Avalanche and the RFC 3511

A layer 4-7 blog is not complete until you talk about RFC 3511. Sounds like a good second post to me.

Some background first. The RFC 3511’s full name is “Benchmarking Methodology for Firewall Performance”. It was submitted in April 2003 and the original authors are Brook Hickman and Saldju Tadjudin from Spirent Communications, David Newman from Network Test, and T. Martin from GVNW Consulting.

Pretty serious people with plenty of experience if you ask me.

The RFC details 10 different tests that must be ran against the devices you want to test (DUT). One of them is a layer 3 test (IP Throughput), but all the other can be ran using a layer 4-7 test tool such as Avalanche.

Now, the RFC gives a nice list of tests, with Musts and Shoulds in the right places. But that doesn’t tell you, Mr Avalanche User, how to setup your test in details. The upcoming Spirent Test Expert will be a nice solution, but it’s always good to know what’s under the hood.

This is why I wrote a document that follows the RFC, but also explains how to setup an Avalanche, what metrics to look at, what are the indicators to keep an eye on, and so on. This is the same methodology used by Spirent’s Professional Services so it’s pretty much a standard.

A note of some importance: Sometimes when I mention this RFC to customers who are going to test, say, a reverse-proxy, I get the answer “But this is a RFC for firewalls, not proxies!”. Which is a completely fair remark.

The fact is this RFC can apply to most, if not all of layer 4-7 devices. That includes (reverse) proxies, but also WAN accelerators, load balancers, web application firewalls (WAFs). Basically anything TCP aware. You might not be able to runall the test of the RFC, but most of them are still relevant. It’s also important to note that some of these devices will require more tests than those in the RFC.

You can get the document here (PDF, zipped): http://dl.dropbox.com/u/1400710/av/rfc3511-avalanche.zip

Advertisements

About acastaner

I'm the EMEA Technical Lead for Application & Security at Spirent. I specialize in layer 4-7 technologies, Cloud, Programming and CyberSecurity.
This entry was posted in Tutorial and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s