How we tested HP's ProCurve security blade

We assessed the HP Threat Management System in terms of features, usability and performance.

Using the Spirent TestCenter traffic analyzer/generator and Spirent TestCenter Layer 4-7 test application, we constructed a test bed emulating up to 500 clients and four servers.

We measured TCP performance using the metrics of forwarding rate; connection establishment rate; and concurrent connections. For all tests, we configured the TMS module with 260 firewall access rules. In IPS testing, we used a signature library with approximately 5,000 entries.

To measure forwarding rate, we configured 500 simulated users on Spirent TestCenter to request 512KB objects from Web servers. We used this large object size to saturate the network, and measured aggregate forwarding rates over a 60-second steady-state period.

To measure connection setup rate, we configured Spirent TestCenter clients and servers to use HTTP 1.0, thus forcing a new TCP connection with each HTTP request. We ran a binary search to find the highest successful setup rate, to the nearest 1,000 connections/second, averaged over a 60-second steady-state period.

To measure concurrent connections, we configured Spirent TestCenter clients and servers to use HTTP 1.1 and set up clients to request a new 1-byte object every 60 seconds. We added progressively larger numbers of clients up to a maximum of 600,000 (the limit claimed by HP), and averaged actual established connection count over a 60-second period.

To measure UDP rates, we configured Spirent TestCenter to offer traffic in a "backbone" or partial-mesh topology, where client and servers exchanged traffic through the TMS. Using a binary search to find the throughput rate, we offered 64-, 256-, 1,518- and 9,216-byte frames in separate tests of 60 seconds each. We measured average and maximum latency for each frame size at the throughput rate.

Return to test.

This story, "How we tested HP's ProCurve security blade" was originally published by Network World.