Search

US-12627586-B2 - Proxied testing and stitching of results for reduced traffic synthetic testing

US12627586B2US 12627586 B2US12627586 B2US 12627586B2US-12627586-B2

Abstract

Application and network tests executed for paths between endpoints and an application are proxied to reduce network traffic sent to application as part of synthetic testing. Testing for each endpoint behind a network element or security component acting as a test proxy for a path between the endpoint to the application is split into two segments: a segment from each endpoint to the test proxy, and a segment from the test proxy to the application. A service obtains test results from agents executing on the endpoints and the test proxy and “stitches” the results of each segment together to generate test results for the path from endpoint to application. Stitching refers to aggregating, combining, or otherwise joining the results obtained for each path segment to generate a set of test results for the path. The manner of stitching can vary depending on test type and/or types of performance metrics collected.

Inventors

  • John Edward Bothe
  • Hristos Siakou

Assignees

  • PALO ALTO NETWORKS, INC.

Dates

Publication Date
20260512
Application Date
20230627

Claims (20)

  1. 1 . A method comprising: obtaining, from an endpoint device, first test results generated based on testing performed for a first segment of an end-to-end path from the endpoint device to an application, wherein the first segment of the end-to-end path corresponds to a path from the endpoint device to a test proxy, wherein the test proxy comprises at least one of a network element and a security component along the end-to-end path; obtaining, from the test proxy, second test results generated based on testing performed for a second segment of the end-to-end path from the endpoint device to the application, wherein the second segment of the end-to-end path corresponds to a path from the test proxy to the application; generating end-to-end test results for the end-to-end path from the endpoint device to the application based on stitching together the first test results corresponding to the first segment of the end-to-end path and the second test results corresponding to the second segment of the end-to-end path, wherein stitching the first and second test results comprises at least one of combining subsets of the first and second test results and combining values indicated in the first and second test results; and indicating the end-to-end test results as results of testing performed for the end-to-end path from the endpoint device to the application.
  2. 2 . The method of claim 1 , wherein the first test results comprise a first path trace for the first segment of the path and the second test results comprise a second path trace for the second segment of the path, and wherein stitching together the first and second test results comprises combining the first path trace and the second path trace to generate a combined path trace for the path from the endpoint device to the application.
  3. 3 . The method of claim 1 , wherein the first test results comprise a first performance metric value collected for the first segment of the path and the second test results comprise a second performance metric value collected for the second segment of the path, and wherein stitching together the first and second test results comprises at least one of combining the first and second performance metric values and determining a representative one of the first and second performance metric values to generate a third performance metric value.
  4. 4 . The method of claim 3 , wherein the first and second performance metric values comprise a first latency measured for the first segment of the path and a second latency measured for the second segment of the path, wherein combining the first and second performance metric values comprises aggregating the first and second latencies to generate an aggregate latency, and wherein indicating the end-to-end test results comprises indicating the aggregate latency as a latency of the path from the endpoint device to the application.
  5. 5 . The method of claim 3 , wherein the first and second performance metric values comprise first and second jitter values, wherein combining the first and second performance metric values comprises determining a pooled standard deviation based on the first and second jitter values.
  6. 6 . The method of claim 3 , wherein the first and second performance metric values comprise first and second packet loss values, wherein determining the representative one of the first and second performance metric values comprises determining which of the first and second packet loss values is greater and designating the greater one of the first and second packet loss values as representative of packet loss for the path.
  7. 7 . The method of claim 1 , wherein the second test results comprise a latency associated with requesting a resource of the application, wherein stitching together the first and second test results comprises adjusting the latency with a delay factor determined based on at least one of the first test results and the second test results to generate an adjusted latency, and wherein indicating the end-to-end test results comprises indicating the adjusted latency as a latency associated with requesting a resource of the application from the endpoint device.
  8. 8 . The method of claim 7 further comprising determining a value of the delay factor based on at least one of a first latency indicated in the first test results and a second latency indicated in the second test results, wherein adjusting the latency comprises multiplying the latency and the value of the delay factor.
  9. 9 . The method of claim 1 , wherein a first agent executing on the endpoint device generated the first test results for the first segment and a second agent executing on the test proxy generated the second test results for the second segment, wherein obtaining the first test results comprises obtaining the first test results from the endpoint device comprises obtaining the first test results from the first agents, and wherein obtaining the second test results from the test proxy comprises obtaining the second test results from the second agent.
  10. 10 . One or more non-transitory machine-readable media having program code stored thereon, the program code comprising instructions to: obtain, from a plurality of test sources, a plurality of first sets of results of performance testing for first paths from the plurality of test sources to a security component or a network element, wherein each of the first paths is a first segment of a path from a respective one of the plurality of test sources and an application; obtain, from the security component or network element, a second set of results of performance testing for a second path from the security component or network element to the application, wherein the second path is a second segment of each path from one of the plurality of test sources to the application; and for each test source of the plurality of test sources and corresponding first set of results of the plurality of first sets of results, generate a set of end-to-end results from the first set of results and the second set of results based on stitching together the first set of results for a corresponding one of the first paths and the second set of results corresponding to the second path, wherein the instructions to stitch together the first and second sets of results comprise at least one of instructions to combine subsets of the first and second sets of results and instructions to combine values in the first and second sets of results; and indicate the set of end-to-end results as results of testing performance for the path from the test source to the application.
  11. 11 . The non-transitory machine-readable media of claim 10 , wherein the first set of results comprises a first performance metric value collected for a corresponding one of the first paths, wherein the second set of results comprises a second performance metric value collected for the path from the security component or network element to the application, and wherein the instructions to stitch together the first and second sets of results comprise instructions to combine the first performance metric value and the second performance metric value.
  12. 12 . The non-transitory machine-readable media of claim 11 , wherein the first performance metric value comprises a first latency and the second performance metric value comprises a second latency, and wherein the instructions to combine the first and second performance metric values comprise instructions to aggregate the first and second latencies to generate an aggregate latency.
  13. 13 . The non-transitory machine-readable media of claim 10 , wherein the first set of results comprises a first path trace for a corresponding one of the first paths from the test source to the security component or network element, wherein the second set of results comprises a second path trace for the path from the security component or network element to the application, wherein the instructions to stitch together the first and second sets of results comprise instructions to combine the first path trace and the second path trace to generate a combined path trace for the path from the test source to the application.
  14. 14 . A system comprising: a processor; and a machine-readable medium having instructions stored thereon that are executable by the processor to cause the system to, based on testing performed for a plurality of paths from a corresponding plurality of endpoint devices to a test destination, obtain, from the plurality of endpoint devices, a plurality of first sets of results of tests performed for a plurality of first paths from the plurality of endpoint devices to a test proxy, wherein each of the plurality of first paths is a first segment of one of the plurality of paths from a respective one of the plurality of endpoint devices to the test proxy, wherein the test proxy comprises a network element or a security component; and obtain, from the test proxy, a second set of results of tests performed for a second path from the test proxy to the test destination, wherein the second path is a second segment of each of the plurality of paths; and for each endpoint device of the plurality of endpoint devices and corresponding first set of results of the plurality of first sets of results, stitch together the first set of results and the second set of results to generate a set of end-to-end results based on stitching together at least one of subsets of the first and second sets of results into a single set and values in the first and second sets of results into a single value; and indicate the set of end-to-end results as results of testing network performance for a corresponding one of the plurality of paths from the endpoint device to the test destination.
  15. 15 . The system of claim 14 , wherein the first set of results comprises a first performance metric value collected for a corresponding one of the plurality of first paths, wherein the second set of results comprises a second performance metric value collected for the second path, and wherein the instructions executable by the processor to cause the system to stitch together the first and second sets of results comprise instructions executable by the processor to cause the system to determine a third performance metric value based on the first and second performance metric values.
  16. 16 . The system of claim 15 , wherein the first performance metric value comprises a first latency and the second performance metric value comprises a second latency, and wherein the instructions executable by the processor to cause the system to determine the third performance metric value based on the first and second performance metric values comprise instructions executable by the processor to cause the system to determine an aggregate latency based on aggregation of the first and second latencies.
  17. 17 . The system of claim 15 , wherein the first performance metric value comprises a first jitter value and the second performance metric value comprises a second jitter value, and wherein the instructions executable by the processor to cause the system to determine the third performance metric value based on the first and second performance metric values comprise instructions executable by the processor to cause the system to determine a pooled standard deviation based on the first and second jitter values.
  18. 18 . The system of claim 14 , wherein the second set of results comprises a latency associated with requesting a resource of the test destination, and wherein the instructions executable by the processor to cause the system to stitch together the first and second sets of results comprise instructions executable by the processor to cause the system to adjust the latency by a delay factor having a value determined based on at least one of the first set of results and the second set of results to generate an adjusted latency.
  19. 19 . The system of claim 18 , further comprising instructions executable by the processor to cause the system to determine the value of the delay factor based on one or more performance metric values indicated by the first set of results, wherein the instructions executable by the processor to cause the system to adjust the latency by the delay factor comprise instructions executable by the processor to cause the system to multiply the latency and the value of the delay factor.
  20. 20 . The system of claim 14 , wherein the first set of results comprises a first path trace for a corresponding one of the plurality of first paths from the endpoint device to the test proxy, wherein the second set of results comprises a second path trace for the second path from the test proxy to the test destination, and wherein the instructions to stitch together the first and second sets of results comprise instructions to combine the first and second path traces to generate a path trace for the path from the endpoint device to the test destination.

Description

BACKGROUND The disclosure generally relates to transmission of digital information (e.g., CPC subclass H04L) and to wireless communication networks (e.g., CPC subclass H04 W). Network or application performance testing may be achieved through monitoring of actual network traffic (e.g., with packet capture) and/or through synthetic monitoring. Synthetic monitoring, also referred to as synthetic testing, refers to generation of network traffic that targets a specific network-accessible destination to be tested, such as a network element or an application or service, and analysis of performance metrics and/or responses captured or observed as a result. Such synthetic network traffic can be of various types (e.g., in terms of associated communication protocol) depending on the target of testing to simulate user and/or network activity. As an example, synthetic monitoring can be employed to test performance of network elements along a path to a network-accessible resource through generation of network layer/layer 3 network traffic directed to a specific Internet Protocol (IP) address or hostname, such as in the case of using traceroute. Synthetic monitoring may also be employed to test accessibility of applications or services to users by simulating retrieval of webpages or application programming interface (API) invocations by users through generation of application layer/layer 7 application network traffic (e.g., Hypertext Transfer Protocol (HTTP)/HTTP Secure (HTTPS) traffic). Secure access service edge (SASE) is a framework that has emerged in response to changing network security needs of organizations as a growing number of employees are located remotely and cloud-hosted applications and data storage are increasingly favored over on-premises solutions. SASE combines wide area networking, including software-defined wide area networks (SD-WANs), with cloud-delivered network security services, such as secure web gateways (SWGs) and cloud-based firewalls delivered according to the firewall as a service (FWaaS) model. BRIEF DESCRIPTION OF THE DRAWINGS Embodiments of the disclosure may be better understood by referencing the accompanying drawings. FIG. 1 is a conceptual diagram of proxying network and application performance tests for synthetic testing with reduced network traffic volume. FIG. 2 is a conceptual diagram of stitching results of proxied performance testing for segments of a path to generate end-to-end test results for the path. FIG. 3 is a flowchart of example operations for generating end-to-end network and/or application test results based on proxied testing and stitching of test results. FIG. 4 is a flowchart of example operations for generating a set of performance metrics for a path end-to-end based on stitching together sets of performance metrics determined from network testing. FIG. 5 is a flowchart of example operations for generating an end-to-end path trace based on stitching together path traces for segments of a path. FIG. 6 is a flowchart of example operations for generating end-to-end application performance test results based on stitching together results of network and application testing. FIG. 7 depicts an example computer system with a performance test result stitching service. DESCRIPTION The description that follows includes example systems, methods, techniques, and program flows to aid in understanding the disclosure and not to limit claim scope. Well-known instruction instances, protocols, structures, and techniques have not been shown in detail for conciseness. Terminology This description uses shorthand terms related to cloud technology for efficiency and ease of explanation. When referring to “a cloud,” this description is referring to the resources of a cloud service provider. For instance, a cloud can encompass the servers, virtual machines, and storage devices of a cloud service provider. In more general terms, a cloud service provider resource accessible to customers is a resource owned/managed by the cloud service provider entity that is accessible via network connections. Often, the access is in accordance with an API or software development kit provided by the cloud service provider. Use of the phrase “at least one of” preceding a list with the conjunction “and” should not be treated as an exclusive list and should not be construed as a list of categories with one item from each category, unless specifically stated otherwise. A clause that recites “at least one of A, B, and C” can be infringed with only one of the listed items, multiple of the listed items, and one or more of the items in the list and another item not listed. Overview When utilizing synthetic testing to run performance tests between an application that is the target of testing and multiple endpoints within an organization that are behind a common gateway (e.g., an Internet gateway/SWG) and/or security component, there is a risk that the amount of network traffic being generated could trigger distribu