1. Field of Invention
Embodiments of the invention relate to network management in general. More specifically, the embodiments of the invention relate to testing provisioned services in a network.
2. Description of the Background Art
Various provisioned services (hereinafter referred to as services) are available to users across networks. Examples of the services include Virtual Private Networks (VPN), firewalls and Network Admission and Control (NAC). A VPN is a network used for secure communication over a public network. A firewall is a combination of software and hardware, which prevents the exchange or transfer of data that is forbidden by a security policy. Network Admission and Control is a set of technologies used to enforce security policy compliance on all network devices.
Network devices may be data processing units, hosts, servers, routers, switches, hubs, gateways, wireless access devices, mobile or telecommunication devices, and so forth. A service is tested on a network device by checking if the configuration commands entered for the service are working as intended. According to a conventional method of testing the VPN and the firewall, an extended ping command is sent to the network device. In the extended ping command, the network device's IP address is sent along with a generated packet. However, this method of testing may not be of use when ‘interesting traffic’ and the network device are in different subnets. Interesting traffic in a network refers to those data packets that can be received at the network device.
In the absence of a direct testing facility, a lot of time and effort is spent to ensure desired performance of the service in the network. Further, it is difficult to test all the services for their working if changes are made only in any one of them. For example, a change may be in the form of a newly added firewall rule. In this case, it is very difficult to test if the firewall rule is working as expected or whether it is interfering with the previously existing rules.
According to another conventional method for testing a service, traffic generators that inject data packets into the network may be inserted at various places in the network. The testing comprises analyzing the response of network devices configured for the service to these data packets. Real devices or personal computers (PCs) may also be used for verifying if a service is working as intended. However, this method is not scalable to a medium-sized network, as the traffic generators need to be installed at a number of places in the network. Moreover, PCs are required to generate the real packets for testing.