Test Methodologies and Recommended Practices From its inception, the Mu Test Suite supported integration with a wide variety of test lab environments including load generation, functional testing, open and proprietary standards. The Mu solution controls other testing devices over serial console, Telnet or SSH channels and uses regular expressions to detect user-defined "events of interest" that are used to trigger fault isolation. The Mu Test Suite is controlled via a web-browser-based GUI with award-winning ease-of-use. Mu Test Suite is easy to integrate into larger lab automation frameworks where they exist: - The Mu Test Suite exposes its functionality via a Web Services Description Language (WSDL) document so it can integrate into Software Testing Automation Framework (STAF) and other similar WSDL-based laboratory automation environments.
- The Mu solution also can be controlled via a Representational State Transfer (REST) API and Mu provides a Tcl wrapper for that API so that the Mu analyzer can be easily integrated into Tcl-based lab automation environments.
- The REST API can also be used to directly control the Mu analyzer, e.g., from a Yahoo! widget or similar applet.
- The Mu analyzer also supports HP Quality Center directly
This growing list of recommended practices or test methodologies document specific working examples, complete with relevant configuration files, of how the Mu Test Suite can be integrated with other lab equipment, or give guidance on the wide variety of ways that the Mu Test Suite can be used to establish the reliability, availability and security of various types of IP-based devices. Device Test Recommended Practices | Digital Voice/Data, Session Border Controllers (SBCs) |
Mu Dynamics has worked with Veraz Networks to define a set of comprehensive tests to which SBCs should be subjected. The Mu Test Suite can be deployed in a variety of ways to test a Session Border Controller (SBC) for robustness and the ability to tolerate denial-of-service conditions and other real-world traffic scenarios. The methodology paper documents how to test SBCs using Service-Level Traffic Variations targeting the many exposed protocols within SBCs, as well as denial-of-service simulation(s) against these protocols. The Mu Test Suite is able to deliver SLTV in endpoint mode as well as in passthrough mode, e.g., by simulating a phone call originating either on the inside or the outside of a VoIP boundary (the SBC being the boundary). Register to Download Files [.pdf]
| | Routing/Switching Device |
The Mu Test Suite can test a router or any L2-L7 switch in a variety of ways. This paper documents the many ways that a router can be evaluated by the Mu Test Suite, including Service-Level Traffic Variation (SLTV) attacks in passthrough mode for services in which the router actively or passively participates; also possible are SLTV attacks in endpoint mode vs. the services running within the router (e.g., routing protocols, management protocols, or other critical applications like DHCP, etc.); and finally Denial-of-Service (DoS) attacks against any active services within the router.
Register to Download Files [.zip]
| | Inline Security Enforcement Devices |
The Mu Test Suite can test any inline security enforcement device in either endpoint mode or in passthrough mode, in which traffic is sent from the Mu Test Suite through the target device, back to the Mu. The goal of this testing is two-fold: - Verify that protocol implementations within the device, such as management protocols, application-layer gateways, and routing protocols are of high quality.
Remember that these devices are deployed in critical data paths in the network and if these devices fail either the whole network becomes cut off from the outside or it becomes open to the outside. Neither outcome is desirable! Another possible side-effect of abnormal traffic could be that the device's performance degrades, also not desirable.
- Verify that specific traffic filtering features are working as expected. In this case, traffic containing vulnerability triggers is sent through the device where signatures are installed with the expectation that "bad" traffic will be prevented from reaching the protected interfaces of the device, while "good" traffic will be allowed through.
These devices tend to be deployed in topologies in which NAT is enabled and so Mu supports passthrough testing of such configurations rather than requiring that NAT be disabled. When these methodologies are applied, the Mu Test Suite establishes the effectiveness of the security enforcement device. This methodology was developed to support InfoWorld's Enterprise UTM Shootout wherein Mu's contribution has been credited publicly. Register to Download Files [.zip]
| Laboratory Automation and Integration
|
An Integrated Customer-validated Test Solution from Mu Dynamics and Agilent Technologies to mitigate protocol errors, day-zero attacks and hidden vulnerabilities in network equipment, and ensure uninterrupted service delivery and maximum performance under worst-case conditions.
Register to Download Files [.zip]
|
|
Here, the Mu Test Suite controls an Ixia Ix-400T load generator and triggers fault isolation based on a throughput failure (as determined by the Ixia device). In this example, the Ixia is programmed to flag a failure condition if the traffic throughput drops below 10 Mbps (10% of line rate in this case). The Mu Test Suite also performs fault isolation using protocol Instrumentation failures for DHCP. As with all of these test methodology papers, this paper is meant to serve as an example from which other test setups may be derived, for instance using Service-Level Traffic Variations (SLTV) to test a routing protocol (e.g., BGP, OSPF, IS-IS, etc.) or a management protocol (e.g., SSH, HTTPs, etc.) instead of DHCP. Surprisingly, SLTV attacks against a particular home gateway's embedded DHCP server actually do cause reproducible throughput dropouts that can be detected by the Ixia Ix-400T.
Register to Download Files [.zip]
|
|
Here, the Mu Test Suite controls a SmartBits 6000C load generator and triggers fault isolation based on any data loss through the Device-under-Test (DuT) detected by the SmartBits unit. Besides using the Spirent SmartBits box to generate load and trigger fault isolation based on data loss, the Mu analyzer also performs fault isolation using protocol Instrumentation failures for SIP. As with all of these test methodology papers, this paper is meant to serve as an example from which other test setups may be derived, for instance using Service-Level Traffic Variations (SLTV) to test any protocol supported within the DuT such as a management protocol (e.g., SSH, HTTPs, etc.) or any relevant application protocol.
Register to Download Files [.zip]
|
|
Here, the Mu Test Suite in this example is controlled by the Ixia Test Conductor software to run an analysis. Detailed instructions are given for integrating the Mu solution into an Ixia environment, including all necessary Tcl files. A Mu Test Suite analysis template is also included, though any template would work just as well as the one provided in the attached .zip file. The point of this example is to show how the analysis is initiated, monitored and terminated from within Ixia Test Conductor, and how the resulting fault data and reports are extracted via the Mu Test Suite’s REST API.
Register to Download Files [.zip]
| | |
