Selenium - Functional, Performance testing tool.

Selenium - Functional, Performance testing tool.


Selenium is powerful open source tool for testing (Functional) web applications; it is similar to HP QTP (Quick Test Professional).

It provide full control on the web pages, by allowing access to view source, DOM elements and complete navigation(clicks, selecting links etc) through different API’s.

Selenium IDE is a firefox add-on that can record the user actions in the form of script, which can reply again in the browser. It can also convert the recorded script in different programming languages.

We can integrate Selenium Remote Control(RC)  with different programming languages (.Net, Python, Perl, Ruby, Java) and execute the selenium scripts.

Some companies link BrowserMob, PushToTest use Selenium GRID to conduct performance testing. It consume more resources and not a good idea for conducting performance testing.

Link to All Selenium Projects

It is always worth learning these open source tools, not required to pay license fee.

----

Web Site Test Tools

Web Site Test Tools


This link contain 440 tools listed in 12 categories.



----

Performance Testing - TCP Connection Failures

Performance Testing - TCP Connection Failures.

I came across this article on WebPerformanceInc, which explain about establishing TCP connection and different reasons for connection failures…felt interesting.

Load Tester is a web site load testing tool, and as such we deal primarily with the most popular Internet communications protocol: the Hypertext Transfer Protocol, or HTTP, which controls the request and transmission of web pages between browser clients and web servers.  HTTP is based on a lower-level protocol known as the Transmission Control Protocol, or TCP.    For the most part, TCP works in the background, but its proper function is critical to your website, and problems at the TCP level can show up in many different ways during a load test.  These errors can sometimes be difficult to troubleshoot, requiring a packet sniffer such as Wireshark or tcpdump to analyze, while others are simpler.

TCP uses the concept of “ports” to identify and organize connections.  For every TCP connection, there are two ports – the source port, and the destination port.  For our purposes, the most important ports are port 80 and port 443, which are the two most common ports utilized by web servers – 80 for normal HTTP traffic, and 443 for SSL-encrypted traffic.  A typical TCP connection from a client to a webserver will involve a random source port such as 44567, and a destination port on the server of port 80.  Each web server can accept many hundreds of connections on port 80, but each connection must come from a different source port on each client.

To create these connections between ports, TCP relies on a three-way handshake.  The requesting client first sends a packet with the TCP SYN flag set, indicating that it wants to open a connection.  If the server has a process listening on the destination port, it will respond with a packet that has both the SYN flag set and the ACK flag set, which acknowledges the client’s SYN and indicates that a connection can be created on that port.  The client then sends a packet with the ACK flag set back to the server, and the connection is established.  The current connections can be viewed using the netstat tool on both Windows and Linux.

What does it look like when a TCP connection attempt fails?  The TCP packet with the SYN flag is sent from the client, which in our case is a load engine.  If the server sees such a packet, but does not have a process listening on the target port, it will typically respond with a TCP packet that has the ACK and RST flags set – a TCP reset.  This tells the client that connections are not available on this port.

Load Tester showing a connection refused (ACK RST)

This screenshot shows the result of a load engine failing to connect to the server.  In this case, you can see that I attempted to connect to TCP port 442, which doesn’t have a web server running on it (or any other service, for that matter).  Note that the response was received quickly, in about 1 second, indicating that the remote server saw the ill-fated packet and responded.  The most important thing to know about this error is that it is one of the most reliable errors that you’ll see – either the Load Tester controller or the load engine really is having trouble connecting to the site.  The most common reason for this is that either the site is down, or there is a firewall that is blocking the load engine but not the controller.
So … what happens when the remote server does not respond?

Load Tester showing a connection timeout (dropped packet)

This screenshot shows the same attempted connection, only this time, no response was received from the target server – not even the TCP reset that indicates connections are not available on the target port.  Note how long it takes for Load Tester to report an error – 21 seconds, in this case.  I induced this error by configuring the Linux iptables firewall to drop all incoming packets on TCP port 442, so the server’s TCP stack never saw the incoming SYN packet and thus did not respond to it – from the server’s perspective, the packet never arrived.  A similar error will occur if the server cannot be reached for some reason; for example if you attempt to connect to the wrong hostname, the server is offline, or your traffic is being misrouted between the client or load engine and the server.  If you see these kinds of errors, then the first thing you should do is make sure that the server is up, and that any HTTP proxy servers necessary to reach the server are configured correctly.

Of course, TCP connections can also fail after a connection has been established.  Here’s an example:

Load Tester showing a server connection termination

This error message is much less clear.  Did the server close the connection on purpose?  If so, why?  If not, what happened? Did the process handling the server connection crash or return bad data?  In this case, it’s useful to know what Load Tester considers to be a successful connection.  Load Tester expects there to be HTTP headers, followed by data.  In this case, we did not finish receiving the HTTP headers, and so Load Tester considers the connection incomplete.  Load Tester failed to receive the headers in this case because I induced this error by attempting to elicit an HTTP response from the Secure Shell (ssh) service listening on TCP port 22, which terminated the connection after receiving what it saw as invalid data – Load Tester’s HTTP request.

In a real test, there’s a pretty large number of things that can cause this error, from server process crashes or errors, to overly aggressive firewalls, to reverse proxy failures, to misdirected traffic on a load balancer.  In such a case, a traffic analyzer such as Wireshark or tcpdump can be very helpful in determining what is happening.  Note that you may need to observe traffic in more locations that in front of the load engine or the controller though, as traffic can be altered by firewalls and load balancers.




----

Velocity - Web Performance Conference 2010

Velocity - Web Performance Conference 2010

Oreilly’s Velocity Conference exclusively for website performance and testing.

Metrics 101

View more presentations from Alistair Croll.


There are around 20 videos relating to this conference on YouTube. 




----

Evaluation of computing

Evaluation of computing

30 minutes video, that explain the evaluation of computing from primitive stage, where there are no CRT monitors, user need to use paper as input and output medium ...interesting to watch. 

Best Practices For Speeding Web Site

 Best Practices for Speeding Up Your Web Site

Google Link

Yahoo Link



---

Performance Testing - Why site could be slow, even with low CPU/RAM/disk utilization.

Why site could be slow, even with low CPU/RAM/disk utilization.

Some times site appeared to slow down significantly, despite the fact that their CPU, RAM, and disk utilization did not rise in utilization significantly. While those three metrics are often good indicators of why systems can “slow down”, there are many other causes of performance problems. Today, we’re going to discuss one common root cause for slow websites that often gets overlooked: connection management.

Until very recently, most web browsers would only issue a maximum of two connections per host, as per the recommendation by the original HTTP/1.1 specification. This meant that if 1000 users all hit your home page at the same time, you could expect ~2000 open connections to your server. Let’s suppose that each connection consumes, on average, 0.01% of the server’s CPU and no significant RAM or disk activity.

That would mean that 2000 connections should be consuming 20% of the CPU, leaving a full 80% ready to handle additional load – or that the server should be able to handle another 4X load (4000 more users). However, this type of analysis fails to account for many other variables, most importantly the web server’s connection management settings.
Just about every web server available today (Apache, IIS, nginx, lighthttpd, etc) has one or more settings that control how connections are handle. This includes connection pooling, maximum allowed connections, Keep-Alive timeout values, etc. They all work basically the same way:

• When a request (connection) comes in to the server, the server will look at the maximum active connections setting (ie: MaxClients in Apache) and decide if it can handle the request.
• If it can, the request is processed and the number of active connections is incremented by one.
• If it can’t, the request is placed in to a queue, where it will wait in line until it finally can be processed.
• If that queue is too long (also a configuration setting in the server), the request will be rejected outright, usually with a 503 response code.

It’s this queue that can make your site to appear to be slow, despite low server utilization. Say the server allows up to 256 concurrent requests and each request takes 1 second to complete. That means if 1000 users visited the site at the same time, causing 2000 requests, then the first 128 (256/2) users would get a 1 second response time, the second 128 users would get a 2 second response time, and the last user would get an EIGHT SECOND response time.

The simple solution is to raise the concurrent request limit. However, be careful here: if you raise it too high it’s possible your server won’t have enough CPU or RAM to handle all the requests, resulting in all users be affected (rather than just some of them, like in the last example).
Also remember that not all requests are equal: a request to a dynamic search result will be much more expensive than one to a static CSS file. This is why larger sites optimize their hosting to place static files on special web servers with different configurations, usually with host names like images.example.com, while leaving their more complex content to be handled by a larger quantity of servers with a fewer number of concurrent requests on each server.

So next time you’re wondering why your site is slow, take a look at more than just CPU and RAM. Find out how the server is processing the content and see if perhaps your web server is the bottleneck.
Source: browsermob



---

Performance Testing - TTFB (Time to First Byte)

Performance Testing - TTFB, TTLB

When you open any web page, there are series of requests from the client(usually a web browser) and response from the server.

TTFB (Time to First Byte) - Amount of time it took for the client (usually a web browser) to receive the first byte of server response.

TTLB (Time to Last Byte) -  Amount of time it took for the client (usually a web browser) to receive the last byte of server response i.e total time taken to download an object

Both metrics are used in performance testing for analyzing the bottleneck.

I will explain the metrics by taking an example.

Both the requests appear to be hosted on two different servers.
Both the requests tool almost 1 second to complete, but "pic.png" having file size four times grater than the "login.jsp". What is going on? In-order to understand the complete story, we need to know TTFB.

With this additional information, we can understand what is happening.

In case of "login.jsp" after receiving the first byte, it took 09ms to download the remaining content.

Where as "pic.png" received the first byte very quickly but took another 900ms to download the remaining content.

"login.jsp" bottleneck likely to be server side processing, due to heavy CPU usage. This is common for dynamic pages which need to process before sending the response to the client. If the process involve database or other expensive operation, that could be cause of slow performance.
Situation is different for "pic.png", delay is likely due to slow network or poor configuration for the server hosting the image. As the image is not a dynamic content, it will not be consuming more CPU.

So how do you resolve these different situations?

In the case of objects with long TTFB times, like index.jsp, the solution often requires a software-level optimization. It could involve adding a database index, introducing some object-level caching, or a configuration change (such as database connection pooling). Be careful to fall in to the trap of throwing more hardware at the problem to solve these types of issues. While it might work in the short term, these issues almost always are due to sub-optimal software and throwing extra hardware at the problem will be like putting a band-aid on a bullet hole.

In the case of objects with relatively short TTFB times but overall long TTLB times, the solution is usually very different. While there may be a software solution, such as configuring Apache’s connections to be better optimized for the server it runs on, most of the time the root cause is due to network/hardware-related issues. Check with the ISP that hosts the server to confirm the max bandwidth throughput allowed. If the object response is slow during peak times but fast during off-peak times, it may need extra web servers (ie: hardware).

Alternatively, you might want to look at a Content Delivery Network (CDN) like CDNetworks to help host the objects in a physically closer location. For a low-cost CDN, check out Amazon’s CloudFront service, which can let you host images and other static objects in nine separate locations around the world. This is a great, low-cost solution for people who want to serve static content to many different geographies but don’t have the budget or desire to open mutliple data centers.
Source: browsermob




----

Web Application Security Test

Web Application Security Test

Definition: Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Security measures built into applications and a sound application security routine minimize the likelihood that hackers will be able to manipulate applications and access, steal, modify, or delete sensitive data. Once an afterthought in software design, security is becoming an integral part of the design process.

Following are different tests to check the application security.

Data injection and manipulation attacks.
1. Reflected cross site scripting. (XSS).
2. Persistent XSS.
3. Cross site request forgery.
4. SQL Injection.
5. Blind SQL injection.
6. Buffer overflows.
7. Integer overflows.
8. Log injection.
9. Remote file include (RFI) injection.
10. Server side include (SSI) injection.
11. Operating command injection.
12. Local file include (LFI)
13. Parameter Redirection.
14. Auditing of redirect chains.

Sessions and authentications
1. Session strength.
2. Authentication attack.
3. Insufficient authentication.
4. Insufficient session expiration.

Server and general HTTP
1. AJAX auditing.
2. FLASH analysis.
3. HTTP header auditing.
4. Detection of client side technologies.
5. Secure sockets layer (SSL) certificate issues.
6. SSL protocol supported.
7. SSL ciphers supported.
8. Server misconfiguration.
9. Directory indexing and enumeration.
10. Denial of service.
11. HTTP response splitting.
12. Windows 8.3 file name.
13. DOS device handle DoS.
14. Canonicalization attacks.
15. URL redirection attack.
16. Password auto complete.
17. Custom fuzzing.
18. Path Manipulation - traversal.
19. Path truncation.
20. WebDEV auditing.
21. Web services auditing.
22. File enumeration.
23. Information disclosure.
24. Directory and path traversal.
25. Spam gateway detection.
26. Brute force authentication attack.
27. Known application and platform vulnerabilities.
Source: HP WebInspect.


One of the best site for understanding different threats, select this link.



List of tools available in the market.
OWASP Security Testing Tools Listing
HP WebInspect
IBM Rational AppScan
Powerfuzzer
SecPoint Penetrator 
Netsparker
ZeroDayScan 
Fortify 360
OWASP Security Testing Tools 
Retina Web Security Scanner 
Hailstorm
GamaSec
 Wikto
Nikto Scanner
Acunetix Web Vulnerability Scanner 
Defensics Core Internet Test Suite
Perimeter Check
Core Impact Pro
C5 Compliance Platform 
Snort
SecurityMetrics Appliance
Nessus
Security Center
SARA
Qualys Free Security Scans
 GFiLANguard
Qualys Guard 
PatchLink Scan 
Secure-Me
SAINT
NMap Network Mapper -
NetIQ Security Analyzer
Foundstone
CERIAS Security Archive
StopBadware Vulnerability Scanner list






----

Performance Testing Configuration or Setup

Performance Testing Configuration or Setup.

Every organization has different configuration setup for conducting load tests, it is based on tool selected, hardware requirements, number of virtual users required etc.

I have classified the configurations into 7 types, I will explain those details below.

Assumption:
(1)In-House mean, you are hosting the server in your premises or through external dedicated servers, where physical hardware is in you control (Datacenter).
(2) Real or Remote users mean, actual users accessing the application through internet(Firewall) after deploying into production environment.
(3) Configuration or setup mean, conducting the tests based on the design and publishing the results.
(4) Standard server setup will have load balancer, web server(s), application server, DB server, Firewall.
(5) Cloud mean, Cloud computing.

I would like you to read following links, before reading the remaining presentation.

Performance Testing - On LAN and over the Internet (WAN).

What is cloud load testing?

I want to basically explain if the path of IP packets during testing and production is not the same, then users experience different response time.

Configuration - A
We have load test and server setup in the premises.
When real (or remote) users start accessing the site, application performance will not be as expected, as we have not tested the firewall, bandwidth and IP packet effects.
For more information, read above mentioned links.

Configuration -B
We have load test and server setup in the premises.
It resembles very realistic scenario as WAN Emulation is being used. But we can't guarantee 100% expected response time, when real or remote users start accessing the application, as we have not tested the firewall and internet connection.

Configuration -C
We have load test setup on cloud and server setup in the premises.
It resembles 100% realistic scenario, we can guarantee remote users experience expected response, as we have tested the entire infrastructure.
Note: We do have issues accessing server counters, need to open ports in the firewall.

Configuration -D
We have load Generators on cloud and controller, server setup in the premises.
It resembles 100% realistic scenario, we can guarantee remote users experience expected response, as we have tested the entire infrastructure.

Configuration -E
We have load test setup in the premises and server hosted on the cloud.
As applications are hosted on the cloud, it is not a best practice to perform a load test from your premises. Sending huge number of IP packets through firewall is costly and difficult to capture server counters from the cloud.  

Configuration -F
We have controller in the premises and load generators and server hosted on the cloud.
You may have issues collecting the server counters data.

Configuration -G
We have load test setup and  server hosted on the cloud.
As applications are hosted on the cloud, it is a best practice to perform a load test. 

----

HP LoadRunner in the Cloud – Beta

HP LoadRunner software in the Cloud – Beta

HP announced HP LoadRunner in the Cloud, a new application performance testing offering designed to help IT organizations easily and affordably optimize their website performance for changing business demands.
HP LoadRunner, the industry’s best-selling load testing software, is now available via Amazon Elastic Compute Cloud (Amazon EC2), making performance testing accessible to businesses of all sizes. This on-demand software gives clients a flexible “pay as you go” approach for performance testing of mission-critical applications and websites.
“The rise of cloud computing has brought the promise of infinite scalability for applications, but it has also brought a new set of challenges for developers and performance testers,” said Theresa Lanowitz, founder of analyst firm voke inc. “With HP’s LoadRunner in the Cloud, businesses can test, tune, analyze and optimize applications for the cloud, enabling clients to take advantage of cloud economics with flexible, pay-as-you-go pricing.”

For more details select this link hp Performance Testing to the Cloud 

LoadRunner Cloud Beta

You need to send request to HP, beta participation is based on the approval.

---

Cloud load testing

Cloud load testing.

Cloud computing is Internet-based computing, whereby shared resources, software and information, are provided to computers and other devices on-demand, like the electricity grid.


In other words implementing virtualization concept in massive scale.

Advantages
1. You can easily access the cloud server using personal computer and put what ever the software you like.
2. Scalability - Increase or decrease the hardware based on the requirements. One or Two or Three or N servers available on demand.
3. Instant - You can immediately host the website.
4. Save Money - Pay for what you use.


Understanding cloud computing, cool video, worth watching it.



Some top cloud computing companies to watch.

1. Amazon Elastic Compute Cloud (Amazon EC2)
2. AT&T
3. Enomaly's Elastic Computing Platform (ECP)
4. Google
5. GoGrid
6. Microsoft
7. NetSuite
8. rackspace
9. Right Scale
10. salesforce
11. OpSource

For the past 16 years Mercury Interactive dominated the enterprise testing market with Loadrunner and QTP. Back in 1994, IT architecture was driven by client server model.

Now we are in the age of cloud computing, new generation architecture and technologies evolving faster than what we have imagined. In the testing space, after 16 years of domination, Mercury appears ready to relinquish its leadership position to a new breed of testing vendors.


What is cloud load testing? 

There are companies that can simulate load for any number of users from any part of the globe using cloud testing services.
(1) Not required to buy own internal resources (Hardware, internet connection, routers...).
(2) Realistic scenarios, load is generated from different parts of the globe, entire infrastructure get tested (gateways, firewalls, routers, servers...)
(3) There is no limit to the number of users, unlimited power. It depends on the vendor license agreement.
(4) More savings, pay for what you use, when really required.

Some of the cloud load testing service sites:
Load testing from cloud, video by Webperformance tool.
Gomez
Platform Lab
Keynote
Browser Mob
Load Impact
Load Strom
HP - Beta
sauce LABS
Gomez
PushToTest

Performance Testing - On LAN and over the Internet (WAN).




---

Typical performance problems.

Typical performance problems.

Source: dynaTrace


----

How single Internet connection shared with multiple PCs ?

How single Internet connection shared with multiple PCs ?

Have you ever wondered how a single home or office broadband internet line connected to multiple computers. Corporate office have more than one internet connection, that acts as a backup if any of the ISP is down, it is called Multi-Homing.

It is through NAT(Network Address Translation) we are able to connect multiple PCs to a single internet connection. NAT is implemented at ISP, corperate offices, home network by using routers or Wi-Fi devices.

To understand NAT in simple way, NAT is like the receptionist in a large office managing and connecting extensions for the phone calls coming from the board number(Office telephone). Let's say you have left instructions with the receptionist not to forward any calls to you unless you request it. Later on, you call a potential client and leave a message for them to call you back. You tell the receptionist that you are expecting a call from this client and to put them through.

Internet has grown larger than every one has imagined, as per the recent estimate there are 100 million hosts and 350 million users activity on the internet.

So what does the size of the internet do with the NAT.

An IP address (IP stands for Internet Protocol) is a unique 32-bit number that identifies the location of your computer on a network. Basically it works just like your street address: a way to find out exactly where you are and deliver information to you. Theoretically IPv4 can have 4,294,967,296 unique addresses (2 ^ 32). The actual number of available addresses is smaller (somewhere between 3.2 and 3.3 billion) because of the way that the addresses are separated into Classes and the need to set aside some of the addresses for multicasting, testing or other specific uses. 

With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses. This is being developed IPv6 but will take several years to implement because it requires modification of the entire infrastructure of the Internet and support (2^128) unique address.


Advantages of NAT
1. Reduce the need of public addresses.
2. Extends the longevity of IPv4 by optimizing the current number of IP addresses.
3. Adds security by blanketing an entire network to appear as a single client.


Understand, Public and Private IP by selecting this.


In internet terminology all the communications are performed using Data Packets. Each packet consist of Destination IP, Sender IP, control information and data. 
As your computer is assigned Private IP, others can't reply your request by taking "Sender IP" from the data packet that you have sent.


The NAT router translates traffic coming into and leaving the private network by storing the data inside the routing table.It basically alters the "Sender IP" address inside the data packet, in the same way it memorize and changes the inbound data packet "Destination IP" to what it has changed earlier.

IP masquerading, also called as Network address and port translation (NAPT), port address translation (PAT). 

NAT - Flash Animation Demo. (Select GREEN and RED lights at the bottom of the video on both sides).




Understand, how data packets are sent through different hots to reach the destination server.


Probably your next question would be "Bharath why are you explaining network related stuff in your blog?".
Better having knowledge on networks and protocols for a performance test engineer, so that he can trouble shoot and create better test scenarios. It would be difficult to test, if you don't understand the underlying architecture.



----

QTP - Issue while executing scripts on locked system (Ctr+Alt+Del)

QTP - Issue while executing scripts on locked system (Ctr+Alt+Del)

HP explanation for the above issue.

You may be able to start a script running, then lock your machine. However, there is no guarantee that QuickTest Professional will be able to interact with a GUI application on a locked machine. The application under test may also not function as expected when a machine is locked.

When the machine is locked, the windows operating system disables windows messages, including mouse and the keyboard messages. Some QuickTest Professional methods use these system messages to communicate and interact with the application. On a locked system, these QuickTest Professional methods are unable to replay. This is a limitation of the O/S that is preventing the QuickTest Professional script to replay in a locked mode.

However, if the application supports using events that are not windows messages (such as web events), you may have some success with replay. If any of the methods use system messages internally (i.e., in the compiled code), they will fail. Checkpoints and functions to retrieve text or other properties are likely to fail also.

If you are concerned about security, the current options would be either to keep the machine in a locked room, or remove means of interacting with the machine, such as the keyboard, and/or mouse. QuickTest Professional should still be able to replay without these devices plugged into the machine. You can also lock the keyboard and mouse from within the script.

Following are some of the solutions:

1. I prefer using Caffeine. It is a small program that prevent your PC from activating a screen saver or locking up. You can place it in the "All Programs - Start-up" so that it get activated once you start your PC.
It is light weight(11K) and free to download, attaching the link.
Download Caffeine

Double-click the downloaded file (caffeine.exe), you will notice a "Coffee Mug" icon in the Icon tray.

If you don't want Caffieine, double-click on the icon, "Coffee Mug get emptied" and deactivated.

2. If you edit the follow in the windows registry, it becomes possible for QTP to initialize a test, even though the PC is locked.
HKEY_CURRENT_USER\Software\Mercury Interactive\QuickTest Professional\MicTest and locate the key "SkipEnvironmentChecks"
SkipEnvironmentChecks must be changed from 0 to 1.
This will make QTP ignore that the pc running the test is locked.

3. Execute the following script by saving as .vbs file.

set objUser = GetObject("WinNT://" & strDomain & "/" & strUsername)
if objUser.IsAccountLocked = TRUE then
  objUser.IsAccountLocked = FALSE
  objUser.SetInfo
  WScript.Echo "Account unlocked"
else
  WScript.Echo "Account not locked"
end if

4. Execute the following script by saving as .vbs file through windows scheduler.

Set WSHShell = WScript.CreateObject("WScript.Shell")
WSHShell.SendKeys "^%{F1}"

5. Setting up a virtual machine using VMWare or VirtualBox (without a screensaver or lock password) and
install QTP within that virtual machine.
Then you can lock your workstation (maintaining any security) and
still run tests.

6. Installing Admin Pack installed for Windows XP. Admin pack basically enables the OS activites to operate independently of the ongoing process.
Thus the execution process still continues to have focus even if the system gets locked.
Microsoft Download Center Link.
(I have not tested this method)

7. Using Mouse Jiggler





-----

PUBLIC vs PRIVATE IP and Server Details

PUBLIC vs PRIVATE IP and Server Details

To know your PUBLIC IP select the below link. Every organization has one or few public IPs, these IPs are used to connect to the internet. When you perform airline reservation or credit card transaction..., this is the IP that is recorded in their servers to trace fraudulent transactions. 
PUBLIC IP Details.

To know your PRIVATE IP type "ipconfig" in the command prompt. This IP is used to connect between the computers in the private network, it can't be used to communicate over the internet.

If your broadband IP address starts with 192.168 or 10. and you are connected directly to the broadband modem - your service provider has you behind a firewall. This is also known as having a private IP address instead of a public IP address. Most of the home broadband connections have private IP.
What The ISP is Doing ?
The ISP has probably set up a NAT router for it’s customers. This router will act as a firewall between you and the Internet. In the service provider's eyes, this keeps hackers from reaching your computer directly - a security measure. 

Generally, private networks use addresses from the following experimental address ranges (non-routable addresses):
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

To know a server location(place) visit this site.
IP or Server Details
Attaching the screen shot for "google.com" server location details.

----

Traceroute in Windows.

What is Traceroute in Windows ?

The traceroute utility checks how many "hops" (transfers through other computers on a network) it takes for your computer to contact another computer. You can use traceroute if you know the other computer's IP address, web site address, or name (e.g., 192.193.246.50, www.citibank.co.in).

Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent. The first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender, or an echo reply (type 0) if its IP address matches the IP address that the packet was originally sent to. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed in transit to the destination. The three timestamp values returned for each host along the path are the delay (aka latency) values typically in milliseconds (ms) for each packet in the batch.

If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.


At the command prompt, if you enter tracert www.citibank.co.in , you should see something similar to the following screenshot.

To reach "www.citibank.co.in" packet took  17 hops(routers).

The first column, the hop count, represents the number of stops your information has made along the route to attempt to contact the other computer. The next three columns are the round-trip times in milliseconds for three different attempts to reach the destination. The last column is the name of the host that responded to the request.

Hop 1 - 10.0.0.1 - My wireless router IP.
Hop 2 - 192.168.1.1 - My ISP(Airtel Broadband) local IP.
Hop 3 to 6 - My ISP(Airtel Broadband) IP.
...
Hop 17 - Citigroup IP.

You can also use pathping -n www.citibank.co.in

For better understanding of host details look into following sites
http://network-tools.com/
IP or Server Details.





----

Performance Testing - Three Tips.

Performance Testing - Three Tips.


Testing database-backed applications for performance can be a daunting task. The worst-case scenario: Performance testing efforts drain engineering resources and yet somehow nasty surprises still manage to pop up in production.
These three tips can help you get the most out of your application performance testing efforts.

1. Set clear performance metrics and targets with input from business stakeholders. Ideally this should be part of the system requirements and user acceptance testing. Otherwise, without obvious targets to hit, performance testing becomes an open-ended slog that may still leave end users dissatisfied with system performance if their expectations have not been accounted for. 
2. Don't forget the database. For Web-based transactional systems, in particular, the most common metrics are number of concurrent user sessions and response time. Applications also are frequently load-tested to check the impact of ramping up the number of concurrent sessions. However, a single user with the entire system to himself can still experience vastly different performance, depending on the amount of data already in the database. One single user transaction can be lightning fast if it's inserting into an empty table, but it degrades as the table grows to thousands or millions of records. So, performance requirements should also include metrics for expected data sizing, and this sizing should be incorporated in the test environment.  
3. Don't over design for performance. Some consideration needs to be given to scalability when sizing the initial architecture and making hardware purchases, of course, but there's only so much you can optimize on a system that hasn't been built yet. Get feedback from real users to figure out which parts of the system are most frequently used so you don't waste time optimizing rarely used features. Also, performance tweaks often carry some tradeoffs, such as readability and maintainability, so you need some baseline performance metrics to make good decisions. Don't make big design sacrifices for small optimizations.  

Performance Testing ?

What is performance testing ?

Performance testing is the process of determining the speed or effectiveness of a computer, network, software program or device. This process can involve quantitative tests done in a lab, such as measuring the response time or the number of MIPS (millions of instructions per second) at which a system functions. Qualitative attributes such as reliability, scalability and interoperability may also be evaluated. Performance testing is often done in conjunction with stress testing.
Performance testing can verify that a system meets the specifications claimed by its manufacturer or vendor. The process can compare two or more devices or programs in terms of parameters such as speed, data transfer rate, bandwidth, throughput, efficiency or reliability.
Performance testing can also be used as a diagnostic aid in locating communications bottlenecks. Often a system will work much better if a problem is resolved at a single point or in a single component. For example, even the fastest computer will function poorly on today's Web if the connection occurs at only 40 to 50 Kbps (kilobits per second).
Slow data transfer rate may be inherent in hardware but can also result from software-related problems, such as:

• Too many applications running at the same time
• A corrupted file in a Web browser
• A security exploit
• Heavy-handed antivirus software
• The existence of active malware on the hard disk.

Effective performance testing can quickly identify the nature or location of a software-related performance problem.

Performance Testing - On LAN and over the Internet (WAN).

What is cloud load testing?


---

Performance Testing - On LAN and over the Internet(WAN).

Performance Testing - On LAN and over the Internet (WAN).

Generally we have performance test setup, where application servers and load injectors(generators) residing on the same LAN. We perform the tests and compare the response time reports with the SLA(Service Level Agreement) and declare test is PASSED.
When the same application is deployed on the data-center(Production Environment) and remote clients(real users) start accessing the application, they would notice difference in response time, that is not matching with the SLA. 

Why are clients accessing the same application observing high response time,which is running on similar hardware, that is TESTED & PASSED by the performance testing team ?

Why in many cases applications fail to perform to expected levels, despite load testing prior to roll-out?

We have been focusing on identifying software and hardware bottleneck, not considering the real world conditions like network impact, end user bandwidth etc.

There is difference between testing the application on LAN and over the internet.

Following factors effect the application response time when the request travel through internet.
1. Pack Loss - In internet terminology, every communication is sent as data packets.
A packet is a sequence of bytes and consists of a header followed by a body. The header describes the packet's destination and, optionally, the routers to use for forwarding until it arrives at its final destination.
Due to noise, some of the packets are lost or distorted. 
2. Packet Latency - All the packets will not travel the same path for a specific destination, internet nodes will select the shortest destination route based on number of factors,  if some of the packets are delayed, construction of the response would get delayed, in-turn response time.
Understand, how many hosts(routers) packet need to travel to reach destination server.
3. Packet Effects - Dynamic IP packet routing effects, including out-of-order packets, duplicated packets,
fragmentation phenomena, and TTL Effects (Time-to-live, decrement counter. Field in the packet header to count number of routers packet passed through) .
4. Link Faults - Possible damages to bit streams and possible disconnections.
5. Congestion - Sharp spikes in internet traffic, which may result in high latency or packet loss, or both.
6. Outgoing and Incoming Bandwidth - If your application throughput is not matching with the network, it would create congestion and increase response time.

Why is this effecting the server performance?

When data packets are lost, request  would be incomplete, so the application server has to resend the lost packets again with extra effort on the CPU. The stress on the servers increases, since more resources are needed to support remote end-users. Sessions are open longer, OS resources are occupied for more time and more concurrent threads are needed.

Without incorporating the above factors(WAN effects) into a load test, memory usage, thread usage, connection pool utilization, network stack, and other critical server resources can be significantly understated.


Select this link to understand internet line quality. 

Now, how to conduct TRUE performance test by taking above factors into consideration ?

Approach 1:  Install load generators at client location, where real users are accessing the application. This is a tedious process, clients network may choke during load test and security related issues my exist.

Approach 2: Perform test on your LAN by emulating the above factors. To create above factors locally, we need to use WAN Emulators.This can be achieved by using SHUNRA Virtual Enterprise Suite, it can record the above said factors from a remote user (or) real user and emulate the same in the LAN. Shunra provide plug-in software for Loadrunner. 

Approach 3: Generating load from cloud. What is cloud load testing? 
There are companies that can simulate load for any number of users from any part of the globe using cloud testing services (such as Amazon EC2)

For more information look into Cloud Load Testing.

Approach 3: Estimate impact of the network - Separately estimate the impact of the network on an application being deployed and manually factor that into result reports and deployment readiness findings.
This provides partial insight into the impact of the network, but totally ignores the interrelationships that network performance has on the application logic.Whenever the application logic or infrastructure configuration changes, there is an ongoing risk of encountering an unanticipated adverse impact and unhappy users.

Approach 4: Generate load from your premises in such a way that you are hitting the data center or production environment through internet. But purchasing or leasing hi-capacity internet lines just for conducting load test is very costly. If your internet connection capacity is less then the application throughput, your results will be incorrect.

Approach 5:  By using third party load generation services like Gomez  and Keynote. 


Gomez network exist in 168+ countries and 2,500+ ISP's. It consist of 500+ combinations of browsers and OS, 150+ commercial data centers, 5,000+ mobile supported devices and 1,50,000+ commercial grade desktops through which it is possible to generate enormous real user load. Internet giants like Google, Yahoo, FaceBook, LinkedIn... use these services. I feel it is ultimate in load testing for predicting true results. 

Attaching Gomez Network Screen shot.

Attaching Gomez Recorder screen shot, that records user actions on the page (similar to Loadrunner Click & Script protocol)

Attaching Gomez node selection (Load Generator) screen shot by Country|City|ISP.

Attaching Gomez results screen shot by City|ISP

Before analyzing results, always make sure that bandwidth is not the bottleneck. 



While performing tests over internet always compare internet bandwidth with the application throughput of all the virtual users. For example, if you are running test with 100 virtual users and consolidated throughput is 20Mbps, make sure your internet bandwidth is more than 20Mbps. If your application throughput and bandwidth don't match, there would be packet congestion, high response time is record, here it is not the problem with the application server but with the network.

While conducting performance test, response time should increase when more users are added, only when server CPU or other counters touch maximum limit, if this not the case, there would be some issue in the network or load generators.

Following posts are also related to performance testing.

Performance Testing Configuration or Setup
Performance related issues between browser and server
Performance Testing - TTFB, TTLB
Browser wars & End user performance, content display impact
Analyze Browser - JavaScript, AJAX, Rendering Details





---

Performance Testing - Validate server response.

Performance Testing - Validate server response.

For every request sent by client, server respond by sending the response.
In any performance testing tool following are the ways through which response can be validated.
In some tools these validations are performed by writing code, others by using GUI.

1. Check response status code. HTTP status code list.
2. Check response duration, whether the duration satisfy the SLA.
3. Check response size to make sure entire content is delivered by the server, measured in bytes (Greater than or equal to x bytes).
4. Verify response content. Content consist HTML, script...., not possible to verify the enter content. Place checkpoints on messages, id's, conformation text...



-----

Performance : Load : Stress Testing

Performance : Load : Stress Testing

Performance testing is an empirical technical investigation conducted to provide stakeholders with information about the quality of the product or service under test with regard to speed, scalability and/or stability characteristics. It is also the superset of other classes of performance-related testing such as load and stress testing.
A load test is a performance test focused on determining or validating performance characteristics of the product under test when subjected to workload models and load volumes anticipated during production operations.
A stress test is a performance test focused on determining or validating performance characteristics of the product under test when subjected to workload models and load volumes beyond those anticipated during production operations. Stress tests may also include tests focused on determining or validating performance characteristics of the product under test when subjected to workload models and load volumes while the product is subjected to other stressful conditions, such as limited memory, insufficient disk space or server failure.




-----

Loadrunner - Web(HTTP/HTML) Vs WEB,AJAX(Click & Script) protocol

Loadrunner - Difference between Web(HTTP/HTML) and WEB,AJAX(Click & Script) protocol in terms of virtual user

Web (HTTP/HTML) protocol script consist of series of requests written in C functions. Loadrunner start processing the requests one by one, once request is completed after receiving the response, it just forget what happened and proceed with the next request, so it consume less memory and don't process any web page code. Single web page consist of multiple requests and responses. Need to correlate the entire dynamic content,

Where as click & script protocol virtual user is a hidden browser like HtmlUnit, it works similar to the real browser by executing the web page code, so correlation is not required . By using very limited object properties, HP could implement QTP technology into this protocol. User can also access page DOM using java script similar to .Object in QTP. Naturally it consume more memory and create more load on load injectors. No correlation is required for the dynamic content, it is similar to the QTP scripts running in C style. If there are grid items and similar objects need to handle objects Html ID's.

Major issues with this protocol - Some GUI objects are not recognized, load generator hardware requirements, memory and CPU usage is unpredictable, when used with application having heavy AJAX and third party controls. 

If the application is using heavy AJAX and third party controls, it may consume lot of memory and CPU usage. Always monitor load generator memory and CPU usage, it should not go beyond 80%.
In these situation, we do have following issues when virtual users are running as "thread".
Some of the virtual users may fail with the following error message

Action.c(360): Error: C interpreter run time error: Action.c (360):  Error -- memory violation : Exception ACCESS_VIOLATION received.
Function Specific error
Action.c(360): Notify: CCI trace: Action.c(360): web_browser(0x02081b03 "Java_Script", 0x0208214f "ACTION", 0x02081292 "EvalJavaScript=igtbl_getRowById('ctl00xc...", 0x02082111 "LAST")

In-order to overcome above error, run the virtual user as "process" instead of "thread", now virtual users are stable and each is assigned separate memory.
Loadrunner create virtual user using mmdrv.exe process, if virtual users are running as process, virtual user count and mmdrv.exe process in the task manager count will be same.
Install load injectors with Windows 2003 64bit to accommodate more memory.

How to handle objects not identified by AJAX protocol.





---

Test Broadband or Internet speed and line quality.

Test Broadband or Internet speed and line quality.

Every one would be curious in understanding speed and quality of the internet that you are using.

Speed of the connection is measured in Upload and Download speed.
First we will understand unit of measurement for internet speed.

1 Mbps(megabits per second) = 1000 Kbps(kilobits per second) = 125 KBps(kilobytes per second)

Always pay attention to (b)Bits and (B)Bytes.
Generally service providers(Airtel, Tata Communications, Youtele) measure the speed in  Mbps or Kbps.
When you are downloading the file from the internet, most of the browsers measure the speed in KBps.
Attaching screen shot, where data is getting downloaded at 143 KBps, downloading at the speed of 1.144 Mbps.

Select this link to understand internet speed unit conversions.

Speed over the internet vary greatly from one location to another. Speed of contacting a server in Washington DC and a server in Tokyo would be different, so while calculating the speed, you need to select the nearest server and perform the speed test in order to get accurate results.

Speed Test Mini - Quick way of checking the internet speed. 

Speed Test Mini from www.WhatIsMyIP.com

I have used speedtest.net to calculate the speed, which has the facility to select the servers across the globe. It is free, you can test your connection now. Select "Begin Test" OR select a server in the globe and  select "Begin Test"

You can directly select the location from the screen or if you want to run the test repeatedly, under setting link, make sure you have selected correct "Preferred Server" and "Unit of speed measurement".
Attaching screen shot of the results.

There is "World Results" link on the top of the page that will provide global statics.
These reports will help you understand which internet service provider (ISP) is providing highest band width in your city (I have selected Hyderabad). Attaching the screen shot.

Line Quality can be measured using following items.


Ping - Amount of time taken by packet of data to travel from a computer to another computer and back. Time is measured in Milli seconds, less then 100 is acceptable.

Packet Loss - In internet terminology every communication is sent in terms of packets. Due to noise some packets are lost.

Packet Latency -Delay while receiving the data packets at receiver end.

Jitter - Time difference(variance) while measuring successive ping tests. Zero is good,

I have used pingtest.net to calculate the line quality, it is free you can test your connection now.

You can directly select the location from the screen or if you want to run the test repeatedly, under setting link, make sure you have selected correct "Preferred Server".
Attaching screen shot of the results.

Above concepts are useful in conducting application performance test over the internet, I will explain those in future posts.


---