Fortinet black logo

Administration Guide

Home FortiTester 7.2.2 Administration Guide
7.2.2
7.4.0
7.3.2
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.0

Starting a RFC 3511 Concurrent Capacity throughput test

Starting a RFC 3511 Concurrent Capacity throughput test

FortiTester tests the ability of the DUT to determine the maximum number of entries it can store in its connection table.

To start a concurrent capacity test:
  1. Go to Cases > Performance Testing > RFC Benchmark > RFC 3511 > Concurrent Capacity to display the test case summary page.
  2. Click + Create New to display the Select case options dialog box.
  3. In the pop-up dialog, configure DUT Working Mode as TP or NAT.
  4. For the Network Config option, select the network template you have created in Cases > Security Testing > Objects > Networks. Then the network related options will automatically be filled. See Using network configuration templates for how to create a network template.
  5. Select a Certificate Group if applicable.
  6. Click OK to continue.
  7. Configure the test case options described below.
  8. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can also copy an existing case, and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

RFC Test Case common options

RFC 3511 Test Case configuration specific to Concurrent Capacity Throughput Test

Settings Guidelines
Load
Simulated Users Number of users to simulate.
Ramp Down Time Time in seconds for traffic to ramp down when you stop the test.
HTTP Request Time Out An HTTP request timeout occurs when an HTTP request is issued, but no data is responded back from the server within a certain time (in seconds). The timeout usually indicates an overwhelmed server or reverse proxy, or an outage of the back-end transactions processing servers. FortiTester will reset the connection upon timeout.
Traffic Direction Specify the direction of traffic flow.
Aging Time Wait time for packet transmitting after traffic stop, in seconds. (range: 2 - 300)
Maximum Iterative Cycle Maximum traffic cycle for each frame size. (minimum 1)
Iteration Mode Select either Binary Search to search using binary search mode or Custom Load to search using a custom load.
Initial Concurrent TCP Connections The number of concurrent TCP connections FortiTester creates at the beginning of the test.
Maximum Concurrent TCP Connections The maximum number of concurrent TCP connections FortiTester will create during the test.
Concurrent Resolution Connections FortiTester stops the binary search if the number of concurrent connections is less than the value set here.
Acceptable Failure Rate Specify an acceptable failure rate.
Client Profile
Request Header The HTTP header of the request packet. Click the Add button to specify more headers. Wild card is supported.
Client Close Mode Select the connection close method: 3Way_Fin or Reset.
Server Profile
Response Header The HTTP header of the response packet. Click the Add button to specify more headers.
Client/Server TCP Options
TCP Receive Window The receive window in which you want the TCP stack to send TCP segments. The receive window informs the peer how many bytes of data the stack is currently able to receive. The supplied value is used in all segments sent by the stack. The valid range is 0 to 65535.
Delayed Acks Select to cause the TCP stack to implement the Delayed ACK strategy, which attempts to minimize the transmission of zero-payload ACK packets. Acknowledgments will be deferred and should be piggybacked on top of valid data packets. If successfully deferred, these acknowledgments are free, in the sense that they consume no additional bandwidth.
Delayed Ack Timeout If you select Delayed ACKs, use this timeout value to specify the maximum time the TCP stack waits to defer ACK transmission. If this timer expires, the stack transmits a zero-payload acknowledgment.
Timestamps Option Select to add a TCP time stamp to each TCP segment.
Enable Push Flag Select to set the TCP PSH (push) flag in all TCP packets. This flag causes buffered data to be pushed to the receiving application. If deselected, the PSH flag is not set in any TCP packet.
SACK Option Select to enable TCP Selective Acknowledgment Options(SACK).
Enable TCP Keepalive Select to enable TCP Keep-alive Timer.
Keepalive Timeout If you enable TCP Keepalive, use this timeout value to specify the maximum time to send your peer a keep-alive probe packet
Keepalive Probes If you enable TCP Keepalive, use this value to specify the maximum probes to detect the broken connection.
Override Internal Timeout Calculation Select to override the TCP stack calculation of the retransmission timeout value.
Retransmission Timeout If you select Override Internal Timeout Calculation, use this value for the first transmission of a particular data or control packet; it is doubled for each subsequent retransmission.
Retries The number of times a timed-out packet is retransmitted before aborting further retransmission. If the client does not receive a response after the configured number of retries have been attempted, the error is logged in the results. CSV file as a TCP timeout when a SYN or FIN is sent, and no SYN/ACK or FIN/ACK from the server is received.

FinACK Timer

This value measures the amount of time that a SimUser waits after it finishes its actions and before it directly breaks all of its TCP connections (that is, the time to wait to receive the LAST_ACK message for a FIN request). A value of 0 disables the timer.

Note: Setting this timer can adversely affect TCP performance.

Client/Server Network
Network MSS The maximum segment size. If MSS is bigger than the MTU, IP fragmentation will be triggered conditionally.
Network MTU The Maximum Transmission Unit ranging from 1280 to 9000.
IP Option DSCP IP Option DSCP value for QoS, ranging from 0 - 63.

IP Flags DF

Do not fragment packets.

  • 0 = disable (fragment)
  • 1 = enable (do not fragment)
Action
Method Three methods are available here: GET, POST, and Custom. If you select Custom, you can click +Add to add at most 32 requests.
Request Page Select System Pages with Fixed or Random File Name and Content.
Get page Select the file that the simulated clients access. Optionally, you can select Custom to choose the file template you have created in Cases > Performance Testing > Objects > Files.
Post page Select the file that simulated servers response. You can edit the post parameters. The file size limit is 10MB.
Previous
Next

Starting a RFC 3511 Concurrent Capacity throughput test

FortiTester tests the ability of the DUT to determine the maximum number of entries it can store in its connection table.

To start a concurrent capacity test:
  1. Go to Cases > Performance Testing > RFC Benchmark > RFC 3511 > Concurrent Capacity to display the test case summary page.
  2. Click + Create New to display the Select case options dialog box.
  3. In the pop-up dialog, configure DUT Working Mode as TP or NAT.
  4. For the Network Config option, select the network template you have created in Cases > Security Testing > Objects > Networks. Then the network related options will automatically be filled. See Using network configuration templates for how to create a network template.
  5. Select a Certificate Group if applicable.
  6. Click OK to continue.
  7. Configure the test case options described below.
  8. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can also copy an existing case, and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

RFC Test Case common options

RFC 3511 Test Case configuration specific to Concurrent Capacity Throughput Test

Settings Guidelines
Load
Simulated Users Number of users to simulate.
Ramp Down Time Time in seconds for traffic to ramp down when you stop the test.
HTTP Request Time Out An HTTP request timeout occurs when an HTTP request is issued, but no data is responded back from the server within a certain time (in seconds). The timeout usually indicates an overwhelmed server or reverse proxy, or an outage of the back-end transactions processing servers. FortiTester will reset the connection upon timeout.
Traffic Direction Specify the direction of traffic flow.
Aging Time Wait time for packet transmitting after traffic stop, in seconds. (range: 2 - 300)
Maximum Iterative Cycle Maximum traffic cycle for each frame size. (minimum 1)
Iteration Mode Select either Binary Search to search using binary search mode or Custom Load to search using a custom load.
Initial Concurrent TCP Connections The number of concurrent TCP connections FortiTester creates at the beginning of the test.
Maximum Concurrent TCP Connections The maximum number of concurrent TCP connections FortiTester will create during the test.
Concurrent Resolution Connections FortiTester stops the binary search if the number of concurrent connections is less than the value set here.
Acceptable Failure Rate Specify an acceptable failure rate.
Client Profile
Request Header The HTTP header of the request packet. Click the Add button to specify more headers. Wild card is supported.
Client Close Mode Select the connection close method: 3Way_Fin or Reset.
Server Profile
Response Header The HTTP header of the response packet. Click the Add button to specify more headers.
Client/Server TCP Options
TCP Receive Window The receive window in which you want the TCP stack to send TCP segments. The receive window informs the peer how many bytes of data the stack is currently able to receive. The supplied value is used in all segments sent by the stack. The valid range is 0 to 65535.
Delayed Acks Select to cause the TCP stack to implement the Delayed ACK strategy, which attempts to minimize the transmission of zero-payload ACK packets. Acknowledgments will be deferred and should be piggybacked on top of valid data packets. If successfully deferred, these acknowledgments are free, in the sense that they consume no additional bandwidth.
Delayed Ack Timeout If you select Delayed ACKs, use this timeout value to specify the maximum time the TCP stack waits to defer ACK transmission. If this timer expires, the stack transmits a zero-payload acknowledgment.
Timestamps Option Select to add a TCP time stamp to each TCP segment.
Enable Push Flag Select to set the TCP PSH (push) flag in all TCP packets. This flag causes buffered data to be pushed to the receiving application. If deselected, the PSH flag is not set in any TCP packet.
SACK Option Select to enable TCP Selective Acknowledgment Options(SACK).
Enable TCP Keepalive Select to enable TCP Keep-alive Timer.
Keepalive Timeout If you enable TCP Keepalive, use this timeout value to specify the maximum time to send your peer a keep-alive probe packet
Keepalive Probes If you enable TCP Keepalive, use this value to specify the maximum probes to detect the broken connection.
Override Internal Timeout Calculation Select to override the TCP stack calculation of the retransmission timeout value.
Retransmission Timeout If you select Override Internal Timeout Calculation, use this value for the first transmission of a particular data or control packet; it is doubled for each subsequent retransmission.
Retries The number of times a timed-out packet is retransmitted before aborting further retransmission. If the client does not receive a response after the configured number of retries have been attempted, the error is logged in the results. CSV file as a TCP timeout when a SYN or FIN is sent, and no SYN/ACK or FIN/ACK from the server is received.

FinACK Timer

This value measures the amount of time that a SimUser waits after it finishes its actions and before it directly breaks all of its TCP connections (that is, the time to wait to receive the LAST_ACK message for a FIN request). A value of 0 disables the timer.

Note: Setting this timer can adversely affect TCP performance.

Client/Server Network
Network MSS The maximum segment size. If MSS is bigger than the MTU, IP fragmentation will be triggered conditionally.
Network MTU The Maximum Transmission Unit ranging from 1280 to 9000.
IP Option DSCP IP Option DSCP value for QoS, ranging from 0 - 63.

IP Flags DF

Do not fragment packets.

  • 0 = disable (fragment)
  • 1 = enable (do not fragment)
Action
Method Three methods are available here: GET, POST, and Custom. If you select Custom, you can click +Add to add at most 32 requests.
Request Page Select System Pages with Fixed or Random File Name and Content.
Get page Select the file that the simulated clients access. Optionally, you can select Custom to choose the file template you have created in Cases > Performance Testing > Objects > Files.
Post page Select the file that simulated servers response. You can edit the post parameters. The file size limit is 10MB.
Previous
Next