  	 The following test plan will be used for testing the "back-ported" Deliverable 1.
 
1. Compilation and Sanity checks:
    1. Scripts - This is the test suite Pat provided: SUT2/SUT8/SUT6
        1. Phase 1 test: test phase 1 algorithms
        2. Phase 2 test: test phase 2 algorithms (we will verify the left-over bug from Del#1a where packets > 4040B hang the system).
        3. Conn test: verify that large number of tunnels can be established.
    2. Userland crypto API test cryptotest: SUT2
    3. Algorithm: IxVPN algorithm matrix that verifies the various algorithms:IxVPN/SUT4
2. Performance: IxVPN/SUT4
    1. Control plane (IKE) throughput/latency
    2. Data plane (IPSec) throughput/latency
        Automated test which searches for the rate at which a specified % of packets (currently 2%) are dropped.
        Packet sizes vary from 64 to 1424 bytes.
3. Robustness/Endurnace: IxVPN/SUT4
    The robustness tests involves testing SUTs under heavy/varying loads for extended period of time (8+ hrs). I will try to schedule these overnight/weekends. However, each re-run to repeat/re-confirm test result will take up time.
    1. Heavy tunnel rekeying load
    2. Heavy packet load
    3. Sweep packet sizes (64-1424 bytes, 4 byte inc.)
    4. Randomize packet sizes on a per-packet basis
    5. large tunnel count
    6. Lots of small packets with a few big ones
    7. Lots of big packets with a few small ones
    8. Run full duplex IMIX packets at loads sufficient to generate 5-10% packet loss, 100's of sessions, rekeying every 1/2 hour for 40 hours (night, day, night).
4. Conformance:
    1. IPComp: Cisco 1720/SUT6
5. Design correctness: Logic Analyzer/SUT4
    1. Use logic analyzer to verify that HW is being used
        1. PK
        2. Packet
        3. RNG

Please see additional information on test descriptions where necessary.

Where Ixia is used for testing, the corresponding test config files (.xml files) are checked in here.
The Ixia tests have the following naming convention:
d<n>-acc<test#>-<description-of-test>
where:
    n = deliverable number;
    test#: corresponds to test # in test plan;
    description-of-test: duh
e.g. d1-acc2.2-data-plane-max-thruput
If a bug is reported in Mantis, a corresponding Ixia config file will be created and saved in the following naming convention:
mantis-<bug#>
Steps To Reproduce: 	
Additional Information: 	*** Note ***
1. The test machine used for testing against Ixai is assumed to be SUT4. If the
test machine is changed, all the config files used here need to be modified.
2. The corresponding ipsec.conf file on SUT4 is uploaded as ipsec.conf.ixia.254tun. It is symbolic-linked as:
ln -s ipsec.conf.ixia.254tun ipsec.conf
3. For test configs that ends with -esp, plesae comment out the line "phase2=ah" in the conn definition in the ipsec.conf on the SUT. Similarly, enable it for the test configs that ends with -ah. This is due to a Pluto bug, or feature, that requires the line "phase2=ah" in the conn definition for AH mode tunnels. See Mantis 79 for detailed description.

Detailed descriptions for individual tests:
==========================================

1.3 Algorithm: IxVPN algorithm matrix that verifies the various algorithms:
---------------------------------------------------------------------------

254 tunnels are set up to test varous algorithm combinations supported by the chip. The test is broken up into 2 subtests, one for ESP mode tunnels and another for AH mode tunnels.

For subgroup tests (ESP or AH), the algo combination is as follows:
{IKE mode} x {Hash algo(Ph1)} x {DH Group} x {Enc algo(Ph1)} x {Hash algo(Ph2) x
 {Enc algo(Ph2)} where:
IKE mode = main or aggresive
Hash algo = MD5 or SHA-1
DH group = DH-2 or DH-5 or DH-14
Enc algo = 3DES or AES128 or AES192 or AES256

See notes below for more detailed descriptions for each individual test.
Relationships	
Attached Files: 	 d1-acc1.3a-algo-matrix-254-esp.xml [^] (10,845 bytes) 04-13-07 21:21 [Delete]
 d1-acc1.3b-algo-matrix-254tun-ah.xml [^] (10,840 bytes) 04-13-07 21:22 [Delete]
 d1-acc2.1-ctrl-plane-tun-setup-rate.xml [^] (10,812 bytes) 04-13-07 21:22 [Delete]
 d1-acc2.2-data-plane-max-thruput.xml [^] (10,807 bytes) 04-13-07 21:23 [Delete]
 d1-acc3.3a-sweep-pkt-sizes-esp.xml [^] (10,766 bytes) 04-13-07 21:23 [Delete]
 d1-acc3.3b-sweep-pkt-sizes-ah.xml [^] (10,765 bytes) 04-13-07 21:24 [Delete]
 d1-acc3.5-large-tunnel-count.xml [^] (10,844 bytes) 04-13-07 21:24 [Delete]
 d1-acc3.6-imix-small-large.xml [^] (10,819 bytes) 04-13-07 21:25 [Delete]
 d1-acc3.7-imix-large-small.xml [^] (10,819 bytes) 04-13-07 21:25 [Delete]
 d1-acc3.8-kitchen-sink.xml [^] (10,820 bytes) 04-13-07 21:25 [Delete]
 d1-acc3.1-rekey-test.xml [^] (10,832 bytes) 04-24-07 19:07 [Delete]
 d1-acc3.2a-heavy-pkt-load-esp.xml [^] (10,770 bytes) 04-24-07 19:08 [Delete]
 d1-acc3.2b-heavy-pkt-load-ah.xml [^] (10,769 bytes) 04-24-07 19:09 [Delete]
 d1-acc3.4-randomized-packet-sizes.xml [^] (10,808 bytes) 04-24-07 19:09 [Delete]
 ipsec.conf.ixia.254tun [^] (27,420 bytes) 04-24-07 19:21 [Delete]
 d1-acc1.3a-algo-matrix-254-esp.tcl [^] (22,604 bytes) 04-27-07 02:03 [Delete]
 d1-acc1.3b-algo-matrix-254tun-ah.tcl [^] (22,605 bytes) 04-27-07 02:03 [Delete]
 d1-acc2.1-ctrl-plane-tun-setup-rate.tcl [^] (22,586 bytes) 04-27-07 02:04 [Delete]
 d1-acc2.2-data-plane-max-thruput.tcl [^] (22,572 bytes) 04-27-07 02:05 [Delete]
 d1-acc3.1-rekey-test.tcl [^] (22,555 bytes) 04-27-07 02:06 [Delete]
 d1-acc3.2a-heavy-pkt-load-esp.tcl [^] (22,526 bytes) 04-27-07 02:06 [Delete]
 d1-acc3.2b-heavy-pkt-load-ah.tcl [^] (22,522 bytes) 04-27-07 02:07 [Delete]
 d1-acc3.3a-sweep-pkt-sizes-esp.tcl [^] (22,529 bytes) 04-27-07 02:07 [Delete]
 d1-acc3.3b-sweep-pkt-sizes-ah.tcl [^] (22,525 bytes) 04-27-07 02:08 [Delete]
 d1-acc3.4-randomized-packet-sizes.tcl [^] (22,576 bytes) 04-27-07 02:08 [Delete]
 d1-acc3.5-large-tunnel-count.tcl [^] (22,591 bytes) 04-27-07 02:09 [Delete]
 d1-acc3.6-imix-small-large.tcl [^] (22,531 bytes) 04-27-07 02:09 [Delete]
 d1-acc3.7-imix-large-small.tcl [^] (22,531 bytes) 04-27-07 02:09 [Delete]
 d1-acc3.8-kitchen-sink.tcl [^] (22,520 bytes) 04-27-07 02:10 [Delete]

Notes
(0000288)
wtsai   
04-24-07 00:59   
	
2.1 Control plane (IKE) throughput/latency test:
------------------------------------------------

This test uses IxVPN's Tunnel Setup Rate test to measure the speed at which the SUT can setup increasing numbers of tunnels.

The test creates increasing number tunnels at each sweep by adding the increment value (set to 1 in this test) to the number of tunnels that were previously created.

Note that the tunnel setup handshake messages are inter-mixed between different tunnels and that there is a known bug on Linux (Mantis 82) where it fails this test (wrong cookie from a different tunnel is used).
(0000289)
wtsai   
04-24-07 01:25   
	
2.2 Data plane (IKE) throughput/latency test:
---------------------------------------------

In this test, IxVPN automatically searches for the max throughput the SUT can sustain with a given packet size before it reaches a pre-determined percentage of packet loss (2% in this test).

The packet sizes (in bytes) used in this test are those recommended by RFC 2544:
64, 128, 256, 512, 1024, 1280, 1424.

Note: on Linux (with kernel 3.0.12) we have seen throughput of 320Mbps with 1424 bytes packets.

(0000290)
wtsai   
04-24-07 01:48   
	
3.1 Heavy tunnel rekeying load:
-------------------------------

In this test, rekeying is enabled to allow re-negotiation of ph1 and ph2 SAs at expiration of tunnel life times (initially set to 600 sec and 300 sec respectively).

A large tunnels (254) are created for this test.

Other test parameters we can tweek with are:
Rekey Margin: window of time during which SA re-engotiation can occur. The Rekey Margin extens backwards from the end of the SA lifetime.
Rekey Fuzz Percentage: this value is randomly applied to Rekey margin to shrink (values under 100) or enlarge (values over 100) the window of time during which IxVPN will perform rekey for some tunnels. The fuzz percentage introduces a degree of randomness to the rekey process to prevent all the rekey attempts from occuring at the same time.

In our test, we have:
Rekey margin = 60 sec
Rekey fuzz percentage = 50
So SAs will be selected at random and rekeys are attempted during the final 30 sec of the SA lifetime (50% of 60 secs).

(0000291)
wtsai   
04-24-07 01:51   
	
3.2 Heavy packet load
---------------------

In this test, the SUT is stressed for prelonged period of time (e.g. 4 hours) at
95-105% rate of the max throughput rate obtained in 2.2 for their corresponding packet sizes.

(0000292)
wtsai   
04-24-07 02:10   
	
3.3 Sweep packet sizes
----------------------

In this test, packet sizes is increased at 4 bytes increment from 64 bytes to 1424 bytes. The test is running at 80% max throughput for the largest packets.
(0000293)
wtsai   
04-24-07 02:15   
	
3.4 Randomize packet sizes:
---------------------------

Other like test 3.3 where packet sizes is uniformly increased by 4-byte increment, we will use the "list" feature to choose a semi-randomized list of packet sizes to be tested, e.g.
64, 108, 96, 1280, 964, 786, 1024, 1424.
(0000294)
wtsai   
04-24-07 02:25   
	
3.5 Large tunnel count:
----------------------

The tunnel capacity test of IxVPN is used to test how many tunnels can be created and sustained successfully under a data soak test. Will try 254, 508 tunnels.

(0000295)
wtsai   
04-24-07 02:29   
	
3.6 Lots of small packets with a few big ones
3.7 Lots of big packets with a few small ones
---------------------------------------------

As the names suggest, we will use the IMIX option to select a large amount of small packets (or large packets) with a small percentage of large packets (or small packets) intermixed in the test traffic.

(0000297)
wtsai   
04-27-07 02:30   
	
Notes on running Tcl scripts from the Ixia Wish Console
=======================================================
1. Open the Wish Console on the desttop by double clicking it.
2. Do a "pwd" (you should be in C:/Program Files/Ixia/TclScripts)
3. cd lib/ixTclVpn/Generic (this is where all the Tcl scripts for the tests are located).
4. To run a particular script, do:
   source "<test.tcl>"
   e.g. source "d1-acc3.6-imix-small-large.tcl"
5. The output from the test run are shown on the Wish Console, log is saved as <test.log> and output as <test.out> 

