APPLICATION EMULATION CREATING REALISTIC TRAFFIC THROUGH APPLICATION EMULATION IMPROVES TEST RESULT ACCURACY

OVERVIEW Testing new applications, systems, products and protocols allows companies to validate and verify the system and ensure the application does not result in expensive failures

WHITE PAPER

WHITE PAPER

“Xena recreates complex

traffic so client and server

later in development and deployment.

communicate in exactly

Analytic traffic models and traffic simulators often fail to provide complex and realistic

the same order as the

traffic. They are usually based on assumptions and simplify the traffic behavior, which does not provide for a realistic and comprehensive system testing, although they are very useful in troubleshooting and pinpointing the problem. Testing with realistic network traffic places the device under test (DUT) in a realistic network environment

captured traffic to ensure

realistic network scenarios

and delivers authentic results. Xena provides an application emulation function and an up-to-date library of real-world

for the DUT”.

traffic captured in pcap file format so users can emulate live traffic and test products in a realistic network environment.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

Contents

INTRODUCTION ................................................................................................................... 3 Need for Stateful Traffic Testing ......................................................................................... 4 True Stateful vs. Simulated Stateful .................................................................................... 4 Need For Application Emulation ......................................................................................... 5 XenaAppMix: Pre-defined Library for Application Emulation ............................................. 9 Protocol-oriented Library .......................................................................................... 10 Application-oriented Library ..................................................................................... 15 Traffic Mixes .............................................................................................................. 18 Conclusion ......................................................................................................................... 19

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

APPLICATION EMULATION

Stateless Network vs. Stateful Network Network has been evolving for decades but the separation line in the network stack remains between layer 3 and layer 4 in the OSI model. Below that line,

Application

there are the data link and network layers (stateless),

stateful

where Ethernet and IP are in dominance. Stateless

Presentation Session Transport

networking requires little participation. It just evaluates

Network

the packet headers and determines where to forward,

Data Link

e.g. IP routing and Ethernet switching. Little information

Physical

stateless

extracted from the packets is saved and thus there is no need for large memory for that purpose. Decisions are made on a per packet basis, not compared to previous

Figure 1. Moving from stateless to stateful networking

packets but based on the forwarding table. Therefore, it is stateless: no communication state is retained. As moving towards to the upper layers above that separation line, communication becomes stateful. Here, stateful networking retains certain information extracted from packets and is required to perform much more complex computing with more memories. This is because connection-oriented protocols such as TCP try to provide guaranteed message delivery by using sequence numbers to tackle out-of-order and packet loss. Thus, packets on these layers are not processed in a per-packet manner but per-session/connection. The higher the network layer, the more complex it becomes. Application routing based on layer 7 HTTP headers rely on whether the intermediate network device has the ability to maintain the session state and extract information from the payload of the message. A message on this layer could consist of several packets due to the limitation of network MTU. This requires that the intermediate device must be stateful, for it must gather enough information from several packets before it knows how to process the traffic. Protocol-wise, layer 2-3 is fixed and standardized while layer 4-7 is more variable and flexible. Devices at layer 2-3 have highly optimized algorithms closely tied with hardware for packet forwarding. As networking moves up the protocol stack, such as HTTP, there is a wide variation on the header content because not all fields are required in the HTTP header. This dynamic content pattern is what makes the stateful higher layers complex and difficult to test.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

INTRODUCTION

Stateless packet generation is useful for many different types of tests: background traffic, performance stress testing (e.g. packets per second, bits per second, etc.) They are also useful for QoS testing. However, stateless packet blasting cannot meet the performance testing requirements of stateful networking devices such as firewalls, IDS/IPS, packet brokers, and load balancers. It has become extremely relevant for those stateful devices to inspect stateful application traffic in order to test the performance before deployment and during the service life time after each upgrade because stateful devices can become the throughput bottleneck in the network they service. Dealing with TCP traffic and stateful devices is complex. Stateful firewalls, for example, expect a TCP three-way handshake and check packets in the established connection, and will open other ports to allow the connection to be instantiated and maintained. They also retain the state of the session: if the session is timing out or completed, the firewalls will close the port on the fly. Thus, simply blasting packets with no awareness of the TCP layer and above (layer 5-7) will certainly fail to complete an application or security test for data centers, enterprises, and related equipment manufacturers.

TRUE STATEFUL VS. SIMULATED STATEFUL Some open-source traffic generators, e.g. TRex, claim to generate stateful traffic. However, they are considered stateless packet generators with schedulers and realistic payloads rather than true stateful layer 4-7 traffic and application emulators, because they do not provide the TCP stack. Without a TCP stack, these traffic generators have to use a manually pre-calculated round-trip time (RTT) between the client and the server to artificially

Figure 2. True stateful vs. simulated stateful

schedule the transmission order of packets and prevent the out-of-sequence problem, as shown in Figure 2. If the RTT time is misconfigured when a device under test (DUT) is in place, then the server may transmit an ACK reply before it

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

NEED FOR STATEFUL TRAFFIC TESTING

results (RTT too high). Due to the lack to TCP stack, these open-source traffic generators fail to provide layer 4-7 awareness. Applications, especially web browsers, typically fetch data from multiple servers across the internet: 20 to 50 connections is considered normal, and hundreds is not unusual. Without a TCP stack and layer 4-7 awareness, it is extremely difficult to emulate such a traffic profile correctly. Unlike these open-source traffic generators, Xena provides a better solution – true stateful layer 4-7 application emulation with an extreme-performance built-in TCP stack and the ability to modify layer 2-3 parameters. With a TCP stack implemented, there is no need to schedule the sequence of control packets between the client and the server with a pre-calculated RTT value. The server will not accidentally send replies prior to the requests from the client, and the test results will be more accurate and convincing. With full layer 4-7 awareness and a rich application traffic library of live network traffic capture, the client and server both run in state machines that analyze and interpret the communications above layer 4 and open/close connections on the fly. This allows a synchronized dialog between the client and the server meaning no RTT is required to simulate the dialog. The benefit is significant when complex scenarios and millions of TCP connections are emulated. Using real live application emulation with complex interactive sessions, customers can do such security or application testing where stateful traffic is highly demanded. To find out if the system or network is handling desired requirements as expected, engineers need to test it with traffic that is in use on the network. For applications and products in the domain of networking technology, telecommunication technology, and information technology, there is a consistent demand for the traffic generation tools that can create various test conditions close to those experienced in real scenarios.

NEED FOR APPLICATION EMULATION Analytic traffic models and traffic simulators often fail to provide complex and realistic traffic. They are usually based on assumptions and simplify the traffic behavior, which does not suffice for a realistic and comprehensive system testing, although they are very useful in troubleshooting and pinpointing the problem.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

receives a SYN request (RTT too low), or the delay can be too high to generate any meaningful

environment has a much better chance of generating convincing results. As shown in Figure 4 and Figure 3, real-time entertainment, e.g. YouTube and Netflix, is the top category to the peak downstream traffic. Web browsing, file sharing, and social networking make up most of the remaining traffic. In total, these four categories comprise more than 80% of the peak downstream traffic.

Figure 3. Peak period network traffic composition (Europe) Source: Global Internet Phenomena Asia-Pacifi & Europe, September 2015, Sandvine

Figure 4. Peak period network traffic composition (North America) Source: Global Internet Phenomena Latin America & North America, May 2015, Sandvine

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

By comparison, testing with realistic network traffic places the DUT in a realistic network

network traffic, engineers can accurately determine how far they can push the infrastructure before it fails to meet the expectations, and whether a product can handle customers’ needs. Traffic capture and replay has become an essential part of application emulation. However, it is not easy to do it correctly. As mentioned, applications fetch data from more than one server across the internet, resulting in multiple concurrent connections. When a user opens a Chrome browser to visit a webpage, for instance, the browser opens not just one connection to the webserver on port 80 or 433, it also opens connections to download ads images and videos, and/or connections to content servers. Some state-of-the-art traffic generators can analyze the captured traffic but they fail to provide concurrent connections, which real applications always have. These traffic generators usually open a TCP connection for an application session, close it down, and move to the next session. This is not the correct way to emulate real applications.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

Network testing needs to take traffic composition into account. By replaying the recorded

application) according to the captured traffic, shown in Figure 5. These connections have different start time and duration, and are correlated. As time advances, it opens and closes connections according to the application profile in the library. This one-user application traffic

Connection 1 Connection 2 Connection 3 Connection 4 Connection 5 Connection 6 Connection 7 Connection 8

...

Connection 9

Time emulation direction

DUT

Figure 5. Multiple concurrent correlated connections per user applications (HTTP, DNS, FTP, etc.). Ability to scale up to millions of users with different addresses.

emulation can easily scale to millions of users, with up to millions of concurrent connections running through the DUT. Using the rich library of different application traffic and protocol traffic profiles, Xena application emulation allows its customers to perform true stateful traffic test with realistic live network traffic on DUTs (e.g. firewalls, load balancers, and routers), pushing them to the performance limit with millions of concurrent connections and connection per seconds.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

Xena creates multiple concurrent connections for one user application (e.g. Chrome browser

EMULATION Xena offers XenaAppMix, a pre-defined library that customers can use to emulate application traffic and test DUTs in a realistic network environment. Live network traffic is usually captured into a pcap (packet capture) file in the format that libpcap and WinPcap use. It contains a complete record of network activity from layer 2 to layer 7, and can be read by applications such as tcpdump, Wireshark, CA NetMaster, etc. XenaAppMix enables users to emulate live traffic and test their products in a realistic network environment. The library is kept up-to-date with the latest network traffic patterns. XenaAppMix is categorized into three categories: •

PROTOCOL-ORIENTED LIBRARY. This library contains traffic of specific networking protocols, e.g. HTTP, IMAP, FTP, etc. The purpose of this library is to provide pure protocol traffic so that users can build their own applications.

•

APPLICATION-ORIENTED LIBRARY. This library contains traffic of internet applications and mobile applications, e.g. Facebook, Instagram, email, etc. The purpose of this library is to provide application traffic so that users can perform comprehensive tests or building their own mixes.

•

TRAFFIC MIXES. This library contains mixes of application traffic based on wellresearched results. The purpose of this library is to provide users with pre-defined traffic composition mix templates for different network environment to verify the performance variations.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

XENAAPPMIX: PRE-DEFINED LIBRARY FOR APPLICATION

FTP

DHCP

Telnet

MQTT

BitTorrent

HTTP

IMAP

SMTP

SMB

NFS

SSL/TLS

FIX

RTP

Netflix

APPLICATION-ORIENTED LIBRARY

Youtube Facebook WeChat Line Instagram Messenger Amazon eBay Remote Desktop Skype LinkedIn Outlook IoT Chrome Comprehensive

Figure 6. Examples of the pre-define library, XenaAppMix, for application emulation

Protocol-oriented Library This library contains traffic of specific networking protocols, e.g. HTTP, IMAP, FTP, etc. The purpose of this library is to provide pure protocol traffic so that users can build their own applications. Some protocol examples are listed below: HTTP/HTTPS The Hypertext Transfer Protocol (HTTP) is an application-layer protocol for distributed and collaborative information systems. HTTP is the foundation of data communication for the World Wide Web. An HTTP session is a sequence of network request-response transactions. An HTTP client initiates a request by establishing a TCP connection to a particular port on a server, typically port 80. HTTPS, also known as HTTP over TLS, HTTP over SSL, or HTTP Secure, is a protocol for secure communication over a computer network. HTTPS consists of communication over HTTP within a connection encrypted by TLS/SSL. The default port number is 443. The main drive for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

PROTOCOL-ORIENTED LIBRARY DNS

research results1,2. The prevalence of HTTP/HTTPS has made them indispensable for network testing. SMTP Simple Mail Transfer Protocol (SMTP) is an internet standard for email transmission. SMTP uses TCP port 25 by default. For mail submission, it uses port 587. SMTP connections secured by TTLS/SSL, known as SMTPS, use TCP port 465. User-level client mail applications typically use SMTP only for sending messages to a mail server for relaying. For retrieving messages, client applications usually use either POP3 or IMAP. IMAP Internet Message Access Protocol (IMAP) is an internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP connection. An IMAP server typically listens on port 143. IMAP over SSL (IMAPS) is assigned the port 993. POP3 The Post Office Protocol (POP) is an application-layer internet standard protocol used by local email clients to retrieve email from a mail server over a TCP. The version 3 (POP3) is the last standard in common use. A POP3 server listens on TCP port 110. Encrypted communication for POP3 uses TLS/SSL on TCP port 995.

SMTP 25/587

SMTPS

465

SMTP SMTPS

SMTP server POP3 Secure POP3 the internet 110

995

IMAP

SMTP

143

SMTPS 993

IMAPS

POP/IMAP server

Figure 7. SMTP, IMAP and POP3

1 “Global Internet Phenomena, Latin America & North America”, May 2015, Sandvine 2 “Global Internet Phenomena, Asia-Pacific & Europe”, September 2015, Sandvine

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

HTTP/HTTPS dominates 50% to 80% of the global internet traffic according to Sandvine’s latest

Message Queueing Telemetry Transport (MQTT) is client-server publish/subscribe messaging transport protocol running on top of TCP with port number 1883 reserved with IANA. TCP/IP port 8883 is also registered for using MQTT over SSL. It is designed for connections with remote locations where a “small code footprint” is required or

Figure 8. MQTT in IoT

the network bandwidth is limited. Thus, it is ideal for communication in Machine-to-Machine (M2M) and Internet of Things (IoT). The publish/subscribe messaging model requires a message broker (server). The broker is responsible for distributing messages to interested clients based on the topic of a message. Amazon Web Services (AWS) announced Amazon IoT based on MQTT on October 8, 2015. Facebook has used some aspects of MQTT in its Facebook Messenger product, though details of how much of MQTT is used or for what has not been disclosed. BitTorrent BitTorrent is a communications protocol of peer-to-peer file sharing used to distribute data over the Internet. It is one of the most common protocols for transferring large files. BitTorrent can be used to reduce the server and network impact of distributing large files. Rather than downloading a file from a single source server, the BitTorrent protocol allows users to join a “swarm” of hosts to upload to/download from each other Figure 9. BitTorrent in peer-to-peer communication

simultaneously. The protocol is an alternative to the older single source,

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

MQTT

with lower bandwidth. BitTorrent traffic accounts for 5% to 30% of internet traffic depending on region. Telnet Telnet is an application-layer protocol used on the internet or local area networks (LAN) to provide a bidirectional interactive text-oriented communication using a virtual terminal connection. User data is intermixed in-band with Telnet control information in a byte-oriented data connection over TCP. Typically, Telnet server uses TCP port number 23 to listen to incoming connections. DHCP The Dynamic Host Configuration Protocol (DHCP) is a network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. Computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for manual configuration.

Figure 10. DHCP for dynamical IP address distribution

DHCP uses a connectionless service model running on UDP. UDP port number 67 is the destination port of a server, and UDP port number 68 is used by the client. FTP File Transfer Protocol (FTP) is used to transfer computer files between a client and server on a computer network. FTP uses separate control and data connections between the client and the server, and can run in active or passive mode, which determines how the data connection is established. In both cases, the client creates a TCP control connection from a random, usually an unprivileged, port N to the FTP server command port 21.

Figure 11. FTP in active and passive modes

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

multiple mirror sources technique for distributing data, and can work effectively over networks

the server by sending FTP command PORT M. The server then initiates a data connection to the client from port 20, FTP server data port. When the client is unable to receive incoming TCP connections, e.g. behind a firewall, passive mode is used. The client in passive mode sends FTP command PASV to the server using the control channel and receives the server IP address and the port number on which the server is listening. The client then initiate a data connection from a random client port to the server IP address and server port received from the control channel. FIX The Financial Information eXchange (FIX) protocol is an electronic communications protocol initiated in 1992 for international real-time exchange of information related to the securities transactions and markets. Managing the delivery of trading applications and keeping latency low increasingly requires an understanding of the FIX protocol. RTP/RTCP The Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over IP networks. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and web-based push-to-talk features. RTP typically runs over User Datagram Protocol (UDP). RTP is used in conjunction with the RTP Control Protocol (RTCP). While RTP carries the media streams (e.g., audio and video), RTCP is used to monitor transmission statistics and quality of service (QoS) and aids synchronization of multiple streams. RTP is one of the technical foundations of Voice over IP and in this context is often used in conjunction with a signaling protocol such as the Session Initiation Protocol (SIP) which establishes connections across the network. SIP The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over IP networks. SIP works in conjunction with several other application layer protocols that identify and carry the session media. Media identification and negotiation is achieved with the Session Description Protocol (SDP). For the transmission of media streams (voice, video) SIP typically employs the Real-time Transport Protocol (RTP) or Secure Real-time Transport Protocol (SRTP). For secure transmissions of SIP messages, the protocol may be encrypted with Transport Layer Security (TLS).

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

In active mode, the client start listening for incoming data from the server on port M. It notifies

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as the Dynamic Host Configuration Protocol (DHCP) or the Domain Name System (DNS), and without special static configuration of a network host. SSDP is the basis of the discovery protocol of Universal Plug and Play (UPnP) and is intended for use in residential or small office environments. NFS Network File System (NFS) is a distributed file system protocol allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The NFS is an open standard defined in Request for Comments (RFC), allowing anyone to implement the protocol. SMB2 Server Message Block (SMB), one version of which was also known as Common Internet File System (CIFS), operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism.

Application-oriented Library Chrome: web applications Google’s browser Chrome was estimated to be used on 60.1% of desktops in March 2016. Users often install plugins or extensions to Chrome e.g. email, cloud storage, dictionary, etc. As a result, when Chrome launches, it establishes multiple TCP connections to send and fetch data to and from remote servers. Thus, Chrome application is essential for user traffic replay because of its worldwide prevalence. Features of Chrome traffic profile are observed as: •

Large number of connections

• •

Medium-loaded connection Short connection duration

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

SSDP

Streaming: Netflix, YouTube, HBO, iTunes Streaming applications like Netflix, YouTube, HBO, iTunes, etc., dominate internet traffic due to their high bandwidth consumption, especially on-demand video streaming. Nearly 70% of downstream traffic in North America is from real-time streaming and 46% in Europe. It is thus vital to test networks, servers, routers, switches and other network devices with realistic streaming traffic portfolio to evaluate their performances. Streaming traffic is typically: •

Small number of connections

•

Heavy-loaded connection

•

Long connection

•

More downstream than upstream

Email: Outlook, Gmail Email is an indispensable application for everyday life. An email client application, usually on mobile devices, contains multiple email accounts. When launched, the application initiates multiple TCP connections to different mail servers. STMP is usually used for sending emails and POP3/IMAP for receiving. In most cases, secure channels, e.g. TLS, are established before exchanging data.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

Figure 12. Chrome browser opens multiple connections at launch

Internet of Things The Internet of Things (IoT) is the network of physical objects or software embedded with electronics, sensors, and network connectivity, which enables these objects to collect and exchange data to provide services. IoT applications include parking, trash management, traffic, lighting, energy, hospital, home automation, campus, agriculture, etc. Enabling technologies, especially on the connectivity part, include RFID, Bluetooth low energy, ZigBee, Wi-Fi, etc. On the framework layer, protocols like MQTT is widely used. The publish/subscribe model and the lightweight feature of MQTT enables both client-server communication as well as machine-tomachine. Typical IoT applications generate traffic that is: •

Low data rate

•

More upstream than downstream

•

Great number of data sources

Peer-to-Peer File Sharing Peer-to-peer file sharing is the distribution and sharing of files using peer-to-peer (P2P) networking technology. Users are able to share files such as music, movies, software, games, and books using a P2P program with BitTorrent as the behind-the-scene communication protocol. Despite the controversial issues, BitTorrent traffic accounts for a large proportion of upstream traffic, and thus an important traffic pattern to test. Features of BitTorrent traffic include: •

Multiple sources and destinations

•

Both upstream and downstream

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

Figure 13. Email client application uses multiple connections to provide the service.

Testing with different traffic mixes can provide an indepth understanding how the stateful device performs under different network environments. The aggregate portfolio composes the traffic based on Sandvine’s internet traffic observation reports. Users can choose different profiles accordingly. Figure 14. Enterprise traffic mix.

Enterprise Mix The Enterprise Mix provides customizable traffic profile templates with most commonly used applications in enterprise/office/SMB (no datacenter provisioned) scenarios. Figure 14 shows an example of such a composition. SMB is mainly used for providing shared access to files, printers, etc. NFS allows a user on a client computer to access files over a network like a local storage.

Figure 15. Datacenter traffic mix.

Datacenter Mix The Datacenter Mix provides customizable traffic profile templates with most commonly used applications in large enterprise scenarios where a datacenter is provisioned. Figure 15 shows an example of such a composition3. Figure 16. Finance traffic mix.

3 https://www.microsoft.com/en-us/research/wp-content/uploads/2010/11/DC-Network-Characterization-imc2010.pdf

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

Traffic Mixes

Finance Mix provides a customizable traffic profile for testing how a firewall performs with applications used in financial institutions such as stock exchanges and banks. Financial Information eXchange (FIX) is the standard electronic protocol for pre-trade communications and trade execution. Almost every major stock exchange and investment bank uses FIX for electronic trading. Figure 16 shows the composition of different FIX versions used by

Figure 17. Web traffic mix.

buyers. Web Mix The Web Mix aims at testing firewalls with realistic web traffic composition. According to the observation from Sandvine4, most of the traffic on the internet is encrypted (SSL/TLS, VPN, Data compression proxies, and proxy applications), and more encryption techniques such as SPDY, QUIC and HTTP/2 are emerging. Figure 17 demonstrates the encryption composition in 2016, with Netflix transition to full encryption.

CONCLUSION To determine if the system or network is handling desired requirements as expected, engineers need to test it with real-world traffic. The most common way of testing with realistic network traffic is application emulation. XenaAppMix is a pre-defined library of selected application traffic captured in pcap file format, enabling users to emulate and replay live traffic and test their DUTs in a realistic network environment. The library is continuously updated with the latest network traffic mixes so that users are able to evaluate with up-to-date traffic pattern and composition. XenaAppMix is categorized into protocol-oriented, application-oriented and traffic mixes. The protocol-oriented library aims at providing pure protocol traffic for testing. Users have the full freedom to build up their own applications by selecting different protocols. The application-oriented is suitable for

4 https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/encrypted-internet-traffic.pdf

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

Finance Mix

e.g. DNS and HTTP, in a correlated fashion. Traffic mixes provide pre-define traffic composition templates for users to put the DUTs under different network environment for performance testing. Users are able to customize or build their own mixes for special test scenarios. By choosing different combinations from XenaAppMix in tandem with Xena L4-7 test platforms, test engineers are able to perform complex test scenarios and gain in-depth knowledge of the DUT and the system. Different from some open-source traffic replay software, Xena is able to regenerate the comprehensive traffic in a synchronized fashion where the client and server communicate with each other in the exactly same order as the captured traffic. By engineering this outstanding feature, Xena Networks is capable of reproducing the realistic network scenarios for the device under test.

Xena Networks – Global Price/Performance Leaders in Gigabit Ethernet Testing – www.xenanetworks.com

WHITE PAPER

synergetic tests because one application contains many connections and use different protocols,