Hi, I am looking for a traffic generator type aplication that can generate a realistic workload to test a netfilter firewall.
There are some cool tools out there for throughput measurements, like netpipe, etc. but they are not ideal to test connection tracking performance. The way I see it, you either have tools that: - flood the network with traffic over just one TCP connection or UDP stream. Not a lot of use in testing connection tracking performance as it's just one ESTABLISHED connection. or - flood the network with more or less random crap as far as IP addresses/ports is concerned. Not a very realistic workload either. IMHO a realistic workload for testing connection tracking performance is a workload that has a limited number of IP addresses on one side of the firewall (a DMZ with 64 hosts, or a LAN with 100-500 hosts) and a wide range of IP addresses at the other side (the Internet). The tool should be able to mimic normal network behavior like short connections (http) vs. longer lived connection (ftp download), etc. It would be nice to have a client/server tool that you could be used in this type of setup: client ------ FW ------ server and where either client and/or server could generate traffic from various IP addresses/ports in a controlled way. I am currently looking at Web-Polygraph (www.web-polygraph.org) from the Squid developers, but upon installation, I realized the license doesn't allow the publishing of the results. Are there any tools worth looking at ? Is there anything else a decent netfilter (firewall ?) performance benchmarking tool should be able to do ? Regards, Filip
