Fortinet white logo
Fortinet white logo

Administration Guide

Starting a Mixed Traffic test

Starting a mixed traffic test

FortiTester tests mixed traffic performance by simulating multiple clients that burst all types of traffic simultaneously.

To start a Mixed Traffic test:
  1. Go to Cases > Performance Testing > Mixed Traffic to display the test case summary page.
  2. Click + Create New to display the Case Options dialog box.
  3. In the popup dialog, select the kind of mixed traffic test you wish to create. You can create a test based on Protocol, Action, Case Type, or Existing Test Cases.
  4. Select the traffic template when you create a test by protocol. When the template is Enterprise Traffic, Bandwidth Traffic, or Default, you can click any part of the pie chart to set the proportions.

    For Enterprise traffic mix, FortiTester requires VM16 or above, with minimum 32GB of RAM assigned; as more processing power is required if more protocols are initiated.




  5. Select the types of traffic to mix in the test.
  6. For the Network Config option, select the network template you have created in Cases > Security Testing > Objects > Networks. Then the network related options will automatically be filled. See Using network configuration templates for how to create a network template.
  7. Select a Certificate Group if applicable.
  8. Click OK to continue.
  9. Configure the proportions of the mixed traffic.
  10. Configure the test case options as described below. The specific settings will depend on what types of traffic were included in the mix. Refer to the section for that specific test for more information.
  11. Click Start to run the test case.

FortiTester saves the configuration automatically, so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can also copy an existing case, and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

Mixed Traffic Test Case configuration

Settings Guidelines
Basic Information
Name Specify the case name, or just use the default. The name appears in the list of test cases.
Ping Server Timeout If a FortiTester connects to a DUT via a switch, the switch might cause a ping timeout, resulting in the test case failing to run. If this occurs, increase the timeout. The default is 15 seconds. The valid range is 0 to 600.Note:You can disable this end-to-end connectivity test by entering a setting of 0. If the DUT is unable to return packets, it is recommended you do so.
Number of Samples Select the number of samples. The default is 20, which means the web UI will show the last 20 sample data (about 20 seconds) in the test case running page. You can select 20, 60, or 120.
Duration Specify the test duration. The default is 10 minutes. The test stops automatically after the duration you specify.
Stopping Status in Second The maximum time out in seconds allotted for FortiTester to close all TCP connections after the test finishes.
Network Settings
If you have selected a network config template, the network settings automatically inherit the configurations in the template. See Using network configuration templates for the description of network settings.
Client/Server Network
Network MTU Maximum Transmission Unit for a data packet. FortiTester does not send out data packets larger than this value. Most DUTs have a limitation for packet size. The default is 1500. Not configurable.
Network MSS The maximum segment size. If MSS is bigger than the MTU, IP fragmentation will be triggered conditionally.
Protocol Settings
Configure settings for the cases you have selected When creating a case.
Load
Mode Simuser: Simulated users. Simuser simulates a user processing through an Actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.
Connections/second: This mode simulates TCP connections, each of them containing up to hundreds of transactions. It's useful to test how many concurrent connections can be handled by your device.
Simulated Users Number of users to simulate.
Maximum Concurrent Connections Determines the maximum number of concurrent TCP connections supported through or with the DUT/SUT. This test is intended to find the maximum number of entries the DUT/SUT can store in its connection table.

Loops

Number of times to send the attacks. 0 means as many as possible.

Connections per Second Rate of new connections per second. The value must be greater than 0. If the user wants FortiTester to create connections as fast as possible, the user should set the Mode to Simulated Users.
Available only when Connections/second is selected for Mode.
Ramp Up Time

The duration in seconds for which new sessions can be opened, attempting to reach the desired Connections per Second configured. (Range: 0 - 300).

Note: If FortiTester cannot reach the Connections per Second configured during the specified Ramp Up Time, it will keep the highest CPS it reached during the Ramp Up Time.

Ramp Down Time The duration in second during which the device ramps down the number of connections it is making. 0 will cause the FortiTester to cease generating sessions. (Range: 0 - 300).
Time Out The default is 1000 microseconds.
Renew Socket Specify Yes or No. If Yes, the client side renews a socket to send out the next query (note if the client profile “Domain Policy” is set as List, all queries for the names in the domain list will use the same socket; after that a new socket will be created for next batch of queries). If No, use the old socket.
SMTP Email Address The email sender address. The default is “tester@mailserver.com”.
SMTP Email To The email receiver address. The default is “receiver@mailserver.com”.
Enable Authentication Enable to use password when sending SMTP email.
SMTP Email Password The password of email sender. The default is “tester@fts”.
Email Address The email sender address. The default is “tester@mailserver.com”.
Email Password The password of email sender. The default is “tester@fts”.
Enable Attachment Enable to add attachment in the email.
Attachment File Object Select the file template you have created in Cases > Performance Testing > Objects > Files, then enter how many files you want to include in the attachment. For example, if you enter 3, the first three files in the file template will be included. Only available when the Enable Attachment is selected.
Certificate The server certificate. If you have selected a certificate group in the Select case options window, then you are not allowed select certificate here.
Think Time The delay between client HTTP requests (unit: second).
Requests per Connection Number of HTTP requests per connection. The default is 0, which means as many as possible. The valid range is 0 to 50,000.
HTTP Request Time Out An HTTP request timeout occurs when an HTTP request is issued, but no data is responded back from the server within a certain time (in seconds). The timeout usually indicates an overwhelmed server or reverse proxy, or an outage of the back-end transactions processing servers. FortiTester will reset the connection upon timeout.
Delay The period that FortiTester will wait until it sends the next web application attack.
Flows Enter the port pair.
Traffic Direction Specify the direction of traffic flow.
Frame Size The range of frame size is 64 to 8192. When the (frame size-18) is larger than MTU, the UDP packet will be fragmented.
Packet Size Specify the desired packet sizes, in bytes.
Traffic Cycle Time Traffic burst duration in seconds for each frame size. (minimum of 10)
Aging Time Wait time for packet transmitting after traffic stop, in seconds. (range: 2 - 300)
Maximum Iterative Cycle Maximum traffic cycle for each frame size. (minimum 1)
Acceptable Packet Loss Rate Percentage of packets that can be lost.
Send Speed Speed in Mbps. A setting of 0 means throughput speed is copied from the BaseValue case.
Iteration Mode Select either Binary Search to search using binary search mode or Custom Load to search using a custom load.
Initial Concurrent TCP Connections The number of concurrent TCP connections FortiTester creates at the beginning of the test.
Maximum Concurrent TCP Connections The maximum number of concurrent TCP connections FortiTester will create during the test.
Concurrent Resolution Connections FortiTester stops the binary search if the number of concurrent connections is less than the value set here.
Acceptable Failure Rate Specify an acceptable failure rate.
RADIUS Request Time Out Time in microseconds before a RADIUS request times out.
Initial Traffic Cycle Time Traffic burst duration in seconds for each frame size. (minimum of 2)
Maximum Traffic Cycle Time Maximum traffic cycle, in seconds.
Duration Resolution Time If the time difference between two iterations is lower than the specified value here, no iteration will be done.
Initial Send Speed Binary Search only. Specify a speed in Mbps. A setting of 0 means the speed will be set through automatic detection.
Maximum Send Speed Speed in Mbps. A setting of 0 means throughput speed is copied from the BaseValue case.
Send Resolution Speed Binary Search only. Specify a minimum send speed of the traffic cycle for each frame size.
Up/Down Granularity Custom Load only. Traffic speed per cycle. 0 means sending speed in the next traffic cycle is equal to "Receive Mbps" in the previous cycle. 1 - 20 is the sending speed float percentage of maximum speed in the next cycle.
Correct Loss Rate Cycle Custom Load only. Set to 1. Not configurable.
Throughput Buffer Size Set the throughput buffer size. The valid range is from 64-10M.
TurboTcp Buffer Size The size of the buffer sent to server when the TCP connection is established.
Bidirectional Traffic Flow Select Enable to enable bidirectional traffic flow.
IKE Version Select either version 1 or 2. For 1, configure IKE Mode and XAUTH.
Authentication Method Select either PSK (Pre-shared Key) or Signature. If using a Signature you will need to import a client and server certificate.
Pre-shared Key The parameter of IPsec.
Local Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed to select local certificate here.
Remote Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed select remote certificate here.
Replay Time Out This timeout specifies how long the client waits for a response from the server. If the client does not receive a response within the timeout, it considers the packet lost. The default value is 2 milliseconds.
Break Once Packet Lost Select Yes or No. The Yes option means when the system identifies packet loss (the server side has not received the packet that client sent out), it stops the current GTP replay (pcap file), and continues the test with the next GTP file. The No option (the default) means a break is not set; the current replay continues.
Input Pcap Select a pcap file to send. Note the uploaded files can be used for future cases.
Evasion Types Select the evasion types. FortiTester will corrupt custom HTTP pcap file according to the selected Evasion Types.
Random Evasion Enable this option so that FortiTester can randomly call one of the available HTTP evasions.
DDoS Type DDoS attack traffic: Single Packet Flood. After you select a type, selection boxes for subtypes are displayed below. To change the percentage mix of subtypes, double-click the pie chart and adjust the percentages.

Starting a Mixed Traffic test

Starting a mixed traffic test

FortiTester tests mixed traffic performance by simulating multiple clients that burst all types of traffic simultaneously.

To start a Mixed Traffic test:
  1. Go to Cases > Performance Testing > Mixed Traffic to display the test case summary page.
  2. Click + Create New to display the Case Options dialog box.
  3. In the popup dialog, select the kind of mixed traffic test you wish to create. You can create a test based on Protocol, Action, Case Type, or Existing Test Cases.
  4. Select the traffic template when you create a test by protocol. When the template is Enterprise Traffic, Bandwidth Traffic, or Default, you can click any part of the pie chart to set the proportions.

    For Enterprise traffic mix, FortiTester requires VM16 or above, with minimum 32GB of RAM assigned; as more processing power is required if more protocols are initiated.




  5. Select the types of traffic to mix in the test.
  6. For the Network Config option, select the network template you have created in Cases > Security Testing > Objects > Networks. Then the network related options will automatically be filled. See Using network configuration templates for how to create a network template.
  7. Select a Certificate Group if applicable.
  8. Click OK to continue.
  9. Configure the proportions of the mixed traffic.
  10. Configure the test case options as described below. The specific settings will depend on what types of traffic were included in the mix. Refer to the section for that specific test for more information.
  11. Click Start to run the test case.

FortiTester saves the configuration automatically, so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can also copy an existing case, and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

Mixed Traffic Test Case configuration

Settings Guidelines
Basic Information
Name Specify the case name, or just use the default. The name appears in the list of test cases.
Ping Server Timeout If a FortiTester connects to a DUT via a switch, the switch might cause a ping timeout, resulting in the test case failing to run. If this occurs, increase the timeout. The default is 15 seconds. The valid range is 0 to 600.Note:You can disable this end-to-end connectivity test by entering a setting of 0. If the DUT is unable to return packets, it is recommended you do so.
Number of Samples Select the number of samples. The default is 20, which means the web UI will show the last 20 sample data (about 20 seconds) in the test case running page. You can select 20, 60, or 120.
Duration Specify the test duration. The default is 10 minutes. The test stops automatically after the duration you specify.
Stopping Status in Second The maximum time out in seconds allotted for FortiTester to close all TCP connections after the test finishes.
Network Settings
If you have selected a network config template, the network settings automatically inherit the configurations in the template. See Using network configuration templates for the description of network settings.
Client/Server Network
Network MTU Maximum Transmission Unit for a data packet. FortiTester does not send out data packets larger than this value. Most DUTs have a limitation for packet size. The default is 1500. Not configurable.
Network MSS The maximum segment size. If MSS is bigger than the MTU, IP fragmentation will be triggered conditionally.
Protocol Settings
Configure settings for the cases you have selected When creating a case.
Load
Mode Simuser: Simulated users. Simuser simulates a user processing through an Actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.
Connections/second: This mode simulates TCP connections, each of them containing up to hundreds of transactions. It's useful to test how many concurrent connections can be handled by your device.
Simulated Users Number of users to simulate.
Maximum Concurrent Connections Determines the maximum number of concurrent TCP connections supported through or with the DUT/SUT. This test is intended to find the maximum number of entries the DUT/SUT can store in its connection table.

Loops

Number of times to send the attacks. 0 means as many as possible.

Connections per Second Rate of new connections per second. The value must be greater than 0. If the user wants FortiTester to create connections as fast as possible, the user should set the Mode to Simulated Users.
Available only when Connections/second is selected for Mode.
Ramp Up Time

The duration in seconds for which new sessions can be opened, attempting to reach the desired Connections per Second configured. (Range: 0 - 300).

Note: If FortiTester cannot reach the Connections per Second configured during the specified Ramp Up Time, it will keep the highest CPS it reached during the Ramp Up Time.

Ramp Down Time The duration in second during which the device ramps down the number of connections it is making. 0 will cause the FortiTester to cease generating sessions. (Range: 0 - 300).
Time Out The default is 1000 microseconds.
Renew Socket Specify Yes or No. If Yes, the client side renews a socket to send out the next query (note if the client profile “Domain Policy” is set as List, all queries for the names in the domain list will use the same socket; after that a new socket will be created for next batch of queries). If No, use the old socket.
SMTP Email Address The email sender address. The default is “tester@mailserver.com”.
SMTP Email To The email receiver address. The default is “receiver@mailserver.com”.
Enable Authentication Enable to use password when sending SMTP email.
SMTP Email Password The password of email sender. The default is “tester@fts”.
Email Address The email sender address. The default is “tester@mailserver.com”.
Email Password The password of email sender. The default is “tester@fts”.
Enable Attachment Enable to add attachment in the email.
Attachment File Object Select the file template you have created in Cases > Performance Testing > Objects > Files, then enter how many files you want to include in the attachment. For example, if you enter 3, the first three files in the file template will be included. Only available when the Enable Attachment is selected.
Certificate The server certificate. If you have selected a certificate group in the Select case options window, then you are not allowed select certificate here.
Think Time The delay between client HTTP requests (unit: second).
Requests per Connection Number of HTTP requests per connection. The default is 0, which means as many as possible. The valid range is 0 to 50,000.
HTTP Request Time Out An HTTP request timeout occurs when an HTTP request is issued, but no data is responded back from the server within a certain time (in seconds). The timeout usually indicates an overwhelmed server or reverse proxy, or an outage of the back-end transactions processing servers. FortiTester will reset the connection upon timeout.
Delay The period that FortiTester will wait until it sends the next web application attack.
Flows Enter the port pair.
Traffic Direction Specify the direction of traffic flow.
Frame Size The range of frame size is 64 to 8192. When the (frame size-18) is larger than MTU, the UDP packet will be fragmented.
Packet Size Specify the desired packet sizes, in bytes.
Traffic Cycle Time Traffic burst duration in seconds for each frame size. (minimum of 10)
Aging Time Wait time for packet transmitting after traffic stop, in seconds. (range: 2 - 300)
Maximum Iterative Cycle Maximum traffic cycle for each frame size. (minimum 1)
Acceptable Packet Loss Rate Percentage of packets that can be lost.
Send Speed Speed in Mbps. A setting of 0 means throughput speed is copied from the BaseValue case.
Iteration Mode Select either Binary Search to search using binary search mode or Custom Load to search using a custom load.
Initial Concurrent TCP Connections The number of concurrent TCP connections FortiTester creates at the beginning of the test.
Maximum Concurrent TCP Connections The maximum number of concurrent TCP connections FortiTester will create during the test.
Concurrent Resolution Connections FortiTester stops the binary search if the number of concurrent connections is less than the value set here.
Acceptable Failure Rate Specify an acceptable failure rate.
RADIUS Request Time Out Time in microseconds before a RADIUS request times out.
Initial Traffic Cycle Time Traffic burst duration in seconds for each frame size. (minimum of 2)
Maximum Traffic Cycle Time Maximum traffic cycle, in seconds.
Duration Resolution Time If the time difference between two iterations is lower than the specified value here, no iteration will be done.
Initial Send Speed Binary Search only. Specify a speed in Mbps. A setting of 0 means the speed will be set through automatic detection.
Maximum Send Speed Speed in Mbps. A setting of 0 means throughput speed is copied from the BaseValue case.
Send Resolution Speed Binary Search only. Specify a minimum send speed of the traffic cycle for each frame size.
Up/Down Granularity Custom Load only. Traffic speed per cycle. 0 means sending speed in the next traffic cycle is equal to "Receive Mbps" in the previous cycle. 1 - 20 is the sending speed float percentage of maximum speed in the next cycle.
Correct Loss Rate Cycle Custom Load only. Set to 1. Not configurable.
Throughput Buffer Size Set the throughput buffer size. The valid range is from 64-10M.
TurboTcp Buffer Size The size of the buffer sent to server when the TCP connection is established.
Bidirectional Traffic Flow Select Enable to enable bidirectional traffic flow.
IKE Version Select either version 1 or 2. For 1, configure IKE Mode and XAUTH.
Authentication Method Select either PSK (Pre-shared Key) or Signature. If using a Signature you will need to import a client and server certificate.
Pre-shared Key The parameter of IPsec.
Local Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed to select local certificate here.
Remote Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed select remote certificate here.
Replay Time Out This timeout specifies how long the client waits for a response from the server. If the client does not receive a response within the timeout, it considers the packet lost. The default value is 2 milliseconds.
Break Once Packet Lost Select Yes or No. The Yes option means when the system identifies packet loss (the server side has not received the packet that client sent out), it stops the current GTP replay (pcap file), and continues the test with the next GTP file. The No option (the default) means a break is not set; the current replay continues.
Input Pcap Select a pcap file to send. Note the uploaded files can be used for future cases.
Evasion Types Select the evasion types. FortiTester will corrupt custom HTTP pcap file according to the selected Evasion Types.
Random Evasion Enable this option so that FortiTester can randomly call one of the available HTTP evasions.
DDoS Type DDoS attack traffic: Single Packet Flood. After you select a type, selection boxes for subtypes are displayed below. To change the percentage mix of subtypes, double-click the pie chart and adjust the percentages.