Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to use the TCPCopy online traffic replication tool. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

TCPCopy is a tool for replaying TCP streams that uses a real-world environment to test applications on Internet servers.

1. Description:

Although real real-time traffic is important for testing Internet server applications, because the situation in the production environment is responsible, it is difficult for the test environment to fully simulate the online environment. In order to test more realistically, we have developed an online traffic replication tool-TCPCopy, which can use real online traffic to test servers in the test environment. At present, TcpCopy technology has been widely used by many companies in China.

2. Use scenarios:

1) distributed stress testing

Use tcpcopy to copy real data for server stress testing. Some bug can only be found in cases of high concurrency.

2) Simulation experiment:

It has been proved to be a stable new system, and its bug can only be found when it is actually used.

3) regression test

4) performance comparison

III. Framework:

As shown in Figure1, tcpcopy consists of two parts: tcpcopy (client) and intercept (server) (later, tcpcopy-client is called tcpcopy and tcpcopy-server is called intercept). When tcpcopy runs on the production server and grabs requests from the production server, inteceptor runs on the secondary server to do some auxiliary work, such as responding to tcpcopy. Keep in mind that the test application should run on the test server.

By default, tcpcopy uses socket input technology to grab packets on the line at the network layer, does some basic processing (including simulated TCP interaction, network control, and analog transport layer and application layer), and uses socket output technology to send packets to the test server (as shown by the pink arrow)

The only thing tcpcopy's test server needs to do is to set the appropriate parameters so that the response information is sent to the secondary server (the server with intercept) (as shown by the green arrow)

Intercept (default) transmits the response information to tcpcopy. By grabbing the response packet, intercept extracts the response header information and uses a special channel to send the response header information to the tcpcopy (as shown by the purple arrow). When the tcpcopy receives the response header information, it uses the header information to modify the properties of the online Packer and continues to send another packet. It should be noted that the response from the test server is routed to the secondary server that should act as a black hole.

IV. Get started quickly

1. There are two ways to obtain intercept:

1) Download the latest intercept release.

2) clone git://github.com/session-replay-tools/intercept.git

2. Two ways to obtain tcpcopy

1) Download the latest tcpcopy release.

2) clone git://github.com/session-replay-tools/tcpcopy.git

Get the intercept installed on the secondary server

1) cd intercept

2). / configure

3) Select the appropriate configuration parameters

4) make

5) make install

VI. Configuration parameters of intercept

-- single intercept runs on a stand-alone machine

-- with-pfring=PATH sets the path to the source of the PF_ ring library

-- with-debug compiles intercept in debug mode (saved in log file)

Obtain the tcpcopy installed on the production server

1) cd tcpcopy

2). / configure

3) Select the appropriate configuration parameters

4) make

5) make install

VIII. Configuration parameters of tcpcopy

-- offline replays the TCP stream from the pcap file

-- pcap-capture grabs packets at the data link layer (default at the network layer)

-- pcap-send sends packets at the data link layer (default at the network layer)

-- with-pfring=PATH sets the path to the source of the PF_ ring library

-- set-protocol-module=PATH sets tcpcopy to work as an external protocol module

-- single if both intercept and tcpcopy are set to stand-alone mode, and only one tcpcopy and one intercept work together, you will get better performance

-- with-debug compiles tcpcopy in debug mode (saved in log file)

9. Run tcpcopy

Make sure that both tcpcopy and intercept are configured to ". / configure"

1) on the test server where the application is running, set the routing command correctly to send the response packet to the secondary server

For example:

Suppose 61.135.233.161 is the IP address of the secondary server. We set the following route command to route all responses to 62.135.200.x to the secondary server.

Route add-net 62.135.200.0 netmask 255.255.255.0 gw 61.135.233.161

2) on the secondary server running intercept (requires root permission or permission to communicate using socket)

. / intercept-F-I

Notice that the filter format is the same as the pcap filter.

For example:. / intercept-I eth0-F'tcp and src port 8080'-d

Intercept will capture the response from a TCP-based application that listens on port 8080 of the device

3) in the production server (root permission is required or permission to communicate using socket is required)

. / tcpcopy-x localServerPort-targetServerIP:targetServerPort-s

[- c]

For example (suppose 61.135.233.160 is the IP address of the target server):

. / tcpcopy-x 80-61.135.233.160pur8080-s 61.135.233.161-c 62.135.200.x

Tcpcopy will grab the packets at port 80 on the current server, modify the client IP address to 62.135.200.x, send these packets to the test server with ip address 61.135.233.160 and port 8080, and connect to 61.135.233.161, telling intercept to send the response packet to it (tcpcopy)

Although the "- c" parameter is optional, it is set here to simplify routing commands.

Pay attention to

1) can only be tested on linux (kernal 2.6or above)

2) tcpcopy may lose packets, so the request is lost.

3) root permission or socket permission is required (for example, setcap CAP_NET_RAW = ep tcpcopy)

4) TCPCopy only supports client-initiated connections

5) TCPCopy does not support replay of server applications using SSL / TLS

6) for MySQL session replay, please refer to https://github.com/session-replay-tools

7) ip forwarding should not be set on the secondary server

8) Please execute ". / tcpcopy-h" or ". / intercept-h" for more details

11. Influencing factors

There are several factors that may affect TCPCopy, which are described in detail in the following sections:

1) grab packet interface

By default, tcpcopy uses the socket input interface to grab packets from the production server at the network layer. When the system is busy, the system kernel may lose packets.

If you configure the tcpcopy parameter "--pcap-capture", tcpcopy will grab packets at the data link layer and filter packets in the kernel. In PF_RING resources, tcpcopy loses fewer packets when using pcap capture.

Perhaps the best way to capture the request packet is to mirror the ingress packet through the switch, and then divide the huge traffic into several machines through the load balancer.

2) sending interface

By default, tcpcopy uses the socket output interface to send packets at the network layer to the test server. If you want to avoid IP connection tracking problems or achieve better performance, configure the tcpcopy parameter "--pcap-send" and set the appropriate parameters. Tcpcopy can send packets to the test server at the data link layer.

3) the packet is on its way to the test server

When a packet is sent by tcpcopy, it may encounter many challenges before it reaches the test server. Because the source IP address in the packet is still the IP address of the end user (by default) rather than the IP address of the production server, some security devices may weaken the packet or discard it as a fake. In this case, if you use the tcp packet crawling tool on the test server, you may not be able to crawl the desired end-user packets. To determine if you are in this situation, you can do a small test using a test server on the same network segment. If the packet can be successfully sent to the test server of the same network segment, but not to the test server of different network segment, then it proves that your packet was discarded halfway.

To solve this problem, we recommend that tcpcopy, test server, and intercept be deployed on the same network segment. With the help of an agent in the same network segment, there is another solution. Tcpcopy can send a packet to the agent, and then the agent sends the corresponding request to the test server in another network segment.

Note that deploying the target server application on a virtual machine on the same network segment may face the above problems

4) Test the routing of the server

The test server may have set up reverse filtering technology to check whether the source IP address in the package is forged. If so, the packet is discarded at the network layer.

If you can use the tcp packet grab tool to catch the package on the test server, but the application on the test server does not receive any requests, you should check to see if you have settings similar to reverse filtering. If set, you have to remove the relevant settings to allow the packet to pass through the network layer.

There are other reasons that may cause tcpcopy not to work properly, such as firewall setup problems.

5) Test the application on the server

Applications on the test server may not be able to process all requests in a timely manner. On the one hand, the bug in the application causes the request to go unanswered for a long time; on the other hand, some protocols above the TCP layer only deal with the first request in the socket buffer and leave the rest of the request in the socket buffer without processing.

6) routing of secondary server

You should not set ip forwarding to true or the secondary server cannot work as a black hole.

XII. Historical version

2014.09 v1.0 TCPCopy released

XIII. Errors and functional requests

Are there any errors or functional requests? Please open a new question. Search for existing questions before opening any questions.

XIV. Copyright and license

Copyright 2016 is licensed by BSD.

This is how the TCPCopy online traffic replication tool shared by the editor is used. if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.