(ASTF mode) Testing through firewall does not work properly with random source ports
78 views
Skip to first unread message
Debanjana Sarkar
Sep 1, 2022, 2:29:07 AM9/1/22
to TRex Traffic Generator
Hello,
Trex in ASTF mode allocates random source ports for each flow. With random ports on each flow (even for same client), the testing through firewall does not work. Random port numbers cause the Firewall to treat each packet as a separate session, preventing the session from being offloaded to a dedicated network processor. It has a very negative effect on the performance - all traffic generated by Trex is handled by CPU which is heavily loaded instead of offloading it.
(a sample image where source ports are random for same client)
We can set destination port as fixed (4444 above) using following command during ASTFProfile creation time.
"astfapi.ASTFProfile(default_ip_gen=ip_gen, cap_list=[astfapi.ASTFCapInfo(file=pcap_file_path, cps=1, port=dst_port)"
Questions:
1. Is there any way to set all source ports the same, for all flows and all clients ? Like we can do for destination ports mentioned above ?
2. If no, can we have the same source port for all flows for each client ?
3. If no, then we would like to know the reason(s) of new flow allocating new source port.
4. Do you have any suggestion/workaround on how we can make it work with firewalls?
Thanks in advance.
Trex in ASTF mode allocates random source ports for each flow. With random ports on each flow (even for same client), the testing through firewall does not work. Random port numbers cause the Firewall to treat each packet as a separate session, preventing the session from being offloaded to a dedicated network processor. It has a very negative effect on the performance - all traffic generated by Trex is handled by CPU which is heavily loaded instead of offloading it.
(a sample image where source ports are random for same client)
We can set destination port as fixed (4444 above) using following command during ASTFProfile creation time.
"astfapi.ASTFProfile(default_ip_gen=ip_gen, cap_list=[astfapi.ASTFCapInfo(file=pcap_file_path, cps=1, port=dst_port)"
Questions:
1. Is there any way to set all source ports the same, for all flows and all clients ? Like we can do for destination ports mentioned above ?
2. If no, can we have the same source port for all flows for each client ?
3. If no, then we would like to know the reason(s) of new flow allocating new source port.
4. Do you have any suggestion/workaround on how we can make it work with firewalls?
Thanks in advance.
Debanjana Sarkar
Sep 9, 2022, 1:51:55 AM9/9/22
to TRex Traffic Generator
Hello Trex community,
Do you have any suggestion(s) on any of the asked questions above ? Please let me know if any clarification is needed from my side. Thanks for reading my questions.
Do you have any suggestion(s) on any of the asked questions above ? Please let me know if any clarification is needed from my side. Thanks for reading my questions.
Reply all
Reply to author
Forward
0 new messages