Keysight CyPerf

Release 2.1

Deployment Guide

202302281757+02:00
 Keysight provides the Software to U.S. gov-
Notices ernment customers under its standard com-
mercial license, which is embodied in its End
Copyright Notice User License Agreement (EULA), a copy of
which can be found at http://www.key-
© Keysight Technologies 2020–2023
sight.com/find/sweula. The license set forth
No part of this document may be repro-
in the EULA represents the exclusive author-
duced in any form or by any means (includ-
ity by which the U.S. government may use,
ing electronic storage and retrieval or
modify, distribute, or disclose the Software.
translation into a foreign language) without
The EULA and the license set forth therein,
prior agreement and written consent from
does not require or permit, among other
Keysight Technologies, Inc. as governed by
things, that Keysight: (1) Furnish technical
United States and international copyright
information related to commercial com-
laws.
puter software or commercial computer
software documentation that is not cus-
Warranty tomarily provided to the public; or (2) Relin-
The material contained in this document is quish to, or otherwise provide, the
provided “as is,” and is subject to being government rights in excess of these rights
changed, without notice, in future editions. customarily provided to the public to use,
Further, to the maximum extent permitted modify, reproduce, release, perform, dis-
by applicable law, Keysight disclaims all war- play, or disclose commercial computer soft-
ranties, either express or implied, with ware or commercial computer software
regard to this manual and any information documentation. No additional government
contained herein, including but not limited requirements beyond those set forth in the
to the implied warranties of merchantability EULA shall apply, except to the extent that
and fitness for a particular purpose. those terms, rights, or licenses are explicitly
Keysight shall not be liable for errors or for required from all providers of commercial
incidental or consequential damages in con- computer software pursuant to the FAR and
nection with the furnishing, use, or per- the DFARS and are set forth specifically in
formance of this document or of any writing elsewhere in the EULA. Keysight
information contained herein. Should shall be under no obligation to update,
Keysight and the user have a separate writ- revise or otherwise modify the Software.
ten agreement with warranty terms cov- With respect to any technical data as
ering the material in this document that defined by FAR 2.101, pursuant to FAR
conflict with these terms, the warranty 12.211 and 27.404.2 and DFARS 227.7102,
terms in the separate agreement shall con- the U.S. government acquires no greater
trol. than Limited Rights as defined in FAR
27.401 or DFAR 227.7103-5 (c), as applic-
Technology Licenses able in any technical data. 52.227-14 (June
The hardware and/or software described in 1987) or DFAR 252.227-7015 (b)(2) (Novem-
this document are furnished under a license ber 1995), as applicable in any technical
and may be used or copied only in accord- data.
ance with the terms of such license.

U.S. Government Rights

The Software is "commercial computer soft-
ware," as defined by Federal Acquisition
Regulation ("FAR") 2.101. Pursuant to FAR
12.212 and 27.405-3 and Department of
Defense FAR Supplement ("DFARS")
227.7202, the U.S. government acquires
commercial computer software under the
same terms by which the software is cus-
tomarily provided to the public. Accordingly,

–2–
 Keysight CyPerf

Contacting Us
Keysight headquarters
1400 Fountaingrove Parkway
Santa Rosa, CA 95403-1738
www.ixiacom.com/contact/info

Support

Global Support +1 818 595 2599 [email protected]

Regional and local support contacts:

APAC Support +91 80 4939 6410 [email protected]

Australia +61-742434942 [email protected]

EMEA Support +40 21 301 5699 [email protected]

Greater China Region +400 898 0598 [email protected]

Hong Kong +852-30084465 [email protected]

India Office +91 80 4939 6410 [email protected]

Japan Head Office +81 3 5326 1980 [email protected]

Korea Office +82 2 3461 0095 [email protected]

Singapore Office +65-6215-7700 [email protected]

Taiwan (local toll-free number) 00801856991 [email protected]

–3–
 Keysight CyPerf

Table of Contents

Contacting Us 3

Chapter 1 Overview 5

Keysight CyPerf Agent 5

Costs and Licenses 5

Chapter 2 Manual Deployment Using OVA 6

Deploying the CyPerf Controller from OVA 6

Deploying the CyPerf Agent from OVA 7

Step 1: Deploy a VM from OVA 7

Step 2: Select OVA 8

Step 3: Select Datastore 8

Step 4: Select the Network 9

Step 5: Set netplan 10

Step 6: Set cyperfagent configuration 11

Step 7: Disable the Synchronize guest time with host option 12

Deploying the CyPerf Controller Proxy from OVA 13

Deploying the License and User Manager from OVA 13

Chapter 3 Deployment in Cloud and Kubernetes 14

Deploying the CyPerf Controller and Agent in Cloud and Kubernetes 14

Deploying CyPerf in AWS using the Controller Proxy and Agent Pair 14

Chapter 4 Agent Installation on Commercial Off-the-Shelf (COTS) 16

Compatibility 16

Where to Find the Installer 16

Installer Content 16

Installation Steps 17

How to Uninstall 17

Known Limitations 18

Chapter 5 Troubleshooting 19

–4–
 Keysight CyPerf

CHAPTER 1
Overview
This Deployment Guide provides step-by-step instructions for deploying Keysight CyPerf.

Keysight CyPerf is comprised of the following components, which can be deployed on premise or on
AWS, Azure, GCP, or Kubernetes environments:
l Keysight CyPerf Controller: a web-based user interface for configuring and running tests,
viewing real-time statistics and reviewing results. For details, see Deploying the CyPerf
Controller from OVA.
l Keysight CyPerf Traffic Agent: software agents generating test traffic. For details, see
Deploying the CyPerf Agent from OVA.
l Keysight CyPerf Controller Proxy: ensures communication between Agents and Controller
in hybrid setups. For details, see Deploying the CyPerf Controller Proxy from OVA.

Keysight CyPerf License and User Manager is a centralized license server that can be used for
multiple CyPerf Controller setups. For details, see Deploying the License and User Manager from
OVA.

Keysight CyPerf Agent

Keysight CyPerf Agent is a primary traffic generation node used by Keysight CyPerf. It is capable of
simulating stateful web traffic with or without Transport Layer Security (TLS) encryption, as is the
case of banking or web portal applications.

Moreover, Keysight CyPerf Agent can generate simple HTTP/ HTTPS upload and download
commands with real payload files. It can also generate most updated attack traffic published by
OWAPS, and it allows users to configure combinations of legitimate traffic and attack traffic more
realistically in order to test their DUT.

Costs and Licenses

You are responsible for the cost of the AWS, Azure, or GCP services used while running this Quick
Start reference deployment. There is no additional cost for using the Quick Start.

The AWS CloudFormation templates, Azure Resource Manager templates, and GCP Deployment
Manager templates for this Quick Start include configuration parameters that you can customize.
Some of these settings (such as the instance type) will affect the cost of the deployment. For cost
estimates, see the pricing pages for each cloud service you are using. Prices are subject to change.

After you deploy the Quick Start, we recommend that you enable the Cost and
Usage Reports available on specific clouds to track costs associated with the
Quick Start. These reports provide cost estimates based on usage throughout
each month and finalize the data at the end of the month. For more information
about the reports, see the specific cloud documentation.

–5–
 Keysight CyPerf

CHAPTER 2
Manual Deployment Using OVA
This chapter details the requirements and step-by-step instructions needed to deploy each CyPerf
component from an OVA.

Deploying the CyPerf Controller from OVA

ESXi resource requirements:
l 8 CPU cores
l 12 GB of RAM
l minimum of 100GB storage
l 1 available physical NIC on the ESXi for management connectivity
6.5 or newer ESXi versions are supported.

To deploy the Keysight CyPerf Controller from an OVA file:

1. Download the OVA from the provided location.

2. Open your preferred ESXi client and start the deployment.
3. Before starting up the VM, make sure that the Management interface of the VM has
environment connectivity. Note that DHCP is the preferred option, and this is also how the VM
is configured to obtain its IP address.
The application has a predefined IP address configured that will change
during the DHCP negotiation step. This IP address will be the one
configured to access the application.
To configure a static IP:
a. Connect to the ESXi interface.
b. Enter user "console", and you will be redirected to a new login form.
c. Enter the following predefined credentials: username: admin,
password: CyPerf&Keysight#1
d. To apply a static IP, enter the following command:
kcos networking ip set mgmt0 DESIRED_STATIC_IP/PREFIX GATEWAY_
IP.
For example: kcos networking ip set mgmt0 10.38.166.89/24
10.38.166.1
To enable DHCP, enter the following command: kcos networking ip
set mgmt0 dhcp.
4. Go to https://<obtainedIpAddress> to access the application.

–6–
Chapter 2 Manual Deployment Using OVA

Deploying the CyPerf Agent from OVA

This section describes how to deploy the Keysight CyPerf Agent OVA from the vSphere web interface.
l The supported vSphere version is 6.5 or newer.
l Prior to deployment, you must have a valid vSphere ESXi host with valid
credentials and a VMware license.

Step 1: Deploy a VM from OVA

In the New Virtual Machine window, select Create a virtual machine from an OVF or OVA file
as the creation type.

–7–
 Chapter 2 Manual Deployment Using OVA

Step 2: Select OVA

Specify the virtual machine name and browse for the CyPerf Agent OVA.

Step 3: Select Datastore

Indicate the storage type and datastore.

–8–
Chapter 2 Manual Deployment Using OVA

Step 4: Select the Network

Agents must have two interfaces: a management interface and a test interface.

1. Specify VM Network as the Management Network.

2. From the drop-down list, select a proper vSwitch from the drop-down list which has LAN
network connectivity.
In the following example, VM Network is LAN vSwitch.
3. Specify Test_net1 as the Test Network.
4. From the drop-down list, select a proper vSwitch which has test network connectivity.
In the following example, Test_net1 also selects LAN vSwitch. This is because the user opts for
LAN IP for both Management and Test network.
5. Select vSwitches as per your test topology.
6. Select Next and start deployment.

–9–
 Chapter 2 Manual Deployment Using OVA

Step 5: Set netplan

After the deployment is complete and the VM is in running state, the management interface must get
an IP from the DHCP server.

1. SSH to Agent with username: cyperf and password: cyperf.

2. Set netplan (/etc/netplan/01-netcfg.yaml) accordingly to set the IP of the test interface
either from the DHCP server or statically. For more details on this, refer to the netplan
documentation.
If the Management and Test Network are from the same subnet, then the
management interface must have lower metric than the test interface.
In the following example, the user selects the same VM Network for the test and management
subnet. ens33 is the test interface, and ens160 is the management interface. That is why the
user sets metric 100 for the management interface and metric 200 for the test interface in
netplan.
Example:

network:
version: 2
renderer: networkd
ethernets:
ens33:
dhcp4: yes
dhcp-identifier: mac
dhcp4-overrides:
route-metric: 200
ens160:
dhcp4: yes
dhcp-identifier: mac
dhcp4-overrides:
route-metric: 100

3. After netplan configuration, apply netplan:

sudo netplan apply

4. Set the netplan configuration for a static IP for both the management and test interfaces:

network:
version: 2
renderer: networkd
ethernets:
ens160:
dhcp4: no
addresses: [IP address/Netmask]
routes:
- to: 0.0.0.0/0
via: <Gateway IP>
metric: 100

– 10 –
Chapter 2 Manual Deployment Using OVA

ens192:
dhcp4: no
addresses: [IP address/Netmask]
routes:
- to: 0.0.0.0/0
via: <Gateway IP>
metric: 200

5. Set the netplan configuration for a static IP in the management interface, and with no IP for the
test interface:

network:
version: 2
renderer: networkd
ethernets:
ens160:
dhcp4: no
addresses: [IP address/Netmask]
routes:
- to: 0.0.0.0/0
via: <Gateway IP>
metric: 100
ens192:
dhcp4: no

Step 6: Set cyperfagent configuration

Use the CLI cyperfagent to configure the required configuration parameters.

The following commands are available in CLI:

l cyperfagent controller show: Shows the currently configured Controller.
l cyperfagent controller set <Controller IP>: Sets the Controller.
l cyperfagent interface management show: Shows the currently configured Management
Interface.
l cyperfagent interface management set ens160: Sets the Management Interface to ens160.
l cyperfagent interface management set auto: Sets the Management Interface to auto for
dynamically detecting the Interface at runtime.
l cyperfagent interface test set ens160: Sets the Test Interface to ens160.
l cyperfagent interface test set auto: Sets the Test Interface to auto for dynamically
detecting the Interface at runtime.

– 11 –
 Chapter 2 Manual Deployment Using OVA

Step 7: Disable the Synchronize guest time with host option

Keysight CyPerf Agents deployed by Agent OVA should have the Synchronize
guest time with host option disabled by default. You can enable this option for
the EXSi Hypervisor.

1. Under the Agent VM for vSphere web interface, select VM Options.

2. Under VMware Tools > Time, disable Synchronize guest time with host.

– 12 –
Chapter 2 Manual Deployment Using OVA

Deploying the CyPerf Controller Proxy from OVA

ESXi resource requirements:
l 2 CPU cores
l 2 GB of RAM
l minimum of 10GB storage
l 1 available physical NIC on the ESXi for management connectivity
6.5 or newer ESXi versions are supported.

To deploy the CyPerf Controller Proxy from an OVA file:

1. Download the OVA from the provided location.

2. Open your preferred ESXi client and start the deployment.
3. Before starting up the VM, make sure that the management interface of the VM has
environment connectivity. Note that DHCP is the preferred option, and this is also how the VM is
configured to obtain its IP address.
4. CyPerf Agents should also be deployed with the Controller Proxy. CyPerf Controller connects to
the obtained IP address of the CyPerf Controller Proxy on port 443 and accesses the CyPerf
Agents through it.

Deploying the License and User Manager from OVA

ESXi resource requirements:
l 2 CPU cores
l 4 GB of RAM
l Minimum of 100GB storage
l 1 available physical NIC on the ESXi for management connectivity
6.5 or newer ESXi versions are supported.

To deploy the Keysight License and User Manager from an OVA file:

1. Download the OVA from the provided location.

2. Open your preferred ESXi client and start the deployment.
3. Before starting up the VM, make sure that the management interface of the VM has
environment connectivity. Note that DHCP is the preferred option, and this is also how the VM is
configured to obtain its IP address.
4. Go to https://<obtainedIpAddress> to access the application. Enter credentials:
admin/CyPerf&Keysight#1

You will now be able to activate licenses and use the License and User Manager as the external
license server on your CyPerf Controller setup.

– 13 –
 Keysight CyPerf

CHAPTER 3
Deployment in Cloud and Kubernetes
This chapter provides general considerations about the deployment of each CyPerf component in the
Cloud and Kubernetes.

Deploying the CyPerf Controller and Agent in Cloud and

Kubernetes
Before you deploy the templates required by your chosen environment, it is recommended that you
review the architecture, security, and other considerations discussed in this guide. The following
external links are for your convenience:
l AWS automated deployment
l Azure automated deployment
l GCP automated deployment
l K8s deployment

Deploying CyPerf in AWS using the Controller Proxy

and Agent Pair
This solution uses a CloudFormation template to deploy the CyPerf Controller Proxy and two CyPerf
Agents in an Amazon Virtual Private Cloud solution.

Choose this option if you want to deploy the CyPerf Controller in a different region or cloud. The
CyPerf Controller connects to the public IP of the CyPerf Controller Proxy on port 443 and accesses
the CyPerf Agents through it. This ensures that all communication between the CyPerf Controller
and CyPerf Agents is encrypted.

You can use the templates in two ways:

l Use a new VPC template: This means that the all the required network resources are created
from scratch (for example, VPC, subnets, route table, Internet gateway, NAT gateway).
l Use an existing VPC template: This means that all the required network resources already exist
(for example, VPC, subnets, route table, IGW, NAT gateway, security groups). You can select
an existing VPC, subnet, and security group during the deployment process.

Each agent has two interfaces:

l The Management interface: The Agents communicate with the Controller Proxy through this
interface.
l The Test interface: Traffic flows through this interface.

– 14 –
Chapter 3 Deployment in Cloud and Kubernetes

During the first deployment, a default Agent is set as the Test interface, and the Management
interface is set as the second interface. This means that the deployment test traffic flows only
between the first interface of both Agents.

– 15 –
 Keysight CyPerf

CHAPTER 4
Agent Installation on Commercial Off-the-Shelf (COTS)
This section describes the Keysight CyPerf Agent installer, how to perform install, uninstall, and
update operations, how to switch between different installed versions at run-time, different install
and uninstall scenarios, and expected behavior.

Compatibility
The Debian installer is currently tested for Ubuntu 18.04 Server. Installing it on any other flavors of
Linux might not work as expected.

Where to Find the Installer

A Debian installer package is provided to users.

Installer Content
The installer is located under the /opt/keysight/tiger/<build version>/<build
configuration>/ directory. Sub-directories are created as follows:
l bin: Binaries, including Tiger libraries, AppsecAgent, portmanager, CliCommunicatorUtil
l cert_key: Certificates and keys
l data: Test input data
l source: Common code (data-structures) shared with other components (Middleware)
l test_config: Tiger test configuration XML files

– 16 –
Chapter 4 Agent Installation on Commercial Off-the-Shelf (COTS)

Installation Steps
1. Execute the command sudo apt install <installer.deb file with full path> to install the
Debian installer.
If any existing portmanager configurations are present in the system (such as Controller URL,
Controller Proxy URL, Management Interface, or Test Interfaces), they will be reused. If no pre-
existing configurations are found, then a new configuration will be used with default
configuration values.
2. Use the CLI cyperfagent to configure the required configuration parameters. The following
commands are available in the CLI:
l cyperfagent controller show: Shows the currently configured Controller.
l cyperfagent controller set <Controller IP>: Sets the Controller IP.
l cyperfagent interface management show: Shows the currently configured Management
interface.
l cyperfagent interface management set ens160: Sets the Management interface to ens160.
l cyperfagent interface management set auto: Sets the Management interface to auto for
dynamically detecting the interface at runtime.
l cyperfagent interface test set ens160: Sets the Test interface to ens160.
l cyperfagent interface test set auto: Sets the Test interface to auto for dynamically
detecting the interface at runtime.

You cannot install the same version of the application twice on the same system.

Installing an Existing Version

You cannot install the same version twice on the system.

Installing the ixstack installer when the PORT_MANAGER_TEST_INTERFACE is

defined

If the Test interface network driver does not support DPDK, the installation will fail.

How to Uninstall
The uninstall path is not completely implemented yet. To properly complete the
uninstall procedure, some manual steps are required. See the Known
Limitations section for details.

To uninstall CyPerf:

1. Use the apt list --installed | grep tiger command to list all the Tiger packages installed on
the system.
2. Use sudo apt remove <tiger package name> to uninstall the Tiger version entirely from the
system.
If uninstall fails, refer to item 3 of the Known Limitations section.

– 17 –
 Chapter 4 Agent Installation on Commercial Off-the-Shelf (COTS)

Known Limitations
1. The portmanager service is not stopped during the installation, but the portmanager which was
installed by the current version of the installer is removed.
2. The portmanager configuration file /etc/portmanager/portmanager-config.json is not
removed during the uninstall process.
3. If the current version is active (i.e., /opt/keysight/tiger/active points to it), uninstall will
fail. Uninstall is possible after manually removing the active link.

– 18 –
 Keysight CyPerf

CHAPTER 5
Troubleshooting
Q: I encountered a CREATE_FAILED error when I launched the Quick Start.

A: If AWS CloudFormation fails to create the stack, it is recommended that you relaunch the
template with Rollback on failure set to No. You can find this setting under Advanced, on the
Options page, in the AWS CloudFormation console. When this setting is set to No, the stack’s state
will be retained, and the instance will be left running, so you can troubleshoot the issue. For details
on the error, look for the log files in %ProgramFiles%\Amazon\EC2ConfigService and
C:\cfn\log.

When you set Rollback on failure to No, you will continue to incur AWS
charges for this stack. Make sure to delete the stack when you finish
troubleshooting.

For additional information, see Troubleshooting AWS CloudFormation on the AWS website.

Q: I encountered a size limitation error when I deployed the AWS CloudFormation

templates.

A: It is recommend that you launch the Quick Start templates from the location that Keysight
provided or from another S3 bucket. If you deploy the templates from a local copy on your computer
or from a non-S3 location, you might encounter template size limitations when you create the stack.

For more information about AWS CloudFormation limits, see the AWS documentation.

– 19 –
© Keysight Technologies, 2020–2023

This information is subject to change

without notice.

www.keysight.com