when Packets go BRRRRRRRRRRRRR

We've come a long way since we released v5 of our Stresstest-platform 1,5 years ago; here is an (incomplete) list of all the new features since then:

  • we implemented IPv6 - tests
  • defined new attack-modules that let you choose between simple botnets, reflection/amplification, IoT - botnets or advanced attackers
  • developed browser-attacks to solve browser-challenges and to bypass simple protection
  • established a wider range of monitoring and measurements from various locations and providers
  • created a sensor to measure the effectiveness of anti-ddos-filters
  • developed CGNAT-Attacks
  • started RedTeaming and developed successfull attacks that are not yet realeased
  • and much much more

a little slideshow:

From a technical standpoint much more interesting is the fact that we have replaced the engine under the hood for volumetric attacks. Until version 5, our attack scripts grew "organically" for over 6 years; more and more protocols were added, besides UDP and TCP later also ICMP, GRE, MPLS etc, plus the whole thing then in the flavors "valid traffic", "big/small payload", "random payload", "broken traffic", "garbage traffic", "MaxPackets", and finally also everything in IPv6 again, please. In the end more than 20 different scripts were responsible for the stresstest traffic; an unmanageable chaos, every extension and added feature a PITA.

In 2021 we experimented a lot with scapy, the unbeatable Swiss Army Knife when it comes to manual generation of packets, and also converted some generators to scapy, but oh!: the performance with a maximum of 3 Mbit/s despite all tweaking and tricking was far below what we needed for the big tests with 50 GB/s traffic and more.

So we kept looking for a solution that is a) as simple, elegant and flexible as scapy and b) can keep up with our current implementations in terms of performance. In winter 2021/2022 we first became aware of Ixia-c traffic generator and Open Traffic Generator API from this talk by Keysight, which looked very promising, especially regarding the features of packet generation and flow control.

In spring 2022, we rebuilt a large part of our traffic generators. This went surprisingly fast after overcoming the first very steep learning curve. After we understood the Open Traffic Generator concept, the first prototype was ready after 1 day of work, and the complete conversion of our platform to Ixia-c was ready for beta testing within a week.


The 20+ different scripts became 200 LOC, and because Ixia-c is now responsible for 90% of the packet generation, we were able to optimize various features to such an extent that there is a huge savings for future extensions and adaptations. Where we used to have to implement and test a new attack sequence such as Chewy, THOR or CarpetBombing in all scripts which took us days, this is now available to all generators through a small change and only needs to be tested briefly.

Not only the maintenance and extension efforts have been reduced extremely. Thanks to Ixia, we can also finally utilize our high-volume speakers for all protocols and generators again. Before Ixia-c, we sometimes couldn't go beyond 10 Mbps per node, but now we're back up to 5 Gbps.

We would like to take this opportunity to thank the Keysight team, who not only provide an outstanding software product, but have also created the perfect solution with the Open Traffic Generator API, Ixia-c and snappi as reference-implemenation and very detailed documentation. All as Open Source. And the guys run a Slack channel where there is always a staff member ready to answer questions.

Chapeau and hats off!

TL;DR: The use of Keysight Ixia-c Engine with Open Traffic Generator API has massively streamlined the code base for zeroBS Stresstest-platform, reduced maintenance and extension efforts by more than 90% and improved the utilization of our traffic generators by a factor of up to 1000%.

Fragen? Kontakt: info@zero.bs