[Openswan Users] VPN stress test hw/sw

Vicente Aguilar bisente at bisente.com
Mon Feb 4 15:27:46 EST 2008


First of all, sorry if I'm going a little bit off-topic here. The  
question is not about Openswan per se but about L2TP in general and a  
setup involving Xelerance's xl2tpd in particular, but couldn't find a  
mailing list for that project and given that both projects are related  
and sponsored by Xelerance...

I'm working on a project involving a massive VPN setup: we're talking  
about an estimate of 10k-100k VPN clients, each one generating around  
2Mbps traffic, traffic that will be later processed in real-time by  
another software. The VPN is pure L2TP, without IPSec (don't need the  
traffic to be encrypted, no security/privacy concerns).

We already have a working test environment with xl2tpd as the LAC  
(have tried too with WinXP and some hw appliances, for the sake of  
interoperability testing) and l2tpns as the LNS, and want to run some  
tests. We want to stress test the whole setup to get an idea of how  
many traffic-processing servers we need, how many LNSs (and test  
several of them, both HW and SW), how to cluster them, how to escalate  
the whole setup as the number of clients and/or bandwith increases, etc.

What we need is:

- stablish lots of L2TP/PPP tunnels
- run standard TCP/IP protocols through each one of them (HTTP, FTP,  
- monitor all the systems and software involved (this is the easy  
- fetch results: transacionts (HTTP, FTP...) that went OK, erros,  
timeouts, etc.

Something like Spirent's Valanache would be great, if it supported  
pure-L2TP VPNs (I *think* it only works with IPSec, please correct me  
if I'm wrong...)

Do you know of such a project/hardware/whatever? A commercial product  
could be OK (if our contractor is willing to pay for it...)

Right now I'm working on a "homegrown" testing platform consisting of  
a shell-script that opens a number of VPN connections and launches one  
curl-tester instance for each one of them, routing the traffic  
accordingly by means of iptables/iproute2 trickery. And all that  
inside a VMWare virtual machine, so that I can easily replicate the  
setup through the whole office. That would generate the load, the hard  
part is collecting all the logs and making some sense out of them.

Any help or hints will be very appreciated. :)


PS: reply to me privately if you think I'm getting way too much off- 
topic here...
   Vicente Aguilar <bisente at bisente.com> | http://www.bisente.com

More information about the Users mailing list