CN101360015A - Method, system and apparatus for test network appliance - Google Patents

Method, system and apparatus for test network appliance Download PDF

Info

Publication number
CN101360015A
CN101360015A CNA2008101192925A CN200810119292A CN101360015A CN 101360015 A CN101360015 A CN 101360015A CN A2008101192925 A CNA2008101192925 A CN A2008101192925A CN 200810119292 A CN200810119292 A CN 200810119292A CN 101360015 A CN101360015 A CN 101360015A
Authority
CN
China
Prior art keywords
network equipment
analog subscriber
authentication
test
data stream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2008101192925A
Other languages
Chinese (zh)
Other versions
CN101360015B (en
Inventor
杨敬民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cao Ruiyun
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN2008101192925A priority Critical patent/CN101360015B/en
Publication of CN101360015A publication Critical patent/CN101360015A/en
Application granted granted Critical
Publication of CN101360015B publication Critical patent/CN101360015B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a method for testing a network equipment, solving the problem that the prior art has no test to the data flow forwarding capability of the network equipment. The method comprises the steps: a testing apparatus transmits a test data flow and an authentication data flow to the network equipment, the test data flow includes an analog user data flow, the destination address of each analog user data packet is a testing apparatus address, and the source address is an analog user address; the testing apparatus judges whether the network equipment can forward the test data flow normally according to whether or not the test data flow forwarded by the network equipment is received in the setting time and according to the saved authentication information to the analog users by an authentication server; and judges whether the network equipment can offer normal authentication to the analog users with predetermined number according to the authentication results made by the testing apparatus itself and the authentication results returned from the network equipment. The invention also provides a system and an apparatus for testing the network equipment. The invention puts forward the proposal to realize the test to the forwarding data flow capability of the network equipment.

Description

The method, system and device of network apparatus test
Technical field
The present invention relates to the network communication equipment measuring technology, relate in particular to a kind of method, system and device of network apparatus test.
Background technology
Traditional ethernet technology allows unwarranted user, directly enters network by the equipment that is connected to Local Area Network, freely uses Internet resources.But along with the extensive use of ethernet technology, the Internet resources of Virtual network operator are not to provide free to the user to use, and the user need pay the rights of using that corresponding cost could obtain to use respective network resource.In this case, the demand of network rights of using safety certification has just been mentioned on the agenda.(Institute of Electrical andElectronics Engineers, IEEE) the LAN standard IEEE 802.1x agreement of 802 committees formulation proposes under such background just in IEEE.IEEE 802.1x agreement is also referred to as the access to netwoks control protocol (Port-Based Network Access Control Protocol) based on port.
In IEEE 802.1x agreement, the effect of connection user's the network equipment is extremely important.Below briefly introduce the basic principle of IEEE 802.1x agreement.
IEEE 802.1x consensus standard defined a kind of based on " client-server " (Client-Server) pattern realize the visit of restrict unauthorized user to network.The user wants the authentication of the necessary elder generation of accesses network by server.Can't accesses network by the user of server authentication.
As shown in Figure 1, IEEE802.1x standard authentication system is made of conjure man (supplicant), authenticator (authenticator) and certificate server (authentication server) three parts, in the actual authentication process, three parts correspond to respectively: and work station (Client), the network equipment (network access server, NAS) and certificate server (Radius-Server).
Wherein, have the user that is of conjure man's function, (PersonalComputer PC), asks the visit to network, and authenticator's authentication information message is replied as work station, client or PC.In the actual authentication process, the user pays certain expense to Virtual network operator, Virtual network operator then provides the user ID and the authentication password of an authentication usefulness to the user, and provides a client software that is used to authenticate to the user, and this software is installed on user's the PC.When the user wants to use Internet resources, must open Authentication Client software earlier, use the user ID and the authentication password that provide to authenticate.
What have authenticator's function is to connect the user, and realizes the network equipment of IEEE802.1x agreement.This network equipment can be switch or router.The network equipment with authenticator's function has two types port: controlled ports (controlled Port) and uncontrolled port (uncontrolled Port).The user who wherein connects controlled ports has only by authentication ability accesses network; And the user who connects uncontrolled port just need not authenticate directly accesses network.By uncontrolled port is connected certificate server, to guarantee the normal communication of the server and the network equipment; The end user is connected on the controlled ports, just can realizes control the user.Before the user was also unverified, the controlled ports that connects this user's the network equipment did not allow any data to pass through, but except the message identifying, behind this authentification of user, certificate server is with authentication result informing network equipment.The network equipment is examined the authentication information of server end by to the customer requirements authentication information, if authentication is passed through, the network equipment just will connect this user's controlled ports to be opened, and the permission data are passed through, and this user just can accesses network at this moment; If authentification of user does not pass through, the controlled ports that the network equipment keeps connecting this user is for closing, and this user just can't accesses network like this.The network equipment is except having authentication function, also has server client (Remote Authentication Dial In User Service Client, RADIUS Client) function, thereby the network equipment is also referred to as network access server (Network Access Server, NAS), the response of soon receiving from the user is packaged into the message of RADIUS form and is transmitted to Radius-Server, and the while comes out the information interpretation of receiving from Radius-Server and is transmitted to the user.
Certificate server is generally radius server, cooperates with the authenticator in the verification process, for the user provides authentication service.Certificate server has been preserved user's authentication information, the medium access control of user ID, close authentication code, authentification of user PC (Media Access Control for example, MAC) Internet protocol (the Internet Protocol of address, authentification of user PC, IP) information such as address, wherein each user has unique user ID, and this user ID can be user name or subscriber mailbox.And a certificate server can provide authentication service to many authenticators, realizes the centralized management to the user.
And in the test to the IEEE802.1x network equipment at present, only tested the verification process of the network equipment to small number of users, the situation of network equipment forwarding data flow is not tested, and do not have network apparatus test forwarding situation to user's data stream in the process of authentication, the forwarding of the common data stream in also real network not being used is simultaneously tested.And existing method of testing can't be tested the state of jumbo user's lower network equipment in real network is used, be network equipment central processing unit (CentralProcessing Unit, CPU) and the utilance of internal memory, and whether the network equipment faults such as deadlock can occur, whether can provide authentication service to jumbo user.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method, system and device of network apparatus test, in order to solving in the prior art analog subscriber data flow that can't network apparatus test whether can transmit normally by authentication, and can't network apparatus test to the problem of the forwarding situation of other common data streams.
The method of a kind of network apparatus test that the embodiment of the invention provides comprises:
Testing apparatus sends verify data stream or test data stream to the network equipment, wherein, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber;
Described testing apparatus is according to whether receiving the test data stream of described network equipment forwarding in setting-up time, and according to the authentication information of the certificate server of preserving to analog subscriber, judge whether the described network equipment normally transmits described test data stream; And
Described testing apparatus is relatively according to himself access to netwoks control protocol IEEE 802.1x agreement based on port, each analog subscriber in the verify data stream is authenticated the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity.
A kind of test macro that the embodiment of the invention provides comprises:
Testing apparatus, be used for sending verify data stream or test data to the network equipment, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber; According in setting-up time, receiving the test data stream that the described network equipment is transmitted, reach the authentication information of the certificate server of preservation to analog subscriber, judge whether the described network equipment normally transmits described test data; And relatively according to himself access to netwoks control protocol IEEE 802.1x agreement based on port, each analog subscriber in the verify data stream is authenticated the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity;
The network equipment, be used to receive the test data stream that described testing apparatus sends, according to the information that each test packet in the test data stream comprises, reach the authentication information of the certificate server of preservation to analog subscriber, transmit the test data that meets the demands to institute's testing apparatus; And the verify data stream that described testing apparatus is sent sends to certificate server, to the authentication result information of described testing apparatus return authentication server to analog subscriber.
The device of a kind of network apparatus test that the embodiment of the invention provides comprises:
Tester is used for sending test data stream to the network equipment, and wherein, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber; Test data stream according to the described network equipment returns reaches the authentication information of the certificate server of preservation to analog subscriber, judges whether the described network equipment normally transmits described test data stream;
The test terminal, be used for sending the verify data stream that generates to network equipment, each analog subscriber in the verify data stream is authenticated based on the IEEE802.1x agreement according to himself, the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity.
The method of the network apparatus test that the embodiment of the invention provides, by in the process that analog subscriber is authenticated, authentication result and the authentication result returned of the network equipment by self statistics, network apparatus test is to the verification process of the analog subscriber of predetermined number, simultaneously in to the verification process of analog subscriber by the forwarding situation of network apparatus test to the data flow of analog subscriber, network apparatus test is to the transfer capability of data flow, realization is to the test of network equipment data flow transfer capability, thus the transfer capability of the data flow of effective network apparatus test.
Description of drawings
Fig. 1 is the schematic diagram of the IEEE802.1X protocol test network equipment in the prior art;
The flow chart of the network apparatus test that Fig. 2 provides for the embodiment of the invention;
The system configuration schematic diagram of the network apparatus test that Fig. 3 provides for the embodiment of the invention;
The structural representation of the testing apparatus that Fig. 4 provides for the embodiment of the invention;
The structural representation of the client software of the multiple user authentications that Fig. 5 provides for the embodiment of the invention;
The monitoring log information schematic diagram that Fig. 6 provides for the embodiment of the invention;
The flow chart of the concrete network apparatus test that Fig. 7 provides for the embodiment of the invention;
The terminal authentication software setting schematic diagram of the multiple user authentications that Fig. 8 provides for the embodiment of the invention.
Embodiment
In order realizing the situation of network equipment forwarding data flow to be tested in embodiments of the present invention, as shown in Figure 2, to provide a kind of method of network apparatus test, specifically may further comprise the steps:
S201: testing apparatus sends test data stream to the network equipment, wherein, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber.
In embodiments of the present invention can be in setting-up time, send test data stream to the network equipment, this setting-up time can be that network apparatus test distributes into the needed time to all test data circulations, also can be network apparatus test to all test datas streams repeatedly transmit finishes the needed time, can also be other performances according to network apparatus test, for example to the authentication of a large amount of analog subscribers, can set this time is that the network equipment has authenticated the needed time of all analog subscribers, perhaps than having authenticated the longer time of needed time of all analog subscribers, in the concrete test process, can be provided with flexibly as required.
S202: whether described testing apparatus basis receives the test data stream that the described network equipment is transmitted in setting-up time, and, judge whether the described network equipment normally transmits described test data stream according to the authentication information of the certificate server of preserving to analog subscriber.
Described testing apparatus receives the analog subscriber data that the network equipment is transmitted in the time of setting, in the authentication information of certificate server to analog subscriber in described preservation, when finding the source address corresponding simulating user profile of described analog subscriber, judge that then the described network equipment normally transmits the analog subscriber packet; Or
In the authentication information of certificate server, when not finding the source address corresponding simulating user profile of described analog subscriber, then judge the improper forwarding analog subscriber of described network equipment packet to analog subscriber in described preservation.
S203: described testing apparatus is relatively according to himself access to netwoks control protocol IEEE802.1x agreement based on port, each analog subscriber in the verify data stream is authenticated the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity.
Testing apparatus is according to the IEEE 802.1x agreement that himself disposes, and the information according to each analog subscriber in the test data stream authenticates each analog subscriber, and the statistics authentication result; Simultaneously verify data stream is sent to the network equipment, and the authentication result returned of statistics network equipment; According to the authentication result of himself statistics and the statistics of carrying out, judge that whether the described network equipment provides normal authentication to the analog subscriber of the predetermined quantity in the verify data stream according to the authentication result that the network equipment returns.
Wherein in the concrete process that the network equipment is tested, testing apparatus is arbitrarily to the order that the network equipment sends verify data stream and test data stream, and promptly S203 also can be positioned at before the S201, also can be positioned at after the S202.
Wherein test data stream also comprises the attack data flow.Attack the message that data flow comprises the full 0/F of source/target MAC (Media Access Control) address, the IP message of TTL=0/1, the message of CRC check mistake is less than 64 bytes with surpass the message of 1518 bytes, multicast packets, messages such as broadcast packet; In addition, the test data stream of unverified analog subscriber transmission also can be regarded as the attack data flow.
And the method for this network apparatus test also comprises: when each analog subscriber data source address, during the address of each analog subscriber that authenticates for pass through of preserving, the quantity of the normal analog subscriber data of transmitting of the described network equipment of receiving according to described testing apparatus, and the quantity of the analog subscriber authentication information of preserving, judge whether the described network equipment normally transmits the analog subscriber test data.
The method of this network apparatus test also comprises simultaneously: described testing apparatus sends configuration order to the described network equipment;
Described testing apparatus detects described network equipment attribute information according to the execution result that the described network equipment returns.
Configuration order comprises: monitor the order of described performance of network equipments, or control the order whether described network equipment carries out the configuration file content of preservation, or control the order of the information of described network equipment preservation.
Monitor the order of described performance of network equipments, comprising:
Check the utilance of the central processor CPU of the described network equipment, or check described network equipment memory usage.
The utilance of the CPU that supervising device returns according to the network equipment, or memory usage are judged the ability of network device processing data flow, wherein this data flow comprises, verify data stream and test data stream, wherein test data stream comprises, analog subscriber data flow and attack data flow.
Control the described network equipment and whether carry out the order of the configuration file content of preservation, comprising:
Control the described network equipment and carry out the IEEE802.1x protocol contents of the configuration file of preserving, or control the IEEE802.1x protocol contents that the described network equipment is not carried out the described configuration file of preservation.
Control the order of the information of described network equipment preservation, comprising:
Check the authentication information of the analog subscriber that pass through authentication that the described network equipment is preserved, or delete the MAC address entries of the described network equipment, the authentication information by the analog subscriber that authenticates.
Simultaneously the network equipment is when its unit exception, when for example crashing, also can be to testing apparatus output equipment abnormal information, and the device exception information of this network equipment output also can be monitored and preserve to testing apparatus.
And also preserve the configuration file of itself and certificate server, the network equipment in embodiments of the present invention in the testing apparatus, wherein comprise the authentication information field of each analog subscriber in the configuration file of certificate server; The configuration file of the network equipment comprises that the protocol information that the network equipment is followed is the IEEE802.1x protocol information in embodiments of the present invention; The configuration file of testing apparatus comprises that verify data stream and test data flow, and wherein comprises the authentication information of the analog subscriber of predetermined quantity in this verify data stream.
Wherein, the authentication information field that the authentication information of each analog subscriber comprises in the configuration file of testing apparatus, identical with the authentication information field that comprises in the configuration file of certificate server, then certificate server can provide authentication to the analog subscriber of testing apparatus, for example the authentication information of each analog subscriber of preserving in testing apparatus is a user ID, the MAC Address of user cipher and user PC, and the authentication information field of preserving in the certificate server also is user ID, during the MAC Address of user cipher and user PC, then certificate server authenticates according to the authentication information field of the authentication information that receives with self preservation.The authentication information that receives when certificate server and the authentication information field of preservation are not simultaneously, authentication service can not be provided, if promptly the authentication information field of analog subscriber comprises user ID in the configuration file of testing apparatus, authentication password, the IP address of the MAC Address of user PC and user PC, and the authentication information field of each analog subscriber of preserving in the configuration file of certificate server is an authentication password, the IP address of the MAC Address of user PC and user PC, then certificate server can not provide authentication service for the analog subscriber that testing apparatus comprises this authentication information field.
As shown in Figure 3, test macro comprises in embodiments of the present invention, testing apparatus 30, the network equipment 31 and certificate server 32.Wherein, the network equipment 31 is connected between testing apparatus 30 and the certificate server 32.Wherein, the flow direction of the direction indication data flow of arrow, the network equipment 31 and certificate server 32 all take out corresponding configuration file from testing apparatus 30.Testing apparatus 30 is according to himself configuration file of its preservation, generation test data stream, wherein test data stream comprises the analog subscriber data flow and/or attacks data flow, comprise a plurality of analog subscriber packets in each analog subscriber data flow, wherein the destination address of each analog subscriber packet is the address of testing apparatus 30, and source address is the address of analog subscriber; When test data stream is the analog subscriber data flow, if in setting-up time, receive this analog subscriber data flow that the network equipment 31 is transmitted, source address information according to the analog subscriber packet, and the certificate server of preserving judges to the authentication information of analog subscriber whether the network equipment 31 normally transmits the analog subscriber data flow.
In the authentication information of certificate server, when finding the source address corresponding simulating user profile of analog subscriber packet, then judge the described analog subscriber data flow of the normal forwarding of the described network equipment to analog subscriber in described preservation; Or
In the authentication information of certificate server that testing apparatus is being preserved, when not finding the source address corresponding simulating user profile of analog subscriber packet, then judge the network equipment 31 improper forwarding analog subscriber data flow to analog subscriber.
Simultaneously because each analog subscriber packet that comprises source address that testing apparatus 30 sends to the network equipment 31 is corresponding with the address of each analog subscriber respectively.So testing apparatus 30 is according to the analog subscriber quantity of passing through certificate server 32 authentications of its preservation, and the analog subscriber quantity of data packets of the normal forwarding that receives, judge whether the ability of the network equipment 31 forwarding analog subscriber data flow is normal.
And testing apparatus is according to the configuration order of the automation configuration script generation of preserving to the network equipment.Wherein, this configuration order comprises the order of monitoring described performance of network equipments, or controls the order whether described network equipment carries out the configuration file content of preservation, or controls the order of the information of described network equipment preservation.Configuration order can adopt the combined in any order of above-mentioned configuration order in whole test process, constantly sends to the network equipment.The network equipment 31 is carried out the configuration order that receives, and returns corresponding execution result to testing apparatus 30, and the execution result that the configuration order of testing apparatus 30 transmissions simultaneously and the network equipment 31 return all device being tested 30 records in the test log.Testing apparatus 30 also receives the device exception information of the network equipment 31 outputs simultaneously.
The execution result to the order of monitoring described performance of network equipments that testing apparatus 30 returns according to the network equipment is judged the ability of network device processing data flow.
And testing apparatus 30 is according to its authentication information to each analog subscriber of the network equipment 31 transmissions, according to the IEEE 802.1x agreement of himself preserving each analog subscriber is authenticated, statistics can be passed through the quantity of the analog subscriber of authentication, while testing apparatus 30 is added up according to the authentication result of the certificate server that the network equipment 31 that receives returns, and according to the statistics of self authentication, whether the concrete analysis network equipment 31 provides normal authentication to the analog subscriber of this predetermined quantity.
Wherein, owing to added up the quantity that to pass through the analog subscriber of authentication in the testing apparatus 30 voluntarily, and the analog subscriber data of passing through certificate server 32 authentications that the network equipment 31 returns have been added up, also write down the network equipment 31 simultaneously and normally transmitted the data flow of each user's transmission of simulation, also may write down the authentication information of the network equipment 31 simultaneously in the test log by the analog subscriber of authentication, therefore can be according to the result of record in the testing apparatus 30, phase-split network equipment 31 whether can transmit data flow normally, and judge whether this network equipment 31 can provide authentication service for the analog subscriber of this predetermined quantity.
In embodiments of the present invention in order to realize test to the network equipment, a kind of device of network apparatus test is provided, tester 401, be used for sending test data stream to the network equipment, wherein, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber; Test data stream according to the described network equipment returns reaches the authentication information of the certificate server of preservation to analog subscriber, judges whether the described network equipment normally transmits described test data stream;
Test terminal 400, be used for sending the verify data stream that generates to network equipment, each analog subscriber in the verify data stream is authenticated based on IEEE 802.1x agreement according to himself, the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity.
As shown in Figure 4, this testing apparatus also comprises monitor terminal 404.And this testing apparatus 30 also comprises file server 402 and hub 403.
The test that the controlled ports realization of the test terminal 400 connection network equipments is counted capacity to network equipment analog subscriber, can or surpass the capacity that this demarcates user capacity according to the number of users capacity of the demarcation of the network equipment, verify data stream in 400 configuration files of test terminal is set, comprises the authentication information of the analog subscriber of predetermined quantity in this verify data stream.Test terminal 400 sends to the network equipment with it according to the verify data stream that configuration file generates, simultaneously add up each analog subscriber automatically and whether authenticate and pass through according to the IEEE 802.1x agreement of self preserving, and the authentication result of the certificate server that returns of the uncontrolled port receiving and counting network equipment by the network equipment.And checking is in the validated user quantity of the network equipment, also do not reach under the situation of the number of users that can authenticate of demarcation, the disabled user can't authenticate and pass through, wherein the disabled user refers to that the user authentication information of preserving on user's authentication information and the certificate server is inequality, for example certain user's of test terminal 400 inputs user ID is not preserved in server, or the password bad of authentication etc.And can verify validated user at the network equipment reach demarcation can authenticated user quantity in limited time, legal and disabled user can not be by authentication.For example the user capacity of network equipment demarcation is 2000, when the user who 2000 authentications is passed through as this network equipment Ying Jing provides service, if the test terminal sends the authentication information of the 2001st analog subscriber to the network equipment, and this analog subscriber is a validated user, and this moment, the network equipment can not provide authentication service for this analog subscriber of test terminal.
In order to realize the network equipment is transmitted the test of data flow situation, adopt tester 401 to connect the controlled ports of the network equipment, information according to each analog subscriber obtains the analog subscriber data flow, wherein the source address of each analog subscriber packet is the address of this analog subscriber in this analog subscriber data flow, destination address is the address of tester 401, or the address of tester 401 preservations.Tester 401 is according to the analog subscriber data flow that receives, detect the source address information of each analog subscriber packet in this analog subscriber data flow, and, judge whether the network equipment normally transmits this analog subscriber data flow according to the authentication information of the certificate server of preserving to analog subscriber.According to the network condition simulated strike data flow of reality, send the attack data flow simultaneously to the network equipment.After tester 401 correctly receives each analog subscriber packet that the network equipment returns, obtain the analog subscriber information that comprises in each analog subscriber packet, whether whether normally transmit these data according to this analog subscriber by the authentication determination network equipment; The analog subscriber packet that correctly receives when tester 401 simultaneously, to analog subscriber that should the analog subscriber packet during the authentication by certificate server, it is undesired to judge that then the network equipment is transmitted the ability of these analog subscriber data.
And the authentication information of the analog subscriber of preserving in this tester 401, also can generate according to configuration file, be the authentication information of all preserving a this analog subscriber in the tester and the network equipment, data transmitted and tested judgement according to the authentication information of this analog subscriber.
Certainly also can select the analog subscriber of a part in the test process of reality, simulate the analog subscriber data flow of this part, concrete test process can be selected according to the actual needs.
And for the process that makes test more near actual conditions, adopt hub 403 with the test data of tester 401 and test terminal 400 regenerate shaping, amplification in embodiments of the present invention, the test data after shaping is amplified sends in this network equipment by the controlled ports of the network equipment.Adopt hub 403 can enlarge the transmission range of network, the process that makes test is more near actual conditions.
Wherein, file server 402 provides configuration file to the network equipment and certificate server, file server 402 also provides configuration file to test terminal 400, tester 401, hub 403 and monitor terminal 404 simultaneously, represents that with arrow data flow flows in Fig. 4.And monitor terminal 404 continues to send configuration order to the network equipment, the network equipment is carried out this configuration order and is returned execution result to monitor terminal 404, wherein this configuration order also can for the property in cycle return monitored results to monitor terminal 404, for example this configuration order was for returning the utilance of its CPU to monitor terminal every 10 seconds.
This monitor terminal 404 comprises: memory module is used to store the configuration order of monitor network equipment performance, or controls the configuration order whether described network equipment carries out the configuration file content of preservation, or controls the configuration order of the information of described network equipment preservation;
Sending module is used for sending the configuration order of storing to the network equipment.
The configuration order of monitor network equipment performance comprises: the utilance of the central processor CPU of the described network equipment is checked in storage, or checks the configuration order of described network equipment memory usage.And judge the disposal ability of the network equipment according to this information that monitor terminal 404 returns, promptly handle the ability of verify data stream and test data stream simultaneously data flow.
Whether control the described network equipment carries out the configuration order of the configuration file content of preservation and comprise: the described network equipment of storage control is carried out the IEEE802.1x protocol contents of the configuration file of preserving, or controls the configuration order of IEEE802.1x protocol contents that the described network equipment is not carried out the described configuration file of preservation.
The configuration order of controlling the information that the described network equipment preserves comprises: the authentication information of the analog subscriber that pass through authentication that the described network equipment is preserved is checked in storage, or deletes the configuration order of the MAC address entries of the described network equipment, the authentication information by the analog subscriber that authenticates.
The tester network apparatus test is transmitted the ability of data flow in embodiments of the present invention, makes the analog subscriber accesses network reliably after the authentication, and this method of testing can effectively test out the potential fault of the network equipment, thus the performance of the raising network equipment.The test terminal is tested the user capacity of the network equipment in embodiments of the present invention simultaneously, can also test simultaneously the state of large-capacity user lower network equipment in the network of reality, avoided the situation that network equipment appearance is crashed when a large number of users authenticates simultaneously, therefore, the method for testing of this network equipment can improve the stability and the reliability of the network equipment.
And tester is meant by hardware device and/or is applied to the device that the application software on the hardware device constitutes in embodiments of the present invention, can be picture IXIA, equipment such as SmartBits.Picture IXIA tester is by the IXIA hardware device, such as IXIA1600T cabinet and the application software that is applied on the hardware device, such as IxExplorer, formations such as IxNetwork, can be to the generation and the analysis control all sidedly of the layer 2-4 flow on the diverse network interface type module, this network interface comprise Ethernet, 10GB Ethernet, POS (PacketOver SONET), asynchronous transfer mode (Asynchronous Transfer Mode, ATM), frame relay or the like.Each test port of IXIA can dispose self-defining data flow, filtercondition separately and catch capacity.Perfect statistics and pictorial statement is provided, can (Device Under Test, DUT) performance and function be analysed in depth to equipment under test.Tester can generate test data stream automatically according to the information of the configuration file of downloading.Tester also can adopt software mode to realize simultaneously, promptly realizes sending the software of packet.In concrete test process, can dispose flexibly as required.
When realizing by hardware mode, a test port of tester is connected on the hub by Category-5 twisted pair or optical fiber cable, and another port is connected on the uncontrolled port of the network equipment by Category-5 twisted pair or optical fiber cable.
Because general client certificate software is the software that single user is authenticated, promptly a client goes up user of authentication, do not allow to authenticate simultaneously a plurality of users, therefore when on the test terminal client certificate software being installed, can only simulating a user and authenticate.In order to be implemented in the test that realizes the simulation a large number of users on the test terminal, adopted the client certificate software of multiple user authentications in embodiments of the present invention.The client certificate software of multiple user authentications is installed in the test terminal, the client certificate software of this multiple user authentications, according to the configuration file that obtains from file server, preserve the authentication information field of a large number of users of simulation in this configuration file, it is user ID, the MAC Address of authentication password and user PC can also comprise the IP address of user PC.During the client certificate software work of multiple user authentications, can be according to the test process that itself is provided with, order be obtained the user ID of each analog subscriber, and the MAC Address of authentication password and user PC can also comprise the IP address of user PC authenticating successively.After analog subscriber verification process finished, whether the client certificate software of multiple user authentications can be added up this analog subscriber automatically and authenticate and pass through, and carries out the authentication of next analog subscriber simultaneously.Therefore, the test process of the client certificate software of this multiple user authentications is set in the test terminal, can simulates the verification process of a large number of users, thereby reach the purpose of the user capacity of network apparatus test.
As shown in Figure 5, its function of the client certificate software of multiple user authentications realizes comprising following components in embodiments of the present invention: the parameter storage and as a result display module 501, parameter module 502 and client certificate module 503 are provided, and be connected to each other between each module.
Wherein, parameter storage and as a result display module 501 can finish the client certificate software of multiple user authentications and tester alternately, the authentication information field of each analog subscriber of parameter storage and display module 501 preservation testers settings as a result can also be preserved simultaneously other information of setting, user ID for example, user's number, authentication password, the MAC Address of user PC, the IP address of user PC can also be provided with authentication cycle period etc. according to the needs of test simultaneously.This module receives the authentication information of client certificate module 503 simultaneously, the authentication result that statistics client certificate module 503 is returned, give the tester with statistical result showed, the statistics that shows comprises, the number of analog subscriber success identity, the number of failure authentication, specifically each analog subscriber result such as authentication success whether.
And, parameter is stored and the quantity of the analog subscriber authentication information of display module 501 can be according to the test request setting as a result, for example be 4000,2000 etc., the user authentication information field of simulation comprises user ID, user's number, authentication password, the IP address of the MAC Address of user PC and user PC.By the operation of tester to the client certificate of multiple user authentications, multiple user authentications client certificate software can be preserved the user authentication information that is provided with get off with the form of text automatically.As long as this text is derived, be stored on the file server 402, in the concrete test process, utilize the client certificate software of multiple user authentications, download and open the text of preservation from file server 402, will import the user authentication information of setting automatically.
Parameter provides module 502, receive the data such as authentication information of the analog subscriber of parameter storage and display module 501 transmissions as a result, and, provide corresponding simulating user's authentication information field to client certificate module 503 according to the parameters for authentication information of the analog subscriber of client certificate module 503.For example this parameter provides the authentication information of the analog subscriber of parameter storage that module 502 receives and display module 501 transmissions as a result, comprise, user ID, user's number, authentication password, the IP address of the MAC Address of user PC and user PC, and the parameters for authentication information of the analog subscriber that client certificate module 503 needs comprises user ID, the MAC Address of authentication password and user PC, then parameter provides module 502 to comprise user ID, the authentication information field of the MAC Address of authentication password and user PC to these client certificate module 503 transmissions.Wherein the authentication information field that comprises in the authentication information of the analog subscriber of these client certificate module 503 preservations is identical with the authentication information field of preservation in the certificate server 32, also preserve the user ID of analog subscriber in the authentication authorization and accounting server 32, the mac address information of authentication password and user PC.
Client certificate module 503, provide module 502 to send the parameters for authentication information of analog subscriber to parameter, and provide the authentication information field and the IEEE 802.1x agreement of the needed analog subscriber of authentication that module 502 provides to authenticate, and authentication result is returned to parameter storage and display module 501 as a result according to parameter.
In embodiments of the present invention in order to realize monitoring to the network equipment, control desk CONSOLE port with the network equipment, be connected to serial line interface on the monitor terminal mainboard by cable, wherein, the CONSOLE port be the network equipment provide be specifically designed to the port that the network equipment is configured and manages.Operation monitoring software on the monitor terminal, monitor network equipment.
During actual the test, download automatized script, this automatized script is written into monitoring software from file server.So-called automatized script file can be to adopt vbScript, the text of automatized script language compilation such as JavaScript, content mainly comprises the periodic configuration order of the network equipment being carried out the automation configuration, this configuration order comprises the order of monitoring described performance of network equipments, or control the order whether described network equipment carries out the configuration file content of preservation, or control the order of the information of described network equipment preservation.Wherein, monitor the order of described performance of network equipments, comprising: check the utilance of the central processor CPU of the described network equipment, or check described network equipment memory usage.Control the described network equipment and whether carry out the order of the configuration file content of preservation, comprise: control the IEEE802.1x protocol contents that the described network equipment is carried out the configuration file of preserving, or control the IEEE802.1x protocol contents that the described network equipment is not carried out the described configuration file of preservation.Control the order of the information that the described network equipment preserves, comprising: check the authentication information of the analog subscriber that pass through authentication that the described network equipment is preserved, or delete the MAC address entries of the described network equipment, the authentication information by the analog subscriber that authenticates.
Monitoring software is written into the order that can automatically perform behind the automatized script in the script, send configuration order to the network equipment, the network equipment is carried out the operation of this configuration order correspondence, export corresponding execution result and give testing apparatus, and the network equipment occurs also exporting the corresponding apparatus abnormal information when unusual at equipment and gives testing apparatus.Wherein input, the result of output records in the monitoring daily record, and this monitoring daily record is kept in the testing apparatus.As shown in Figure 6, the monitored software of monitoring daily record meeting gets off with the form real time record of text, can write down automatically its time in the time of output information in each bar input of record, and the moment of this recorded information record is described.
File server is deposited the corresponding configuration file of the network equipment, the configuration file of tester test data, monitor terminal is the script and the test monitoring daily record of operation automatically, the configuration file of test terminal, the authentication information configuration file of analog subscriber on the certificate server, and the authentication information field of the analog subscriber in the configuration file of this certificate server, identical with the authentication information field of analog subscriber in the configuration file of test terminal, for example the configuration file of certificate server has been preserved the user ID of analog subscriber, authentication password, the IP address of the MAC Address of user PC and user PC, the user ID that then comprises analog subscriber in the configuration file of test terminal equally, authentication password, the IP address of the MAC Address of user PC and user PC, preserved the user ID of analog subscriber when the configuration file of certificate server, during the MAC Address of authentication password and user PC, the user ID that then comprises analog subscriber in the configuration file of test terminal equally, the MAC Address of authentication password and user PC guarantees that promptly the test terminal can obtain authentication to the test data that the network equipment sends in certificate server.File server can be served as by monitor terminal in embodiments of the present invention, is about to configuration file and is kept on the monitor terminal.
As shown in Figure 7,, the method for network apparatus test is described in detail, specifically may further comprise the steps below by a specific embodiment:
Step 701: the client software of the multiple user authentications of test terminal is according to the corresponding configuration file of downloading from file server, import verify data stream to be tested, the authentication information that comprises the analog subscriber of predetermined quantity in this verify data stream, the authentication information of the analog subscriber of this predetermined quantity is sent to the network equipment successively, and according to IEEE 802.1x agreement, and the authentication information of each analog subscriber that comprises in the verify data stream, each analog subscriber is authenticated, and the quantity of adding up the analog subscriber that passes through checking voluntarily, and the quantity of passing through the analog subscriber of checking.
Wherein the authentication information of analog subscriber comprises, the authentication information field of the MAC Address of user ID, authentication password, user PC and the IP address of user PC, and the authentication information field of the analog subscriber of preserving in the certificate server comprises the MAC Address of user ID, authentication password and user PC and the IP address of user PC.Be illustrated in figure 8 as the design sketch of authentication information of analog subscriber of predetermined quantity of the client software simulation of multiple user authentications.
In embodiments of the present invention, the analog subscriber of predetermined quantity is 4000, promptly simulates 4000 analog subscribers, and user ID begins successively increase progressively 4000 for the analog subscriber name from 1x00000001 at this, finishes to 1x00004000.The authentication password unification is 000000 promptly 60, and the MAC Address of user PC begins to increase progressively 4000 from 0000.0000.0001 successively, finishes to 0000.0000.0FA0.The IP address of user PC begins to increase progressively 4000 from 172.16.0.1/20, finishes to 172.16.15.250/20.For example, the authentication information of first analog subscriber is 1x00000001,000000,0000.0000.0001 and 172.16.0.1/20.
Step 702: tester is according to the corresponding configuration file of downloading from file server, information according to this configuration file continues in the cycle to send test data stream to the network equipment at a testing process, according to the data flow that the network equipment that correctly receives returns, judge whether the network equipment normally transmits data flow.
Wherein, the testing process cycle be multiple user authentications client certificate software to the analog subscriber of predetermined quantity all authentication finish the needed time.And this testing process cycle can be set flexibly according to the test needs in embodiments of the present invention.
This data flow can be the IP traffic of the normal exchange of simulation authenticated user, and for example analog subscriber is 4000, has promptly simulated 4000 analog subscriber data, and each analog subscriber is simulated the IP data of its transmission, totally 4000 IP data.Wherein, the MAC field and the IP field that comprise in the authentication information of the source MAC field of each bar IP digital simulation and source IP field and each analog subscriber are consistent, purpose MAC field, purpose IP field is the source MAC field that tester is connected the reception user who simulates on the uncontrolled port of the network equipment, source IP field, the i.e. address of tester.Such as, article one, the source MAC field of IP data is 0000.0000.0001, source IP field is 172.16.0.1, purpose MAC field is 0000.1000.0000, purpose IP field is 192.168.1.1, show that it is 0000.0000.0001 that the MAC of analog subscriber PC field is arranged in this authentication information, the IP field is 172.16.0.1, and the source MAC field that this tester is connected the reception user who simulates on the uncontrolled port of the network equipment is 0000.1000.0000, source IP field is 192.168.1.1, and in embodiments of the present invention the simulation the reception user can for one also can be for a plurality of.
Adopt this test mode, can whether can correctly transmit the analog subscriber data that authentication is passed through by network apparatus test, when this analog subscriber authentication is passed through, then can transmit these analog subscriber data, can not transmit the unsanctioned analog subscriber data of authentication, certainly adopt the form of other data flow, whether network apparatus test normally transmits data flow.
This test data stream also can be to attack data flow, the message that for example comprises the full 0/F of source MAC and target MAC (Media Access Control) address, existence time limit (Time to Live, TTL) be 0/1 IP message, cyclic redundancy (Cyclical Redundancy Check, the CRC) message of check errors is less than 64 bytes with surpass the message of 1518 bytes, multicast packets, messages such as broadcast packet.Wherein, each attacks the target MAC (Media Access Control) address of data and MAC Address and the IP address that purpose IP address is non-this tester.Thereby network apparatus test is to attacking the disposal ability of data, and receives when attacking data flow when tester, shows that the function of network equipment forwarding data flow is undesired.The behaviour in service of CPU and internal memory when the monitor network device processes is attacked data flow is simultaneously judged the disposal ability of the network equipment to test data stream and verify data stream.Certainly in the test process of reality, can select this quantity of attacking data flow, thereby reach the purpose of reasonable test.
Wherein the order of step 701 and step 702 can be exchanged.
Step 703: monitor terminal is carried out automatized script according to the corresponding configuration file of downloading from file server, to the periodic configuration order of network equipment input automation configuration.
These configuration orders can be the orders of the described performance of network equipments of monitoring, or control the order whether described network equipment carries out the configuration file content of preservation, or control the order of the information of described network equipment preservation.Monitor the order of described performance of network equipments, comprising: check the utilance of the central processor CPU of the described network equipment, or check described network equipment memory usage.Control the described network equipment and whether carry out the order of the configuration file content of preservation, comprise: control the IEEE802.1x protocol contents that the described network equipment is carried out the configuration file of preserving, or control the IEEE802.1x protocol contents that the described network equipment is not carried out the described configuration file of preservation.Control the order of the information that the described network equipment preserves, comprising: check the authentication information of the analog subscriber that pass through authentication that the described network equipment is preserved, or delete the MAC address entries of the described network equipment, the authentication information by the analog subscriber that authenticates.And in concrete monitor procedure, can adopt the combination of above-mentioned any one or several orders that the network equipment is carried out the periodicity monitoring.In the process that the network equipment is controlled, the result that the real time record network equipment is carried out will import, export the result, be kept in the test log simultaneously.
Wherein the order of step 703 and step 702 can be exchanged.
Step 704: after testing process finishes, the analytical test result.
Test to a data circulation ability comprises:
When test data stream is the analog subscriber data flow, if tester receives this analog subscriber data flow that the network equipment is transmitted in setting-up time, source address information according to the analog subscriber packet, and the certificate server of preserving judges to the authentication information of analog subscriber whether the network equipment normally transmits this analog subscriber data flow;
And when each analog subscriber data source address, during the address of each analog subscriber that authenticates for pass through of preserving, the quantity of the normal analog subscriber data of transmitting of the network equipment that receives according to tester, and the quantity of the analog subscriber authentication information of preserving, judge whether the network equipment normally transmits the analog subscriber test data.
Client certificate software owing to multiple user authentications in the test terminal can authenticate each analog subscriber according to IEEE 802.1x agreement simultaneously, and statistics authentication result, result behind the authenticated server authentication that the while test terminal also receives and statistics network equipment returns, so the test terminal can judge whether the network equipment can provide correct authentication service to the analog subscriber of predetermined quantity according to above-mentioned two statisticses.And because the network equipment has certain demarcation user capacity, when the quantity of the analog subscriber to be certified that sends to the network equipment when the test terminal surpasses its marked capacity, judge according to the authentication result that the test terminal receives whether the network equipment all can not provide authentication service to any analog subscriber in the case.
The utilance of the CPU that returns according to the network equipment or the utilance of internal memory are judged the disposal ability of the network equipment to data flow.
In test process, by the result of network equipment output.Whether phase-split network equipment occurs crashing, low memory, and control desk is hung up, analog subscriber can't authenticate and other error messages, result according to test output can also improve test process simultaneously, optimizes the method for testing of testing software, thereby reaches good test effect.
The method of the network apparatus test that the embodiment of the invention provides, by in the process that analog subscriber is authenticated, authentication result and the authentication result returned of the network equipment by self statistics, network apparatus test is to the verification process of the analog subscriber of predetermined number, simultaneously in to the verification process of analog subscriber by the forwarding situation of network apparatus test to the data flow of analog subscriber, network apparatus test is to the transfer capability of data flow, realization is to the test of network equipment data flow transfer capability, thus the transfer capability of the data flow of effective network apparatus test.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (11)

1, a kind of method of network apparatus test is characterized in that, comprising:
Testing apparatus sends test data stream or verify data stream to the network equipment, wherein, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber;
Described testing apparatus is according to whether receiving the test data stream of described network equipment forwarding in setting-up time, and according to the authentication information of the certificate server of preserving to analog subscriber, judge whether the described network equipment normally transmits described test data stream; And
Described testing apparatus is relatively according to himself access to netwoks control protocol IEEE 802.1x agreement based on port, each analog subscriber in the verify data stream is authenticated the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity.
2, the method for claim 1 is characterized in that, described test data stream also comprises: attack data flow.
3, the method for claim 1 is characterized in that, described method further comprises:
When each analog subscriber data source address, during the address of each analog subscriber that authenticates for pass through of preserving, the quantity of the normal analog subscriber data of transmitting of the described network equipment of receiving when described testing apparatus, when equating, judge that then the described network equipment normally transmits the analog subscriber data with the quantity of the analog subscriber authentication information of preserving; Or
The quantity of the normal analog subscriber data of transmitting of the described network equipment of receiving when described testing apparatus when unequal, is then judged the improper forwarding analog subscriber of described network equipment data with the quantity of the analog subscriber authentication information of preserving.
4, the method for claim 1 is characterized in that, described method also comprises:
Described testing apparatus sends configuration order to the described network equipment;
Described testing apparatus detects described network equipment attribute information according to the execution result that the described network equipment returns.
5, method as claimed in claim 4 is characterized in that, described method further comprises: described testing apparatus sends the order of monitoring described performance of network equipments to the network equipment, judges the ability of described network device processing data flow.
6, method as claimed in claim 5 is characterized in that, the order of the described performance of network equipments of described monitoring comprises:
Monitor the utilance of described network equipment central processor CPU or monitor the utilance of described network equipment internal memory.
7, a kind of test macro is characterized in that, comprising:
Testing apparatus, be used for sending verify data stream or test data to the network equipment, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber; According in setting-up time, receiving the test data stream that the described network equipment is transmitted, reach the authentication information of the certificate server of preservation to analog subscriber, judge whether the described network equipment normally transmits described test data; And relatively according to himself access to netwoks control protocol IEEE 802.1x agreement based on port, each analog subscriber in the verify data stream is authenticated the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity;
The network equipment, be used to receive the test data stream that described testing apparatus sends, according to the information that each test packet in the test data stream comprises, reach the authentication information of the certificate server of preservation to analog subscriber, transmit the test data that meets the demands to institute's testing apparatus; And the verify data stream that described testing apparatus is sent sends to certificate server, to the authentication result information of described testing apparatus return authentication server to analog subscriber.
8, system as claimed in claim 7 is characterized in that, described system also comprises:
Certificate server is used for the authentication information of analog subscriber is returned in the analog subscriber authentication to the described network equipment.
9, a kind of device of network apparatus test is characterized in that, comprising:
Tester is used for sending test data stream to the network equipment, and wherein, described test data stream comprises the analog subscriber data flow, and the destination address of each packet is the address of described testing apparatus in the described analog subscriber data flow, and source address is the address of analog subscriber; Test data stream according to the described network equipment returns reaches the authentication information of the certificate server of preservation to analog subscriber, judges whether the described network equipment normally transmits described test data stream;
The test terminal, be used for sending the verify data stream that generates to network equipment, each analog subscriber in the verify data stream is authenticated based on the IEEE802.1x agreement according to himself, the authentication result of statistics, with the authentication result of the Information Statistics of returning according to the described network equipment, judge that whether the described network equipment provides normal authentication to the analog subscriber of predetermined quantity.
10, device as claimed in claim 9 is characterized in that, described test terminal comprises:
Parameter storage and display module as a result, be used to preserve the authentication information field of each analog subscriber, this authentication information field comprises, the medium access control MAC Address of user ID, authentication password, client personal computer PC and the Internet protocol IP address of user PC, the authentication result that statistics display client authentication module returns;
Parameter provides module, is used for the authentication information field according to the authentication needs of client certificate module transmission, and the authentication information field from described parameter is stored and display module obtains correspondence as a result provides this field to described client certificate module;
The client certificate module, be used for providing the unit to send the authentication information field of authentication needs to described parameter, authenticate according to the described authentication information field and the IEEE 802.1x agreement that receive, authentication result is returned to described parameter storage and display module as a result.
11, device as claimed in claim 9 is characterized in that, described device also comprises:
Monitor terminal is used for sending configuration order to the described network equipment, and according to the execution result that the described network equipment that receives returns, detects described network equipment attribute information.
CN2008101192925A 2008-09-02 2008-09-02 Method, system and apparatus for test network appliance Expired - Fee Related CN101360015B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101192925A CN101360015B (en) 2008-09-02 2008-09-02 Method, system and apparatus for test network appliance

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101192925A CN101360015B (en) 2008-09-02 2008-09-02 Method, system and apparatus for test network appliance

Publications (2)

Publication Number Publication Date
CN101360015A true CN101360015A (en) 2009-02-04
CN101360015B CN101360015B (en) 2010-09-29

Family

ID=40332361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101192925A Expired - Fee Related CN101360015B (en) 2008-09-02 2008-09-02 Method, system and apparatus for test network appliance

Country Status (1)

Country Link
CN (1) CN101360015B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102026189A (en) * 2010-12-20 2011-04-20 西安西电捷通无线网络通信股份有限公司 Internal friction test module, internal friction test method, simulation test system and simulation test method
CN102546214A (en) * 2010-12-29 2012-07-04 中兴通讯股份有限公司 SD (Secure Digital) alarm detection method and system
CN102624577A (en) * 2011-01-30 2012-08-01 深圳市恒扬科技有限公司 Flow reproducing method and system thereof
CN103209103A (en) * 2013-03-25 2013-07-17 华为技术有限公司 Testing method and testing apparatus of network device
CN103841580A (en) * 2012-11-20 2014-06-04 智易科技股份有限公司 Test circuit structure and test method of network communication product
CN104394037A (en) * 2014-12-05 2015-03-04 上海斐讯数据通信技术有限公司 Port test method and system for network access facility
CN104539470A (en) * 2014-11-28 2015-04-22 北京锐安科技有限公司 Method for testing whether packet loss occurs in shunting equipment or not, test client and system
CN105049277A (en) * 2015-06-08 2015-11-11 国家计算机网络与信息安全管理中心 Network flow generation method based on data flow features
CN106371993A (en) * 2016-08-31 2017-02-01 北京奇虎科技有限公司 Testing method and testing device based on data packet
CN106444468A (en) * 2016-05-03 2017-02-22 重庆青年职业技术学院 Information machine adapter detection system and method
CN109756394A (en) * 2018-12-28 2019-05-14 东信和平科技股份有限公司 A kind of communication products show net test method and system
CN110139276A (en) * 2019-06-10 2019-08-16 杭州迪普科技股份有限公司 A kind of access authentication test method and device
CN111213142A (en) * 2017-10-12 2020-05-29 罗德施瓦兹两合股份有限公司 Multi-user test system and method for configuring a multi-user test system
CN113125876A (en) * 2019-12-30 2021-07-16 新唐科技股份有限公司 Electronic device
CN114048087A (en) * 2021-11-10 2022-02-15 腾讯科技(深圳)有限公司 Method and device for testing data transfer performance of equipment
WO2023142907A1 (en) * 2022-01-26 2023-08-03 中兴通讯股份有限公司 All-optical network service testing method and apparatus, computer device and readable medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100568826C (en) * 2004-11-11 2009-12-09 中兴通讯股份有限公司 A kind of performance test methods of authentication service and device
KR100882352B1 (en) * 2006-11-30 2009-02-12 한국전자통신연구원 Apparatus and method for testing authentication server in the wireless network
CN101252483A (en) * 2008-04-10 2008-08-27 北京星网锐捷网络技术有限公司 System and method for testing switch

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102026189A (en) * 2010-12-20 2011-04-20 西安西电捷通无线网络通信股份有限公司 Internal friction test module, internal friction test method, simulation test system and simulation test method
CN102026189B (en) * 2010-12-20 2012-11-07 西安西电捷通无线网络通信股份有限公司 Internal friction test module, internal friction test method, simulation test system and simulation test method
CN102546214A (en) * 2010-12-29 2012-07-04 中兴通讯股份有限公司 SD (Secure Digital) alarm detection method and system
CN102624577A (en) * 2011-01-30 2012-08-01 深圳市恒扬科技有限公司 Flow reproducing method and system thereof
CN102624577B (en) * 2011-01-30 2014-12-31 深圳市恒扬科技有限公司 Flow reproducing method and system thereof
CN103841580A (en) * 2012-11-20 2014-06-04 智易科技股份有限公司 Test circuit structure and test method of network communication product
CN103209103A (en) * 2013-03-25 2013-07-17 华为技术有限公司 Testing method and testing apparatus of network device
CN103209103B (en) * 2013-03-25 2015-12-23 华为技术有限公司 The method of testing of the network equipment and device
CN104539470A (en) * 2014-11-28 2015-04-22 北京锐安科技有限公司 Method for testing whether packet loss occurs in shunting equipment or not, test client and system
CN104394037A (en) * 2014-12-05 2015-03-04 上海斐讯数据通信技术有限公司 Port test method and system for network access facility
CN105049277A (en) * 2015-06-08 2015-11-11 国家计算机网络与信息安全管理中心 Network flow generation method based on data flow features
CN105049277B (en) * 2015-06-08 2018-11-13 国家计算机网络与信息安全管理中心 A kind of network flow generation method based on data flow characteristics
CN106444468A (en) * 2016-05-03 2017-02-22 重庆青年职业技术学院 Information machine adapter detection system and method
CN106444468B (en) * 2016-05-03 2023-09-05 重庆青年职业技术学院 Information machine adapter detection system and method
CN106371993A (en) * 2016-08-31 2017-02-01 北京奇虎科技有限公司 Testing method and testing device based on data packet
CN106371993B (en) * 2016-08-31 2019-07-19 北京奇虎科技有限公司 Test method and test device based on data packet
CN111213142A (en) * 2017-10-12 2020-05-29 罗德施瓦兹两合股份有限公司 Multi-user test system and method for configuring a multi-user test system
CN111213142B (en) * 2017-10-12 2023-07-14 罗德施瓦兹两合股份有限公司 Multi-user test system and method for configuring multi-user test system
CN109756394A (en) * 2018-12-28 2019-05-14 东信和平科技股份有限公司 A kind of communication products show net test method and system
CN109756394B (en) * 2018-12-28 2022-04-05 东信和平科技股份有限公司 Communication product on-site network testing method and system
CN110139276A (en) * 2019-06-10 2019-08-16 杭州迪普科技股份有限公司 A kind of access authentication test method and device
CN113125876A (en) * 2019-12-30 2021-07-16 新唐科技股份有限公司 Electronic device
CN114048087A (en) * 2021-11-10 2022-02-15 腾讯科技(深圳)有限公司 Method and device for testing data transfer performance of equipment
WO2023142907A1 (en) * 2022-01-26 2023-08-03 中兴通讯股份有限公司 All-optical network service testing method and apparatus, computer device and readable medium

Also Published As

Publication number Publication date
CN101360015B (en) 2010-09-29

Similar Documents

Publication Publication Date Title
CN101360015B (en) Method, system and apparatus for test network appliance
US8219496B2 (en) Method of and apparatus for ascertaining the status of a data processing environment
Heberlein et al. A network security monitor
CN105227383B (en) A kind of device of network topology investigation
CN103179130B (en) A kind of information system intranet security management platform and management method
CN201194396Y (en) Safe gateway platform based on transparent proxy gateway
CN110233868A (en) A kind of edge calculations data safety and method for secret protection based on Fabric
CN107733861A (en) It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method
CN109361753A (en) A kind of Internet of things system framework and encryption method
CN105323222B (en) Login validation method and system
CN104063633A (en) Safe auditing system based on filter driver
CN108966216A (en) A kind of method of mobile communication and device applied to power distribution network
CN110502315A (en) A kind of method, apparatus and system remotely accessing physical machine
CN115118705A (en) Industrial edge management and control platform based on micro-service
CN109302397A (en) A kind of network safety managing method, platform and computer readable storage medium
Terplan Intranet performance management
CN108600198A (en) Access control method, device, computer storage media and the terminal of fire wall
CN101656642A (en) Method, device and system for testing authentication performance of network access equipment
CN110290153A (en) A kind of automatic delivery method of Port Management strategy and device of firewall
CN109617972A (en) A kind of connection method for building up, device, electronic equipment and storage medium
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN101938428B (en) Message transmission method and equipment
Mendes et al. Validating and securing DLMS/COSEM implementations with the ValiDLMS framework
CN105262628A (en) Campus dormitory network management system based on multi-operator link sharing
CN106302479A (en) A kind of single-point logging method for multi-service internet site and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: PU NING

Free format text: FORMER OWNER: BEIJING XINGWANG RUIJIE NETWORK TECHNOLOGIES CO., LTD.

Effective date: 20140604

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100036 HAIDIAN, BEIJING TO: 518052 SHENZHEN, GUANGDONG PROVINCE

TR01 Transfer of patent right

Effective date of registration: 20140604

Address after: 518052 Guangdong city of Shenzhen province Nanshan District Nanshan digital and cultural industry base east tower room 407

Patentee after: Pu Ning

Address before: 100036 Beijing Haidian District City 33 Fuxing Road Cuiwei East 1106

Patentee before: Beijing Xingwang Ruijie Network Technologies Co., Ltd.

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20151224

Address after: 224500 Jiangsu Province, Yancheng City Binhai County Binhuai town head Zeng Village (Yancheng City coastal chemical industry park)

Patentee after: Jiangsu Jihua Chemical Co., Ltd.

Address before: 518052 Guangdong city of Shenzhen province Nanshan District Nanshan digital and cultural industry base east tower room 407

Patentee before: Pu Ning

TR01 Transfer of patent right

Effective date of registration: 20170915

Address after: 300163 7-1-1801, West lotus, Dongli District, Tianjin

Patentee after: Cao Ruiyun

Address before: 224500 Jiangsu Province, Yancheng City Binhai County Binhuai town head Zeng Village (Yancheng City coastal chemical industry park)

Patentee before: Jiangsu Jihua Chemical Co., Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100929

Termination date: 20170902

CF01 Termination of patent right due to non-payment of annual fee