Rollout: BreakingPoint Systems' BPS-1000

BreakingPoint Systems' new BPS-1000 is an all-in-one network-stressing appliance. It can capture and reuse live traffic or blast packets to stress test routers, switches, and applications servers. It can also perform security tests of firewalls, IPSs/IDSs, and other security systems by launching a wide range of attacks.

BreakingPoint says its appliance can support millions of simultaneous TCP sessions and generate 500,000 TCP requests every second. It's an impressive amount of testing firepower. The BPS-1000 targets service providers, large corporations, VARs, integrators, and network equipment manufacturers.

Ixia and Spirent build competitive devices and have much more experience in the field. But BreakingPoint claims to do more in a single device. Ixia focuses on conformance tests for IPSec and 802.1x protocols and also has a security testing product. Spirent has similar capability to BreakingPoint Systems, but requires you to buy more than a single device if you want to do security testing and add realistic background traffic.

While our tests showed impressive results, the device comes from a startup with no track record. On the other hand, its founders and principals have a history of developing successful new products, including TippingPoint, which was acquired by 3Com.It's a good general-purpose testing device, and it shines on the security testing front. You'll need to stay on top of updates, because the effectiveness of its security testing depends on having the latest attacks. Also, if you turn the appliance full throttle, you may have trouble finding another vendor's device to verify the performance of the BPS-1000.

TAKING TESTS

The BPS-1000 is extremely easy to deploy. Running basic canned tests is also effortless. For example, Quick Tests (see figure) let you run or edit a preprogrammed test. To initiate the test, just click on "Accept." If you choose to build your own test, you can do it with a significant level of granularity.

And rather than just pumping dummy bits through the pipes, the product can capture live traffic from your network and then reply and amplify that traffic. You can add background traffic from app servers and VoIP servers as well as other devices. Replaying real-world traffic gives you a better sense of how your infrastructure will stand up to traffic loads than simulated packets.

In addition to capturing live traffic the BPS-1000 can generate Ethernet frames and IT packets, send valid TCP sessions, and generate realistic application flows. It should go without saying that you don't deploy the BPS-1000 in a production environment. By design, it would wreak havoc on your network.

Click a Quick Test
Click to enlarge in another window

The BPS-1000's strong point is security tests. The security Quick Tests use a graduated scale of attack profiles from running 100 attacks in a Level 1 test to over 3,000 different attacks in a Level 5 test. BreakingPoint updates the appliance with new attacks through its Strike Center service.

Suppose you have a firewall partially built for a VoIP, and you're wondering how it will behave against SIP-related attacks. You select a test level and fire away. The appliance then generates a report to tell you how the firewall performed. If the test didn't include enough SIP attacks, you can edit and rerun it.

We tested the Level 1 and Level 5 security tests. The Level 1 test ran in under two minutes and produced a 14-page report. The Level 5 test ran in about 15 minutes and produced a 142-page report. You can also easily tune the tests to focus on specific types of attacks and then rerun them. We liked the ability to quickly tune the tests.

The reports catalog all the attacks that were launched and the result of each. They provide significant technical detail, so be prepared to wade through a host of information. Information about the tests is also displayed in table and graphical formats. Security reports provide links to additional information about known vulnerabilities and remediation.THE COMPETITION

Ixia and Spirent are the market leaders for stress testing applications and hardware. (Free testing tools are also available on the Internet, but they don't offer anywhere near the capabilities of these three vendors.)Ixia and Spirent have a larger set of ready-made tests for networking environments than BreakingPoint Systems. For example, if you want to test the link state of the database in a BGP router, Ixia has a canned solution. You'd have to construct this test on your own with BreakingPoint. Ixia also has tests for the Java API in Cisco's CallManager. It's unlikely such a test could be built in the BPS-1000.

Spirent's forte is blasting bits and blocks of bits at a device. It has a wide range of interface types. However, the company lacks a strong suite of tests for layers 4 through 7. And its security test appliance only generates threatening traffic. You need additional equipment to add HTTP and IM traffic at the same time. The BPS-1000 can launch attacks with HTTP and IM traffic in the mix.

The upshot? If you're focusing on security testing, the BPS-1000 is likely to be your best buy. You can use it for network and application testing as well, but at present its competitors offer a better range of tests and more customization at layers 2 and 3.

The unit we tested starts at $185,000. Maintenance adds 20% annually for a grand total of $220,000 in the first year. You'll need that maintenance contract to get new updates of security attacks.

Phil Hippensteel is an assistant professor of information systems at Penn State University and an industry consultant. Write to him at [email protected].0