Translated Abstract
In the process of developing network security products and implementing security solutions, objective, comprehensive and systematic testing of the equipment functions and performance is of crutial importance. Testing the security products and equipment in actual network environment has become a very important research topic. This paper investegates the methods of interactive traffic replay, network traffic simulation, simulative traffic generator, and implements the corresponding prototype systems. First of all, this paper proposes an interactive TCP traffic replay method based on "stop- and-waiting" mechanism. Traffic replay system using this method won‘t replay the traffic of one session any more if network security product in the testing environment blocks even one suspective packet of this session. Based on this method, this paper implements two prototype systems of high speed traffic replay and traffic replay based on incentive mechanism. Furthermore, this paper proposes a layered traffic model, and presents the procedure of traffic simulation using gliding windows. Finnally, based on the Linux kernal module pktgen, this paper implements a kernal module - icmp pktgen, which can simulate a large number of users online behavior through generating ICMP traffic, and test the forwarding performance of network security products in two directions. The experiment results illustrate that the traffic generated by prototype system mentioned above can be used to test network equipment systematicly and comprehensively. It also shows that the prototype systems have met requirements of initial design. This paper has laid certain fundation in this area with practical and reference value.
Corresponding authors email