Slashdot Mirror

← Back to Stories (view on slashdot.org)

Constructing a Linux-Based Network Testing System?

Posted by Cliff on from the what's-routing-your-packets dept.

10Brett-T asks: "Is it possible to build a Linux box with two interfaces to test a network's ability to carry traffic between two ports? I work for a company developing ethernet switching hardware. We need to test its ability to carry traffic correctly under a variety of conditions. Various vendors have expensive test platforms available that may or may not do the tests we want, but we have a tight budget. We decided to try building a Linux system with two ethernet interfaces, and modify the routes to force the traffic to go across the network. Testing would be as simple as running an FTP connection between a client on one interface and a server on the other. This would be a great victory for Linux in our company, if I could get it working. The problem is that I cannot figure out how to bypass the Linux kernel's TCP/IP stack routing optimization. All the combinations of routing table modifications and iptables that I've tried still don't make the packets flow out the interfaces and on the wire instead of within the stack. Has anyone else tried something like this before? How did/would you approach this?"

4 of 30 comments (clear)

  1. Different subnets? by SpaceLifeForm · · Score: 2, Interesting

    I know that I accidently 'tested' a cross-over cable once. I did not notice any problems with IP traffic. No kernel oops. But I agree with the two machine approach.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  2. Mobile network testing by sachachua · · Score: 3, Interesting
    A pair of Linux iPAQs with expansion sleeves may work fantastically in this environment. Get two CF or PCMCIA network cards, install them on the iPAQs (the old 3630s or maybe even the monochrome iPAQs will do just fine), and check away. You can even install netcat.

    It's really portable and flexible, and you can test all sorts of things easily.

    Incidentally, for wireless neworks - there are tools for helping you check wireless signal strength. Grab a supported WLAN card, plug it in, and wander around the building checking if your wireless network's okay.

  3. second box? by smoon · · Score: 3, Interesting

    How about a second box? Hardware capable of saturating a 10MB ethernet connection should be really cheap, and even saturating a 100MB connection isn't hard.

    Get two interfaces on each, one interface to an internal 'management' network, the other interface to the equipment you're testing. That way you can operate both boxes out of a single computer, possibly using SSH (or X or Telnet or whatever).

    You might also try some other tools besides ftp -- some of the cracker tools can be tuned to blast out an amazing amount of traffic, and even ping can saturate a link if you make the packets big enough and have enough processes sending them.

    I dunno. Just a thought.

    --
    "But actually trying to use m4 as a general-purpose langage would be deeply perverse" --ESR
  4. Be your own man in the middle by Halvard · · Score: 3, Interesting

    You could do something along the lines of the Frame Diverter project but instead of just tcp port 80 for transparent caching proxy, you could divert everything so that you can test.

    To summarize, you take a system with 2 nics and replace the destination mac address of all frames passing through with the Linux box's input interface. Bridge the 2 interfaces and run the tests of your choice.

    When you want to take this out of if, God forbid, something breaks in hardware or software, if it, say, between to switches, you replace it with an Ethernet Crossover cable and your network is restored to operation.