A layer 4-7 blog is not complete until you talk about RFC 3511. Sounds like a good second post to me.
Some background first. The RFC 3511’s full name is “Benchmarking Methodology for Firewall Performance”. It was submitted in April 2003 and the original authors are Brook Hickman and Saldju Tadjudin from Spirent Communications, David Newman from Network Test, and T. Martin from GVNW Consulting.
Pretty serious people with plenty of experience if you ask me.
The RFC details 10 different tests that must be ran against the devices you want to test (DUT). One of them is a layer 3 test (IP Throughput), but all the other can be ran using a layer 4-7 test tool such as Avalanche.
Now, the RFC gives a nice list of tests, with Musts and Shoulds in the right places. But that doesn’t tell you, Mr Avalanche User, how to setup your test in details. The upcoming Spirent Test Expert will be a nice solution, but it’s always good to know what’s under the hood.
This is why I wrote a document that follows the RFC, but also explains how to setup an Avalanche, what metrics to look at, what are the indicators to keep an eye on, and so on. This is the same methodology used by Spirent’s Professional Services so it’s pretty much a standard.
A note of some importance: Sometimes when I mention this RFC to customers who are going to test, say, a reverse-proxy, I get the answer “But this is a RFC for firewalls, not proxies!”. Which is a completely fair remark.
The fact is this RFC can apply to most, if not all of layer 4-7 devices. That includes (reverse) proxies, but also WAN accelerators, load balancers, web application firewalls (WAFs). Basically anything TCP aware. You might not be able to runall the test of the RFC, but most of them are still relevant. It’s also important to note that some of these devices will require more tests than those in the RFC.
You can get the document here (PDF, zipped): http://dl.dropbox.com/u/1400710/av/rfc3511-avalanche.zip