Best way to load test application under same machine - performance

I've used Gatling and Siege to load test my application. However, at certain points (especially when my load is higher), I would get a lot of gateway and requestTimeoutException errors. Since the requests doesn't seems to even get to the app, I presume the issue is to be my IP address being blocked due to the influx of traffic from 1 IP address. How do you overcome this? I'm assuming that the users that Gatling and Siege create to send concurrent requests are all under the same IP of my machine?

This is not possible for Gatling, the relevant feature request has been closed, you might want to consider using Apache JMeter instead, JMeter's HTTP Request sampler has "Source IP" field where you can put the needed IP address or alias
More information: Using IP Spoofing to Simulate Requests from Different IP Addresses with JMeter

Related

Load testing a web app which has a load balancer

I wrote a Jmeter test (that uses different user credentials) to load test a web app which has a load balancer and all it forwards the requests to a single node. How can I solve this?
I used the DNS Cache manager but that did not work.
Are there any other tools which I could use? (I looked into AWS Load testing but that too won't work because all the containers would get the same set of user credentials and when parallel tests are run they would fail.)
It depends on the load balancing mechanism used in your load balancer, it might be the case it's looking into the source IP address and forwarding requests from the same IP to the same backend node. You can try using multiple IP addresses (or aliases) and see whether it makes the difference. See IP Spoofing With JMeter: How to Simulate Requests from Different IP Addresses article for more details.
Also adding DNS Cache Manager might be not sufficient, you can try configurign a custom DNS resolver, i.e. 1.1.1.1 as the DNS server so each thread would resolve the underlying IP address on its own

Laravel Request IP Address: will Requests coming from VPNs show the same IP address or not?

Currently I am developing an HTTP server and I am using the throttle (access limitation per minute) functionality of Laravel based on IP address.
However I am afraid that when a VPN and/or Proxy Server is used by different people the incoming request will show the same IP address. The rate limitation is included only to prevent dedicated DOS attacks and I don't want the user of my website to be blocked by rate limitation if they are using a VPN.
First of all, I don't have a solid understanding of how IP addresses are obtained and stored in the Request object. I assume it is included in the HTTP request header however I wasn't able to find it in Google Chrome's developer tool, "Network" tab. The developer tool only shows the destination address and not the source ip address in the "Request Header" session.
Next, I don't have a testing environment where I can test whether the IP address will be the same when sending by different machines using the same VPN, hence I have to ask the question here.
Any help would be appreciated.
will Requests coming from VPNs show the same IP address or not?
Yes, it will show up as the same IP address as this is the whole purpose of using a VPN service, to change the user IP address.
However, if you want to detect if a user is using VPN there are third-party services to help you with that https://ipinfo.io/

jmeter and Cloudflare : 1020 error ; works with Postman

New to Jmeter so I am not sure if my set-up is correct.
Basically I have these set of API's that I need to Perf test. Starting with a setting up a basic connection from Jmeter - I am receiving 1020 error from cloudflare
Access denied | "domain" used Cloudflare to restrict access
and
<div class="cf-alert cf-alert-error cf-cookie-error hidden" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
It works with POSTMAN. So wondering what changes I'll need in jmeter.
I have enabled save cookie in jmeter.properties file
API is for logging into a portal: verified username/password. VPN connection verified as this works from postman.
If you're absolutely sure that the request works in postman (although I'm getting this 1020 error even with the real browser) you should be able to get the same behavior in JMeter as well, just make sure to send the identical request (pay attention to HTTP Headers as well)
The easiest is just recording your Postman request using JMeter's HTTP(S) Test Script Recorder, just configure Postman to use JMeter as the proxy
and run your request - JMeter will generate appropriate HTTP Request sampler and HTTP Header Manager
If you need to use VPN for proper access you might need to configure source IP address at the "Advanced" tab of the HTTP Request sampler like it's described in Using IP Spoofing to Simulate Requests from Different IP Addresses with JMeter article
In any case load testing an API behind Cloudflare might be not the best idea as Cloudflare provides DDoS protection and may (and will) block this type of traffic so you need to either whitelist your IP address(es) or let them know about your load testing activities, I believe they will be able to suggest a better workaround than anyone here
This is related with the securities features of CloudFare, either DDos protection or bot blocking. Exceptions can be configured from the CloudFare control panel.
If you don't have access to this panel you'll have to ask the corresponding person inside your company tasked with this job.

Why should we use IP spoofing when performance testing?

Could anyone please tell me what is the use of IP spoofing in terms of Performance Testing?
There are two main reasons for using IP spoofing while load testing a web application:
Routing stickiness (a.k.a Persistence) - Many load balancers use IP stickiness when distriuting incoming load across applications servers. So, if you generate the load from the same IP, you could load only one application server instead of distributing the load to all application servers (This is also called Persistence: When we use Application layer information to stick a client to a single server). Using IP spoofing, you avoid this stickiness and make sure your load is distributed across all application servers.
IP Blocking - Some web applications detect a mass of HTTP requests coming from the same IP and block them to defend themselves. When you use IP spoofing you avoid being detected as a harmful source.
When it comes to load testing of web applications well behaved test should represent real user using real browser as close as possible, with all its stuff like:
Cookies
Headers
Cache
Handling of "embedded resources" (images, scripts, styles, fonts, etc.)
Think times
You might need to simulate requests originating from the different IP addresses if your application (or its infrastructure, like load balancer) assumes that each user uses unique IP address. Also DNS Caching on operating system of JVM level may lead to the situation when all your requests are basically hitting only one endpoint while others remain idle. So if there is a possibility it is better to mimic the requests in that way so they would come from the different addresses.

JMeter API Testing - Recording the Incoming Traffic

Using JMeter, the HTTP Request is hitting a URL with the port.
Eg : apitesting.com:8888/api/series/one
I have also added a HTTP Test Script Recorder in JMeter, where I can mention the port and domain.
How do I import the incoming traffic to JMeter using tcpreplay and JMeter Proxy for the above example.
Thanks for your help in Advance.
Have you read the FAQ?
Does tcpreplay support sending traffic to a server?
If by server you mean a daemon (Unix) or service (Windows) which listens on a port (a web or mail server would be common examples), then probably not. The biggest issue is that tcpreplay doesn't understand the state of common protocols like TCP. This means it is unable to synchronize Syn/Ack's to create valid TCP sessions.
So you have the following options:
Consider using Wireplay tool instead
Convert your .pcap file into JMeter .jmx script using BlazeMeter JMX Converter
In both cases be aware that you will get only a "skeleton" of the project, you won't be able to replay production traffic, all you will get would be a set of HTTP Request samplers, you will have to figure out the workload model on your own.
In JMeter you can add to your HTTP request a Post Processor Named Response Assertion, If you check the Ignore Status checkbox you will ignore response of the server so even if server is down it'll not fail test and continue.

Resources