PureSNAT - Linux SNAT Kernel Module

 PureLoad Logo
PureLoad 5.2
January 2015
 http://www.pureload.com
support@pureload.com
Documentation Index

Background

In some cases, performance tests require the use of many IP addresses in order to test under realistic conditions. This can be accomplished by configuring the OS on the PureLoad Worker machines to have multiple IP addresses. For larger tests this can become impractical and limited by what the OS can handle. Source Network Address Translation (SNAT) can be used in order to achieve a much higher number of IP addresses and a more efficient handling of IP packets.

Overview

PureSNAT is a kernel module for Linux which allows PureLoad to perform SNAT of IP packets on the local machine. It supports both IPv4 and IPv6. Outgoing packets get their original source addresses replaced with different addresses to be used in the test. Incoming packets are translated back and delivered to the original IP socket. Using this technique, it is possible to use a large number of IP addresses without having to configure them in the OS.

SNAT overview

For each socket that is created by the PureLoad Worker, PureSNAT will hold an entry in a translation table so that it can perform the address translation for outgoing and incoming IP packets.

Setup

The PureSNAT package contains the following files:

puresnat.ko      kernel module binary file
libpuresnat.so    Java native library
psnat            command line binary executable

Installation

The PureSNAT package files must be installed on each PureLoad Worker where SNAT will be used. To install, begin with placing all the PureSNAT package files in the PURELOAD-HOME/lib directory.

To install the Linux kernel module, use the command insmod as root:
%> sudo insmod puresnat.ko

Verify the installation by listing the installed kernel modules and by examining the system log file to verify that the module has loaded correctly:
%> lsmod
Module          Size   Used By
puresnat    115105013   0
        .......
   { other modules }
        .......
%> tail -2 /var/log/messages
Jun 11 10:54:36 PureUbuntu1204 kernel: [19261.524645] PureSNAT module version: 1.3 loading....
Jun 11 10:54:36 PureUbuntu1204 kernel: [19261.525533] PureSNAT module version: 1.3 loaded

Routing

The IP addresses being used for testing are not configured in the OS. This means that none of the hosts on the network will know where to send the IP packets for these addresses. Static routes must be added to all test target hosts so that they know where to send their replying IP packets.

For target hosts running a Linux OS, static routes can be added using the ip route add command. The syntax for ip route add is:
ip route add <destination network> via <gateway> dev <interface>.

For example, to add a static route for network 192.168.16.0/24 to gateway (a PureLoad Worker in our case) 192.168.1.23 using network interface eth1:
%> sudo ip route add 192.168.16.0/24 via 192.168.1.23 dev eth1

For information on how to add static routes for other OS:es, please consult the documentation for that particular OS.

Use the command line utility psnat to verify that the route is correct and that a TCP SNAT connection can be established. The following example shows how to test a connection from the local machine 192.168.1.23 to the server 192.168.1.44 at port 8080 using a SNAT address 192.168.16.10.
%> sudo ./psnat -connect 192.168.1.23 192.168.16.10 192.168.1.44 8080
Connection successful: 192.168.16.10 => 192.168.1.44:8080

Usage

Using PureSNAT for multiple IP addresses in PureLoad is not very different from using Virtual IP Adrresses and Using IP Pool Tasks. The main difference in scenario design is the use of the SnatInitTask. The following picture shows an example scenario:
SNAT scenario
In the above example, the SnatInitTask initializes the use of addresses 192.168.7.1 - 192.168.7.254 and then the IP pool is set up to use the same IP addresses.

Note: PureLoad Manager must be executing as root in order to be able to use PureSNAT.

The command line utility psnat can be used to control SNAT logging, view statistics and test a SNAT connection.
%> sudo ./psnat
Usage: psnat <cmd>
       Command:
          -stats      print statistics (stdout)
          -snat_on    enable SNAT log
          -snat_off   disable SNAT log
          -frags_on   enable fragment log
          -frags_off  disable fragment log
          -print_snat print SNAT tables
          -connect    <orig src ip> <new src ip> <target ip> <target port>
          -dgram      <orig src ip> <new src ip> <target ip> <target port>
output sent to /var/log/messages.
%> sudo ./psnat -snat_on
%> tail -f /var/log/messages
Oct  3 17:26:57 ubuntu kernel: [36090.506045] PureSNAT: tcp_v4 log: 1
Oct  3 17:26:57 ubuntu kernel: [36090.506046] PureSNAT: tcp_v6 log: 1
Oct  3 17:26:57 ubuntu kernel: [36090.506048] PureSNAT: udp_v4 log: 1
Oct  3 17:27:04 ubuntu kernel: [36097.599658] PureSNAT: Add TCP SNAT entry IPv4 orig_src=192.168.1.96:43752, new_src=192.168.7.1:43752
Oct  3 17:27:04 ubuntu kernel: [36097.599849] PureSNAT: sent TCP SNAT packet IPv4 orig_src=192.168.1.96:43752, new_src=192.168.7.1:43752

The settings can also be changed using sysctl with the following variables:

%> sysctl -a | grep puresnat
net.puresnat.log_frags = 0
net.puresnat.log_tcp_v4 = 0
net.puresnat.log_tcp_v6 = 0
net.puresnat.log_udp_v4 = 0

SNAT log output appears in /var/log/messages and can be helpful to examine if there are any problems executing the scenario.
Copyright © 2015 PureLoad Software Group AB. All rights reserved.