Cisco NME-RVPN + KAV Software Testing
Not so long ago, we had to test the Cisco NME-RVPN module with KAV software, in the manufacture of which 3 vendors took part:
- Cisco - which provided a hardware platform;
- S-Terra is a Russian developer company that developed software implementing GOST cryptography
- Kaspersky Lab - provided a solution for checking http, ftp and smtp traffic for malicious code, as well as a solution for checking email messages for spam (for those who are familiar with Kaspersky Lab products, KAV 4 Proxy and SMTP Mail Gateway were installed on the module ).
The described module is a computer with two 10/100/1000 Ethernet interfaces (one interface is located on the external panel of the module, the second interface is located on the internal bus, through which the module is connected to Cisco routers), a 1.5 GHz processor, and 512 memory MB Compact Flash card is used as a hard disk.
The module can be installed in Cisco ISR 2800 and 3800 series.
For testing, a stand was assembled that imitated the work of two offices: the central office and the branch. At the central office, there was a mail server, a web server that simulates the operation of the corporate port, Cisco Call Manager. Each office had its own internet connection. All HTTP and FTP traffic passed through the KAV 4 Proxy and was checked "on the fly" for the presence of malicious code. The work was simultaneously emulated by 30 users who viewed various Web resources. No traffic inspection delays were noticed.
All traffic between offices was wrapped in a VPN tunnel built on the basis of GOST-based algorithms. Web traffic in the tunnel from the central office to the branch is also checked for malicious code.
')
The mail traffic going to the mail server located in the central office is wrapped in a smpt mail gateway, which is smtp-relay, where the smtp traffic is checked for malicious code and for spam.
To configure the VPN service on the module, use the cisco-like interface, which is absolutely similar to the Cisco IOS interface. To configure a VPN tunnel, it is sufficient for a specialist to have experience with Cisco routers.
Configuring anti-virus and anti-spam services is done via linux-like interface. To configure these services, you must have some experience with linux systems.
To configure the module does not require any specific knowledge, and does not take much time.
During the testing of the module the following measurements were taken:
• Measurement of the maximum throughput of a VPN tunnel, without checking traffic for malicious code.
Using the utility, iperf loaded the VPN tunnel by increasing speed. As the measurements showed, the throughput of the tunnel was about 75 mbps and the processor load on the module fluctuated around 10-11%. That is, when the tunnel is loaded, the processor is able to perform additional functions without affecting the VPN.
• Measurement of the maximum processor load when checking http traffic for malicious code.
When a VPN tunnel was installed but unarranged, a zip-archive infected with a 100 Mb volume of an infected eicar virus was downloaded. Measurements showed that the average processor load when checking traffic to malicious code is 6-8%, while the peak load is 25-30%.
• Measurement of the maximum processor load when checking email traffic for malicious code and spam.
The antispam service launched on the module is configured as smtp-relay. All messages are checked on the module and then forwarded to the server. Measurements have shown that the load of the processor when checking the total is 45-50%.
• Check for delayed prioritized traffic while simultaneously checking http and smtp traffic for malicious code.
In this test were summarized all of the above with minor changes. At the same time, with a loaded VPN tunnel, the traffic through the tunnel was limited to 60 mbps, while the branch downloaded an infected zip archive from the corporate portal and sent messages to the corporate mail server, 10 messages per second. Each message contained an attachment of 1 Mb with the eicar test virus. The measurement results showed that the CPU usage while running these three services simultaneously was 70-80%. That is, there was still a small margin.
• Verification of prioritized traffic delays while simultaneously loading the services under study.
To the previous experiment added voice traffic. In addition to the previous test, simultaneously with the loading of the described services, they made an IP-telephony call from the central office to the branch, having previously configured QoS on the module. Measurements have shown that a noticeable delay in prioritized traffic does not occur, the voice was not torn or distorted.
According to the test results, it can be concluded that the test solution copes with the functions assigned to it and at the same time has a small margin of safety.
- Cisco - which provided a hardware platform;
- S-Terra is a Russian developer company that developed software implementing GOST cryptography
- Kaspersky Lab - provided a solution for checking http, ftp and smtp traffic for malicious code, as well as a solution for checking email messages for spam (for those who are familiar with Kaspersky Lab products, KAV 4 Proxy and SMTP Mail Gateway were installed on the module ).
The described module is a computer with two 10/100/1000 Ethernet interfaces (one interface is located on the external panel of the module, the second interface is located on the internal bus, through which the module is connected to Cisco routers), a 1.5 GHz processor, and 512 memory MB Compact Flash card is used as a hard disk.
The module can be installed in Cisco ISR 2800 and 3800 series.
For testing, a stand was assembled that imitated the work of two offices: the central office and the branch. At the central office, there was a mail server, a web server that simulates the operation of the corporate port, Cisco Call Manager. Each office had its own internet connection. All HTTP and FTP traffic passed through the KAV 4 Proxy and was checked "on the fly" for the presence of malicious code. The work was simultaneously emulated by 30 users who viewed various Web resources. No traffic inspection delays were noticed.
All traffic between offices was wrapped in a VPN tunnel built on the basis of GOST-based algorithms. Web traffic in the tunnel from the central office to the branch is also checked for malicious code.
')
The mail traffic going to the mail server located in the central office is wrapped in a smpt mail gateway, which is smtp-relay, where the smtp traffic is checked for malicious code and for spam.
To configure the VPN service on the module, use the cisco-like interface, which is absolutely similar to the Cisco IOS interface. To configure a VPN tunnel, it is sufficient for a specialist to have experience with Cisco routers.
Configuring anti-virus and anti-spam services is done via linux-like interface. To configure these services, you must have some experience with linux systems.
To configure the module does not require any specific knowledge, and does not take much time.
During the testing of the module the following measurements were taken:
• Measurement of the maximum throughput of a VPN tunnel, without checking traffic for malicious code.
Using the utility, iperf loaded the VPN tunnel by increasing speed. As the measurements showed, the throughput of the tunnel was about 75 mbps and the processor load on the module fluctuated around 10-11%. That is, when the tunnel is loaded, the processor is able to perform additional functions without affecting the VPN.
• Measurement of the maximum processor load when checking http traffic for malicious code.
When a VPN tunnel was installed but unarranged, a zip-archive infected with a 100 Mb volume of an infected eicar virus was downloaded. Measurements showed that the average processor load when checking traffic to malicious code is 6-8%, while the peak load is 25-30%.
• Measurement of the maximum processor load when checking email traffic for malicious code and spam.
The antispam service launched on the module is configured as smtp-relay. All messages are checked on the module and then forwarded to the server. Measurements have shown that the load of the processor when checking the total is 45-50%.
• Check for delayed prioritized traffic while simultaneously checking http and smtp traffic for malicious code.
In this test were summarized all of the above with minor changes. At the same time, with a loaded VPN tunnel, the traffic through the tunnel was limited to 60 mbps, while the branch downloaded an infected zip archive from the corporate portal and sent messages to the corporate mail server, 10 messages per second. Each message contained an attachment of 1 Mb with the eicar test virus. The measurement results showed that the CPU usage while running these three services simultaneously was 70-80%. That is, there was still a small margin.
• Verification of prioritized traffic delays while simultaneously loading the services under study.
To the previous experiment added voice traffic. In addition to the previous test, simultaneously with the loading of the described services, they made an IP-telephony call from the central office to the branch, having previously configured QoS on the module. Measurements have shown that a noticeable delay in prioritized traffic does not occur, the voice was not torn or distorted.
According to the test results, it can be concluded that the test solution copes with the functions assigned to it and at the same time has a small margin of safety.
Source: https://habr.com/ru/post/67297/
All Articles