[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111786853A - System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product - Google Patents

System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product Download PDF

Info

Publication number
CN111786853A
CN111786853A CN202010623119.XA CN202010623119A CN111786853A CN 111786853 A CN111786853 A CN 111786853A CN 202010623119 A CN202010623119 A CN 202010623119A CN 111786853 A CN111786853 A CN 111786853A
Authority
CN
China
Prior art keywords
network
virtual machine
information exchange
data packet
physical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010623119.XA
Other languages
Chinese (zh)
Inventor
李旋
陈妍
吴其聪
杨春华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Third Research Institute of the Ministry of Public Security
Original Assignee
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Third Research Institute of the Ministry of Public Security filed Critical Third Research Institute of the Ministry of Public Security
Priority to CN202010623119.XA priority Critical patent/CN111786853A/en
Publication of CN111786853A publication Critical patent/CN111786853A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0888Throughput
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a system and a method for realizing throughput and delay index testing aiming at a safety isolation and information exchange product, wherein a test host machine comprises a first transceiving analog virtual machine and a second transceiving analog virtual machine, the test host machine is provided with a first physical network card and a second physical network card, the first transceiving analog virtual machine is provided with a first network bandwidth test unit and a first network data packet analysis unit, and the second transceiving analog virtual machine is provided with a second network bandwidth test unit and a second network data packet analysis unit. The invention also relates to a method for testing throughput and delay indexes of safety isolation and information exchange products based on the system. The invention realizes the test of the throughput and the time delay of the tested safety isolation and information exchange product by reasonably using the virtualization technology and the test software, reduces the physical equipment required by the test, simplifies the test method, reduces the error caused by asynchronous time and improves the test accuracy.

Description

System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product
Technical Field
The invention relates to the technical field of network security testing, in particular to the technical field of product testing special for network security and network security examination, and specifically relates to a system and a method for realizing throughput and delay index testing aiming at a security isolation and information exchange product.
Background
The united issuing and reform commission, the ministry of industry and communications, the ministry of public security, the national department of safety and the like of the national internet information office establishes a network security examination method in 4 months of 2020, and the method clearly specifies that the network security equipment should provide and have related security function and performance; in 2017, a national internet information office also combines a plurality of commission commissions to release a list of network key equipment and network security special products, a security isolation and information exchange product is in the list, and the performance which the product needs to meet, namely indexes of throughput and delay, are also specified in the list.
In order to test performance indexes, the existing methods for testing the performance of safety isolation and information exchange products comprise two methods of using an instrument and using a plurality of physical PCs to respectively install application programs and using the switches to build an experimental environment. Aiming at the first testing method using instruments, the instruments are expensive, the environment is closed, most of the instruments are foreign products, the usability is weak, and the application range and the flexibility are limited. And the second mode of using a plurality of physical PCs to respectively install application programs and using a switch to build a test system in a combined manner does not need expensive instruments and meters, is flexible to operate and strong in universality, but the method needs to use a plurality of physical PCs and the switch for matching, is complex in test environment, is not easy to maintain and move, and has more important problems that a plurality of devices are introduced, the time precision is greatly influenced, and the measured performance result has larger errors.
Disclosure of Invention
The invention aims to overcome the defects of the prior testing technology and provide a system and a method for realizing throughput and delay index testing aiming at a safety isolation and information exchange product, which have the advantages of simple and practical structure, stable and reliable performance, high precision, low cost and wider application range.
In order to achieve the above purpose, the system and the method for realizing the throughput and delay index test aiming at the safety isolation and information exchange product are realized by the following technical scheme:
the system for realizing the test of the throughput and the delay index aiming at the safety isolation and information exchange products is mainly characterized in that, the system comprises a test host machine, wherein at least a first transceiving analog virtual machine and a second transceiving analog virtual machine are loaded in the test host machine, the first transceiving analog virtual machine is provided with a first network bandwidth testing unit and a first network data packet analyzing unit, the second transceiving analog virtual machine is provided with a second network bandwidth testing unit and a second network data packet analyzing unit, the test host machine is provided with at least a first physical network card and a second physical network card, and the first receiving and dispatching simulation virtual machine is sequentially connected with the first physical network card, the tested safety isolation and information exchange product, the second physical network card and the second receiving and dispatching simulation virtual machine to form a closed-loop test system.
Preferably, the tested safety isolation and information exchange product is provided with at least a first physical interface and a second physical interface, the first physical network card is connected with the first physical interface, and the second physical network card is connected with the second physical interface.
Preferably, the product for tested security isolation and information exchange includes at least a first security domain and a second security domain, the first security domain is correspondingly connected to the first physical interface, and the second security domain is correspondingly connected to the second physical interface.
Preferably, a first virtual network card is arranged in the first transceiving analog virtual machine, the first virtual network card is mapped and bound with the first physical network card, a second virtual network card is arranged in the second transceiving analog virtual machine, and the second virtual network card is mapped and bound with the second physical network card.
The method for testing the throughput and the delay index of the safety isolation and information exchange product based on the system is mainly characterized by comprising a forward working test process, a reverse working test process and a full-duplex working test process, wherein the forward working test process comprises the following steps:
(1, a) the first network bandwidth testing unit is loaded and operated by the first transceiving analog virtual machine, the second network bandwidth testing unit is loaded and operated by the second transceiving analog virtual machine, and a forward working mode configuration operation is performed;
(2.a) the first network bandwidth testing unit sends a network data packet to the second transceiving analog virtual machine sequentially through the first physical network card, the tested safety isolation and information exchange product and the second physical network card;
(3.a) the second transceiving analog virtual machine loads and operates the second network data packet analysis unit to perform capturing analysis on the network data packet in the forward working mode, so as to test throughput and delay indexes;
the reverse working test process comprises the following steps:
(1, b) the first network bandwidth testing unit is loaded and operated by the first transceiving analog virtual machine, the second network bandwidth testing unit is loaded and operated by the second transceiving analog virtual machine, and a reverse working mode configuration operation is performed;
(2, b) the second network bandwidth testing unit sends a network data packet to the first transceiving analog virtual machine sequentially through the second physical network card, the tested safety isolation and information exchange product and the first physical network card;
(3.b) the first transceiving analog virtual machine loads and operates the first network data packet analysis unit to perform capturing analysis on the network data packet in the reverse working mode, so as to test throughput and delay indexes;
the full-duplex working test process comprises the following steps:
(1, c) the first network bandwidth testing unit is loaded and operated by the first transceiving analog virtual machine, the second network bandwidth testing unit is loaded and operated by the second transceiving analog virtual machine, and full-duplex working mode configuration operation is carried out;
(2, c) the first network bandwidth testing unit sends a network data packet to the second transceiving analog virtual machine sequentially through the first physical network card, the tested safety isolation and information exchange product and the second physical network card; meanwhile, the second network bandwidth testing unit sends a network data packet to the first transceiving analog virtual machine sequentially through the second physical network card, the tested safety isolation and information exchange product and the first physical network card;
(3.c) the second transceiving analog virtual machine loads and operates the second network data packet analysis unit to perform network data packet capture analysis; meanwhile, the first receiving and dispatching simulation virtual machine loads and operates the first network data packet analysis unit to perform capture analysis on the network data packet in the full-duplex working mode, so that the test of throughput and delay index is performed.
Preferably, the performing of the configuration operation of the forward working mode specifically includes:
the first receiving and dispatching simulation virtual machine sets the first network bandwidth testing unit as a network data packet sending end, and the second receiving and dispatching simulation virtual machine sets the second network bandwidth testing unit as a network data packet receiving end.
More preferably, the step (2.a) specifically comprises the following steps:
(2, a.1) the first network bandwidth testing unit transmits the sent network data packet from the first virtual network card of the first transceiving analog virtual machine to the first physical interface of the tested security isolation and information exchange product, and the first security domain receives the network data packet;
(2.a.2) said first security domain of said measured security isolation and information exchange article forwarding said network data packet to said second security domain internally of said measured security isolation and information exchange article;
(2, a.3) the second security domain sends the network data packet to the second physical network card through the second physical interface, and the second transceiving analog virtual machine receives the network data packet.
Preferably, the performing of the reverse working mode configuration operation specifically includes:
the second receiving and dispatching simulation virtual machine sets the second network bandwidth testing unit as a network data packet sending end, and the first receiving and dispatching simulation virtual machine sets the first network bandwidth testing unit as a network data packet receiving end.
More preferably, the step (2.b) specifically comprises the following steps:
(2, b.1) the second network bandwidth testing unit transmits the sent network data packet from the second virtual network card of the second transceiving analog virtual machine to the second physical interface of the tested security isolation and information exchange product, and the second security domain receives the network data packet;
(2.b.2) said second security domain of said measured security isolation and information exchange product forwarding said network data packet to said first security domain within said measured security isolation and information exchange product;
(2, b.3) the first security domain sends the network data packet to the first physical network card through the first physical interface, and the first virtual machine receives the network data packet.
Preferably, the performing full duplex operation mode configuration operation specifically includes:
the first receiving and dispatching simulation virtual machine sets the first network bandwidth test unit as a sending end and a receiving end of a network data packet at the same time, and the second receiving and dispatching simulation virtual machine sets the second network bandwidth test unit as a sending end and a receiving end of a network data packet at the same time.
More preferably, the step (2.c) specifically comprises the following steps:
(2, c.1) the first network bandwidth testing unit transmits a first network data packet sent out from the first virtual network card of the first transceiving analog virtual machine to the first physical interface of the tested security isolation and information exchange product, and the first security domain receives the first network data packet; meanwhile, the second network bandwidth testing unit transmits a second network data packet sent out from a second virtual network card of the second transceiving analog virtual machine to a second physical interface of the tested safety isolation and information exchange product, and the second safety domain receives the second network data packet;
(2.c.2) said first security domain of said measured security isolation and information exchange article forwarding said first network packet to said second security domain internally of said measured security isolation and information exchange article; and a second security domain of the tested security isolation and information exchange product forwards the second network data packet to the first security domain inside the tested security isolation and information exchange product;
(2, c.3) the first security domain sends the second network data packet to the first physical network card through the first physical interface, and the first virtual machine receives the second network data packet; and the second security domain sends the first network data packet to the second physical network card through the second physical interface, and the second transceiving analog virtual machine receives the first network data packet.
Preferably, the capturing and analyzing of the network data packet in the forward working mode includes the following steps:
(3, a.1) the second network data packet analysis unit in the second transceiving analog virtual machine starts the network data packet capturing and recording functions;
(3, a.2) after analyzing and processing the captured network data packet, the second network data packet analyzing unit screens out the same data packet which is sent by the first transceiving analog virtual machine and received by the second transceiving analog virtual machine, and counts the passing time of the network data packet in the forward working mode of the tested safety isolation and information exchange product, namely counts the delay index of the forward working mode;
(3.a.3) the test host machine judges whether reverse working mode delay index statistics is carried out or not;
and (3, a.4) if so, calculating an average value according to the forward working mode delay index statistical result and the reverse working mode delay index statistical result, thereby obtaining the throughput and delay index test result of the tested safety isolation and information exchange product.
Preferably, the capturing and analyzing of the network data packet in the reverse working mode includes the following steps:
(3, b.1) starting network data packet capturing and recording functions by a first network data packet analysis unit in the first transceiving analog virtual machine;
(3, b.2) after analyzing and processing the captured network data packet, the first network data packet analyzing unit screens out the same data packet which is sent by the second transceiving analog virtual machine and received by the first transceiving analog virtual machine, and counts the passing time of the network data packet in the reverse working mode, namely counts the delay indexes of the reverse working mode, of the tested safety isolation and information exchange product;
(3, b.3) the test host machine judges whether forward working mode delay index statistics is carried out or not;
and (3, b.4) if so, calculating an average value according to the forward working mode delay index statistical result and the reverse working mode delay index statistical result, thereby obtaining the throughput and delay index test result of the tested safety isolation and information exchange product.
Preferably, the capturing and analyzing of the network data packet in the full-duplex working mode includes the following steps:
(3, c.1) starting network data packet capturing and recording functions by a first network data packet analyzing unit in the first transceiving analog virtual machine and a second network data packet analyzing unit in the second transceiving analog virtual machine;
(3, c.2) after analyzing and processing the captured first network data packet, the second network data packet analyzing unit screens out the same data packet which is sent by the first transceiving analog virtual machine and received by the second transceiving analog virtual machine, and carries out statistics on the passing time of the first network data packet in the full-duplex working mode on the tested safety isolation and information exchange product, namely carrying out the statistics on the first delay index in the full-duplex working mode; meanwhile, after analyzing and processing the captured second network data packet, the first network data packet analyzing unit screens out the same data packet which is sent by the second transceiving analog virtual machine and received by the first transceiving analog virtual machine, and carries out statistics on the passing time of the second network data packet in the full-duplex working mode on the tested safety isolation and information exchange product, namely carries out statistics on the second delay index in the full-duplex working mode;
and (3, c.3) if so, calculating an average value according to the first delay index statistical result of the full-duplex working mode and the second delay index statistical result of the full-duplex working mode, thereby obtaining the throughput and delay index test results of the tested safety isolation and information exchange product.
The system and the method for realizing the throughput and delay index test aiming at the safety isolation and information exchange product are adopted, because the virtualization technology is used, the network card of the receiving and sending simulation virtual machine is mapped (bound) to the physical network card, the test program is installed on the receiving and sending simulation virtual machine, and the throughput and delay of the safety isolation and information exchange product are tested by a single test host machine through the setting and mapping of the virtual network card of the receiving and sending simulation virtual machine.
Drawings
Fig. 1 is a schematic diagram of a test setup process for testing throughput and delay of a host under self-loop in an embodiment of the present invention.
Fig. 2 is a schematic diagram of an environment and configuration for testing throughput and latency of a tested security isolation and information exchange product in an embodiment of the present invention.
Reference numerals
M100 test host machine
M101 tested safety isolation and information exchange product
M102 first transceiving analog virtual machine
M103 second Transceiver virtual machine
M110 first physical network card
M111 second physical network card
M112 first virtual network card
M113 second virtual network card
M114 first physical interface
M115 second physical interface
M121 first network bandwidth test unit
M123 second network bandwidth test unit
M122 first network data packet analysis unit
M124 second network data packet analysis unit
M104 first security domain
M105 second security domain
Detailed Description
In order to more clearly describe the technical solution of the present invention, the following further describes a specific embodiment with reference to the attached drawings.
The invention relates to a system for realizing throughput and delay index tests aiming at a safety isolation and information exchange product, wherein, the system comprises a test host machine M100, at least a first transceiver simulation virtual machine M102 and a second transceiver simulation virtual machine M103 are loaded in the test host machine M100, the first transceiving analog virtual machine M102 has a first network bandwidth testing unit M121 and a first network packet analyzing unit M122, the second transceiving analog virtual machine M103 has a second network bandwidth testing unit M123 and a second network packet analyzing unit M124, the test host machine M100 is provided with at least a first physical network card M110 and a second physical network card M111, the first transceiving analog virtual machine M102 is sequentially connected with the first physical network card M110, the tested safety isolation and information exchange product M101, the second physical network card M111 and the second transceiving analog virtual machine M103 to form a closed-loop test system.
As a specific embodiment of the present invention, the tested safety isolating and information exchanging product M101 is provided with at least a first physical interface M114 and a second physical interface M115, the first physical network card M110 is connected to the first physical interface M114, and the second physical network card M111 is connected to the second physical interface M115.
As a specific embodiment of the present invention, the tested security isolation and information exchange product M101 includes at least a first security domain M104 and a second security domain M105, the first security domain M104 is correspondingly connected to the first physical interface M114, and the second security domain M105 is correspondingly connected to the second physical interface M115.
As a specific embodiment of the present invention, a first virtual network card M112 is disposed in the first transceiving analog virtual machine M102, the first virtual network card M112 is mapped and bound with the first physical network card M110, a second virtual network card M113 is disposed in the second transceiving analog virtual machine M103, and the second virtual network card M113 is mapped and bound with the second physical network card M111.
In a preferred embodiment of the present invention, the system based on the foregoing implements a method for testing throughput and delay indicators of a security isolation and information exchange product, wherein the method includes a forward working test procedure, a reverse working test procedure, and a full duplex working test procedure, and the forward working test procedure includes the following steps:
(1, a) the first transceiver simulation virtual machine M102 loads and runs the first network bandwidth testing unit M121, and the second transceiver simulation virtual machine M103 loads and runs the second network bandwidth testing unit M123, and performs a forward working mode configuration operation;
(2.a) the first network bandwidth testing unit M121 sequentially sends a network data packet to the second transceiving analog virtual machine M103 through the first physical network card M110, the tested security isolation and information exchange product M101, and the second physical network card M111;
(3.a) the second transceiving analog virtual machine M103 loads and runs the second network packet analysis unit M124 to perform capturing and analyzing on the network packet in the forward working mode, thereby performing the test of throughput and delay index;
the reverse working test process comprises the following steps:
(1, b) the first transceiving analog virtual machine M102 loads and runs the first network bandwidth testing unit M121, and the second transceiving analog virtual machine M103 loads and runs the second network bandwidth testing unit M123, and performs a reverse operation mode configuration operation;
(2, b) the second network bandwidth testing unit M123 sends a network data packet to the first transceiving analog virtual machine M102 sequentially through the second physical network card M111, the tested security isolation and information exchange product M101 and the first physical network card M110;
(3, b) the first transceiving analog virtual machine M102 loads and operates the first network data packet analysis unit M122 to perform capture analysis on the network data packet in the reverse working mode, thereby performing the test of throughput and delay index;
the full-duplex working test process comprises the following steps:
(1, c) the first transceiving analog virtual machine M102 loads and runs the first network bandwidth testing unit M121, and the second transceiving analog virtual machine M103 loads and runs the second network bandwidth testing unit M123, and performs a full-duplex operation mode configuration operation;
(2, c) the first network bandwidth testing unit M121 sequentially sends the network data packet to the second transceiving analog virtual machine M103 through the first physical network card M110, the tested security isolation and information exchange product M101 and the second physical network card M111; meanwhile, the second network bandwidth testing unit M123 sends a network data packet to the first transceiving analog virtual machine M102 sequentially through the second physical network card M111, the tested security isolation and information exchange product M101, and the first physical network card M110;
(3, c) the second transceiving analog virtual machine M103 loads and operates the second network packet analysis unit M124 to perform network packet capture analysis; meanwhile, the first transceiving analog virtual machine M102 loads and operates the first network packet analysis unit M122 to perform capture analysis on the network packet in the full-duplex operating mode, thereby performing the test of throughput and delay index.
The operation of configuring the forward working mode is specifically as follows:
the first transceiving analog virtual machine M102 sets the first network bandwidth testing unit M121 as a network data packet sending end, and the second transceiving analog virtual machine M103 sets the second network bandwidth testing unit M123 as a network data packet receiving end.
In a preferred embodiment of the present invention, the step (2.a) specifically includes the following steps:
(2, a.1) the first network bandwidth testing unit M121 transmits the sent network data packet from the first virtual network card M112 of the first transceiving analog virtual machine M102 to the first physical interface M114 of the tested security isolation and information exchange product M101, and the first security domain M104 receives the network data packet;
(2.a.2) the first security domain M104 of the measured security isolation and information exchange product M101 forwarding the network data packet to the second security domain M105 within the measured security isolation and information exchange product M101;
(2, a.3) the second security domain M105 sends the network data packet to the second physical network card M111 through the second physical interface M115, and the second transceiving analog virtual machine M103 receives the network data packet.
The reverse working mode configuration operation is specifically as follows:
the second transceiving analog virtual machine M103 sets the second network bandwidth testing unit M123 as a network data packet sending end, and the first transceiving analog virtual machine M102 sets the first network bandwidth testing unit M121 as a network data packet receiving end.
In a preferred embodiment, the step (2.b) specifically includes the following steps:
(2, b.1) the second network bandwidth testing unit M123 transmits the sent network data packet from the second virtual network card M113 of the second transceiving analog virtual machine M103 to the second physical interface M115 of the tested security isolation and information exchange product M101, and the second security domain M105 receives the network data packet;
(2.b.2) the second security domain M105 of the tested security isolation and information exchange product M101 forwarding the network data packet to the first security domain M104 within the tested security isolation and information exchange product M101;
(2, b.3) the first security domain M104 sends the network packet to the first physical network card M110 through the first physical interface M114, and the first virtual machine receives the network packet.
The performing full-duplex working mode configuration operation specifically includes:
the first transceiving analog virtual machine M102 sets the first network bandwidth testing unit M121 as a transmitting end and a receiving end of a network data packet at the same time, and the second transceiving analog virtual machine M103 sets the second network bandwidth testing unit M123 as a transmitting end and a receiving end of a network data packet at the same time.
In a preferred embodiment, the step (2.c) specifically includes the following steps:
(2, c.1) the first network bandwidth testing unit M121 transmits the sent first network data packet from the first virtual network card M112 of the first transceiving analog virtual machine M102 to the first physical interface M114 of the tested security isolation and information exchange product M101, and the first security domain M104 receives the first network data packet; meanwhile, the second network bandwidth testing unit M123 transmits the sent second network data packet from the second virtual network card M113 of the second transceiving analog virtual machine M103 to the second physical interface M115 of the tested security isolation and information exchange product M101, and the second security domain M105 receives the second network data packet;
(2.c.2) the first security domain M104 of the tested security isolation and information exchange product M101 forwarding the first network packet to the second security domain M105 within the tested security isolation and information exchange product M101; moreover, the second security domain M105 of the tested security isolation and information exchange product M101 forwards the second network data packet to the first security domain M104 inside the tested security isolation and information exchange product M101;
(2, c.3) the first security domain M104 sends the second network packet to the first physical network card M110 through the first physical interface M114, and the first virtual machine receives the second network packet; moreover, the second security domain M105 sends the first network packet to the second physical network card M111 through the second physical interface M115, and the second transceiving analog virtual machine M103 receives the first network packet.
In a preferred embodiment of the present invention, the performing forward working mode network packet capture analysis includes the following steps:
(3, a.1) the second network packet analysis unit M124 in the second transceiving analog virtual machine M103 starts the network packet capturing and recording function;
(3, a.2) after analyzing and processing the captured network data packet, the second network data packet analyzing unit M124 screens out the same data packet that is sent by the first transceiving analog virtual machine M102 and received by the second transceiving analog virtual machine M103, and performs statistics on the passing time of the network data packet in the forward working mode, that is, forward working mode delay index statistics, on the tested security isolation and information exchange product M101;
(3, a.3) the test host machine M100 judges whether reverse working mode delay index statistics is performed or not;
and (3, a.4) if yes, calculating an average value according to the forward working mode delay index statistical result and the reverse working mode delay index statistical result, thereby obtaining the test results of the throughput and the delay index of the tested safety isolation and information exchange product M101.
In a preferred embodiment of the present invention, the performing network packet capture analysis in reverse operating mode includes the following steps:
(3, b.1) the first network packet analysis unit M122 in the first transceiving analog virtual machine M102 starts the network packet capturing and recording function;
(3, b.2) after analyzing and processing the captured network data packet, the first network data packet analyzing unit M122 screens out the same data packet that is sent by the second transceiving analog virtual machine M103 and received by the first transceiving analog virtual machine M102, and performs statistics on the passing time of the network data packet in the reverse working mode, that is, performs statistics on the delay index in the reverse working mode, on the tested security isolation and information exchange product M101;
(3, b.3) the test host machine M100 judges whether forward working mode delay index statistics is performed or not;
and (3, b.4) if so, calculating an average value according to the forward working mode delay index statistical result and the reverse working mode delay index statistical result, thereby obtaining the test results of the throughput and the delay index of the tested safety isolation and information exchange product M101.
In a preferred embodiment of the present invention, the performing network packet capture analysis in full duplex operating mode includes the following steps:
(3, c.1) both the first network packet analysis unit M122 in the first transceiving analog virtual machine M102 and the second network packet analysis unit M124 in the second transceiving analog virtual machine M103 start the network packet capturing and recording function;
(3, c.2) after analyzing and processing the captured first network data packet, the second network data packet analyzing unit M124 screens out the same data packet that is sent by the first transceiving analog virtual machine M102 and received by the second transceiving analog virtual machine M103, and performs statistics on the passing time of the first network data packet in the full-duplex working mode on the tested security isolation and information exchange product M101, that is, performs statistics on the first delay index in the full-duplex working mode; meanwhile, after analyzing and processing the captured second network data packet, the first network data packet analyzing unit M122 screens out the same data packet that is sent by the second transceiving analog virtual machine M103 and received by the first transceiving analog virtual machine M102, and performs statistics of the passing time of the second network data packet in the full-duplex working mode, that is, performs statistics of the second delay index in the full-duplex working mode, on the tested security isolation and information exchange product M101;
and (3, c.3) if so, calculating an average value according to the first delay index statistical result of the full-duplex working mode and the second delay index statistical result of the full-duplex working mode, thereby obtaining the test results of the throughput and the delay index of the tested safety isolation and information exchange product M101.
In practical use, the system for testing throughput and delay of the safety isolation and information exchange product of the invention virtualizes the test host machine M100 by using virtualization technology, installs application software on the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103, and configures a network card mapping relationship and a working mode of the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103, thereby realizing the purpose of using one test host machine M100 to build a test environment and test throughput and delay of the tested safety isolation and information exchange product M101. The method and the system for utilizing the test host machine M100 as the test environment can make full use of physical resources, reduce the requirement on test equipment, improve the test accuracy and facilitate the maintenance and the movement of the test environment.
The system for testing the throughput and the time delay of the safety isolation and information exchange product comprises a testing host machine M100, the test host M100 is loaded with at least a first transceiver simulation virtual machine M102 and a second transceiver simulation virtual machine M103, the first transceiving analog virtual machine M102 has a first network bandwidth testing unit M121 and a first network packet analyzing unit M122, the second transceiving analog virtual machine M103 has a second network bandwidth testing unit M123 and a second network packet analyzing unit M124, the test host machine M100 is provided with at least a first physical network card M110 and a second physical network card M111, the first transceiving analog virtual machine M102 is sequentially connected with the first physical network card M110, the tested safety isolation and information exchange product M101, the second physical network card M111 and the second transceiving analog virtual machine M103 to form a closed-loop test system.
The method for testing the throughput and the time delay of the safety isolation and information exchange product by utilizing the system comprises the following steps:
(1) the test host machine M100 is provided with at least a first physical network card M110 and a second physical network card M111, and the test host machine M100 is provided with a first transceiving analog virtual machine M102 and a second transceiving analog virtual machine M103;
(2) a first virtual network card M112 is arranged in the first transceiving analog virtual machine M102, the first virtual network card M112 is mapped and bound with the first physical network card M110, a second transceiving analog virtual machine M113 is arranged in the second transceiving analog virtual machine M103, and the second virtual network card M113 is mapped and bound with the second physical network card M111;
(3) the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine 103 are respectively provided with a first network bandwidth testing unit M121 and a second network bandwidth testing unit M123 for sending and receiving network packet data, and the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103 are respectively provided with a first network packet analyzing unit M122 and a second network packet analyzing unit M124 for capturing and analyzing network packets, so as to test throughput and delay indexes;
(4) the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103 respectively send a first network packet test unit M122 and a second network packet analysis unit M124 to the counterpart virtual machine using the first network bandwidth test unit M121 and the second network bandwidth test unit M123 installed thereon;
(5) the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine 103 respectively start the first network packet testing unit M122 and the second network packet analyzing unit M124 while transmitting the network packet;
the method for testing throughput and delay of safety isolation and information exchange products, wherein the test host machine M100 builds a whole test system, the method comprises a forward working test process, a reverse working test process and a full-duplex working test process, and the specific configuration steps of the test host machine M100 in the step (1) are as follows:
(1.1) the test host machine M100 is provided with a first physical network card M110 and a second physical network card M111, and resources are provided in the form of a host machine;
the test host M100 described in (1.2) installs a bottom operating system and virtualization software, and provides all software and hardware required for testing.
The method for testing throughput and delay of safety isolation and information exchange products is characterized in that the transceiving simulation virtual machine is provided with application software, and the transceiving simulation virtual machine in the step (4) comprises the following specific steps:
(1.1) the first virtual machine M102 is installed with a first network bandwidth testing unit M121 and a first network packet analyzing unit M122, and the second virtual machine M103 is installed with a second network bandwidth testing unit M123 and a second network packet analyzing unit M124;
(1.2) the first network bandwidth testing unit M121 and the second network bandwidth testing unit M123 are subjected to parameter configuration, network data packets are sent by respectively taking the network address of the virtual machine where the other party is located as a destination address, and the network data packets are sent mutually, so that the test of the tested safety isolation and the throughput of the information exchange product M101 is realized.
The method for testing throughput and delay of safety isolation and information exchange products comprises the following specific steps in the step (5):
when the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103 send network data packets to each other, the first network data packet analysis unit M122 and the second network data packet analysis unit M124 are respectively started, network data packets on the first virtual network card M112 and the second virtual network card M113 are captured and recorded, the same network data packet(s) are selected to be sent and received, and the recorded time difference is calculated, so that the test of the tested safety isolation and the time delay of the information exchange product M101 is realized.
Referring to fig. 1, as an embodiment of the present invention, it is a test setup diagram of throughput and latency under self-loop of a test host M100 according to the exemplary embodiment of the present invention, which includes the following steps:
(1) the test host machine M100 is provided with 2 physical network cards, a first physical network card M110 and a second physical network card M111, and the test host machine M100 is provided with a first transceiving analog virtual machine M102 and a second transceiving analog virtual machine M103;
specifically, the test host M100 is provided with a first physical network card M110 and a second physical network card M111, which are used as hosts, and the test host M100 is provided with an operating system, such as a Windows operating system and a Linux operating system, which is used as a bottom operating system platform of the test host M100. And installing virtualization programs such as VirtualBox, VMware and the like on the bottom operating system platform, wherein the virtualization programs are used for installing transceiving simulation virtual machines such as Windows, Linux and other system virtual machines.
(2) The first virtual network card M112 of the first transceiving analog virtual machine M102 is mapped (bound) to the first physical network card M110, and the second virtual network card M113 of the second transceiving analog virtual machine M103 is mapped (bound) to the second physical network card M111;
specifically, a first virtual network card M112 is enabled on the first transceiving analog virtual machine M102, the first virtual network card M112 is set to be in a Bridge (Bridge) operating mode, and is mapped (bound) to the first physical network card M110, and the first physical network card M110 operates in a promiscuous mode; a second virtual network card M113 is enabled on the second transceiver analog virtual machine M103, the second virtual network card M113 is set to be in a Bridge working mode and is mapped (bound) to the second physical network card M111, and the second physical network card M111 works in a promiscuous mode.
(3) The first transceiving analog virtual machine M102 and the second transceiving analog machine M103 respectively transmit and receive network data packets to and from the transceiving analog virtual machine of the other party using the first network bandwidth testing unit M121 and the second network bandwidth testing unit M123 installed thereon.
Specifically, the first network bandwidth testing unit M121 and the second network bandwidth testing unit M123, such as iPerf, are installed on the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103, the software is enabled, and the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M123 are configured as a client mode and a server mode at the same time, and are connected to the server of the other party in a client mode, respectively, and the network bandwidth B1 from the first transceiving analog virtual machine M102 to the second transceiving analog virtual machine M103 and the network bandwidth B2 from the second transceiving analog virtual machine M103 to the first transceiving analog virtual machine M102 are obtained through network packet statistics, so that the maximum network bandwidth between the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103 is Δ B.
(4) When the first transceiving analog virtual machine M102 and the second transceiving analog machine M103 transmit network packets, the first network packet analysis unit M122 and the first network packet analysis unit M124 are turned on.
Specifically, the first network packet analysis unit M122 and the second network packet analysis unit M124 installed in the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103 are enabled, such as Wireshark, respectively capture and record the network packet of the virtual machine, and analyze the recorded network packet to obtain the time T1 when the same network packet is sent by the first transceiving analog virtual machine M102 and the time T2 when the same network packet is received by the second transceiving analog virtual machine M103, where the time difference Δ T1 is T2 minus T1; in the same manner, the time difference Δ T2 of the network packet sent by the second vm M103 to the first vm M102 is calculated, so that the time error Δ T between the first vm M102 and the second vm M103 is an average value between Δ T1 and Δ T2.
Referring to fig. 2, as an embodiment of the present invention, it is a diagram for constructing and configuring a typical throughput and delay test environment of a security isolation and information exchange product of the present invention, which includes a test host M100 and a tested security isolation and information exchange product M101.
And the test host M100 has performed corresponding setting on the test host M100 according to the test setting diagram of the test host M100 under the self-loop condition as illustrated in fig. 1, and can be used as an independent detection device, and the throughput and the delay of the test host M100 are measured by the method illustrated in fig. 1, where the throughput is used as the maximum performance value of the test host M100, and the delay is used as an error value for elimination during the test. The method comprises the following steps:
(1) the first physical network card M110 and the second physical network card M111 of the test host machine M100 are respectively connected with the first physical interface M114 and the second physical interface M115 of the tested safety isolation and information exchange product M101 to form a closed-loop test system;
specifically, the first physical network card M110 of the test host machine M100 is connected to the first physical interface M114 of the tested security isolation and information exchange product M101, and the second physical network card M111 is connected to the second physical interface M115.
(2) The first transceiving analog virtual machine M102 sends a network data packet to the first physical interface M114, the network data packet is forwarded through the tested security isolation and information exchange product M101, and is returned to the second transceiving analog virtual machine M103 of the test host machine M100 by the second physical interface M115, and meanwhile, the second transceiving analog virtual machine M103 sends the network data packet to the first transceiving analog virtual machine M102 in the same manner;
specifically, the first network bandwidth testing unit M121, such as an iPerf, installed on the first transceiving analog virtual machine M102 is configured as a client mode and a server mode, and is connected to the first physical interface M114 in the client mode, and sends a network packet to the interface, where the network packet is received by the first security domain M104 and forwarded to the second security domain M105 according to the configuration policy, and the second security domain M105 sends the network packet to the second transceiving analog virtual machine M103 through the second physical interface M115, so as to test the network bandwidth B1 from the first transceiving analog virtual machine M102 to the second transceiving analog virtual machine M103.
The network bandwidth B2 from the second virtual transceiver M103 to the first virtual transceiver M102 is tested by the above method, so the throughput of the tested security isolation and information exchange product M101 is the average value of B1 and B2, and in order to minimize the error in the testing process, a method of averaging multiple measurements may be used.
(3) When the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103 transmit network packets, the first network packet analysis unit M122 and the second network packet analysis unit M124 are turned on.
Specifically, while the first transceiving analog virtual machine M102 sends a network packet to the first physical interface M114, the first network packet analysis unit M122 and the second network packet analysis unit M124 installed on the first transceiving analog virtual machine M102 and the second transceiving analog virtual machine M103 are enabled, such as Wireshark, to respectively capture and record the network packet of the virtual machine, and through network packet analysis, the time T1 sent by the first transceiving analog virtual machine M102 and the time T2 received by the second transceiving analog virtual machine M103 of the same network packet are obtained, and the time difference Δ T1 is T2 minus T1; in the same way, the time difference Δ T2 of the network data packet sent by the second transceiving analog virtual machine M103 to the first transceiving analog virtual machine M102 is calculated, so the delay τ of the tested security isolation and information exchange product M101 is the average value of Δ T1 and Δ T2, and the time error Δ T calculated in the embodiment of fig. 1 is subtracted, and in order to minimize the error in the testing process, a method of averaging multiple measurements may be used.
The above tests of step (2) and step (3) result in the throughput and delay of the security isolation and information exchange product M101 shown in fig. 2.
The system and the method for realizing the throughput and delay index test aiming at the safety isolation and information exchange product are adopted, because the virtualization technology is used, the network card of the receiving and sending simulation virtual machine is mapped (bound) to the physical network card, the test program is installed on the receiving and sending simulation virtual machine, and the throughput and delay test of the tested safety isolation and information exchange product is realized by the single test host machine through the setting and mapping of the virtual network card of the receiving and sending simulation virtual machine.
In this specification, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims (14)

1.A system for realizing throughput and delay index tests for safety isolation and information exchange products is characterized by comprising a test host machine (M100), wherein at least a first transceiving simulation virtual machine (M102) and a second transceiving simulation virtual machine (M103) are loaded in the test host machine (M100), the first transceiving simulation virtual machine (M102) is provided with a first network bandwidth test unit (M121) and a first network data packet analysis unit (M122), the second transceiving simulation virtual machine (M103) is provided with a second network bandwidth test unit (M123) and a second network data packet analysis unit (M124), the test host machine (M100) is provided with at least a first physical network card (M110) and a second physical network card (M111), and the first transceiving simulation virtual machine (M102) sequentially passes through the first physical network card (M110) and the second physical network card (M111), The tested safety isolation and information exchange product (M101), the second physical network card (M111) and the second transceiving analog virtual machine (M103) are sequentially connected to form a closed-loop test system.
2. The system for implementing throughput and latency indicator testing for a security isolation and information exchange product according to claim 1, wherein the tested security isolation and information exchange product (M101) is provided with at least a first physical interface (M114) and a second physical interface (M115), the first physical network card (M110) is connected with the first physical interface (M114), and the second physical network card (M111) is connected with the second physical interface (M115).
3. The system for enabling throughput and latency indicator testing for a security isolation and information exchange product according to claim 2, wherein the tested security isolation and information exchange product (M101) comprises at least a first security domain (M104) and a second security domain (M105), the first security domain (M104) is connected to the first physical interface (M114) and the second security domain (M105) is connected to the second physical interface (M115).
4. The system for implementing throughput and delay indicator testing for security isolation and information exchange products according to claim 1, wherein the first transceiving analog virtual machine (M102) is provided with a first virtual network card (M112), the first virtual network card (M112) is mapped and bound to the first physical network card (M110), the second transceiving analog virtual machine (M103) is provided with a second virtual network card (M113), and the second virtual network card (M113) is mapped and bound to the second physical network card (M111).
5. A method for testing throughput and delay indicators of a security isolation and information exchange product based on the system of any one of claims 1 to 4, wherein the method comprises a forward operation test procedure, a reverse operation test procedure and a full duplex operation test procedure, and the forward operation test procedure comprises the following steps:
(1, a) the first transceiving analog virtual machine (M102) loads and runs the first network bandwidth testing unit (M121), the second transceiving analog virtual machine (M103) loads and runs the second network bandwidth testing unit (M123), and a forward working mode configuration operation is performed;
(2, a) the first network bandwidth testing unit (M121) sends a network data packet to the second transceiving analog virtual machine (M103) sequentially through the first physical network card (M110), the tested security isolation and information exchange product (M101) and the second physical network card (M111);
(3.a) the second transceiving analog virtual machine (M103) loads and runs the second network data packet analysis unit (M124) to perform forward working mode network data packet capture analysis, so as to perform throughput and delay index tests;
the reverse working test process comprises the following steps:
(1, b) the first transceiving analog virtual machine (M102) loads and operates the first network bandwidth testing unit (M121), the second transceiving analog virtual machine (M103) loads and operates the second network bandwidth testing unit (M123), and a reverse operation mode configuration operation is performed;
(2, b) the second network bandwidth testing unit (M123) sends a network data packet to the first transceiving analog virtual machine (M102) sequentially through the second physical network card (M111), the tested security isolation and information exchange product (M101) and the first physical network card (M110);
(3, b) the first transceiving analog virtual machine (M102) loads and operates the first network data packet analysis unit (M122) to perform network data packet capture analysis in a reverse working mode, so as to perform throughput and delay index tests; the full-duplex working test process comprises the following steps:
(1, c) the first transceiving analog virtual machine (M102) loads and runs the first network bandwidth testing unit (M121), the second transceiving analog virtual machine (M103) loads and runs the second network bandwidth testing unit (M123), and a full-duplex operation mode configuration operation is performed;
(2, c) the first network bandwidth testing unit (M121) sends the network data packet to the second transceiving analog virtual machine (M103) sequentially through the first physical network card (M110), the tested security isolation and information exchange product (M101) and the second physical network card (M111); meanwhile, the second network bandwidth testing unit (M123) sends a network data packet to the first transceiving analog virtual machine (M102) sequentially through the second physical network card (M111), the tested safety isolation and information exchange product (M101) and the first physical network card (M110);
(3, c) the second transceiving analog virtual machine (M103) loads and operates the second network packet analysis unit (M124) to perform network packet capture analysis; meanwhile, the first transceiving analog virtual machine (M102) loads and operates the first network data packet analysis unit (M122) to perform capture analysis on the network data packet in the full-duplex working mode, so that the test of throughput and delay indexes is performed.
6. The method for implementing the test for the throughput and the delay indicators of the security isolation and information exchange product according to claim 5, wherein the performing the forward working mode configuration operation specifically comprises:
the first transceiving analog virtual machine (M102) sets the first network bandwidth testing unit (M121) as a network data packet sending end, and the second transceiving analog virtual machine (M103) sets the second network bandwidth testing unit (M123) as a network data packet receiving end.
7. The method for implementing the test for the throughput and delay indicators of the security isolation and information exchange product according to claim 6, wherein the tested security isolation and information exchange product (M101) is provided with at least a first physical interface (M114) and a second physical interface (M115), the first physical network card (M110) is connected to the first physical interface (M114), and the second physical network card (M111) is connected to the second physical interface (M115);
the tested security isolation and information exchange product (M101) comprises at least a first security domain (M104) and a second security domain (M105), the first security domain (M104) is correspondingly connected with the first physical interface (M114), and the second security domain (M105) is correspondingly connected with the second physical interface (M115);
a first virtual network card (M112) is arranged in the first transceiving analog virtual machine (M102), the first virtual network card (M112) is mapped and bound with the first physical network card (M110), a second virtual network card (M113) is arranged in the second transceiving analog virtual machine (M103), and the second virtual network card (M113) is mapped and bound with the second physical network card (M111);
the step (2.a) specifically comprises the following steps:
(2, a.1) the first network bandwidth testing unit (M121) transmits the sent network data packet from the first virtual network card (M112) of the first transceiving analog virtual machine (M102) to the first physical interface (M114) of the tested security isolation and information exchange product (M101), and the first security domain (M104) receives the network data packet;
(2.a.2) said first security domain (M104) of said measured security isolation and information exchange product (M101) forwarding said network data packet to said second security domain (M105) within said measured security isolation and information exchange product (M101);
(2, a.3) the second security domain (M105) sends the network packet to the second physical network card (M111) via the second physical interface (M115), and the second transceiving analog virtual machine (M103) receives the network packet.
8. The method for implementing the test for the throughput and the delay indicators of the security isolation and information exchange product according to claim 5, wherein the performing the reverse operation mode configuration operation specifically comprises:
the second network bandwidth testing unit (M123) is set as a network data packet sending end by the second transceiving analog virtual machine (M103), and the first network bandwidth testing unit (M121) is set as a network data packet receiving end by the first transceiving analog virtual machine (M102).
9. The method for implementing the test for the throughput and delay indicators of the security isolation and information exchange product according to claim 8, wherein the tested security isolation and information exchange product (M101) is provided with at least a first physical interface (M114) and a second physical interface (M115), the first physical network card (M110) is connected to the first physical interface (M114), and the second physical network card (M111) is connected to the second physical interface (M115);
the tested security isolation and information exchange product (M101) comprises at least a first security domain (M104) and a second security domain (M105), the first security domain (M104) is correspondingly connected with the first physical interface (M114), and the second security domain (M105) is correspondingly connected with the second physical interface (M115);
a first virtual network card (M112) is arranged in the first transceiving analog virtual machine (M102), the first virtual network card (M112) is mapped and bound with the first physical network card (M110), a second virtual network card (M113) is arranged in the second transceiving analog virtual machine (M103), and the second virtual network card (M113) is mapped and bound with the second physical network card (M111);
the step (2.b) specifically comprises the following steps:
(2, b.1) the second network bandwidth testing unit (M123) transmits the sent network data packet from the second virtual network card (M113) of the second transceiving analog virtual machine (M103) to the second physical interface (M115) of the tested security isolation and information exchange product (M101), and the second security domain (M105) receives the network data packet;
(2.b.2) the second security domain (M105) of said measured security isolation and information exchange product (M101) forwarding said network data packet to said first security domain (M104) within said measured security isolation and information exchange product (M101);
(2, b.3) said first security domain (M104) sending said network packet to said first physical network card (M110) via said first physical interface (M114), and said first virtual machine receiving said network packet.
10. The method for implementing the test for the throughput and the delay indicators of the product for security isolation and information exchange according to claim 5, wherein the performing the full-duplex operation mode configuration operation specifically comprises:
the first transceiving analog virtual machine (M102) sets the first network bandwidth testing unit (M121) as a transmitting end and a receiving end of a network data packet at the same time, and the second transceiving analog virtual machine (M103) sets the second network bandwidth testing unit (M123) as a transmitting end and a receiving end of a network data packet at the same time.
11. The method for implementing the test for the throughput and delay indicators of the security isolation and information exchange product according to claim 10, wherein the tested security isolation and information exchange product (M101) is provided with at least a first physical interface (M114) and a second physical interface (M115), the first physical network card (M110) is connected to the first physical interface (M114), and the second physical network card (M111) is connected to the second physical interface (M115);
the tested security isolation and information exchange product (M101) comprises at least a first security domain (M104) and a second security domain (M105), the first security domain (M104) is correspondingly connected with the first physical interface (M114), and the second security domain (M105) is correspondingly connected with the second physical interface (M115);
a first virtual network card (M112) is arranged in the first transceiving analog virtual machine (M102), the first virtual network card (M112) is mapped and bound with the first physical network card (M110), a second virtual network card (M113) is arranged in the second transceiving analog virtual machine (M103), and the second virtual network card (M113) is mapped and bound with the second physical network card (M111);
the step (2.c) specifically comprises the following steps:
(2, c.1) the first network bandwidth testing unit (M121) transmits the sent first network packet from the first virtual network card (M112) of the first transceiving analog virtual machine (M102) to the first physical interface (M114) of the tested security isolation and information exchange product (M101), and the first security domain (M104) receives the first network packet; meanwhile, the second network bandwidth testing unit (M123) transmits the sent second network data packet from the second virtual network card (M113) of the second transceiving analog virtual machine (M103) to the second physical interface (M115) of the tested security isolation and information exchange product (M101), and the second security domain (M105) receives the second network data packet;
(2.c.2) said first security domain (M104) of said measured security isolation and information exchange product (M101) forwarding said first network data packet to said second security domain (M105) within said measured security isolation and information exchange product (M101); and a second security domain (M105) of said tested security isolation and information exchange product (M101) forwards said second network data packet to said first security domain (M104) within said tested security isolation and information exchange product (M101);
(2, c.3) said first security domain (M104) sending said second network packet to said first physical network card (M110) via said first physical interface (M114), and said first virtual machine receiving said second network packet; and the second security domain (M105) sends the first network packet to the second physical network card (M111) through the second physical interface (M115), and the second transceiving analog virtual machine (M103) receives the first network packet.
12. The method for implementing the test for the throughput and delay indicators of the security isolation and information exchange product according to any one of claims 5 to 11, wherein the performing the forward operation mode network packet capture analysis comprises the following steps:
(3, a.1) the second network packet analysis unit (M124) in the second transceiving analog virtual machine (M103) starts the network packet capturing and recording function;
(3, a.2) after analyzing and processing the captured network data packet, the second network data packet analyzing unit (M124) screens out the same data packet which is sent by the first transceiving analog virtual machine (M102) and received by the second transceiving analog virtual machine (M103), and performs statistics on the passing time of the network data packet in the forward working mode, that is, forward working mode delay index statistics, on the tested security isolation and information exchange product (M101);
(3, a.3) the test host machine (M100) judges whether reverse working mode delay index statistics is carried out or not;
and (3.a.4) if yes, calculating an average value according to the forward working mode delay index statistical result and the reverse working mode delay index statistical result, thereby obtaining the throughput and delay index test result of the tested safety isolation and information exchange product (M101).
13. The method for implementing testing throughput and delay indicators for a security isolation and information exchange product according to any of claims 5 to 11, wherein said performing reverse operation mode network packet capture analysis comprises the steps of:
(3, b.1) the first network packet analysis unit (M122) in the first transceiving analog virtual machine (M102) starts the network packet capturing and recording function;
(3, b.2) after analyzing and processing the captured network data packet, the first network data packet analyzing unit (M122) screens out the same data packet which is sent by the second transceiving analog virtual machine (M103) and received by the first transceiving analog virtual machine (M102), and performs statistics on the passing time of the network data packet in the reverse working mode, that is, statistics on the delay index of the reverse working mode, on the tested security isolation and information exchange product (M101);
(3, b.3) the test host machine (M100) judges whether forward working mode delay index statistics is carried out or not;
and (3, b.4) if yes, calculating an average value according to the forward working mode delay index statistical result and the reverse working mode delay index statistical result, thereby obtaining the throughput and delay index test result of the tested safety isolation and information exchange product (M101).
14. The method for implementing testing throughput and delay indicators for a security isolation and information exchange product according to any of claims 5 to 11, wherein said performing full-duplex operation mode network packet capture analysis comprises the steps of:
(3, c.1) both the first network packet analysis unit (M122) in the first transceiving analog virtual machine (M102) and the second network packet analysis unit (M124) in the second transceiving analog virtual machine (M103) start the network packet capturing and recording function;
(3, c.2) after analyzing and processing the captured first network data packet, the second network data packet analyzing unit (M124) screens out the same data packet which is sent by the first transceiving analog virtual machine (M102) and received by the second transceiving analog virtual machine (M103), and performs statistics on the passing time of the first network data packet in the full-duplex working mode on the tested security isolation and information exchange product (M101), that is, performs statistics on the first delay index in the full-duplex working mode; meanwhile, after analyzing and processing the captured second network data packet, the first network data packet analyzing unit (M122) screens out the same data packet which is sent by the second transceiving analog virtual machine (M103) and received by the first transceiving analog virtual machine (M102), and performs statistics on the passing time of the second network data packet in the full-duplex working mode on the tested safety isolation and information exchange product (M101), that is, performs statistics on the second delay index in the full-duplex working mode;
and (3, c.3) if so, calculating an average value according to the first delay index statistical result of the full-duplex working mode and the second delay index statistical result of the full-duplex working mode, thereby obtaining the throughput and delay index test result of the tested safety isolation and information exchange product (M101).
CN202010623119.XA 2020-07-01 2020-07-01 System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product Pending CN111786853A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010623119.XA CN111786853A (en) 2020-07-01 2020-07-01 System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010623119.XA CN111786853A (en) 2020-07-01 2020-07-01 System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product

Publications (1)

Publication Number Publication Date
CN111786853A true CN111786853A (en) 2020-10-16

Family

ID=72760586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010623119.XA Pending CN111786853A (en) 2020-07-01 2020-07-01 System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product

Country Status (1)

Country Link
CN (1) CN111786853A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101656637A (en) * 2009-09-11 2010-02-24 中国科学院计算技术研究所 Virtual trunk measuring device and method for network protocol
CN103427935A (en) * 2012-05-16 2013-12-04 中国科学院声学研究所 Network delay measuring method and system for eliminating position errors
US20130346531A1 (en) * 2012-06-25 2013-12-26 Advanced Micro Devices, Inc. Systems and methods for input/output virtualization
CN104883264A (en) * 2014-02-27 2015-09-02 中国科学院声学研究所 Method and system of virtualizing network cards on network processing platform
US20180144134A1 (en) * 2016-11-22 2018-05-24 Institute For Information Industry Detection system and detection method
CN108632110A (en) * 2018-03-23 2018-10-09 广州网测科技有限公司 Equipment performance test method, system, computer equipment and storage medium
US20200310846A1 (en) * 2016-05-12 2020-10-01 Telefonaktiebolaget Lm Ericsson (Publ) A monitoring controller and a method performed thereby for monitoring network performance

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101656637A (en) * 2009-09-11 2010-02-24 中国科学院计算技术研究所 Virtual trunk measuring device and method for network protocol
CN103427935A (en) * 2012-05-16 2013-12-04 中国科学院声学研究所 Network delay measuring method and system for eliminating position errors
US20130346531A1 (en) * 2012-06-25 2013-12-26 Advanced Micro Devices, Inc. Systems and methods for input/output virtualization
CN104883264A (en) * 2014-02-27 2015-09-02 中国科学院声学研究所 Method and system of virtualizing network cards on network processing platform
US20200310846A1 (en) * 2016-05-12 2020-10-01 Telefonaktiebolaget Lm Ericsson (Publ) A monitoring controller and a method performed thereby for monitoring network performance
US20180144134A1 (en) * 2016-11-22 2018-05-24 Institute For Information Industry Detection system and detection method
CN108632110A (en) * 2018-03-23 2018-10-09 广州网测科技有限公司 Equipment performance test method, system, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李博文;严若桦;黄文莉;韩雨丽;: "基于虚拟技术环境下的网络实验室构建与研究", 电脑知识与技术, no. 17, pages 46 - 48 *

Similar Documents

Publication Publication Date Title
CN110050441B (en) Capturing traffic in real time for protocol debugging in case of failure
CN110430100B (en) Network connectivity detection method and device
JP6271520B2 (en) Efficient parallel test method for time division duplex (TDD) communication systems
US10621797B2 (en) System and method for transferring diagnostic commands to a vehicle
US10705142B2 (en) Device, system and method for providing on-chip test/debug functionality
CN104133120A (en) Broadband RCS test method based on multi-channel simultaneous tests
CN105071982A (en) Method for rapidly measuring network card performance under Linux
CN106851513B (en) Method and system for testing electronic product
CN103457804A (en) Consistency testing platform of train network communication products
US20170187585A1 (en) Technologies for validating operations of devices
US8701130B2 (en) Implementing remote procedure calls
CN212163359U (en) System supporting throughput and delay test of safety isolation and information exchange products
KR20170133781A (en) Apparatus and Method for Testing and diagnosing Virtual Infrastructure
US10333803B2 (en) Relay apparatus and relay method
CN111786853A (en) System and method for realizing throughput and delay index test aiming at safety isolation and information exchange product
US20200244562A1 (en) Dual Purpose NIC/PCIe Protocol Logic Analyzer
CN100486187C (en) A test method and system for L2TP tunnel specification
CN102684942A (en) Method for testing performance of network equipment
US8873433B2 (en) Method of determining immediate topology of a network connection
CN103596645B (en) Method, device and equipment for terminal debugging
US20220334939A1 (en) High-Frequency Event-Based Hardware Diagnostics
KR101907684B1 (en) Management system of ATE for concurrent test of test object
JP4729153B2 (en) Measuring instrument control adapter, measuring system, measuring instrument control method, and recording medium
CN108683689B (en) Improved test system and method for realizing NIDS and NIPS intrusion detection function
TWI537891B (en) Testing apparatus and testing method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination