1. Field
This disclosure relates to receiving and processing traffic for testing a network or network device.
2. Description of the Related Art
In many types of communications networks, each message to be sent is divided into portions of fixed or variable length. Each portion may be referred to as a packet, a frame, a cell, a datagram, a data unit, or other unit of information, all of which are referred to herein as packets.
Each packet contains a portion of an original message, commonly called the payload of the packet. The payload of a packet may contain data, or may contain voice or video information. The payload of a packet may also contain network management and control information. In addition, each packet contains identification and routing information, commonly called a packet header. The packets are sent individually over the network through multiple switches or nodes. The packets are reassembled into the message at a final destination using the information contained in the packet headers, before the message is delivered to a target device or end user. At the receiving end, the reassembled message is passed to the end user in a format compatible with the user's equipment.
Communications networks that transmit messages as packets are called packet switched networks. Packet switched networks commonly contain a mesh of transmission paths which intersect at hubs or nodes. At least some of the nodes may include a switching device or router that receives packets arriving at the node and retransmits the packets along appropriate outgoing paths. Packet switched networks are governed by a layered structure of industry-standard protocols. Layers 1, 2, 3, 4, and 7 of the structure are the physical layer, the data link layer, the network layer, the transport layer, and the application layer, respectively.
Layer 1 protocols define the physical (electrical, optical, or wireless) interface between nodes of the network. Layer 1 protocols include various Ethernet physical configurations, the Synchronous Optical Network (SONET) and other optical connection protocols, and various wireless protocols such as Wi-Fi.
Layer 2 protocols govern how data is logically transferred between nodes of the network. Layer 2 protocols include the Ethernet, Asynchronous Transfer Mode (ATM), Frame Relay, and Point to Point Protocol (PPP).
Layer 3 protocols govern how packets are routed from a source to a destination along paths connecting multiple nodes of the network. The dominant layer 3 protocols are the well-known Internet Protocol version 4 (IPv4) and version 6 (IPv6). A packet switched network may need to route IP packets using a mixture of the Ethernet, ATM, FR, and/or PPP layer 2 protocols. At least some of the nodes of the network may include a router that extracts a destination address from a network layer header contained within each packet. The router then used the destination address to determine the route or path along which the packet should be retransmitted. A typical packet may pass through a plurality of routers, each of which repeats the actions of extracting the destination address and determining the route or path along which the packet should be retransmitted.
Layer 4 protocols govern end-to-end message delivery in a network. In particular, the Transmission Control Protocol (TCP) provides for reliable delivery of packets streams using a system of sequential acknowledgement and retransmission when necessary. TCP is a connection-oriented protocol in which two devices exchange messages to open a virtual connection via the network. Once a connection is opened, bidirectional communications may occur between the connected devices. The connection may exist until closed by one of the devices. Opening and closing a connection both require several steps at which specific messages are exchanged between the two devices. A connection may also be closed when an anticipated response is not received by one device for a predetermined period of time, commonly called a “time-out”. A TCP connection is considered to be “stateful” since each device must maintain information describing the state of the connection (being opened, established, being closed), what data has been sent, and what sent data has been acknowledged.
Layer 7 protocols, or application layer protocols, include the Hyper Text Transfer Protocol (HTTP), the Simple Mail Transfer Protocol (SMTP), the File Transfer Protocol (FTP), the Post Office Protocol (POP3), and other protocols. These layer 7 protocols commonly communicate via a network using the TCP protocol. In some circumstances, information communicated by layer 7 protocols may be encrypted. Commonly, information may be encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols that operate (essentially at layer 5) between the layer 7 protocol and the TCP protocol.
Traditionally, network devices, such as routers and switches, operated primarily at layer 2, which is to say network devices routed packets through a network based on information in the layer 2 header of each Ethernet packet. Such network devices generally ignore packet content. However, modern network devices may go beyond layer 2 headers to look in the content of IP packets. Network devices may perform shallow packet inspection, also called stateful packet inspection, by inspecting layer 4 headers. Some network devices perform deep packet inspection (DPI) by inspecting some or all of the payload content of each packet. Deep packet inspection may be performed to prevent propagation of viruses and other malicious code, to filter spam, to prevent unauthorized intrusion into private networks, to censor internet traffic in some countries, and other purposes.
In order to test a packet switched communications network or a device included in a packet switched communications network, test traffic comprising a large number of packets may be generated, transmitted into the network at one or more ports, and received at different ports. In this context, the term “port” refers to a communications connection between the network and the equipment used to test the network. The term “port unit” refers to a module within the network test equipment that connects to the network at a port. The received test traffic may be analyzed to measure the performance of the network. Each port unit connected to the network may be both a source of test traffic and a destination for test traffic. Each port unit may emulate a plurality of logical source or destination addresses.
In order to test a network or network device such as a server, a server load balancers, or any device that performs DPI, it may be necessary to establish real connections and send realistic data through the network under test. To test a network or network equipment that performs at least partial DPI of encrypted packets, it may be necessary to establish a large number of SSL/TLS connections through the network under test.
FIG. 1 shows a simplified flow chart of a process 100 for establishing and using a connection according to the SSL protocol using RSA for key exchange. The process 100 will be referred to in this patent as the SSL “handshake” process. The process 100 is usually performed by a client computing device and a server computing device that communicate via a network. The process 100 starts at 105 when the client device decides to open a SSL connection, and concludes at 190, usually by mutual agreement of the client and server devices. The process 100 may includes an exchange of messages between a client device and a server device, commonly called the SSL handshake.
At 110, the client device creates a first random number, called the “client random number” (CRN) in the SSL protocol. The client device then sends a message 115, called the “client hello” message in the SSL protocol, containing the CRN to the server device. The client hello message may include other information such as lists of compression protocols and encryption protocols supported by the client.
After receiving the client hello message 115, at 120 the server device generates a second random number, called the “server random number” (SRN) in the SSL protocol. The server device may then send a message 125, called the “server hello” message in the SSL protocol, containing the SRN to the client device. The server hello message may include other information such as a selection of a compression protocol and an encryption protocol (from the lists provided in the client hello message 115) to be used once the SLL connection is established.
The server device typically also sends a server certificate 127 to the client device. The server certificate 127 may include information required for the client to authenticate the server. The server certificate 127 may include a server pubic key that may be used by the client device to encrypt data to be sent to the server device.
After receiving and validating the server certificate, the client device generates a third random number, called the “pre-master secret” (PMS), at 130. At 140, the client device encrypts the PMS using the server public key from the server certificate 127. The encrypted PMS (EPMS) is then sent to the server device in a message 145, commonly termed the “client key exchange message”. The EPMS is decrypted by the server device using a server private key at 150. The encryption of the PMS is considered asymmetrical because the public and private keys used to encrypt and decrypt the PMS are different.
At 160 and 165, the client device and the server device, respectively, calculate a master secret (MS) from the CRN, the SRN, and the PMS. The client device and the server device calculate the same MS, which is then used at 170 and 175 with a symmetrical encryption algorithm to encrypt and decrypt future communications via the SSL connection.
Throughout this description, elements appearing in block diagrams are assigned three-digit reference designators, where the most significant digit is the figure number where the element is introduced and the two least significant digits are specific to the element. An element that is not described in conjunction with a block diagram may be presumed to have the same characteristics and function as a previously-described element having the same reference designator.