section, change the Maximum Simultaneous Sessions to the maximum the DUT is expected to be able to reach. Also, change the Maximum Sessions Per Second to the rate determined by the DPI Max TCP Rate test. Click Apply Changes. 10. The next parameter to be changed is the Ramp Up Seconds in the Session Ramp Distribution section. This is a calculated value. Take the Maximum Simultaneous Sessions/Maximum Sessions Per Second (always round to the higher second). Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 40All other trademarks are the property of their respective owners.
  41. 41. Rethink Deep Packet Inspection (DPI) Testing 11. If desired, edit the test description in the Test Information section. 12. Verify that the Test Status has a green checkmark. If it does not, click Test Status and make the required changes. 13. Under the Test Quick Steps menu, click Save and Run.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 41All other trademarks are the property of their respective owners.
  42. 42. Rethink Deep Packet Inspection (DPI) Testing 14. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP and Ethernet statistics in a tabular form. 15. Select the TCP tab. This will display the number of both attempted and successful TCP connections.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 42All other trademarks are the property of their respective owners.
  43. 43. Rethink Deep Packet Inspection (DPI) Testing 16. When the test is completed, a window will appear stating whether the test passed or failed. Click Close. 17. When the test is completed, click the View the report button. 18. Expand Test Results for Max TCP Connections folder and select TCP Setup Time. Because short TCP setup times allow the DUT to quickly react and handle the incoming connection requests better than longer TCP setup times, they are preferred.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 43All other trademarks are the property of their respective owners.
  44. 44. Rethink Deep Packet Inspection (DPI) Testing 19. Next, select TCP Response Time. Shorter response times allow the DUT to respond quickly to requests and continue normal operation. 20. Select Frame Latency Summary. Short frame latency measurements indicate that the frames are arriving quickly without much delay through the device.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 44All other trademarks are the property of their respective owners.
  45. 45. Rethink Deep Packet Inspection (DPI) Testing 21. Expand the Detail folder. Select TCP Concurrent Connections from the list. Using the table and the graph, determine the maximum number of concurrent TCP connections that the DUT is able to handle. Other tests can also be performed. The following are some examples that can be run: • Vary the TCP Segment size. • Change the Distribution type to random. • Change the TCP Session Duration (segments). • Increase the test time for a longer test.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 45All other trademarks are the property of their respective owners.
  46. 46. Rethink Deep Packet Inspection (DPI) Testing Strike Mitigation RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to evaluate how malicious traffic will affect the performance of the DUT. A Security test component will be used in this test. Five default attack series are available to use, but during this test only Security Level 1 will be used. Security Level 1 includes high-risk vulnerabilities in services often exposed to the Internet. Objective: Test the DUT’s ability to recognize and block malicious traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 46All other trademarks are the property of their respective owners.
  47. 47. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 47All other trademarks are the property of their respective owners.
  48. 48. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  New Test. 5. Under the Test Quick Steps menu, click Select the DUT/Network.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 48All other trademarks are the property of their respective owners.
  49. 49. Rethink Deep Packet Inspection (DPI) Testing 6. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. 7. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 8. Next, under the Test Quick Steps menu, click Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 49All other trademarks are the property of their respective owners.
  50. 50. Rethink Deep Packet Inspection (DPI) Testing 9. Select the Security component from the Select a component type window. 10. Under the Information tab, enter Strike Detection as the name and click Apply Changes. 11. Select the Presets tab and then select Security Level 1. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 50All other trademarks are the property of their respective owners.
  51. 51. Rethink Deep Packet Inspection (DPI) Testing 12. If desired, edit the test description under the Test Information section. 13. Verify that the Test Status has a green checkmark next it. If it does not, click on Test Status and make the required changes. 14. Under the Test Quick Steps menu, click Save and Run. 15. When prompted, enter DPI Strike Detection as a name and click Save.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 51All other trademarks are the property of their respective owners.
  52. 52. Rethink Deep Packet Inspection (DPI) Testing 16. Once the test starts to run, select the Attacks tab. This will display information about how many attacks could be blocked and how many were actually able to pass through the DUT. 17. When the test is completed, a window will appear stating that the test failed because malicious traffic was able to pass through the DUT. Click Close.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 52All other trademarks are the property of their respective owners.
  53. 53. Rethink Deep Packet Inspection (DPI) Testing 18. Click the View the report button to view detailed results in a browser window. 19. Expand Test Results for Strike Detection and select Strike Results. Determine the number of strikes that were successfully blocked and the number that could be transmitted through the DUT. Variations of this test that can be run include: • Increase the test length for a longer Malicious Traffic Attack. • Change the Security Level. • Use a different random seed.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 53All other trademarks are the property of their respective owners.
  54. 54. Rethink Deep Packet Inspection (DPI) Testing Strikes Blocking with IP Fragmentation RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: This closely resembles the Strike Blocking test except the IP packets will be fragmented to determine how the DUT handles malicious traffic that is arriving in fragmented packets. Objective: Test the DUT’s ability to recognize and block malicious traffic with fragmentation on IP packets. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 54All other trademarks are the property of their respective owners.
  55. 55. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 55All other trademarks are the property of their respective owners.
  56. 56. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent Tests  DPI Strike Detection. 5. Click Save Test As.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 56All other trademarks are the property of their respective owners.
  57. 57. Rethink Deep Packet Inspection (DPI) Testing 6. Enter DPI Strike Detection Fragmentation as the name and click Save. 7. Select the Overrides tab. In the IP section, locate MaxFragSize and enter a value less than 46. Click Apply Changes. 8. If desired, edit the test Description under the Test Information section. 9. Verify that the Test Status contains a green checkmark. If it does not, click Test Status and make the required changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 57All other trademarks are the property of their respective owners.
  58. 58. Rethink Deep Packet Inspection (DPI) Testing 10. Under the Test Quick Steps menu, click Save and Run. 11. Once the test starts to run, select the Attacks tab. This will display the number of attacks that were successfully blocked and the number of attacks that were able to successfully pass through the DUT.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 58All other trademarks are the property of their respective owners.
  59. 59. Rethink Deep Packet Inspection (DPI) Testing 12. Once the test is completed, a window will appear stating that the test failed because malicious traffic was able to pass through the DUT. Click Close. 13. Click the View the report button. A window with detailed results will open. 14. Expand Test Results for Strike Detection and select Strike Results. Determine the number of strikes that were locked and the number of strikes that were able to pass through the DUT. Using the results from the previous test, determine if fragmentation made any difference. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 59All other trademarks are the property of their respective owners.
  60. 60. Rethink Deep Packet Inspection (DPI) Testing Variations of this test that can be run include: • Increase the test length for a longer Malicious Traffic Attack. • Change the Security Level. • Use a different random seed.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 60All other trademarks are the property of their respective owners.
  61. 61. Rethink Deep Packet Inspection (DPI) Testing SYN Flood RFC: • RFC 793 – Transmission Control Protocol • RFC 4987 – TCP SYN Flooding Attacks and Common Mitigations Overview: A SYN Flood is when a client starts a TCP connection but never sends an ACK and keeps trying to initiate a TCP connection. This can be harmful to a DPI device, as it has to provide resources to the TCP connection requests. The DPI device likely has the ability to detect and mitigate the SYN Flood. A Session Sender test component will be used to create a SYN Flood. Objective: Test the ability of the DUT to recognize and block SYN Flood attacks. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 61All other trademarks are the property of their respective owners.
  62. 62. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 62All other trademarks are the property of their respective owners.
  63. 63. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  New Test. 5. Under the Test Quick Steps section, click Select the DUT/Network.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 63All other trademarks are the property of their respective owners.
  64. 64. Rethink Deep Packet Inspection (DPI) Testing 6. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. 7. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 8. Under the Test Quick Steps section, click Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 64All other trademarks are the property of their respective owners.
  65. 65. Rethink Deep Packet Inspection (DPI) Testing 9. Select Session Sender (L4) from the Select a component type window. 10. Under the Information tab, change the name to SYN Flood and click Apply Changes. 11. Select the Presets tab and locate the 1Gbps SYN Flood. Click Apply Changes. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 65All other trademarks are the property of their respective owners.
  66. 66. Rethink Deep Packet Inspection (DPI) Testing 12. Select the Parameters tab. Several changes will be made in this section. The first one, if needed, is to change the Minimum data rate to what is supported by the DUT. Click Apply Changes once completed. 13. Next, two parameters in the Session Configuration section need to be changed. The first one is the Maximum Maximum Concurrent TCP Connections test). The second parameter that needs to be changed is Maximum Sessions Simultaneous Sessions. This needs to be set to the connection rate supported by the DUT (this is the result from the Per Second (this is the result from the Maximum TCP Connection Rate test). Click Apply Changes. 14. If desired, edit the test description under the Test Information section.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 66All other trademarks are the property of their respective owners.
  67. 67. Rethink Deep Packet Inspection (DPI) Testing 15. Verify that the Test Status has a green checkmark next to it. If it does not, click Test Status and make the required changes. 16. Under the Test Quick Steps menu, click Save and Run. 17. When prompted for a name to save the test as, enter DPI SYN Flood Detection and click Save. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 67All other trademarks are the property of their respective owners.
  68. 68. Rethink Deep Packet Inspection (DPI) Testing 18. The Summary tab will automatically be displayed when the test starts. This tab displays a great deal of information about TCP. As can be seen in the TCP Connection Rate section, the SYN flood is trying to establish a connection but the connection is not actually created. 19. Select the TCP tab. This will display information about the number of TCP Connections per Second. Again, clients are attempting to connect but are not actually successful.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 68All other trademarks are the property of their respective owners.
  69. 69. Rethink Deep Packet Inspection (DPI) Testing 20. Once the test is completed, a window will appear stating that the test passed. Click Close. 21. Click the View the report button. This will open a new browser window with detailed results. 22. Expand Test Results for SYN Flood and select TCP Summary. Verify that there are no Client established or Server established values. Other test variations can be run. One variation is to increase the test length for a longer SYN Attack.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 69All other trademarks are the property of their respective owners.
  70. 70. Rethink Deep Packet Inspection (DPI) Testing Inappropriate Content Filtering RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to determine and evaluate how the DUT is able to handle inappropriate content. Also, it is important to determine how the DUT’s performance is affected while having to perform content filtering. A new Super Flow will be created that will contain some type of inappropriate content. This Super Flow will then be added to an Application Profile. The BreakingPoint Application Simulator test component will be used to transmit the newly created application profile. Objective: Test the ability of the DUT to recognize and block sessions containing inappropriate material. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 70All other trademarks are the property of their respective owners.
  71. 71. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 71All other trademarks are the property of their respective owners.
  72. 72. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Managers  Application Manager.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 72All other trademarks are the property of their respective owners.
  73. 73. Rethink Deep Packet Inspection (DPI) Testing 5. Select the Super Flows tab and locate the BreakingPoint HTTP Text from the list. Click Save As. 6. When prompted for a name, enter HTTP Inappropriate and click Ok.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 73All other trademarks are the property of their respective owners.
  74. 74. Rethink Deep Packet Inspection (DPI) Testing 7. In the Define Actions section, locate the Server: Response 200 (OK) action. Click the Edit the selected action parameter button. 8. Enable the String for response data section and enter the inappropriate terms or phrases in the String for response data field. 9. Select Save Super Flow.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 74All other trademarks are the property of their respective owners.
  75. 75. Rethink Deep Packet Inspection (DPI) Testing 10. Select the App Profiles tab and click the Create a new application profile button. 11. When prompted for a name, enter DPI HTTP Inappropriate and click OK.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 75All other trademarks are the property of their respective owners.
  76. 76. Rethink Deep Packet Inspection (DPI) Testing 12. Locate the newly created Super Flow in the list of Available Super Flows. Click the Add the super flow to the profile button. 13. Locate the BreakingPoint HTTP Text Super Flow and click the Add the Super Flow to the profile button. 14. Verify that both Super Flows have a weight of 100 and click Save App Profile.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 76All other trademarks are the property of their respective owners.
  77. 77. Rethink Deep Packet Inspection (DPI) Testing 15. Select Test  New Test. 16. Under the Test Quick Steps section, click Select the DUT/Network. 17. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 77All other trademarks are the property of their respective owners.
  78. 78. Rethink Deep Packet Inspection (DPI) Testing 18. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 19. Under the Test Quick Steps menu, click Add a Test Component. 20. Select Application Simulator (L7) from the Select a component type window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 78All other trademarks are the property of their respective owners.
  79. 79. Rethink Deep Packet Inspection (DPI) Testing 21. The Information tab should already be selected. Enter Inappropriate Content for the name and click Apply Changes. 22. Select the Parameters tab. Several parameters in this section will need to be changed. First verify that the Minimum data rate is set to 80% of the total available bandwidth. Make sure to click Apply Changes if any value is updated. 23. Next, change the Application Profile parameter. Using the drop-down menu, select the DPI HTTP Inappropriate application profile and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 79All other trademarks are the property of their respective owners.
  80. 80. Rethink Deep Packet Inspection (DPI) Testing 24. If desired, in the Test Information section, edit the test description. 25. Verify that the Test Status has a green checkmark next to it. If it does not, click on Test Status and make the needed changes. 26. Under the Test Quick Steps menu, click Save and Run. 27. Enter DPI Inappropriate Content when prompted for a name. Click Save.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 80All other trademarks are the property of their respective owners.
  81. 81. Rethink Deep Packet Inspection (DPI) Testing 28. Once the test starts, the Summary tab will be displayed. It contains a great deal of information about application flows and application transactions. 29. Select the Application tab. This will display real-time information about the application flows that are being transmitted.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 81All other trademarks are the property of their respective owners.
  82. 82. Rethink Deep Packet Inspection (DPI) Testing 30. When the test is completed, a window will appear stating that the test failed. Click Close. 31. Select the View the report button. This will open a more detailed result view in a browser window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 82All other trademarks are the property of their respective owners.
  83. 83. Rethink Deep Packet Inspection (DPI) Testing 32. Expand Test Results for Inappropriate Content and select App Summary. This will provide a great deal of information about all of the applications from bytes transmitted to bytes received to details about failures. Since half of the content should be blocked because it is inappropriate, the Application attempted value should be about twice the value of the Application successes. 33. Login to the DUT, and view the different counters to determine if the DUT was successfully blocking the inappropriate content. Variations of this test that can be run include: • Increase the test length for a longer run time. • Try different inappropriate key words. • Try a larger number of inappropriate key words.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 83All other trademarks are the property of their respective owners.
  84. 84. Rethink Deep Packet Inspection (DPI) Testing Spam Email Blocking RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to determine and evaluate how the DUT is able to handle spam email. Also, it is important to determine how the DUT’s performance is affected while having to block spam email. A new Super Flow will be created that will contain a spam email. This Super Flow will then be added to an application profile. The Application Simulator test component will be used to transmit the newly created application profile to test the DUT’s ability to block spam email. Objective: Test the ability of the DUT to recognize and block sessions containing spam email. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 84All other trademarks are the property of their respective owners.
  85. 85. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 85All other trademarks are the property of their respective owners.
  86. 86. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Managers  Application Manager.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 86All other trademarks are the property of their respective owners.
  87. 87. Rethink Deep Packet Inspection (DPI) Testing 5. Select the Super Flows tab and locate the BreakingPoint SMTP Email from the list. Click Save As. 6. When prompted, enter DPI SMTP Spam as the name and click Ok.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 87All other trademarks are the property of their respective owners.
  88. 88. Rethink Deep Packet Inspection (DPI) Testing 7. In the Step 3 – Define Actions section, locate Client: Send Email. Click the Edit the selected action parameter button. 8. Enter an email address in the Protocol FROM Username field. Enter a different email address in the Protocol RCPT Username field. Next, scroll down and locate the Subject field. Enter Receive 15% off Gold Watches as the Subject. Finally, enable the Attachment Data field and click Import Attachment Data. You can upload the content into the Web browser that launches.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 88All other trademarks are the property of their respective owners.
  89. 89. Rethink Deep Packet Inspection (DPI) Testing 9. Click the Choose File button to browse your file system to locate spam email text. 10. Once the spam email has been located in your file system, click Upload. 11. Wait until the file is uploaded successfully, then close the browser window. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 89All other trademarks are the property of their respective owners.
  90. 90. Rethink Deep Packet Inspection (DPI) Testing 12. Using the Attachment Data drop-down menu, select the newly uploaded file and click Apply Changes. 13. Click Save Super Flow.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 90All other trademarks are the property of their respective owners.
  91. 91. Rethink Deep Packet Inspection (DPI) Testing 14. Select the App Profiles tab and click the Create a new application profile button. 15. When prompted, enter DPI Spam Email Content as a name and click Ok.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 91All other trademarks are the property of their respective owners.
  92. 92. Rethink Deep Packet Inspection (DPI) Testing 16. From the Available Super Flows list, locate the newly created Super Flow and click the Add the Super Flow to the profile button. 17. Again, from the Available Super Flows list, locate the BreakingPoint SMTP Email Super Flow and click the Add the Super Flow to the profile button. 18. Verify that each Super Flow has a weight of 100 and click Save App Profile.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 92All other trademarks are the property of their respective owners.
  93. 93. Rethink Deep Packet Inspection (DPI) Testing 19. Select Test  New Test. 20. Under the Test Quick Steps menu, click Select the DUT/Network. 21. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 93All other trademarks are the property of their respective owners.
  94. 94. Rethink Deep Packet Inspection (DPI) Testing 22. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 23. Under the Test Quick Steps menu, click Add a Test Component. 24. Select Application Simulator (L7) from the Select a component type window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 94All other trademarks are the property of their respective owners.
  95. 95. Rethink Deep Packet Inspection (DPI) Testing 25. The Information tab should already be selected. Enter Spam Email Content for the name and click Apply Changes. 26. Select the Parameters tab. Several parameters in this section will need to be changed. First verify that the Minimum data rate is set to 80% of the total available bandwidth. Make sure to click Apply Changes if any value is updated. 27. Next, change the Application Profile parameter. Using the drop-down menu, select the DPI Spam Email Content application profile and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 95All other trademarks are the property of their respective owners.
  96. 96. Rethink Deep Packet Inspection (DPI) Testing 28. If desired, in the Test Information section, edit the test description. 29. Verify that the Test Status has a green checkmark next to it. If it does not, click on Test Status and make the needed changes. 30. Under the Test Quick Steps section, click Save and Run.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 96All other trademarks are the property of their respective owners.
  97. 97. Rethink Deep Packet Inspection (DPI) Testing 31. Enter DPI Spam Email when prompted for a name. Click Save. 32. Once the test starts, the Summary tab will be displayed. It contains a great deal of information about application flows and application transactions. 33. Select the Application tab. This will display real-time information about the application flows that are being transmitted. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 97All other trademarks are the property of their respective owners.
  98. 98. Rethink Deep Packet Inspection (DPI) Testing 34. When the test is completed, a window will appear stating that the test failed. Click Close. 35. Select the View the report button. This will open a more detailed result view in a browser window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 98All other trademarks are the property of their respective owners.
  99. 99. Rethink Deep Packet Inspection (DPI) Testing 36. Expand Test Results for Spam Email Content and select App Summary. This will provide a great deal of information about all of the applications including bytes transmitted, bytes received and details about failures. Since half of the content should be blocked because it is inappropriate, the Application attempted value should be about twice the value of the Application successes. 34. Login to the DUT and view the different counters to determine if the DUT was successfully blocking the SPAM email. Variations of this test that can be run include: • Increase the test length for a longer run time. • Try different spam emails. • Try a larger number of spam emails to determine if all are blocked.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 99All other trademarks are the property of their respective owners.
  100. 100. Rethink Deep Packet Inspection (DPI) Testing Suspicious Content Detection RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to determine and evaluate how the DUT is able to handle the detection of suspicious content. Also, it is important to determine how the DUT’s performance is affected while having to handle suspicious content detection. A new Super Flow will be created that will use a database protocol to simulate a credit card request by querying the database. This Super Flow will then be added to an application profile. The Application Simulator test component will be used to transmit the newly created application profile to test the DUT’s ability to detect suspicious content. Objective: Test the ability of the DUT to record and audit suspicious content. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 100All other trademarks are the property of their respective owners.
  101. 101. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 101All other trademarks are the property of their respective owners.
  102. 102. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Managers  Application Manager.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 102All other trademarks are the property of their respective owners.
  103. 103. Rethink Deep Packet Inspection (DPI) Testing 5. Select the Super Flows tab and locate BreakingPoint DB2 Database from the list. Click Save As. 6. When prompted for a name, enter DPI DB Credit and click OK. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 103All other trademarks are the property of their respective owners.
  104. 104. Rethink Deep Packet Inspection (DPI) Testing 7. Make sure the second item is selected under the Define Flows section and also select the Client: SQL Query in the Define Actions section. Click the Edit the select actions parameters button. 8. In the SQL Query field, enter a specific query that will be tracked by the DUT. The query content should be defined according to the DUT’s policy and detection model. A good example to use is: “SELECT* from credit_card_table”. Click Apply Changes. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 104All other trademarks are the property of their respective owners.

×