CN101431447B - Method and apparatus for testing capacity and performance of virtual special network server - Google Patents

Method and apparatus for testing capacity and performance of virtual special network server Download PDF

Info

Publication number
CN101431447B
CN101431447B CN2008101784398A CN200810178439A CN101431447B CN 101431447 B CN101431447 B CN 101431447B CN 2008101784398 A CN2008101784398 A CN 2008101784398A CN 200810178439 A CN200810178439 A CN 200810178439A CN 101431447 B CN101431447 B CN 101431447B
Authority
CN
China
Prior art keywords
client
classification
vpn
pptp
l2tp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008101784398A
Other languages
Chinese (zh)
Other versions
CN101431447A (en
Inventor
任文强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STATE GRID ZHEJIANG ZHUJI POWER SUPPLY Co Ltd
Zhuji Dongbai Electric Power Equipment Manufacturing Co Ltd
State Grid Corp of China SGCC
State Grid Zhejiang Electric Power Co Ltd
Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Fujian Star Net Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Star Net Communication Co Ltd filed Critical Fujian Star Net Communication Co Ltd
Priority to CN2008101784398A priority Critical patent/CN101431447B/en
Publication of CN101431447A publication Critical patent/CN101431447A/en
Application granted granted Critical
Publication of CN101431447B publication Critical patent/CN101431447B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a method for testing VPNServer capacity. The method is to solve problem of difficult VPNServer capacity test when multiple kinds of clients simultaneously operates. In the VPNServer capacity test method, the test device simulates clients with each classification being set with quantity; the simulated client consult with VPNServer for establishing VPN tunnel of corresponding category; when acquiring VPN tunnel quantity of every category VPNServer consulted and passes, judges if the acquired quantity of every category is identical with set quantity of corresponding category, if result is'yes', and acquired quantity of every category is in set range, then acquires the capacity of VPNServer client of every category; if the result is'no', regulates the set quantity of simulated clients of every category, and continues simulation and authentication process until the capacity of every category client for VPNServer is acquired. The invention also discloses a method and device for testing VPNServer performance.

Description

A kind of method and apparatus of testing virtual special network server capacity and performance
Technical field
The present invention relates to the computer and the communication technology, relate in particular to a kind of method and device of testing virtual special network server capacity and performance.
Background technology
VPN (virtual private network) (VPN, Virtual Private Network), be used to utilize public network to set up Virtual Private Network, help to set up between long-distance user, corporate branch office, the in-house network of business parnter believable safety and connect, guarantee the safe transmission of data with company.In the prior art, the application of VPN service as shown in Figure 1, the equipment of the long-range user and the subsidiary of far-end can be set up virtual a connection with vpn server (VPNServer) by the dial mode of VPN, can directly visit the Intranet of enterprise afterwards safely.
The typical VPN dialing of extensive use at present has dual mode, a kind of transmission control protocol (TCP that is based on, Transmission Control Protocol) Point to Point Tunnel Protocol (PPTP, Point to PointYunneling Protocol), a kind of User Datagram Protoco (UDP) (UDP that is based on, User Datagram Protocol) Layer 2 Tunneling Protocol (L2TP, Layer 2 Tunneling Protocol).This dual mode all is based on the pattern of client/server, that is: the personal computer (PC of far-end, Personal Coumputer) access device of user or far-end subsidiary is as client, and the egress router of corporate intranet, promptly VPNServer is as server.What above-mentioned dual mode was different is: PPTP is based on Transmission Control Protocol, is usually used on the client of MicrosoftWindows series, as PC; And L2TP is based on udp protocol, be usually used on the network equipment, as: router.In the network application of reality, normally PPTP and two kinds of client coexistences of L2TP on the VPNServer.Therefore, VPN (virtual private network) client (VPNClient) can comprise two classes at present, and PPTP client (PPTP Client) and L2TP client (L2TP Client) are promptly arranged.
Equipment in the subsidiary of the user of Fig. 1 medium-long range and far-end can comprise PPTP Client and L2TPClient, each client and between all set up a vpn tunneling (VPN Tunnel).The data of transmitting between client and server all can be transmitted through VPN Tunnel separately.
For the manufacturer that produces the VPNServer network equipment, equipment can operate as normal when guaranteeing that this multi-client is dialled in simultaneously, before dispatching from the factory, need under PPTP and two kinds of simultaneous network condition of client of L2TP, carry out the test of place capacity and forwarding performance to the VPNServer network equipment.
Each equipment provides the method for testing of the realization VPNServer of manufacturer to have at present: mainly use one or more PC to carry out simulation test as client at the test of PPTP, carry out simulation test at the most of use test instrument of the test of L2TP, and both test separately separately.Above-mentioned method of testing exists following difficulty and problem:
1) the difficult simulation that realizes a large amount of PPTP clients.Because PPTP is common in the Microsoft Windows series of products, and existing Microsoft Windows product does not provide the simulation of multi-user's client, a PC can simulate 3 clients at most simultaneously, want to simulate a hundreds of PPTP client like this and bring in test VPNServer, with the PC of dozens or even hundreds of of needs, this provides manufacturer to be difficult to realize for equipment.
2) therefore PPTP and two kinds of clients of L2TP and deposit often on the VPNServer in the application of reality, when PPTP and L2TP client exist simultaneously, are very necessary to the test of VPNServer.But the PPTP agreement is common in the Microsoft Windows series of products at present, and existing MicrosoftWindows product does not provide the simulation of multi-user's client, and current to L2TP client use test instrument simulation, and tester such as Smartbits, Ixia do not provide the simulation to the PPTP agreement yet.Owing to used two kinds of different devices for the simulation of two kinds of clients, therefore, all test PPTP client capacity or the L2TP client capacity of VPNServer in the existing technology separately, also difficult when PPTP and L2TP client exist simultaneously, the capacity of VPNServer is tested.
And, when the capacity of test VPNServer, also fail to realize result's the automatic collection and the adjustment of test value, all be to need tester's manual adjustment in the prior art.
3) in the application under the multi-user's that guarantees in reality the big flow, VPNServer's is stable and reliable, need be under PPTP and the L2TP client big capacity in the presence of simultaneously, and to testing of the forwarding performance of VPNServer.But at present also difficult under PPTP and the L2TP client big capacity in the presence of simultaneously, to the test of the forwarding performance of VPNServer.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of test VPNServer capacity and device, in order to solve in the prior art when the multiclass client is served simultaneously difficult problem of carrying out the VPNServer volume test.The embodiment of the invention also provides a kind of test VPNServer performance and device, in order to solve exist in the prior art when the multiclass client is served simultaneously, difficult problem of carrying out the VPNServer performance test.
The method of a kind of VPNServer of test capacity that the embodiment of the invention provides comprises:
A, testing apparatus are simulated the client of each category setting quantity, the negotiation that the described client that simulates and described VPNServer set up corresponding classification vpn tunneling;
B, described testing apparatus obtain the quantity that described VPNServer consults each classification vpn tunneling of passing through, when the quantity of each classification that obtains equal with the setting quantity of corresponding classification, and the quantity of each classification of described acquisition with consult before when not obtaining described vpn server and consulting relative difference between the quantity of the corresponding classification passed through and be less than or equal to measuring accuracy, with the setting quantity of described each classification simulant-client capacity as this classification client of described VPNServer, otherwise, execution in step C;
C, described testing apparatus are adjusted the setting quantity of described each classification simulant-client, return steps A.
The device of a kind of VPNServer capacity that the embodiment of the invention provides comprises:
The VPN client simulation is dialled in module, the setting quantity of each the classification simulant-client that is used for issuing according to the lexical analysis module, simulate the client of the described setting quantity of each classification, the described client that simulates sends the negotiation of setting up corresponding classification vpn tunneling with described VPNServer;
The lexical analysis module, be used to obtain the quantity that described VPNServer consults each classification vpn tunneling of passing through, when the quantity of each classification that obtains equal with the setting quantity of corresponding classification, and the quantity of each classification of described acquisition with consult before when not obtaining described vpn server and consulting relative difference between the quantity of the corresponding classification passed through and be less than or equal to measuring accuracy, with the setting quantity of described each classification simulant-client capacity as this classification client of described VPNServer, otherwise, setting quantity to described each classification simulant-client is adjusted, and dials in the setting quantity that module issues each classification simulant-client to described VPN client simulation.
A kind of method of testing the VPNServer performance comprises:
Testing apparatus is simulated the client of the described capacity respective amount of each classification after obtaining the capacity of each classification client of described VPNServer, and sets up the vpn tunneling of the corresponding classification between each simulant-client and the described VPNServer;
Described testing apparatus is according to the source IP address of every vpn tunneling collecting and the test data stream of every vpn tunneling correspondence of purpose IP address configuration, and by every vpn tunneling the test data stream of correspondence sent to described VPNServer;
Described testing apparatus is according to the test data stream that sends, and the data flow returned of described VPNServer, generates test report.
The device of a kind of VPNServer of test performance that the embodiment of the invention provides comprises:
The VPN client simulation is dialled in module, the capacity of each the classification simulant-client that is used for issuing according to the lexical analysis module, simulate the client of the described capacity respective amount of each classification, and set up the vpn tunneling between each each simulant-client and the VPNServer;
The lexical analysis module, be used for dialling in the capacity of each classification client that module issues the described VPNServer of acquisition to described VPN client simulation, and collect source IP address and the purpose IP address that described VPN client simulation is dialled in every vpn tunneling that module sets up, and after constructing the data flow of described every vpn tunneling, send to the performance test module;
The performance test module, be used for source IP address and purpose IP address according to described every the vpn tunneling that receives, and the data flow of every vpn tunneling, dispose the test data stream of every vpn tunneling correspondence, and the test data stream of correspondence is sent to described VPNServer by every vpn tunneling, and according to the test data stream that sends, and the data flow returned of described VPNServer, generate test report.
Testing apparatus is simulated the client of each category setting quantity in the embodiment of the invention, the negotiation that the described client that simulates and described VPNServer set up corresponding classification vpn tunneling, and after the quantity of each classification vpn tunneling that the described VPNServer negotiation of acquisition is passed through, whether the quantity of judging each classification that obtains equates with the setting quantity of corresponding classification, when both equate, and the quantity of each classification of described acquisition is in setting range the time, then obtain the capacity of each classification client of described VPNServer, when both are unequal, after then the setting quantity of described each classification simulant-client being adjusted, continue simulation and verification process, until the capacity that obtains each classification client of described VPNServer, thereby can be when the multiclass client be served simultaneously, carry out the VPNServer volume test, and behind the capacity that obtains each classification client of described VPNServer, testing apparatus simulates each classification capacity clients corresponding, and set up vpn tunneling between each simulant-client and the VPNServer, and constructed the test data stream of each VPN link, thereby can be under jumbo multi-class client coexistence, the forwarding performance of test VPNServer.
Description of drawings
Fig. 1 is the application schematic diagram of VPN service in the prior art;
Fig. 2 is the method flow diagram of embodiment of the invention test VPNServer capacity;
Fig. 3 is the structure chart of embodiment of the invention test VPNServer device;
Fig. 4 is the method flow diagram of the concrete device to test VPNServer of embodiment of the invention capacity;
Fig. 5 is the system construction drawing of embodiment of the invention test VPNServer capacity;
Fig. 6 is the method flow diagram of test VPNServer capacity in the first embodiment of the invention;
Fig. 7 is the method flow diagram of test VPNServer capacity in the second embodiment of the invention;
Fig. 8 is the method flow diagram of test VPNServer capacity in the third embodiment of the invention;
Fig. 9 is the method flow diagram of embodiment of the invention test VPNServer performance;
Figure 10 is the structure drawing of device of embodiment of the invention test VPNServer performance;
Figure 11 is the method flow diagram of the concrete device to test VPNServer of embodiment of the invention performance;
Figure 12 is the system construction drawing of embodiment of the invention test VPNServer performance;
Figure 13 is the data-transmission mode of embodiment of the invention test VPNServer;
Figure 14 is the method flow diagram of test VPNServer performance in the fourth embodiment of the invention.
Embodiment
Testing apparatus is according to the setting quantity of each classification simulant-client in the embodiment of the invention, simulate the client of the described setting quantity of each classification respective amount, the described client that simulates is dialled in VPNServer, thereby can be when the multiclass client be served simultaneously, carry out the VPNServer volume test, referring to Fig. 2, as follows by testing apparatus test VPNServer capacity detailed process:
Step 201: testing apparatus is simulated the client of each category setting quantity, and the negotiation that makes the client that simulates and VPNServer set up corresponding classification vpn tunneling.
Here, client-class comprises: PPTP, among the L2TP one or both have, therefore, testing apparatus is provided with the different PPTP client parameter of corresponding tricks at first according to the setting quantity of described PPTP client, then according to every cover PPTP client parameter, form the PPTP client of setting quantity, and carry out the negotiation of setting up pptp tunneling between each PPTP client and the VPNServer.And/or,
Testing apparatus is at first according to the setting quantity of described L2TP client, the different L2TP client parameter of corresponding tricks is set, then according to every cover L2TP client parameter, form the L2TP client of setting quantity, and carry out the negotiation of setting up L2TP Tunnel between each L2TP client and the described vpn server.
When test process begins, the capacity of VPNServer there is the scope of an expectation, therefore initial, it can be the maximum client terminal quantity of VPNServer expectation that quantity is set.
Each client that step 202:VPNServer and step 201 simulate, the negotiation of setting up corresponding classification tunnel obtains negotiation result.
Negotiations process, testing apparatus can for each tunnel produces independently negotiation packet, and progressively be consulted according to consensus standard with VPNServer according to every cover client parameter, finishes until negotiation, obtains final negotiation result.
Step 203: testing apparatus is according to the negotiation result in the step 202, and the measuring accuracy of setting, and obtains to insert the result.Here, the negotiation packet that testing apparatus returns according to VPNServer to be consulted the quantity of each classification vpn tunneling of passing through, thereby obtains the quantity of each classification simulant-client.
When the quantity correspondent equal of the setting quantity of each the classification simulant-client in the step 201 and the simulant-client through consultation of corresponding classification, also need to obtain the test specification set according to measuring accuracy, obtain inserting the result.Before quantity that this negotiation is passed through and this were consulted, the relative difference that obtains to consult the quantity passed through was during smaller or equal to measuring accuracy, and then the quantity passed through of this negotiation is in the test specification of setting.
Wherein, when setting quantity is the maximum of expectation, the quantity that negotiation is passed through is the maximum of expectation, and before this negotiation, the quantity that obtains to consult to pass through also is the maximum of expectation, therefore, quantity that negotiation is passed through and peaked difference are zero, less than measuring accuracy, i.e. the quantity that this negotiation is passed through then inserts the result for to insert successfully in the scope of setting.When setting quantity is adjusted quantity, then obtain the relative difference that obtains before consulting the quantity pass through and adjusting between the setting quantity that negotiation passes through, when this relative difference during smaller or equal to measuring accuracy, the quantity that i.e. this negotiation is passed through is in the scope of setting, then insert the result for to insert successfully, otherwise it is unsuccessful for inserting to insert the result.
Corresponding when unequal when the setting quantity of each the classification simulant-client in the step 201 and the quantity of the simulant-client through consultation of corresponding classification, it is unsuccessful for inserting to insert the result.
Step 204: when the access result is unsuccessful for inserting, change step 205 over to, otherwise, change step 206 over to.
Step 205: testing apparatus is adjusted the setting quantity of each classification simulant-client, returns step 201.Here, when the setting quantity of PPTP client is M, when the setting quantity of L2TP client was N, M wherein, N can be respectively the maximum quantity of two class clients expectation, testing apparatus can be according to the measuring accuracy O that sets, only M is adjusted, N remains unchanged, after promptly adjusting, the current capability value of PPTP client is M-O, and the current capability value of L2TP client still is N; Also can only N be adjusted according to the measuring accuracy O that sets, M remains unchanged, and after promptly adjusting, the current capability value of PPTP client is M, and the current capability value of L2TP client still is N-O.Here, can also adopt dichotomy that the setting quantity of each classification simulant-client is adjusted, promptly, then will set the median that quantity is adjusted into expected range, return step 201 then when the maximum of expectation through consultation the time.
Step 206: testing apparatus carries out record with the setting quantity of each classification simulant-client as the capacity of this classification client of described VPNServer.
Above-mentioned testing apparatus specifically can comprise: module 100, lexical analysis module 200 are dialled in the VPNClient simulation.Referring to Fig. 3, wherein,
Module 100 is dialled in the VPNClient simulation, the setting quantity of each the classification simulant-client that is used for issuing according to lexical analysis module 200, simulate the client of the described setting quantity of each classification respective amount, and the described client that will simulate and the VPNServer negotiation of setting up corresponding classification vpn tunneling.This module both can realize the independent simulation of PPTP client or L2TP client, simulation when also can realize PPTP and L2TP client.
Lexical analysis module 200, be used to obtain the quantity that VPNServer consults each classification vpn tunneling of passing through, when the quantity of each classification that obtains equal with the setting quantity of corresponding classification, and the quantity of each classification of described acquisition is in setting range the time, with the setting quantity of described each classification simulant-client capacity as this classification client of VPNServer, otherwise, setting quantity to described each classification simulant-client is adjusted, and dials in the setting quantity that module 100 issues each classification simulant-client to the VPNClient simulation.
Utilize above-mentioned concrete device test the VPNServer capacity method flow chart as shown in Figure 4, concrete implementation is as follows:
Step 401: after the setting quantity of each classification simulant-client of lexical analysis module acquisition VPNServe, with the current capability value of described setting quantity as this classification simulant-client.
Here, the lexical analysis module obtains the classification of simulant-client can have only the PPTP client, also can have only the L2TP client, all right existing PPTP client, the L2TP client is arranged again, therefore, obtain the setting quantity M of the setting quantity N of PPTP client and/or L2TP client when the lexical analysis module after, then will set the current capacity of quantity N, and/or will set the current capability value of quantity M as the L2TP client as the PPTP client.
Step 402: the lexical analysis module is handed down to described VPNClient simulation with the current capability value of each classification simulant-client dials in module.
The current capability value of module according to each classification simulant-client dialled in step 403:VPNClient simulation, simulates the client of each classification respective amount, and the client that all simulate is dialled in VPNServer.
Here, when VPNClient simulation is dialled in current capability value that module acquires the PPTP client and is M, the PPTP client parameter of M tricks is set, thereby forms M PPTP client, and carry out the negotiation of setting up pptp tunneling between each PPTP client and the described vpn server.And/or,
When VPNClient simulation is dialled in current capability value that module acquires the L2TP client and is N, the L2TP client parameter of N tricks is set, thereby form N L2TP client, and carry out the negotiation of setting up pptp tunneling between each L2TP client and the described vpn server.
In the above-described embodiments, every cover client parameter comprises the source address of client tunnel, the title in tunnel, the user name of authentication, password and vpn server address, wherein, every cover client parameter all is unique, but the VPNServer address unanimity in every cover client parameter.
The negotiation that step 404:VPNServer and all clients of dialling in are set up the tunnel obtains negotiation result.
Step 405: the lexical analysis module is according to the negotiation result in the step 404, and the certainty of measurement of setting obtains inserting the result.
Here, in this is consulted, all clients all through consultation, and before the current capability value of each classification and this are consulted, the relative difference of capability value that to consult the corresponding classification passed through is during less than the measuring accuracy set, be the current capability value of each classification in setting range the time, inserting the result is successfully; As long as when in this is consulted, having a client not have through consultation, perhaps before the current capability value of each classification and this negotiation, relative difference that to consult the capability value of the corresponding classification passed through does not satisfy the measuring accuracy of setting, and inserts the result for unsuccessful.Especially, when this negotiation is first to consult, before then this is consulted, such other the current capability value of the capability value that obtains to consult each classification of passing through for issuing for the first time.
Step 406: when the access result of feedback when unsuccessful, execution in step 407; When the access result of feedback is successfully the time, the lexical analysis module is with the current capability value of each the classification simulant-client capacity as this classification client of VPNServer, the line item of going forward side by side.
Step 407: the lexical analysis module is adjusted the current capability value of each classification simulant-client, and with the current capability value of adjusted capability value as each classification simulant-client of correspondence, returns step 402.Here, when the current capability value of the PPTP client that obtains is M, when the current capability value of L2TP client is N, the lexical analysis module can be according to the measuring accuracy O that sets, only M is adjusted, N remains unchanged, after promptly adjusting, the current capability value of PPTP client is M-O, and the current capability value of L2TP client still is N; Also can only N be adjusted according to the measuring accuracy O that sets, M remains unchanged, and after promptly adjusting, the current capability value of PPTP client is M, and the current capability value of L2TP client still is N-O.Also can adjust the setting quantity of each classification simulant-client according to dichotomy.
In concrete the application, testing apparatus can be one and dial in the device that module and lexical analysis module two big modules are formed by VPNClient simulation, also can dial in two devices that module and lexical analysis module correspondence go out and form by VPNClient simulation, below with the VPNClient simulation dial in module and lexical analysis module respectively correspondence go out two to install the composition testing apparatuss be that example describes in further detail.
Utilize system as shown in Figure 5, the capacity of test VPNServer, this system comprises VPNServer501, VPNClient analogue means 502 and lexical analysis device 503.Wherein,
VPNServer501 is an equipment under test.
VPNClient analogue means 502 is concrete devices that module is dialled in the VPNClient simulation, can be that prototype designs with a high performance router, type and each classification corresponding simulating client terminal quantity of being used for the simulant-client that issues according to lexical analysis device 503, the client that simulates corresponding types and quantity is dialled in VPNServer501, and the access result that VPNServer501 returns is fed back to lexical analysis device 503.
Lexical analysis device 503 is the concrete device of lexical analysis module, be used for the authentication result to simulant-client according to VPNServer, and measuring accuracy obtains to insert the result, and according to described access outcome record or adjust each classification corresponding simulating client terminal quantity, and adjusted each classification corresponding simulating client terminal quantity is handed down to analogue means 502.Lexical analysis device 503 is by being specifically designed to the port that the network equipment is configured and manages, for example the CONSOLE port links to each other with VPNServer501 with VPNClient analogue means 502, move hyperterminal software on the lexical analysis device 503, dispatcher software is realized control to VPNServer501 and VPNClient analogue means 502 by the script of operation appointment.
Embodiment 1, utilizes system as shown in Figure 6, the PPTP client capacity of test VPNServer.
Here, device being tested VPNServer501 allows the PPTP agreement to dial in.After the system of the PPTP client capacity that has made up test VPNServer, the user also is required to be simulation PPTP client and has distributed specific address; Be VPNClient analogue means 502 configuration interface IP addresses, and the necessary route that arrives VPNServer, the initial range and the accuracy value of the capacity of PPTP client also need be set in lexical analysis device 503 at last, in the present embodiment, the initial value of the PPTP client that is provided with is 100-200, and accuracy value is 10.Concrete implementation is referring to Fig. 6:
Step 601: lexical analysis device 503 sends to VPNClient analogue means 502 with the maximum of the capacity of the PPTP client of setting, and promptly lexical analysis device 503 is handed down to VPNClient analogue means 502 with 200.
Step 602:VPNClient analogue means 502 simulates the PPTP client of the quantity correspondence that lexical analysis device 503 issues and dials in VPNServer501.
Here, simulating the quantity that lexical analysis device 503 issues is 200, in order to guarantee the PPTP client of simulation on the VPNClient analogue means 502, be from different clients for VPNServer, just be necessary for each client the unique client parameter of a corresponding cover is set.And on VPNServer, mainly distinguish different clients by following Several Parameters: client address (Remote Address), client name (Remote Name) and user's name (Username).Because, the user has distributed specific address for simulation PPTP client, and be VPNClient analogue means 502 configuration interface IP addresses, therefore, used different source address (Source Address) for the PPTP client of each simulation on the VPNClient analogue means 502, different client name (Local name) and different user's names (Username), be that VPNClient analogue means 502 can be provided with 200 cover different clients parameters, thereby simulated 200 PPTP clients.
After 200 cover different clients parameters are set, just simulated 200 PPTP clients, VPNClient analogue means 502 can carry out the negotiation of setting up pptp tunneling between each PPTP client and the VPNServer501.In negotiations process, according to every cover PPTP client parameter, for each tunnel generates independently negotiation packet, and negotiation packet carried out the PPTP protocol encapsulation, form the PPTP negotiation packet of each tunnel correspondence, arrive the necessary route of VPNServer501 by the VPNClient analogue means set up 502, VPNClient analogue means 502 carries out the mutual of PPTP negotiation packet with VPNServer501.
The PPTP client that step 603:VPNServer501 and step 602 simulate is set up the negotiation of pptp tunneling, obtains negotiation result.
Step 604:VPNClient analogue means 502 is according to negotiation result, and the measuring accuracy of setting obtains to insert the result.
If consult for the first time, when the PPTP of 200 simulations client has all been passed through negotiation, 200 and the maximum 200 of scope between difference be 0,0<10, then 200 in the scope of setting, insert the result for to insert successfully, the PPTP client of the simulation when 200 has not all been passed through negotiation, and it is unsuccessful for inserting to insert the result.If second and third,,, inferior negotiation, when the PPTP client of the simulation of adjusted quantity has all been passed through negotiation, and the relative mistake that obtains the quantity that negotiation passes through before the quantity of consulting to pass through is consulted with this is smaller or equal to 10, the quantity of then consulting to pass through is in the scope of setting, insert the result for to insert successfully, otherwise it is unsuccessful for inserting to insert the result.
Step 605: when inserting the result is when inserting successfully, execution in step 606; When the access result is unsuccessful for inserting, thus execution in step 607.
Step 606: lexical analysis module 503 obtains the capacity of the PPTP client of this VPNServer501 according to the quantity of the PPTP client that inserts successful corresponding simulating.
Lexical analysis module 503 will insert the quantity of the PPTP client of successful corresponding simulating and note, i.e. lexical analysis module 503 obtains the capacity of the PPTP client of this VPNServer501.
Step 607: lexical analysis module 503 is adjusted the maximum of the capacity of PPTP client according to the accuracy value of setting.Here accuracy value is 10, can adjust maximum 200 according to dichotomy, is adjusted into 150 with 200.
Step 608: lexical analysis module 503 is handed down to VPNClient analogue means 502 with the maximum of the capacity of adjusted PPTP client, continues execution in step 502.Here, lexical analysis module 503 is handed down to VPNClient analogue means 502 with 150.
In the embodiment of the invention, when 150 obtain to consult to pass through, then continue to adjust, be adjusted into 125 150 according to dichotomy.If 125 consult to pass through, because before adjusting, the setting quantity that does not obtain to consult to pass through is 150, then differ 25,25 accuracy value 10 greater than test between 150 and 125, then 125 in the scope of setting, insert the result for unsuccessful, need proceed to adjust, be adjusted into 138 125.If 138 also obtain to consult to pass through, and before adjusting, the setting quantity that does not obtain to consult to pass through is 150, then differ 12,12 accuracy value 10 greater than test between 138 and 150, then 138 also in the scope of setting, insert the result for unsuccessful, continue to adjust, be adjusted into 144 138.If 144 consult to pass through, before adjusting, it is 6 that the setting quantity 150 that obtains to consult to pass through differs, and therefore, here, the capacity of the PPTP client of acquisition is 144.
By said method, lexical analysis module 503 can obtain the capacity of the PPTP client of this VPNServer501.
Embodiment 2, the same system that utilizes as shown in Figure 5, the L2TP client capacity of test VPNServer.Here, device being tested VPNServer501 allows the L2TP agreement to dial in.
After the system of the L2TP client capacity that has made up test VPNServer, the user also is required to be simulation L2TP client and has distributed specific address; Be VPNClient analogue means 502 configuration interface IP addresses, and the necessary route that arrives VPNServer, the initial range and the accuracy value of the capacity of L2TP client also need be set in lexical analysis device 503 at last, in the present embodiment, the initial value of the L2TP client that is provided with is 100-200, and accuracy value is 10.Concrete implementation is referring to Fig. 7:
Step 701: lexical analysis device 503 is handed down to VPNClient analogue means 502 with the maximum of the capacity of the L2TP client of setting, and promptly lexical analysis device 503 is handed down to VPNClient analogue means 502 with 200.
Step 702:VPNClient analogue means 502 simulates the L2TP client of the quantity correspondence that lexical analysis device 503 issues and dials in VPNServer501.
Here, simulating the quantity that lexical analysis device 503 issues is 200, and VPNClient analogue means 502 is provided with 200 cover different clients parameters, thereby has simulated 200 L2TP clients.L2TP client parameter comprises Source Address, Local name, Username.After 200 cover different clients parameters are set, just simulated 200 L2TP clients, VPNClient analogue means 502 can carry out the negotiation of setting up L2TP Tunnel between each L2TP client and the VPNServer501.In negotiations process, according to every cover client parameter, for each tunnel generates independently negotiation packet, and negotiation packet carried out the L2TP protocol encapsulation, form the L2TP negotiation packet of each tunnel correspondence, arrive the necessary route of VPNServer501 by the VPNClient analogue means set up 502, VPNClient analogue means 502 carries out the mutual of L2TP negotiation packet with VPNServer501.
Step 703:VPNServer501 carries out the negotiation of pptp tunneling to the L2TP client that step 702 simulates, and obtains negotiation result.
Step 704:VPNClient analogue means 502 obtains to insert the result according to negotiation result.When the L2TP client of this all simulation of holding consultation has all been passed through negotiation, and before the quantity and this negotiation consulting to pass through, when the difference of consulting the quantity passed through satisfies measuring accuracy, the quantity that negotiation is passed through is in the scope of setting, inserting the result for to insert successfully, all is access failure otherwise insert the result.
Step 705: when inserting the result is when inserting successfully, execution in step 706; When the access result is unsuccessful for inserting, thus execution in step 707.
Step 706: lexical analysis module 503 obtains the capacity of the L2TP client of this VPNServer501 according to the quantity of the L2TP client that inserts successful corresponding simulating.
Here, 200 messages are authentication success all, and then lexical analysis module 503 is noted 200, i.e. the capacity that lexical analysis module 503 obtains the L2TP client of these VPNServer501 is 200.
Step 707: lexical analysis module 503 is adjusted the maximum of the capacity of L2TP client according to the accuracy value of setting.Here accuracy value is 10, here, can directly adjust maximum 200 according to measuring accuracy, is adjusted into 190 with 200.
Step 708: lexical analysis module 503 is handed down to VPNClient analogue means 502 with the maximum of the capacity of adjusted L2TP client, continues execution in step 702.Here, lexical analysis module 503 is handed down to VPNClient analogue means 502 with 190.
In the embodiment of the invention, lexical analysis module 503 can only be adjusted the capability value of the L2TP client that issues according to the accuracy value of setting 10, for example, if 200 are not through consultation, then be adjusted into 190, also do not have not through consultation, then be adjusted into 180 190 as if 190 with 200, so analogize, when adjusting to 140, consult to have passed through, before then this is adjusted, not having quantity through consultation is 150, then both to differ be 10, smaller or equal to accuracy value 10, therefore, here, the capacity of the L2TP client of acquisition is 140.
By said method, lexical analysis module 503 can obtain the capacity of the L2TP client of this VPNServer501.
Embodiment 3, utilize system as shown in Figure 5, the PPTP client of test VPNServer and the mixing capacity of L2TP client.Here, device being tested VPNServer501 allows PPTP agreement and L2TP agreement to dial in.
After the system of PPTP client that has made up test VPNServer and L2TP client mixing capacity, the user also is required to be simulation PPTP client and the L2TP client has been distributed specific address; Be VPNClient analogue means 502 configuration interface IP addresses, and the necessary route that arrives VPNServer, the initial range and the accuracy value of the capacity of PPTP client and L2TP client also need be set in lexical analysis device 503 at last, in the present embodiment, the initial value of the PPTP client that is provided with is 100-200, and the initial value of L2TP client is 10 for the 100-200 accuracy value also.Concrete implementation is referring to Fig. 8:
Step 801: lexical analysis device 503 sends to VPNClient analogue means 502 with the maximum of the capacity of the PPTP client that is provided with and L2TP client, be the maximum 200 of lexical analysis device 503, and the maximum 200 of the capacity of L2TP client is handed down to VPNClient analogue means 502 with the capacity of PPTP client.
Step 802:VPNClient analogue means 502, the PPTP client and the L2TP client that simulate the quantity correspondence that lexical analysis device 503 issues are dialled in VPNServer501, promptly simulate 200 PPTP clients, and 200 L2TP clients are dialled in VPNServer501.
Here, be the specific address that simulation PPTP client and L2TP client are distributed according to the user equally, interface IP address for 502 configurations of VPNClient analogue means, the different PPTP client parameters of VPNClient analogue means 502 configurations, 200 covers, thereby 200 PPTP clients have been simulated, and dispose 200 cover Different L 2TP client parameters, thereby 200 L2TP clients have been simulated.
VPNClient analogue means 502 can carry out the negotiation of setting up pptp tunneling between each PPTP client and the VPNServer501, and the negotiation of setting up L2TP Tunnel between each L2TP client and the VPNServer501.In negotiations process, according to every cover PPTP client parameter, for each pptp tunneling generates independently negotiation packet, and negotiation packet carried out the PPTP protocol encapsulation, form the PPTP negotiation packet of each pptp tunneling correspondence, according to every cover L2TP client parameter, for each L2TP Tunnel generates independently negotiation packet, and negotiation packet carried out the L2TP protocol encapsulation, form the L2TP negotiation packet of each L2TP Tunnel correspondence.Arrive the necessary route of VPNServer501 by the VPNClient analogue means set up 502, VPNClient analogue means 502 and VPNServer501 the mutual of message of holding consultation.
Step 803:VPNServer501 holds consultation to the tunnel request of initiating in the step 802 of setting up, and obtains negotiation result.
Step 804: the PPTP client and the L2TP client of all simulations have all been passed through negotiation in this is consulted, and before the PPTP client terminal quantity and this negotiation consulting to pass through, relative difference that to consult the PPTP client terminal quantity that passes through is smaller or equal to measuring accuracy, and before the L2TP client terminal quantity and this negotiation consulting to pass through, relative difference that to consult the L2TP client terminal quantity that passes through then inserts the result for to insert successfully smaller or equal to measuring accuracy; Otherwise the access result is an access failure.
Step 805:VPNClient analogue means 502 obtains to insert the result according to authentication result.When inserting the result is when inserting successfully, execution in step 806; When the access result is unsuccessful for inserting, thus execution in step 807.
Step 806: lexical analysis module 503 obtains the PPTP client of this VPNServer501 and the mixing capacity of L2TP client according to the quantity of the L2TP client of the quantity of the PPTP client that inserts successful corresponding simulating and simulation.
Step 807: lexical analysis module 503 is adjusted the maximum of the capacity of the capacity of PPTP client and/or L2TP client according to the accuracy value of setting.Here accuracy value is 10, can keep the maximum 200 of capacity of PPTP client constant, only adjusts the maximum of the capacity of L2TP client, promptly can be adjusted into 150 with 200; Also can keep the maximum 200 of capacity of L2TP client constant, only adjust the maximum of the capacity of PPTP client, promptly can be adjusted into 150 200.
Step 808: lexical analysis module 503 is handed down to VPNClient analogue means 502 with the maximum of the capacity of adjusted PPTP client and L2TP client, continues execution in step 702.Here, lexical analysis module 503 can be with the maximum 200 of the capacity of PPTP client, and the maximum 150 of the capacity of L2TP client is handed down to VPNClient analogue means 502; Also can be with the maximum 150 of the capacity of PPTP client, the maximum 200 of the capacity of L2TP client is handed down to VPNClient analogue means 502.
Pass through said method, lexical analysis module 503 can be when setting maximum at the capacity of the PPTP of this VPNServer501 client, obtain the capacity of the L2TP client of this VPNServer501, be in the present embodiment, the mixing capacity of this VPNServer501 is 200 PPTP clients, L L2TP client.Lexical analysis module 503 can also be when setting maximum at the capacity of the L2TP of this VPNServer501 client, obtain the capacity of the PPTP client of this VPNServer501, be in the present embodiment, the mixing capacity of this VPNServer501 is 200 L2TP clients, P PPTP client.
In the system of as shown in Figure 5 test VPNServer, VPNClient analogue means 502 further comprises: dispensing unit, VPN data processing unit and reception/transmitting element.
Dispensing unit, the quantity of each the classification simulant-client that is used for issuing according to lexical analysis device 503, the different simulant-client parameter of corresponding tricks is set, every cover simulation client parameter comprises the source address of client tunnel, the title in tunnel, the user name of authentication, password and vpn server address, wherein, every cover simulation client parameter all is unique, but the VPNServer address unanimity in every cover simulation client parameter.
The VPN negotiation element is used for forming the client of each classification respective amount according to every cover client parameter, and carries out the negotiation of the corresponding vpn tunneling of foundation between each client and the described vpn server.
The VPN data processing unit is used for the application that connects according to each simulant-client classification corresponding protocols, and the negotiation packet of negotiations process is carried out deblocking or encapsulation.
Reception/transmitting element is used for the negotiation packet after the encapsulation is transmitted to described vpn server, and receives the negotiation packet that described vpn server returns.
Further, the VPN negotiation element comprises: PPTP consults subelement and L2TP consults subelement.
PPTP consults subelement, is used for forming the PPTP client of setting quantity, and carrying out the negotiation of setting up pptp tunneling between each PPTP client and the described vpn server according to every cover simulation PPTP client parameter.L2TP consults subelement, and the user forms the L2TP client of setting quantity, and carries out the negotiation of setting up L2TP Tunnel between each L2TP client and the described vpn server according to every cover simulation 12TP client parameter.
The VPN data processing unit comprises: tcp data handles subelement and UDP message is handled subelement, wherein, tcp data is handled subelement, is used for the application according to the TCP connection, the negotiation packet between each PPTP client and the described vpn server is carried out the encapsulation or the deblocking of tcp module.UDP message is handled subelement, is used for the application according to the UDP connection, the negotiation packet between each L2TP client and the described vpn server is carried out the encapsulation or the deblocking of UDP module.
Reception/transmitting element comprises: PPTP subelement and L2TP subelement, wherein, the PPTP subelement is used for the negotiation packet after the TCP encapsulation is transmitted to described vpn server, and receives the negotiation packet that described vpn server returns to each PPTP client.The L2TP subelement is used for the negotiation packet after the UDP encapsulation is transmitted to described vpn server, and receives the negotiation packet that described vpn server returns to each L2TP client.
In the system of as shown in Figure 5 test VPNServer, lexical analysis device 503 further comprises: obtain the unit, judging unit, capacity unit and adjustment unit.Wherein, obtain the unit, be used to obtain quantity by each classification client of described vpn server authentication; Judging unit is used to judge whether the quantity of each classification of acquisition equates with the setting quantity of corresponding classification; The capacity unit is used for setting quantity when the quantity of each classification that obtains and corresponding classification when equal, with the setting quantity of described each the classification simulant-client capacity as this classification client of described vpn server; Adjustment unit, be used for when the quantity of each classification that obtains is unequal with the setting quantity of corresponding classification, according to the measuring accuracy of setting the setting quantity of described each classification simulant-client is adjusted, and dialled in the setting quantity that module issues each classification simulant-client to described VPN client simulation.
In inventive embodiments, obtained the capacity of VPNServer after, testing apparatus also needs the forwarding performance of this VPNServer is tested, its concrete test process as described in Figure 9:
Step 901: testing apparatus is simulated the client of the described capacity respective amount of each classification after obtaining the capacity of each classification client of VPNServe, and sets up the vpn tunneling of the corresponding classification between each simulant-client and the described VPNServer.
Here, can obtain the capacity of each classification client according to the method for the VPNServer of test described in the foregoing description capacity, promptly can obtain the capacity of the PPTP client of VPNServe, the perhaps capacity of L2TP client, the perhaps mixing capacity of PPTP client and L2TP client.
Testing apparatus is simulated the PPTP client of this capacity respective amount according to the capacity of the PPTP client of VPNServe, and sets up the pptp tunneling between each PPTP client and the VPNServer; Or,
Testing apparatus is simulated the L2TP client of this capacity respective amount according to the capacity of the L2TP client of VPNServe, and sets up the L2TP Tunnel between each L2TP client and the VPNServer; Or,
Testing apparatus is according to the capacity of the PPTP client of VPNServe, simulate the PPTP client of this capacity respective amount, and set up pptp tunneling between each PPTP client and the VPNServer, and according to the capacity of the L2TP client of VPNServe, simulate the L2TP client of this capacity respective amount, and set up the L2TP Tunnel between each L2TP client and the VPNServer.
Step 902: testing apparatus is collected the source IP address and the purpose IP address of every vpn tunneling, and disposes the test data stream of every vpn tunneling correspondence.
Step 903: testing apparatus sends to described VPNServer by every vpn tunneling with the test data stream of correspondence.
Step 904: testing apparatus is according to the test data stream that sends, and the data flow returned of described VPNServer, generates test report.
In the device of the capacity of testing VPNServer referring to Fig. 3, the textural requirement that can't satisfy VPNServer performance test of module in performance and many data flow dialled in the VPNClient simulation, therefore, in the device of the performance of testing VPNServer, also need the performance test module.Referring to Figure 10, the device of the performance of test VPNServer comprises: module 100, lexical analysis module 200 and performance test module 300 are dialled in the VPNClient simulation.Wherein:
Module 100 is dialled in the VPNClient simulation, the setting quantity of each the classification simulant-client that is used for issuing according to lexical analysis module 200, simulate the client of the described setting quantity of each classification respective amount, and set up the vpn tunneling between each each simulant-client and the VPNServer.
Lexical analysis module 200 is used to collect source IP address and the purpose IP address that every vpn tunneling of module 100 foundation is dialled in the VPNClient simulation, and after constructing the data flow of described every vpn tunneling, sends to the performance test module.
Performance test module 300, be used for source IP address and purpose IP address according to every the vpn tunneling that receives, and the data flow of every vpn tunneling, dispose the test data stream of every vpn tunneling correspondence, and the test data stream of correspondence is sent to described VPNServer by every vpn tunneling, and according to the test data stream that sends, and the data flow returned of described VPNServer, generate test report.
Utilize above-mentioned concrete device test the VPNServer performance method flow chart as shown in figure 11, concrete implementation is as follows:
Step 1101: according to the method for above-mentioned test VPNServer capacity, the lexical analysis module obtains the capacity of each classification client of this VPNServer.
Here, the capacity of the client that lexical analysis module 200 obtains can be the capacity of PPTP client, also can be the capacity that has only the L2TP client, and capacity that can also existing PPTP client has the capacity of L2TP client again.
Step 1102: lexical analysis module 200 is handed down to the VPNClient simulation with the capacity of each classification client of this VPNServer dials in module 100.
According to step 1101, the capacity of the client that lexical analysis module 200 issues can be the capacity of PPTP client, also can be the capacity that has only the L2TP client, and capacity that can also existing PPTP client has the capacity of L2TP client again.
The capacity of module 100 according to each the classification client that obtains dialled in step 1103:VPNClient simulation, set up each classification respective amount and VPNServer between vpn tunneling.Here each tunnel all is unique, local unique sign (Tunnel Local ID) is set can for each tunnel and is used for distinguishing different clients.
Here, dial in the capacity of the PPTP client of having only VPNServe that module 100 obtains when VPNClient simulation, then set up respective amount and VPNServer between pptp tunneling.
Dial in the capacity of the L2TP client of having only VPNServe that module 100 obtains when VPNClient simulation, then set up respective amount and VPNServer between L2TP Tunnel.
Dial in module 100 when the VPNClient simulation and obtained the PPTP client of VPNServe and the mixing capacity of L2TP client, then set up the PPTP client the capacity respective amount and VPNServer between pptp tunneling, set up the L2TP client the capacity respective amount and VPNServer between L2TP Tunnel.
Step 1104: source IP address and purpose IP address that lexical analysis module 200 is collected every vpn tunneling setting up in the step 1101, and the data flow of constructing every vpn tunneling, and with the source IP address and the purpose IP address of every vpn tunneling, and the data flow of good every the vpn tunneling of structure sends to described performance test module 300.
Step 1105: performance test module 300 is according to the source IP address and the purpose IP address of every the vpn tunneling that obtains, and the data flow of every vpn tunneling, dispose the test data stream of every vpn tunneling correspondence, and the test data stream of correspondence is sent to VPNServer by every vpn tunneling.
Step 1106:VPNServer transmits every the test data stream that receives, and every test data stream receiving is sent to the performance test module.
Step 1107: performance test module 300 is according to the test data stream that sends out, and the data flow returned of VPNServer, generates test report.
Equally, in concrete the application, the testing apparatus of performance of test VPNServer can be one and dial in the device that module, lexical analysis module and performance test module three big modules are formed by the VPNClient simulation, also can dial in three devices that module, lexical analysis module and performance test module correspondence go out and form by VPNClient simulation, below with the VPNClient simulation dial in module, lexical analysis module and performance test module respectively correspondence go out three to install the composition testing apparatuss be that example describes in further detail.
Utilize concrete system as shown in figure 12, the performance of test VPNServer, this system comprises VPNServer1201, VPNClient analogue means 1202, lexical analysis device 1203 and tester 1204.Wherein,
VPNServer1201 is an equipment under test.
VPNClient analogue means 1202 is concrete devices that module is dialled in the VPNClient simulation, can be that prototype designs with a high performance router.
Lexical analysis device 1203 is the concrete device of lexical analysis module.
Tester 1204 is devices of the general test performance of industry, and as Smartbits, IXIA etc., this device can be constructed the IP message of appointment as requested, receives the performance that these messages calculate tested equipment by sending.This tester can be constructed the parallel transmitting-receiving of many data flow simultaneously, and performance is very high, can satisfy the requirement of the test of the performance under many vpn tunnelings of test situation.
Lexical analysis device 1203 can link to each other with VPNServer1201 with VPNClient analogue means 1202 by the CONSOLE port, move hyperterminal software on the lexical analysis device 1203, dispatcher software is realized control to VPNServer1201 and VPNClient analogue means 1202 by the script of operation appointment.Lexical analysis device 1203 can pass through application programming interfaces (API, Application ProgrammingInterface) to be realized by script tester 1204 being controlled.
In embodiments of the present invention, after having set up test macro as shown in figure 12, the transmission mode of use VPNClient analogue means 1202 back test VPNServer1201 as shown in figure 13, directly set up PPTP and/or L2TP Tunnel between VPNClient analogue means 1202 and the VPNServer1201, each tunnel is safeguarded separately, finish the dialing procedure of whole VPN, thereby, can be similar to a real client, these all clients all operate on the public physical link, thereby reach the effect of a large amount of client of simulation.
Utilize concrete system as shown in figure 12, can test separately, when having only the PPTP client, the performance of VPNServer; Also can test separately, when having only the L2TP client, the performance of VPNServer; Can also test, when PPTP client and L2TP client all exist, the performance of VPNServer.
Embodiment 4: utilize concrete system as shown in figure 12, and when PPTP client and L2TP client all exist, the performance of test VPNServer.
Device being tested VPNServer1201 allows PPTP agreement and L2TP agreement to dial in.The user also is required to be simulation PPTP client and the L2TP client has been distributed specific address; Be VPNClient analogue means 1202 configuration interface IP addresses, and the necessary route that arrives VPNServer1201, the initial range and the accuracy value of the capacity of PPTP client and L2TP client also need be set in lexical analysis device 1203 at last, in the present embodiment, the initial value of the PPTP client that is provided with is 0-120, the initial value of L2TP client also is 0-120, and accuracy value is 12.Concrete implementation is referring to Figure 14:
Step 1401: according to embodiment 3 described flow processs, the mixing capacity that lexical analysis device 1203 obtains this VPNServer1201 is a M PPTP client, L L2TP client, or P PPTP client, and M L2TP client, M can be 120 here.
Step 1402: lexical analysis device 1203 issues the mixing capacity that obtains this VPNServer1201 to VPNClient analogue means 1202, i.e. M PPTP client, L L2TP client, or P PPTP client, M L2TP client.
Step 1403:VPNClient analogue means 1202 simulates the client of respective amount, sets up the simulant-client of respective amount and the vpn tunneling between the VPNServer, and for every vpn tunneling different Tunnel Local ID is set.Here, can set up M bar PPTP Tunnel, L bar L2TP Tunnel.Perhaps, set up P bar PPTPTunnel, M bar L2TP Tunnel.
Step 1404: lexical analysis device 1203 is collected the source IP address and the purpose IP address of every vpn tunneling setting up, and the data flow of constructing every vpn tunneling, and above-mentioned parameter is sent to tester 1204.
Step 1405: tester 1204 is according to the test data stream of every the vpn tunneling of parametric configuration that receives.The test data stream of every vpn tunneling can be source IP address and the purpose IP address that comprises every vpn tunneling, and the IP message of every vpn tunneling Tunnel Local ID.
Here can be M bar PPTP data flow, L bar L2TP data flow.Perhaps, set up P bar PPTP data flow, M bar L2TP data flow
Step 1406: tester 1204 will be constructed the vpn tunneling of good test data stream by correspondence and be sent to VPNServer1201.
Here, M bar PPTP data flow sends to VPNServer1201 by the M bar PPTP Tunnel of correspondence, and L bar PPTP data flow sends to VPNServer1201 by the L bar L2TP Tunnel of correspondence.Perhaps, P bar PPTP data flow sends to VPNServer1201 by the P bar PPTP Tunnel of correspondence, and M bar PPTP data flow sends to VPNServer1201 by the M bar L2TP Tunnel of correspondence.
Every test data stream that step 1407:VPNServer1201 is docked to is transmitted, and every test data stream receiving is sent to tester 1204.
Step 1408: the data flow of returning that tester 1204 will receive, carry out comparison with the test data stream that sends, and according to whether packet loss, adjust the size of flow, generate test report at last.
Here, the test report of generation can be that the mixing capacity of VPNServer1201 is a M PPTP client, during L L2TP client, and the forwarding performance test report of this VPNServer1201; The mixing capacity that also can be VPNServer1201 is a P PPTP client, during M L2TP client, and the forwarding performance test report of this VPNServer1201.
In the system of as shown in figure 12 test VPNServer, VPNClient analogue means 1202 further comprises: dispensing unit, VPN negotiation element, VPN data processing unit and reception/transmitting element
Dispensing unit, the quantity of each the classification simulant-client that is used for issuing according to the lexical analysis module is provided with the different simulant-client parameter of corresponding tricks, wherein, every cover simulation client parameter comprises the simulant-client address, user name, password and VPNServer address.
The VPN negotiation element is used for setting up the simulant-client of each classification respective amount and the vpn tunneling between the VPNServer, and realizing management and control that vpn tunneling connects according to every cover simulation client parameter.This unit comprises PPTP and consults subelement and L2TP negotiation subelement.PPTP consult that subelement is responsible for finishing and VPNServer between the foundation and the maintenance of pptp tunneling, L2TP consult that subelement is responsible for finishing and VPNServer between the foundation and the maintenance of L2TP Tunnel.
The VPN data processing unit is used to realize VPN data flow encapsulation reconciliation encapsulation process process.Negotiation at VPN is finished, set up vpn tunneling after, the transmitting-receiving of data flow will encapsulate the reconciliation encapsulation process through this module, be transmitted to reception/transmitting element.Wherein, PPTP consults submodule and is based on the application that TCP connects, and the PPTP data flow can be through the encapsulation or the decapsulation of tcp module; L2TP consults submodule and is based on the application that UDP connects, and the L2TP data flow can pass to reception/transmitting element and further transmit at last through the encapsulation or the decapsulation of UDP module.
Reception/transmitting element: be used for realizing the transmitting-receiving of every vpn tunneling data flow.Its realization is fully according to relevant RFC standard, and is consistent with common router, comprises the PPTP subelement, is used for receiving and sending the PPTP message; The L2TP subelement is used for receiving and sending the L2TP message.
In the embodiment of the invention, in the system of the system of test VPNServe capacity and test VPNServe performance, the VPNClient analogue means can be simulated a large amount of PPTP and L2TP client, form a large amount of multi-class simulant-clients, thereby the client that when test VPNServe capacity, does not need a large amount of reality, and on this basis, test macro can be automatical and efficient test the capacity of VPNServer under two kinds of service coexistences of PPTP and L2TP, and behind the capacity of PPTP client that obtains VPNServe and L2TP client, the VPNClient analogue means is set up the VPN link between each simulant-client and the VPNServer, and according to the data flow of each VPN link, tested when jumbo PPTP and the coexistence of L2TP client the forwarding performance of VPNServer.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (13)

1. a method of testing VPN (virtual private network) vpn server capacity is characterized in that, this method comprises:
A, testing apparatus are simulated the client of each category setting quantity, the negotiation that the described client that simulates and described vpn server are set up corresponding classification vpn tunneling;
B, described testing apparatus obtain the quantity that described vpn server is consulted each classification vpn tunneling of passing through, when the quantity of each classification that obtains equal with the setting quantity of corresponding classification, and the quantity of each classification of described acquisition with consult before when not obtaining described vpn server and consulting relative difference between the quantity of the corresponding classification passed through and be less than or equal to measuring accuracy, with the setting quantity of described each classification simulant-client capacity as this classification client of described vpn server, otherwise, execution in step C;
C, described testing apparatus are adjusted the setting quantity of described each classification simulant-client, return steps A.
2. method according to claim 1 is characterized in that, described classification comprises:
Point to Point Tunnel Protocol PPTP and/or Layer 2 Tunneling Protocol L2TP.
3. method according to claim 2 is characterized in that, when described classification was PPTP, described steps A comprised:
Described testing apparatus is provided with the different PPTP client parameter of corresponding tricks according to setting quantity, and wherein, every cover client parameter comprises the source address of client tunnel, the title in tunnel, the user name of authentication, password and vpn server address;
Described testing apparatus forms the PPTP client of setting quantity according to every cover PPTP client parameter, and carries out the negotiation of setting up pptp tunneling between each PPTP client and the described vpn server.
4. method according to claim 2 is characterized in that, when described classification comprised PPTP and L2TP, described steps A comprised:
Described testing apparatus is set second of quantity and L2TP client according to first of PPTP client and is set quantity, the different PPTP client parameters and the L2TP client parameter of corresponding tricks are set respectively, wherein, every cover client parameter comprises the source address of client tunnel, the title in tunnel, the user name of authentication, password and vpn server address;
Described testing apparatus forms the first PPTP client and second of setting quantity and sets the L2TP client of quantity according to every cover simulation client parameter, and carries out the negotiation of the corresponding vpn tunneling of foundation between each client and the described vpn server.
5. method according to claim 4 is characterized in that, described step C comprises:
Described testing apparatus is set quantity to described first and is adjusted, and described second sets quantity remains unchanged; Or,
Described testing apparatus is set quantity to described second and is adjusted, and described first sets quantity remains unchanged.
6. a device of testing the vpn server capacity is characterized in that, comprising:
The VPN client simulation is dialled in module, the setting quantity of each the classification simulant-client that is used for issuing according to the lexical analysis module, simulate the client of the described setting quantity of each classification, the negotiation that the described client that simulates and described vpn server are set up corresponding classification vpn tunneling;
The lexical analysis module, be used to obtain described vpn server and consult the quantity of each classification vpn tunneling of passing through, when the quantity of each classification that obtains equal with the setting quantity of corresponding classification, and the quantity of each classification of described acquisition with consult before when not obtaining described vpn server and consulting relative difference between the quantity of the corresponding classification passed through and be less than or equal to measuring accuracy, with the setting quantity of described each classification simulant-client capacity as this classification client of described vpn server, otherwise, setting quantity to described each classification simulant-client is adjusted, and dials in the setting quantity that module issues each classification simulant-client to described VPN client simulation.
7. device according to claim 6 is characterized in that, described VPN client simulation is dialled in module and comprised:
Dispensing unit, the setting quantity that is used for each classification simulant-client of issuing according to described lexical analysis module, the different simulant-client parameter of corresponding tricks is set, wherein, every cover simulation client parameter comprises the source address of client tunnel, the title in tunnel, the user name of authentication, password and vpn server address;
The VPN negotiation element is used for forming the client of each classification respective amount according to every cover client parameter, and carries out the negotiation of the corresponding vpn tunneling of foundation between each client and the described vpn server;
The VPN data processing unit is used for the application that connects according to each simulant-client classification corresponding protocols, and the negotiation packet of negotiations process is carried out deblocking or encapsulation;
Reception/transmitting element is used for the negotiation packet after the encapsulation is transmitted to described vpn server, and receives the negotiation packet that described vpn server returns.
8. device according to claim 7 is characterized in that, described VPN negotiation element comprises:
PPTP consults subelement, is used for forming the PPTP client of setting quantity, and carrying out the negotiation of setting up pptp tunneling between each PPTP client and the described vpn server according to every cover simulation PPTP client parameter;
L2TP consults subelement, is used for forming the L2TP client of setting quantity, and carrying out the negotiation of setting up L2TP Tunnel between each L2TP client and the described vpn server according to every cover simulation 12TP client parameter;
Described VPN data processing unit comprises:
Tcp data is handled subelement, is used for the application according to the TCP connection, the negotiation packet between each PPTP client and the described vpn server is carried out the encapsulation or the deblocking of tcp module;
UDP message is handled subelement, is used for the application according to the UDP connection, the negotiation packet between each L2TP client and the described vpn server is carried out the encapsulation or the deblocking of UDP module;
Described reception/transmitting element comprises:
The PPTP subelement is used for the negotiation packet after the TCP encapsulation is transmitted to described vpn server, and receives the negotiation packet that described vpn server returns to each PPTP client;
The L2TP subelement is used for the negotiation packet after the UDP encapsulation is transmitted to described vpn server, and receives the negotiation packet that described vpn server returns to each L2TP client.
9. a method of testing the vpn server performance is characterized in that, this method comprises:
Testing apparatus is simulated the client of the described capacity respective amount of each classification after obtaining the capacity of each classification client of described vpn server, and sets up the vpn tunneling of the corresponding classification between each simulant-client and the described vpn server;
Described testing apparatus is according to the source IP address of every vpn tunneling collecting and the test data stream of every vpn tunneling correspondence of purpose IP address configuration, and by every vpn tunneling the test data stream of correspondence sent to described vpn server;
Described testing apparatus is according to the test data stream that sends, and the data flow returned of described vpn server, generates test report.
10. method according to claim 9 is characterized in that, described classification comprises:
PPTP and/or L2TP.
11. method according to claim 10 is characterized in that, described testing apparatus is simulated the client of the described capacity respective amount of each classification, and the vpn tunneling of setting up the corresponding classification between each simulant-client and the described vpn server comprises:
Described testing apparatus is simulated the PPTP client of described capacity respective amount according to the capacity of the PPTP client of described vpn server, and sets up the pptp tunneling between each PPTP client and the vpn server; Or,
Described testing apparatus is simulated the L2TP client of described capacity respective amount according to the capacity of the L2TP client of described vpn server, and sets up the L2TP Tunnel between each L2TP client and the vpn server; Or,
Described testing apparatus is according to the capacity of the PPTP client of described vpn server, simulate the PPTP client of described capacity respective amount, and set up pptp tunneling between each PPTP client and the vpn server, and according to the capacity of the L2TP client of described vpn server, simulate the L2TP client of described capacity respective amount, and set up the L2TP Tunnel between each L2TP client and the vpn server.
12. a device of testing the vpn server performance is characterized in that, comprising:
The VPN client simulation is dialled in module, and the capacity of each the classification simulant-client that is used for issuing according to the lexical analysis module simulates the client of the described capacity respective amount of each classification, and sets up the vpn tunneling between each simulant-client and the vpn server;
The lexical analysis module, be used for dialling in the capacity of each classification client that module issues the described vpn server of acquisition to described VPN client simulation, and collect source IP address and the purpose IP address that described VPN client simulation is dialled in every vpn tunneling that module sets up, and after constructing the data flow of described every vpn tunneling, send to the performance test module;
The performance test module, be used for source IP address and purpose IP address according to described every the vpn tunneling that receives, and the data flow of every vpn tunneling, dispose the test data stream of every vpn tunneling correspondence, and the test data stream of correspondence is sent to described vpn server by every vpn tunneling, and according to the test data stream that sends, and the data flow returned of described vpn server, generate test report.
13. device according to claim 12 is characterized in that, described VPN client simulation is dialled in module and is comprised:
Dispensing unit, the capacity of each the classification simulant-client that is used for issuing according to the lexical analysis module is provided with the different simulant-client parameter of corresponding tricks, wherein, every cover simulation client parameter comprises the simulant-client address, user name, password and vpn server address;
The VPN negotiation element is used for setting up and safeguard the simulant-client of each classification respective amount and the vpn tunneling between the vpn server according to described every cover simulation client parameter;
The VPN data processing unit is used for the application according to each simulant-client classification corresponding protocols connection, the data flow of described each simulant-client transmitting-receiving is carried out corresponding deblocking and encapsulation process, and be transmitted to reception/transmitting element;
Reception/transmitting element is used for carrying out the transmitting-receiving of data flow at described every vpn tunneling.
CN2008101784398A 2008-11-26 2008-11-26 Method and apparatus for testing capacity and performance of virtual special network server Expired - Fee Related CN101431447B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101784398A CN101431447B (en) 2008-11-26 2008-11-26 Method and apparatus for testing capacity and performance of virtual special network server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101784398A CN101431447B (en) 2008-11-26 2008-11-26 Method and apparatus for testing capacity and performance of virtual special network server

Publications (2)

Publication Number Publication Date
CN101431447A CN101431447A (en) 2009-05-13
CN101431447B true CN101431447B (en) 2011-02-09

Family

ID=40646625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101784398A Expired - Fee Related CN101431447B (en) 2008-11-26 2008-11-26 Method and apparatus for testing capacity and performance of virtual special network server

Country Status (1)

Country Link
CN (1) CN101431447B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102148716A (en) * 2010-02-05 2011-08-10 中国联合网络通信集团有限公司 Point-to-point system network performance testing method and system thereof
CN102984025B (en) * 2012-11-23 2015-09-30 华为技术有限公司 The method of testing of gateway device virtual tunnel performance, Apparatus and system
CN103490950B (en) * 2013-09-03 2017-12-22 深圳市迈腾电子有限公司 A kind of router PPTP session capacity analogy methods
CN103716209B (en) * 2013-12-31 2017-12-19 北京神州绿盟信息安全科技股份有限公司 A kind of tunnel concurrent test system and equipment
CN105939240B (en) * 2015-11-25 2019-04-09 杭州迪普科技股份有限公司 Load-balancing method and device
CN106856439B (en) * 2016-12-07 2019-08-02 武汉斗鱼网络科技有限公司 A kind of method and server of scheme test
CN108306792B (en) * 2018-04-08 2021-12-07 北京信达环宇安全网络技术有限公司 Method, device and system for testing VPN function of equipment and test equipment
CN110855511A (en) * 2018-08-20 2020-02-28 北京国双科技有限公司 Method, device and system for determining capacity of server, storage medium and processor
CN110445858B (en) * 2019-08-02 2022-02-01 深圳震有科技股份有限公司 Method, device, equipment and medium for simultaneously connecting server with client

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6473798B1 (en) * 1998-12-15 2002-10-29 Cisco Technology, Inc. Method and system for testing a layer-2 tunnel in a data communication network
CN1848776A (en) * 2005-11-03 2006-10-18 华为技术有限公司 Testing device and testing method for exchanging network board
CN1863098A (en) * 2005-05-12 2006-11-15 中兴通讯股份有限公司 System and method for testing wideband network access server PPP/VPN performance
CN101227344A (en) * 2008-02-03 2008-07-23 中兴通讯股份有限公司 Method for simulating L2TP dialing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6473798B1 (en) * 1998-12-15 2002-10-29 Cisco Technology, Inc. Method and system for testing a layer-2 tunnel in a data communication network
CN1863098A (en) * 2005-05-12 2006-11-15 中兴通讯股份有限公司 System and method for testing wideband network access server PPP/VPN performance
CN1848776A (en) * 2005-11-03 2006-10-18 华为技术有限公司 Testing device and testing method for exchanging network board
CN101227344A (en) * 2008-02-03 2008-07-23 中兴通讯股份有限公司 Method for simulating L2TP dialing

Also Published As

Publication number Publication date
CN101431447A (en) 2009-05-13

Similar Documents

Publication Publication Date Title
CN101431447B (en) Method and apparatus for testing capacity and performance of virtual special network server
US7440415B2 (en) Virtual network addresses
CN106533883B (en) A kind of method for building up, the apparatus and system of network special line
CN101425938B (en) Method and apparatus for network apparatus test
JP2018014104A (en) Process control communication between asset management system and portable field maintenance tools
CN101448277B (en) Method, system and device for processing wireless access network faults
CN1323520C (en) Broad-band insertion service apparatus dialing testing method
CN104468291B (en) The method and apparatus of WiFi module communication
JP2018037066A (en) Process control communication architecture
CA2426240A1 (en) Method and system for simulating multiple independent client devices in a wired or wireless network
CN103812829B (en) A kind of method, remote desktop server and system for improving remote desktop security
CN102457421B (en) Process for establishing a VPN connection between two networks
CN100450249C (en) Near-end maintenance radio frequency remote module method
CN102143492B (en) Method for establishing virtual private network (VPN) connection, mobile terminal and server
CN105636234A (en) Station opening method, base station, base station controller and station opening system
CN107395601A (en) A kind of mobile office system and method based on the safe Intranets of VPN
CN107634880A (en) Broadband speed-measuring method and broadband velocity-measuring system
CN101588366A (en) System and method for accessing enterprise information system based on SaaS
US20160380830A1 (en) Method and system for managing multiple devices within a network system
US7327687B2 (en) Wireless network virtual station address translation with external data source
CN102820999A (en) Management and control system and method for network service level and function of cloud virtual desktop application
CN104426715B (en) A kind of distributed testing tool control method
CN104301449A (en) Method and device for modifying IP address
CN103401751B (en) Internet safety protocol tunnel establishing method and device
CN104579942A (en) Network message forwarding method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: PU NING

Free format text: FORMER OWNER: FUJIAN XINGWANGRUIJIE NETWORK CO., LTD.

Effective date: 20140516

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 350015 FUZHOU, FUJIAN PROVINCE TO: 518052 SHENZHEN, GUANGDONG PROVINCE

TR01 Transfer of patent right

Effective date of registration: 20140516

Address after: 518052 Guangdong city of Shenzhen province Nanshan District Nanshan digital and cultural industry base east tower room 407

Patentee after: Pu Ning

Address before: 350015 M9511 Industrial Park, fast road, Mawei District, Fujian, Fuzhou

Patentee before: Fujian Xingwangruijie Network Co., Ltd.

ASS Succession or assignment of patent right

Owner name: STATE GRID ZHEJIANG ELECTRIC POWER COMPANY SHAOXIN

Effective date: 20141010

Owner name: STATE GRID CORPORATION OF CHINA

Free format text: FORMER OWNER: PU NING

Effective date: 20141010

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 518052 SHENZHEN, GUANGDONG PROVINCE TO: 100031 XICHENG, BEIJING

TR01 Transfer of patent right

Effective date of registration: 20141010

Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Patentee after: State Grid Corporation of China

Patentee after: State Grid Zhejiang Electric Power Company

Patentee after: Shaoxing Power Supply Company of State Grid Zhejiang Electric Power Company

Patentee after: State Grid Zhejiang Zhuji Power Supply Co., Ltd.

Patentee after: Zhuji Dongbai Electric Power Equipment Manufacturing Co., Ltd.

Address before: 518052 Guangdong city of Shenzhen province Nanshan District Nanshan digital and cultural industry base east tower room 407

Patentee before: Pu Ning

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110209

Termination date: 20171126