Blog

Ixia BreakingPoint 3.4 Released!

March 13, 2015 by Ixia Blog Team

Upgrade to a Better, Faster BreakingPoint

About This Release

With the introduction of BreakingPoint 3.4 Firmware Release, we are excited to announce that we’ve added support for BreakingPoint VE (Virtual Edition) – Ixia’s Virtualized Application and Security Resilience Test Solution.

BreakingPoint 3.4 Firmware includes significant improvements and optimizations targeted to NAT/CGNAT and SLB test scenarios, expands the IPv6 support with several IPv6 transitioning technologies, brings a multitude of platform enhancements to improve the user experience and system performance and continues the transition to an HTML5 user interface.

What’s New?

BreakingPoint VE (Virtual Edition)

Ixia’s BreakingPoint VE provides scalable real-world application and threat simulation in an elastic deployment model by leveraging virtualization and industry-standard hardware platforms.

BreakingPoint VE offers cost-effective, flexible, and elastic virtualized test capabilities that are quickly deployed and scaled across geo-diverse enterprise-wide networks. Build strong networks you can rely on by using BreakingPoint VE to maximize security investments and optimize network architectures.

BreakingPoint VE – Platform Features

  • VMware ESX/ESXi 5.5 hypervisor support
  • Simple OVA deployment model
  • HTML5 User Interface and Restful API support for vBlades deployment
  • vBlades (Virtual Blades) configurable with up to 8 test interfaces per blade
  • up to 12 vBlades per vChassis (Virtual Chassis) / up to 96 virtual test interfaces
  • vChassis supports vBlades deployed across multiple physical hosts
  • 64-bit architecture
  • same ease of use workflow that you’ve grown to love

BreakingPoint VE – Licensing Features

  • Floating, annual subscription license sold in 1 Gbps increments, unlocks all supported features during active subscription term
  • Elastic licensing model allows functional tests and performance tests
  • Flexibility to quickly and easily move licenses between virtualized environments
  • HTML 5 support for license management

BreakingPoint VE – Network Elements, Test Components and Labs

Test Components

  • Application Simulator
  • Client Simulator
  • Session Sender
  • Security
  • Security NP
  • Stack Scrambler

Network Neighborhood Elements

  • IPv4 Static Hosts
  • IPv6 Static Hosts
  • IPv4 External Hosts
  • IPv6 External Hosts
  • VLAN
  • IPv4 Router
  • IPv6 Router

Session Sender Lab

Software Packet Capture

NAT/CGNAT and SLB enhancements

All BreakingPoint platforms benefit from multiple architectural improvements targeting NAT/CGNAT and SLB test scenarios.

  • Optimizes the internal architecture of the connection table and flow look up mechanism to use full tuple instead of half tuple as used in previous releases, delivering the following benefits:
    • Eliminates wrong matches between packets and flows in some conditions, therefore eliminating the unnecessary resets and exceptions
    • Guarantees the new connections no longer wrongly match and disrupt existing established flows
    • Improved bandwidth performance, comparable to non-NAT scenario
    • The connection tuples can now be guaranteed to be unique and can be used to create, insert and lookup connections
  • Better user-experience by eliminating the need to set the "Behind NAT" flag in Network Neighborhood for NAT scenarios
  • Optimizes the connection table look up hash function to find the flow entries faster by performing a single full tuple look up instead of three
  • Fixes to the TCP state machine to properly handle specific error scenarios in which the TCP state machine was not aging out certain entries, resulting in large number of stale entries, leading to scalability issues with load-balanced related tests
  • Fixes to the TCP state machine to correct error scenarios in which the TCP state machine generated incorrectly RESET packets in certain states, resulting in large number of flow exceptions

Platform Enhancements

Security fixes for all hardware platforms

  • Security improvements for ShellShock vulnerability (CVE-2014-6271, CVE-2014-7169)

USB Factory Revert for Firestorm and Firestorm ONE

The 3.4 firmware enables the user interface functions to specify USB as the location of the backup image for the backup and restore functions. The option enables customers to:

  • use the USB via the TCL shell and the web user interface
  • perform a factory revert by performing a USB restore from a USB flash drive that contains a factory revert image.

PerfectStorm and PerfectStorm ONE – Platform Enhancements

Together with the Flix OS 2.0.0.1 and IxOS 6.80 EA releases, PerfectStorm (XGS12-HS chassis) and PerfectStorm ONE customers can benefit from the following platform enhancements:

  • Optimized hardware access performance to significantly reduce the time of several common user operations including boot time, card reboot time and swap time operations
  • Eliminated the restriction to use the 10.0.0.0/16 for chassis management, allowing users to configure the IxRemote IP network to x.y.0.0/16 using the IxExplorer application; networks 10.1.1/24 and 10.1.2/24 must still be avoided
  • Added an option to the Flix OS administration menu to set the system’s time zone
  • Flix OS admin menu > Set System Date and Time > Set timezone manually
  • Improved “local” and “remote” ixia account login
  • Admin account improvements
  • Fixes for setting times/dates starting with ‘8’, ‘9’
  • Fix to “halt system (graceful/forced)” operations – the network reconfiguration now re-asserts disabled of Wake-on-LAN)
  • The NTP service no longer hangs if NTP server cannot be contacted or resolved

Full FPGA-based features parity for PerfectStorm / PerfectStorm ONE while operating in native 40GE QSFP+ mode

BreakingPoint 3.4 Firmware Release closes the L23 feature gap for native 40GE interface, by adding the following capabilities:

  • Bit Blaster
  • Routing Robot
  • RFC 2544 Lab
  • Multicast Lab
  • Resiliency Score Lab

BreakingPoint Firmware 3.3 release enabled this feature set for all hardware variants, including 10GE fan-out mode of the PerfectStorm PS40GE2NG load module and PerfectStorm ONE.

Automation Enhancements

  • Restful API support for BreakingPoint VE deployment
  • TCL support to allow the user to create custom report for section ID’s

Network Impairment for PerfectStorm/PerfectStorm ONE

This release enables the legacy impairment features that are available on Storm/Firestorm product lines to all PerfectStorm Fusion load modules and PerfectStorm ONE Fusion appliances.

IPv6 Transitioning Protocols

All PerfectStorm Fusion and PerfectStorm ONE Fusion variants support the following IPv6 transitioning technologies:

  • IPv6 SLAAC
  • DSLite (Dual Stack Lite), B4 network element
  • DSLite (Dual Stack Lite), Address Family Translation Router (AFTR) network element
  • DHCPv6 client
  • DHCPv6 server

Improved threat modeling using Strike Variants

This release expands the support to control the behavior of a security strike by introducing a Strike Variants group under Security Evasion Profiles. The new settings provide the following benefits:

  • Better threat modeling by allowing execution of all strike variants in a single test
  • Allows control of the strike payload ahead of execution
  • Provides controls to run strike variants sequentially
  • Expands threat realism by providing an option to shuffle strike variants at runtime
  • Allows selection of a subset of strike variants to be run (useful setting for strikes that support a high variant count – some strikes allows up to 300,000 unique strike variants)

To enable this feature you must have BreakingPoint 3.4 Firmware Release and ATI-2015-01 strike pack update or later.

User Interface Enhancements

HTML 5 User Interface

  • This release continues the transition to HTML 5 for several user interface screens including:
  • Strike List Manager
  • RFC 2544 Lab
  • Session Sender Lab
  • Test Criteria
  • Administration page (Control Center)

Strike List Manager Enhancements

  • Exposed strike severity and added option to search by severity
  • Display and search for new strike variant metadata attribute
  • Improved usability by allowing operations with groups of strikes (strike multi-selection, add/remove strike selection, add/remove all strikes)
  • Added support to search for strike variants

Other user interface enhancements

  • Added option to save and manage Session Sender Labs
  • Added option to save and manage RFC 2544 Labs
  • Added option to RFC 2544 Lab to start with “Maximum Throughput” test first
  • Added option to minimize results data collection by controlling the statistics polling interval
  • Added option to update settings simultaneously across multiple test components
  • Added option to quickly enable/disable multiple test components
  • Added option to display the PerfectStorm ONE serial number
  • Added preset value of 40 Gbps for the "Device Capacity" field for Resilience Lab
  • Fixed inconsistency in displaying ports in Device Status screen

Report Enhancements

  • Added % of packets in addition to raw numbers to Routing Robot test reports
  • Added per interface stats to the data rate summary section
  • Updated reporting for “Strike Variants” feature

Application and Threat Intelligence (ATI) – 2014 Key Highlights

The Application and Threat Intelligence (ATI) program provides comprehensive and current application protocols and attacks. This year, the ATI program enabled customers with an active ATI subscription to have timely access to:

  • 60 new applications
  • 571 new strike attacks
  • 400 additional malware strikes (live malware strikepacks)
  • Monthly updates for Evergreen Applications

BreakingPoint 3.4 firmware release provides access to:

  • 38,238 strikes (malware and exploits)
  • 3,283 predefined application Super Flows
  • 290 applications

The Ixia BreakingPoint Application and Threat Intelligence (ATI) program provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms. Leverage the ATI subscription service to stay ahead of attacks and use the latest application definitions.

ATI: BreakingPoint 3.4, Application Support

  • 050 plus
  • Dropbox
  • DTLS
  • Hulu Desktop
  • Instagram (version 6.2.0 for iOS 8.1)
  • Multicast DNS (Apple Bonjour)
  • MXIT Desktop (Desktop version of South African Mobile Social Network)
  • Port Control Protocol v2 (PCPv2)
  • SOCKS 5
  • Team Viewer
  • World of Warcraft

ATI: New Predefined Super Flows

The ATI selection included with this release note is a subset of all the features and enhancements published through our ATI program on a bi-weekly basis. For a complete list, please review the individual release notes for each ATI update posted to https://strikecenter.ixiacom.com/

BreakingPoint 3.4 – ATI Key Highlights

  • Hulu Desktop
  • Dropbox Demo Superflow
  • Dropbox Sync/Get New File
  • Dropbox Sync/Upload New File
  • Dropbox Initial Client Setup and Synchronization
  • Google Calendar Aug 14
  • SharePoint Sep 2014
  • TeamViewer Initial Startup
  • TeamViewer Remote Desktop Session
  • Instagram Nov. 2014
  • DNS Fast Flux superflow
  • PCPv2 Map Request
  • PCPv2 Map Request Prefix64
  • RADIUS IPv4 and IPv6
  • Mxit Desktop File Transfer
  • Mxit Desktop Multiple Status Messages
  • Mxit Messenger For Windows PC
  • FTP Extended Passive Over NAT with ALGS check
  • SOCKS 5 Connect No User Authentication
  • SOCKS 5 Connect with User Authentication
  • DTLS 1.0 Simple Session
  • DTLS 1.2 Simple Session
  • Multicast DNS Demo Superflow
  • 050 Plus Call
  • 050 Plus Unanswered Call
  • ClientSim RADIUS CHAP Authentication
  • World of Warcraft
  • World of Warcraft Patch Update
  • GTPoIPSec HTTP LTE
  • GTPoIPSec HTTP Simple