Patent Grant
10178015
This application claims the benefit of Romanian Patent Application No. a 2016 00199 filed Mar. 21, 2016; the disclosure of which is incorporated herein by reference in its entirety.
The subject matter described herein relates generally to communications test systems. More particularly, the subject matter described herein relates to methods, systems, and computer readable media for testing network equipment devices using connectionless protocols.
Network test systems can measure and test various aspects of data communications networks such as network performance and service status. Network test systems can be used to detect and resolve network issues, improving network performance and user experience. Some network test systems operate by executing test scripts to transmit data over a data communications network at one endpoint and receive the data at another endpoint. The received data can be compared to the transmitted data to determine some aspects of network performance, such as whether a particular network device is operating according to performance specifications of the network device.
In some network test systems, test scripts can be configured to track network flows to determine some aspects of network performance. For example, a network test system transmitting test messages using a connection-oriented protocol (e.g., transmission control protocol (TCP)) can track network flows using the connection setup and tear down messages. In another example, a network test system transmitting test messages using a connectionless protocol (e.g., user datagram protocol (UDP)) can track network flows using variables stored in message headers such as internet protocol (IP) type, source IP address, source port, destination IP address, and destination port. In that case, the network test system will be unable to track flows where intervening network equipment alters the variables used. For example, in a network address translation (NAT) testing environment, at least one IP address will be translated, thus making it difficult to identify the originating flow on the receiving end of the transmission.
In light of these difficulties, there exists a need for methods, systems, and computer readable media for testing network equipment devices using connectionless protocols.
The subject matter described herein relates to methods, systems, and computer readable media for testing network equipment devices using connectionless protocols. In some examples, a method for testing a network equipment device under test (DUT) includes transmitting a first message using a connectionless protocol for a network flow to the network equipment DUT according to a test script. The method includes storing a record for the network flow including a first flow identifier for the flow based on a first payload of the first message. The method includes receiving a second message from the network equipment DUT and determining that the second message belongs to the network flow by determining a second flow identifier based on a second payload of the second message and matching the second flow identifier to the first flow identifier.
The subject matter described in this specification may be implemented in hardware, software, firmware, or combinations of hardware, software and/or firmware. In some examples, the subject matter described in this specification may be implemented using a non-transitory computer readable medium storing computer executable instructions that when executed by one or more processors of a computer cause the computer to perform operations. Computer readable media suitable for implementing the subject matter described in this specification include non-transitory computer-readable media, such as disk memory devices, chip memory devices, programmable logic devices, random access memory (RAM), read only memory (ROM), optical read/write memory, cache memory, magnetic read/write memory, flash memory, and application specific integrated circuits. In addition, a computer readable medium that implements the subject matter described in this specification may be located on a single device or computing platform or may be distributed across multiple devices or computing platforms.
Network equipment test device 102 includes one or more processors 106 and memory 108. Memory 108 can store executable instructions for processors 106 that, when executed by processors 106, causes processors 106 to perform operations for testing DUT 104. The instructions can include software that is loaded into random access memory (RAM) and executed by processors 106.
Network equipment test device 102 includes a test controller 110, implemented using processors 106 and memory 108, for executing one or more test scripts selected from a repository of test scripts 112. A test script specifies a sequence of messages to be exchanged over a data communications network. A message can be, e.g., a user datagram protocol (UDP) datagram or an Internet protocol (IP) packet or a related number of IP packets or other packets. In general, a message includes header information and a payload, and the header information includes network routing information and the payload includes information to be consumed at the destination of the message. A test script can specify various other data for implementing a test, for example, failure conditions that test controller 110 can use to determine whether a given test is successful.
Network equipment test device 102 includes a test message generator 114 and a test analyzer 116 that are implemented using processors 106 and memory 108. Test message generator 114 and test analyzer 116 can be implemented as, for example, two separate software processes executing on a computer system, or as two separate hardware units under control of the test controller 110 by separate data connections. Test controller 110 uses test message generator 114 and test analyzer 116 to exchange sequences of messages by way of a data communications network connection that passes through DUT 104. Test analyzer 116 is configured for analyzing received messages in accordance with the test script and producing test reports for DUT 104 based on analyzing the received messages.
DUT 104 can be any appropriate type of network equipment device. For example, DUT 104 can be a router, a firewall, or a network address translation (NAT) gateway or firewall. DUT 104 includes one or more processors 120 and memory 122. Memory 122 can store executable instructions for processors 106 that, when executed by processors 106, causes processors 106 to perform network operations. The instructions can include software that is loaded into random access memory (RAM) and executed by processors 106. For example, DUT 104 includes an application 124 that is configured to perform a network function, e.g., a network address translation function or any appropriate network function.
Network address translation can include remapping one IP address space into another by modifying network address information in IP packet headers while the packets are in transit. For example, network address translation can hide an IP address space of private network IP addresses behind a single IP address in a public address space. In some examples, DUT 104 operates as a NAT gateway by using stateful translation tables to map IP addresses from one IP address space to another.
Test message generator 114 and test analyzer 116 are configured to track network flows using a flow map table 118. A network flow is a sequence of messages from a source computer system to a destination. The destination can be another computer system or a group of computer systems, e.g., a multicast group or a broadcast domain. For example, a network flow can be all of the packets or datagrams in a specific transport connection or media stream. In the case where test message generator 114 and test analyzer 116 are using UDP, a network flow can include all datagrams matching a flow tuple. A flow tuple includes a number of variables related to the source and destination addresses. For example, the flow tuple can include the source IP address, the source port, the destination IP address, the destination port, and optionally the protocol in use (i.e., UDP in this case, or a Layer 4 protocol in general).
Tracking network flows can be useful for, e.g., producing certain kinds of test reports or running certain kinds of tests on DUT 104. In some cases, however, test message generator 114 and test analyzer 116 cannot use a flow tuple to track network flows because one or more of the variables in the flow tuple are altered during a test. For example, suppose that DUT 104 is a NAT gateway, e.g., a source NAT (SNAT) or destination NAT (DNAT). DUT 104 will alter the destination IP address or destination port or both of messages from test message generator 114 that are addressed to test analyzer 116.
In such cases, test message generator 114 and test analyzer 116 can track network flows using other information. For example, test message generator 114 can be configured for transmitting a first message for a network flow to DUT 104 and for storing a record for the network flow in flow map table 118. The record includes a flow identifier for the network flow, and the flow identifier is based on the payload of the first message. Test analyzer 116 can be configured for receiving a second message from DUT 104 and determining that the second message belongs to the network flow using flow map table 118. Test analyzer 116 determines a second flow identifier based on the payload of the second message and matches the second flow identifier to the first flow identifier.
In some examples, test message generator 114 and test analyzer 116 determine flow identifiers by hashing message payloads. Any appropriate hashing algorithm can be used, for example, a message-digest algorithm or a secure hash algorithm or an adapted checksum or fingerprinting algorithm. If the payload of a message is not altered during the test, and test message generator 114 and test analyzer 116 use the same hashing algorithm, then the flow identifier will be the same for the first message and the second message. Test message generator 114 can use the flow identifier as an index to flow map table 118, and test analyzer 116 can then determine that the second message belongs to the network flow by searching flow map table 118 and finding the record for the network flow. Test analyzer 116 can optionally confirm the match by comparing the entire payload of the second message to the entire payload of the first message.
In general, test message generator 114 and test analyzer 116 will use a hashing algorithm that produces a flow identifier that is smaller than the message payload, which reduces the computing resources used in comparison to storing and comparing the entire message payload. Moreover, in general, test message generator 114 and test analyzer 116 will apply the hashing algorithm to the entire message payload, i.e., to every part of the message except for the routing information. Hashing the entire message payload relieves test message generator 114 and test analyzer 116 from identifying specific portions of the payload that may or may not vary while in transit. For example, for a session initiation protocol (SIP) message, test message generator 114 and test analyzer 116 can hash the entire message body and omit the message header from the hashing algorithm. Hashing the entire message payload can also reduce the chances of a collision in flow map table 118.
In some other examples, instead of hashing message payloads, test message generator 114 and test analyzer 116 determine flow identifiers by generating unique cookies, e.g., sequences of bytes that are unique to each flow having a record in flow map table 118, that are embedded into messages belonging to the network flow. For example, suppose that test controller 110 is executing a test script for an application protocol where DUT 104 will alter at least one message payload. Test message generator 114 can be configured to embed a unique cookie for a network flow into the first message of the flow to DUT 104 and add the unique cookie to the record for the network flow in flow map table 118. Test analyzer 116 can then receive a second message from DUT 104 and determine that the second message belongs to the network flow by extracting the unique cookie from the second message and searching flow map table 118 for the unique cookie.
In those examples, test message generator 114 embeds the unique cookie into the message in a manner so that the message will still be routed as if the cookie had not been embedded, e.g., by embedding the cookie in a position of the message that is not reserved for routing information. For example, suppose that the application protocol is a session initiation protocol (SIP) over UDP (SIP over UDP) and the first message is a SIP INVITE message. Test message generator 114 can embed the cookie into a message header of the SIP INVITE message.
Test controller 110 can determine whether or not to use hashing message payloads or embedding cookies in any appropriate manner. For example, test scripts may specify which method to use, and a system engineer may configured the test script based on knowledge of whether or not DUT 104 is expected to alter the message payload. In another example, test controller 110 determines which method to use based on a type of test to execute, a type of network used to communicate with DUT 104, or any other appropriate information available to test controller 110.
To conserve computing resources, test message generator 114 and test analyzer 116 may use the flow identifier for one or more initial messages, and then use a flow tuple for tracking one or more subsequently received messages belonging to the network flow. For example, test message generator 114 and test analyzer 116 may use the flow identifier for the first message transmitted in the flow and then capture a flow tuple from the resulting message received by test analyzer 116. By adding the flow tuple to the record for the network flow in flow map table 118, test analyzer 116 can determine that the subsequent messages belong to the network flow by searching for the flow tuples of the subsequent messages in flow map table 118, thus avoiding the computing overhead of the hashing algorithm.
In some examples, test message generator 114 adds the record for the network flow by capturing a flow tuple from the first message of the network flow. Test message generator 114 determines that flow map table 118 lacks a record for the network flow using the flow tuple and, in response, adds the record for the network flow to flow map table 118. In some other examples, test controller 110 instructs test message generator 114 to initiate a new flow by adding a record to flow map table 118 for the new flow while executing a test script.
Referring to
Referring to
Test analyzer 116 matches the flow identifier to the flow map table 310 and determines that second message 204 belongs to the same flow as first message 202. In response, test analyzer 116 extracts the flow tuple from second message 204 and adds the flow tuple to the flow map table 310.
Referring to
The network equipment test device transmits a first message for a network flow to the network equipment DUT according to the test script (404). The network equipment test device stores a record for the network flow including a first flow identifier for the network flow based on a first payload of the first message (406). The network equipment test device receives a second message from the network equipment DUT and determines that the second message belongs to the network flow by determining a second flow identifier based on a second payload of the second message and matching the second flow identifier to the first flow identifier (408).
In some examples, storing the record for the network flow includes determining the first flow identifier by hashing the first payload of the first message and adding the record and the first flow identifier to a flow map table. Matching the second flow identifier to the first flow identifier can include using the flow map table. Method 400 can include using the first flow identifier to index the flow map table and determining the second flow identifier by hashing the second payload of the second message and searching the flow map table using the second flow identifier.
In some examples, method 400 includes capturing a flow tuple from the second message, adding the flow tuple to the record for the network flow in a flow map table, and determining that one or more subsequently received messages belong to the network flow using the flow tuple. Method 400 can include analyzing the subsequently received messages in accordance with the test script and producing a test report for the network equipment DUT based on analyzing the subsequently received messages.
In some examples, method 400 includes initiating a different flow for an application protocol where the network equipment DUT will alter at least one payload of at least one message for the application protocol. Initiating the different flow can include transmitting a first different message, having a first cookie embedded in the first different message, for the different flow to the network equipment DUT and adding, to a flow map table, a record for the different flow including the first cookie. Initiating the different flow can further include receiving a second different message from the network equipment DUT and determining that the second different message belongs to the different flow by extracting a second cookie from the second different message and matching the second cookie to the first cookie using the flow map table.
For example, the application protocol can be SIP over UDP. Then, the first message can be a SIP INVITE message. Transmitting the first different message can include embedding the first cookie into a message header of the SIP INVITE message.
Accordingly, while the methods, systems, and computer readable media have been described herein in reference to specific embodiments, features, and illustrative embodiments, it will be appreciated that the utility of the subject matter is not thus limited, but rather extends to and encompasses numerous other variations, modifications and alternative embodiments, as will suggest themselves to those of ordinary skill in the field of the present subject matter, based on the disclosure herein.
Various combinations and sub-combinations of the structures and features described herein are contemplated and will be apparent to a skilled person having knowledge of this disclosure. Any of the various features and elements as disclosed herein may be combined with one or more other disclosed features and elements unless indicated to the contrary herein. Correspondingly, the subject matter as hereinafter claimed is intended to be broadly construed and interpreted, as including all such variations, modifications and alternative embodiments, within its scope and including equivalents of the claims.
It is understood that various details of the presently disclosed subject matter may be changed without departing from the scope of the presently disclosed subject matter. Furthermore, the foregoing description is for the purpose of illustration only, and not for the purpose of limitation.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2016 00199 | Mar 2016 | RO | national |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5343463 | van Tetering et al. | Aug 1994 | A |
| 5477531 | McKee et al. | Dec 1995 | A |
| 5600632 | Schulman | Feb 1997 | A |
| 5742760 | Picazo, Jr. et al. | Apr 1998 | A |
| 5787283 | Chin et al. | Jul 1998 | A |
| 5850386 | Anderson et al. | Dec 1998 | A |
| 5878032 | Mirek et al. | Mar 1999 | A |
| 5982753 | Pendleton et al. | Nov 1999 | A |
| 6028847 | Beanland | Feb 2000 | A |
| 6041053 | Douceur et al. | Mar 2000 | A |
| 6065053 | Nouri et al. | May 2000 | A |
| 6088777 | Sorber | Jul 2000 | A |
| 6172989 | Yanaihara et al. | Jan 2001 | B1 |
| 6233256 | Dieterich et al. | May 2001 | B1 |
| 6252891 | Perches | Jun 2001 | B1 |
| 6295557 | Foss et al. | Sep 2001 | B1 |
| 6360332 | Weinberg et al. | Mar 2002 | B1 |
| 6446121 | Shah et al. | Sep 2002 | B1 |
| 6545979 | Poulin | Apr 2003 | B1 |
| 6601098 | Case et al. | Jul 2003 | B1 |
| 6717917 | Weissberger | Apr 2004 | B1 |
| 6728929 | Luong | Apr 2004 | B1 |
| 6789100 | Nemirovsky et al. | Sep 2004 | B2 |
| 6820034 | Hanes et al. | Nov 2004 | B2 |
| 6823219 | Lee et al. | Nov 2004 | B2 |
| 6888818 | Gubbi | May 2005 | B1 |
| 6910061 | Hu et al. | Jun 2005 | B2 |
| 6950405 | Van Gerrevink | Sep 2005 | B2 |
| 7007089 | Freedman | Feb 2006 | B2 |
| 7035223 | Burchfiel et al. | Apr 2006 | B1 |
| 7088735 | Reohr, Jr. et al. | Aug 2006 | B1 |
| 7187683 | Sandoval et al. | Mar 2007 | B1 |
| 7295555 | Elzur | Nov 2007 | B2 |
| 7406089 | Rahim et al. | Jul 2008 | B1 |
| 7443870 | Zioulas et al. | Oct 2008 | B2 |
| 7451458 | Tuchow | Nov 2008 | B2 |
| 7489706 | Hatley et al. | Feb 2009 | B2 |
| 7561559 | Hannel et al. | Jul 2009 | B2 |
| 7594159 | Fujikami et al. | Sep 2009 | B2 |
| 7643431 | Pepper | Jan 2010 | B2 |
| 7826377 | Pepper | Nov 2010 | B2 |
| 7826381 | Kastuar et al. | Nov 2010 | B1 |
| 8050175 | Pepper | Nov 2011 | B2 |
| 8219675 | Ivershen | Jul 2012 | B2 |
| 8310942 | Gintis et al. | Nov 2012 | B2 |
| 8391157 | Ginsberg et al. | Mar 2013 | B2 |
| 8582466 | Gintis et al. | Nov 2013 | B2 |
| 9531620 | Ciodaru et al. | Dec 2016 | B2 |
| 9553786 | Bergeron | Jan 2017 | B2 |
| 20010016867 | Hu et al. | Aug 2001 | A1 |
| 20020172158 | Hoefelmeyer | Nov 2002 | A1 |
| 20020183969 | Hanes et al. | Dec 2002 | A1 |
| 20030033025 | Lee et al. | Feb 2003 | A1 |
| 20040037277 | Mathews et al. | Feb 2004 | A1 |
| 20040052259 | Garcia et al. | Mar 2004 | A1 |
| 20040131013 | Ise et al. | Jul 2004 | A1 |
| 20040158744 | Deng et al. | Aug 2004 | A1 |
| 20040252686 | Hooper et al. | Dec 2004 | A1 |
| 20050013251 | Wang et al. | Jan 2005 | A1 |
| 20050286564 | Hatley et al. | Dec 2005 | A1 |
| 20060088060 | Fujikami et al. | Apr 2006 | A1 |
| 20060153078 | Yasui | Jul 2006 | A1 |
| 20070115833 | Pepper et al. | May 2007 | A1 |
| 20070291654 | Pepper | Dec 2007 | A1 |
| 20080112332 | Pepper | May 2008 | A1 |
| 20080317233 | Rey | Dec 2008 | A1 |
| 20090310491 | Ginsberg et al. | Dec 2009 | A1 |
| 20100069092 | Bajpai | Mar 2010 | A1 |
| 20100074135 | Pepper | Mar 2010 | A1 |
| 20110078319 | Ishida | Mar 2011 | A1 |
| 20120051234 | Gintis et al. | Mar 2012 | A1 |
| 20130331082 | Topaltzas | Dec 2013 | A1 |
| 20140016479 | Coomber | Jan 2014 | A1 |
| 20140269337 | Gintis | Sep 2014 | A1 |
| 20160057040 | Bergeron | Feb 2016 | A1 |
| 20180013839 | Noldus | Jan 2018 | A1 |
| 20180131586 | Ciodaru et al. | May 2018 | A1 |
| Entry |
|---|
| Notice of Allowance and Fee(s) Due for U.S. Appl. No. 12/627,925 (dated Aug. 26, 2011). |
| Examiner Initiated Interview Summary and Final Office Action for U.S. Appl. No. 12/627,925 (dated Jun. 17, 2011). |
| Non-Final Office Action for U.S. Appl. No. 12/627,925 (dated Jan. 21, 2011). |
| Notice of Allowance and Fee(s) Due for U.S. Appl. No. 11/558,855 (dated Nov. 18, 2009). |
| Final Office Action for U.S. Appl. No. 11/558,855 (dated Oct. 15, 2009). |
| Non-Final Office Action for U.S. Appl. No. 11/558,855 (dated Mar. 24, 2009). |
| Notice of Allowance and Fee(s) Due, Applicant-Initated Interview Summary and AFCP 2.0 Decision for U.S. Appl. No. 14/465,453 (dated Sep. 14, 2016). |
| Final Office Action for U.S. Appl. No. 14/465,453 (dated Jun. 16, 2016). |
| Applicant-Initiated Interview Summary for U.S. Appl. No. 14/465,453 (dated Mar. 3, 2016). |
| Applicant-Initiated Interview Summary for U.S. Appl. No. 14/465,453 (dated Mar. 1, 2016). |
| Non-Final Office Action for U.S. Appl. No. 14/465,453 (dated Dec. 18, 2015). |
| Krishnan, “Flow-aware Real-time SDN Analytics (FRSA),” http://blog.sflow.com/2014/02/flow-aware-real-time-sdn-analytics-frsa.html, pp. 1-12 (Feb. 5, 2014). |
| Notice of Allowance and Fee(s) Due for U.S. Appl. No. 12/870,729 (dated Aug. 31, 2012). |
| Non-Final Office Action for U.S. Appl. No. 12/870,729 (dated Jul. 2, 2012). |
| European Search Report for European Patent Application Serial No. 11008066.0 (dated Feb. 10, 2012). |
| Sadasivan et al., “Architecture for IP Flow Information Export,” Network Working Group, pp. 1-31 (Mar. 2009). |
| Ixia, “IxExplorer User's Guide,” Revision 2.1.0, pp. 1-384 (Nov. 1, 1999). |
| Ixia, “Specifications for Load Modules—Multilayer Gigibit Ethernet for LM1000LX, LM1000SX, LM1000GBIC, LM1000T, Product Specification Sheet,” pp. 1-2 (2002). |
| Ixia, “The Ixia 200 Traffic Generator and Analyzer, Product Description,” pp. 1-2 (1997-1999). |
| Brownlee et al., “Traffic Flow Measurement: Architecture,” Network Working Group, The University of Auckland, GTE Laboratories, Inc. and GTE Internetworking, pp. 1-49 (Oct. 1999). |
| Ixia, “Ixia 200 Chassis, Product Description,” pp. 1 (1999). |
| Commonly-assigned, co-pending U.S. Appl. No. 15/626,628 for “Methods, Systems, and Computer Readable Media for Network Traffic Statistics Collection,” (Unpublished, filed Nov. 29, 2017). |
| Number | Date | Country | |
|---|---|---|---|
| 20170272352 A1 | Sep 2017 | US |
