Once upon a time all you needed to protect your network was a simple firewall. As the Internet adoption increased, the protection provided by firewalls was soon discovered to be inadequate to respond to the increased sophistication of today’s threats. Security vendors have responded with improved protection mechanisms pushing the inspection all the way up to the “content” (application layer). Today’s NGN Firewalls are equipped with the intelligence to detect and prevent intrusion attempts, identify malicious files, applications, users and devices.
Ixia’s BreakingPoint is industry’s leading application and security test solution used to validate the stability, performance and security of the new generation content-aware devices including NGN Firewalls, Web Application Firewalls, IDS/IPS, DLP, lawful intercept systems, URL Filtering, Anti-Spam, anti-DDoS, Application Delivery Controllers and WAN accelerators.
BreakingPoint solution recreates every aspect of a realistic network including scale and content. Ixia’s Global Application and Threat Intelligence (ATI) program fuels BreakingPoint with the intelligence required in simulating realistic traffic conditions and relevant attacks. All this intelligence is consolidated into a large database of applications and various attacks (exploits, malware botnets and DoS/DDoS).
Ravello’s networking overlay makes it possible to create full-featured network & security labs on the public cloud. With a clean Layer 2 networking access, enterprises, ISVs, their resellers, have adopted Ravello for a variety of use-cases – network modeling, development-testing, training, sales demos, PoCs, cyber ranges, security sandbox environments to name a few.
This blog covers the configuration steps required to setup BreakingPoint VE on Ravello’s software defined overlay and complement your existing network security labs allowing you to recreate.
Using Ixia’s BreakingPoint VE (Virtual Edition) on Ravello you can:
- Conduct enticing demos by recreating every aspect of a realistic network
- Understand your network better and how it works
- Validate your network security architecture
- Train your customers and strengthen the skills of your security professionals
- Improve your operational readiness for refuting security attacks
- Deploy BreakingPoint VE on your local VMWare ESXi setup
- Use Ravello’s Import Tool to upload your VMs directly from VMware ESXi setup
- Verify and adjust the VM settings
- Publish your setup to AWS or Google cloud
1. Deploy BreakingPoint on your local hypervisor
BreakingPoint VE 3.5 and earlier version relies on the hypervisor’s API to deploy the line cards. Consequently before you deploy BreakingPoint VE setup on Ravello you will need to deploy it first on a local hypervisor – VMWare ESXi or KVM.
The following document provides instructions to install BreakingPoint VE on your local hypervisor. You can download the Ixia OVA file (for VMware) and the installation guide from Ixia’s strikecenter portal.
BreakingPoint allows you to use a system controller with up to 12 line cards, and each line card can be configured with up to 8 traffic interfaces (test interfaces).
My example uses a setup consisting of a single line card with 2 traffic interfaces. If you need more line cards it is important to have your entire setup built before you upload the corresponding VMs to Ravello’s library.
In your local setup, BreakingPoint will use DHCP to acquire IP addresses for the management interfaces of system controller and the line cards. Once you upload the VMs to Ravello’s library you must configure the management interfaces to match the IPs assigned to BPS VE virtual machines on your local setup. This step must be done before you start your VMs. In the event of an IP mismatch, the controller will fail to discover the line cards. Assigning the IP address you want in Ravello is straightforward – just use “IP configuration = DHCP” and type the desired IP address to “Reserve IP” field.
2. Use Ravello VM Import Tool to upload your BreakingPoint VE VMs
Ravello VM Import Tool provides a simple method to upload your VMs to Ravello’s library by importing the images directly from your vCenter or vSphere setup. Here is a quick how to reference to use VM Import tool.
3. Verify and adjust VM settings
In this part you will need to configure the VMs to match the network configuration from your local setup and ensure each VM has the right CPU, RAM, NIC driver.
- First verification step prompts you to verify the general settings (VM name, VM description, host name)
In my setup I used BPS-WebUI for the system controller and bpsLC for my line card VM
I added the “BreakingPoint Firmware Version”
- Second step prompts you to verify the System Settings
Assign 4 vCPUs and 8 GB of RAM for each VM.
- Third step prompts you to verify the Disk
There are no changes required but verify the settings are as shown below
- The third step prompts you to verify the Network
The BreakingPoint system controller has two management interfaces:
- eth0 – provides access to the Web User Interface and
- ctrl0 – control interface for managing the communication with the virtual line cards
The BreakingPoint line card has a single management interfaces (eth0) and allows a minimum of 2 traffic interfaces (test interfaces) and a maximum of 8.
- eth0 – provides access to the Web User Interface
Verify all NICs use VMXNet3 as a Device.
As mentioned in step 1, it is important to configure each management interface with same IPs as assigned during installation on your local setup.
Virtual Machine Interface IP Address VLAN System Controller ctrl0 192.168.109.199 1 eth0 192.168.109.200 1 Line Card eth0 192.168.109.202 1
The line card includes at least 3 NICs – one for management and two for traffic. The first interface on your local VMWare setup (eth0) is the designated management interface. Please note that the import tool may reverse the order of NICs and it is important to assign the management address to the right interface. Assigning the management IP address to an incorrect NIC will break the communication with the system controller and make your line card undiscoverable. In my setup, the management interface was displayed as the second NIC.
Below is the configuration for each one of the NICs associated with my BreakingPoint VE line card – the management interface has the IP address 192.168.109.202 reserved through DHCP and uses same VLAN tag “1”. For the traffic interfaces I used VLAN 200 and disabled the DHCP service by using a static IP address.
With the settings validated and adjusted per above instructions you can now create your application by adding the BreakingPoint System Controller VM and the BreakingPoint Line Card VM. To complete my setup I added a Windows VM to use it as a local hop to access the BreakingPoint user interface. An overview of my network setup is captured in the following snapshot.
4. Publish your application to the cloud of your choice
Ravello’s Network Smart Lab provides an easy way to use Ixia Breaking Point Virtual Edition to test NGN Firewalls, Web Application Firewalls, IDS/IPS, DLP, lawful intercept systems, URL Filtering, Anti-Spam, anti-DDoS, Application Delivery Controllers and WAN accelerators without needing any hardware. Interested in trying out – just open a Ravello account, follow the instructions in this article.
Ixia provides application performance and security resilience solutions to validate, secure, and optimize businesses’ physical and virtual networks. Enterprises, service providers, network equipment manufacturers, and governments worldwide rely on Ixia’s solutions to deploy new technologies and achieve efficient, secure, ongoing operation of their networks. Ixia’s powerful and versatile solutions, expert global support, and professional services equip organizations to exceed customer expectations and achieve better business outcomes. Learn more about Ixia’s story!
About Ravello Systems
Ravello is the industry’s leading nested virtualization and software-defined networking SaaS. It enables enterprises to create cloud-based development, test, UAT, integration and staging environments by automatically cloning their VMware-based applications in AWS. Ravello is built by the same team that developed the KVM hypervisor in Linux.