Loadrunner over Firewall does not work with Proxy (923 Views)
Reply
Advisor
jj164
Posts: 30
Registered: ‎09-13-2012
Message 1 of 11 (923 Views)

Loadrunner over Firewall does not work with Proxy

Hi

 

I want to use the LoadRunner through a firewall.  I need a configuration by using a proxy (HTTPS  Configuration in the User-Guide)

 

Loadrunner and MI Listener are on the same machine. A controller and a Proxy Machine are on the other side from the firewall. The Ports 443 is  open. When I start on the Proxy machine a LR-Agent I can connect from the Loadcontroller through Firewall and MI-Listener. It´s fine.

 

When I use the LR-Agent on my controller PC,  I can see in Wireshark on the MI-Listener,  which established a connection from LR-Agent-->Proxy-->Firewall-->MI Listener.  The Agent sent data-packets, after receive 2 packets the MI Listener reset the TCP Connection. [RST Flag is set]

 

in the LR-Agent Log are two entries:

10/12/2013 14:10:13 Error: Communication error: Client failed to connect to a PROXY Server with the following settings: .              [MsgId: MERR-10343]

10/12/2013 14:10:13 Error: Two Way Communication Error: Function two_way_comm_resolve_userdata failed. Reason: invalid handle.  [MsgId: MERR-60985]

 

 
It´s a Loadrunner 11.52 - all machine work under windows, on both sides of the firewall are different domains.
 
What is a possible cause, that the listener terminates the connection?
 
Jens

 

 

 

HP Expert
Editus
Posts: 650
Registered: ‎04-06-2011
Message 2 of 11 (919 Views)

Re: Loadrunner over Firewall does not work with Proxy

Hello Jens
Ok you need to clarify what do you mean by "Loadrunner and MI Listener are on the same machine. " and then "A controller and a Proxy Machine are on the other side from the firewall." maybe you are just conused with the names and you are doing everything ok, but still let me clarify. Controller and MiListener MUST be on the same firewall side, only LoadGenerator can be on the other side, it must be configured to work with firewall and the only port you need open is the 443, that should point to the MiListener machine.

hope this helps
Advisor
jj164
Posts: 30
Registered: ‎09-13-2012
Message 3 of 11 (908 Views)

Re: Loadrunner over Firewall does not work with Proxy

Sorry my mistake

 

A LoadGenerator and a Proxy Machine are on the other side from the firewall.


The port 443 is open, I can see the traffic on wireshark from LoadGenerator on the MI-Listener machine.

 

When I use the LR-Agent on my Generator PC,  I can see in Wireshark on the MI-Listener,  which established a connection from LR-Agent-->Proxy-->Firewall-->MI Listener.  The Agent sent data-packets, after receive 2 packets the MI Listener reset the TCP Connection. [RST Flag is set]

HP Expert
Editus
Posts: 650
Registered: ‎04-06-2011
Message 4 of 11 (903 Views)

Re: Loadrunner over Firewall does not work with Proxy

I am assuming you configured the proxy settings on windows of LG properly, so can you ping/telnet the MiListener to the port 443 from the LG? When you add it you use the Machine key and not the actual name of the LG machine, and it will be added but this makes no verification this is dummy, until the test is about to start it actually checks on that, so the fact that youc an add it to controller doenst mean it is reachable.

check on that and let us know

regards
Advisor
jj164
Posts: 30
Registered: ‎09-13-2012
Message 5 of 11 (894 Views)

Re: Loadrunner over Firewall does not work with Proxy

[ Edited ]

Yes the proxy  is configured on windows and work fine.

I see the communication on the MI-Listener machine in Wireshark.

 

I have add a Wireshark log from the MI_listener machine. The Communication start on the LG and goes to trough the proxy to the MI_listener.

 

I replaced in this log the IP address with  the identifier  MI_LISTENER and PROXY_CLIENT, and the MAC Address with xx:xx.

 

In packet 13,  the MI_listener sent a [RST] Flag and canceled the connection.

 

It is possible to get more logging from MI_listener, for example on a debug level?

 

Regards, Jens

 

 

WIRESHARK LOG:

 

No.     Time        Source                Destination           Protocol Length Info
      7 2.938619    HewlettP_ea:xx:xx     HewlettP_44:xx:xx     LLC      80     U, func=UI; SNAP, OUI 0x0014C2 (Unknown), PID 0x0001

Frame 6: 80 bytes on wire (640 bits), 80 bytes captured (640 bits)
IEEE 802.3 Ethernet
Logical-Link Control
Data (58 bytes)

0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00 00 00                     ..........

No.     Time        Source                Destination           Protocol Length Info
      8 7.861731    PROXY_CLIENT          MI_LISTENER           TCP      66     46672 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1380 WS=256 SACK_PERM=1

Frame 8: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Cisco_xx:xx:xx (00:27:xx:xx:xx:xx), Dst: Vmware_xx:xx:xx (00:50:xx:xx:xx:xx)
Internet Protocol Version 4, Src: PROXY_CLIENT (PROXY_CLIENT), Dst: MI_LISTENER (MI_LISTENER)
Transmission Control Protocol, Src Port: 46672 (46672), Dst Port: https (443), Seq: 0, Len: 0

No.     Time        Source                Destination           Protocol Length Info
      9 7.861819    MI_LISTENER           PROXY_CLIENT          TCP      66     https > 46672 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 9: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Vmware_xx:xx:xx (00:50:xx:xx:xx:xx), Dst: Cisco_xx:xx:xx (00:27:xx:xx:xx:xx)
Internet Protocol Version 4, Src: MI_LISTENER (MI_LISTENER), Dst: PROXY_CLIENT (PROXY_CLIENT)
Transmission Control Protocol, Src Port: https (443), Dst Port: 46672 (46672), Seq: 0, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Length Info
     10 7.862531    PROXY_CLIENT          MI_LISTENER           TCP      60     46672 > https [ACK] Seq=1 Ack=1 Win=66048 Len=0

Frame 10: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Cisco_xx:xx:xx (00:27:xx:xx:xx:xx), Dst: Vmware_xx:xx:xx (00:50:xx:xx:xx:xx)
Internet Protocol Version 4, Src: PROXY_CLIENT (PROXY_CLIENT), Dst: MI_LISTENER (MI_LISTENER)
Transmission Control Protocol, Src Port: 46672 (46672), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Length Info
     11 7.862652    MI_LISTENER           PROXY_CLIENT          TCP      54     [TCP Window Update] https > 46672 [ACK] Seq=1 Ack=1 Win=262144 Len=0

Frame 11: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Vmware_xx:xx:xx (00:50:xx:xx:xx:xx), Dst: Cisco_xx:xx:xx (00:27:xx:xx:xx:xx)
Internet Protocol Version 4, Src: MI_LISTENER (MI_LISTENER), Dst: PROXY_CLIENT (PROXY_CLIENT)
Transmission Control Protocol, Src Port: https (443), Dst Port: 46672 (46672), Seq: 1, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Length Info
     12 7.873335    PROXY_CLIENT          MI_LISTENER           SSL      139    Continuation Data

Frame 12: 139 bytes on wire (1112 bits), 139 bytes captured (1112 bits)
Ethernet II, Src: Cisco_xx:xx:xx (00:27:xx:xx:xx:xx), Dst:  Vmware_xx:xx:xx (00:50:xx:xx:xx:xx)
Internet Protocol Version 4, Src: PROXY_CLIENT (PROXY_CLIENT), Dst: MI_LISTENER (MI_LISTENER)
Transmission Control Protocol, Src Port: 46672 (46672), Dst Port: https (443), Seq: 1, Ack: 1, Len: 85
Secure Sockets Layer

No.     Time        Source                Destination           Protocol Length Info
     13 7.886541    MI_LISTENER           PROXY_CLIENT          TCP      54     https > 46672 [RST, ACK] Seq=1 Ack=86 Win=0 Len=0

Frame 13: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Vmware_xx:xx:xx (00:50:xx:xx:xx:xx), Dst: Cisco_xx:xx:xx (00:27:xx:xx:xx:xx)
Internet Protocol Version 4, Src: MI_LISTENER (MI_LISTENER), Dst: PROXY_CLIENT (PROXY_CLIENT)
Transmission Control Protocol, Src Port: https (443), Dst Port: 46672 (46672), Seq: 1, Ack: 86, Len: 0

No.     Time        Source                Destination           Protocol Length Info
     14 7.938451    HewlettP_ea:xx:xx     HewlettP_44:xx:xx     LLC      80     U, func=UI; SNAP, OUI 0x0014C2 (Unknown), PID 0x0001

Frame 14: 80 bytes on wire (640 bits), 80 bytes captured (640 bits)
IEEE 802.3 Ethernet
Logical-Link Control
Data (58 bytes)

0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00 00 00                     ..........

No.     Time        Source                Destination           Protocol Length Info
     15 9.115318    HewlettP_9b:7c:72     HP                    HP NIC Team 80     HP NIC Teaming Heartbeat; Port MAC = 00:1b:xx:xx:xx:xx

Frame 15: 80 bytes on wire (640 bits), 80 bytes captured (640 bits)
IEEE 802.3 Ethernet
Logical-Link Control
HP NIC Teaming Heartbeat

HP Expert
Editus
Posts: 650
Registered: ‎04-06-2011
Message 6 of 11 (884 Views)

Re: Loadrunner over Firewall does not work with Proxy

Hello
Could you please past a screenshot of the agent configuration window, the OFW LG agent.

regards
Advisor
jj164
Posts: 30
Registered: ‎09-13-2012
Message 7 of 11 (881 Views)

Re: Loadrunner over Firewall does not work with Proxy

[ Edited ]

Hi,

 

i have attached the screen shoot from the LoadGenerator Agent on the other side of the Firewall.

 

regards

HP Expert
Editus
Posts: 650
Registered: ‎04-06-2011
Message 8 of 11 (861 Views)

Re: Loadrunner over Firewall does not work with Proxy

how are you adding the LG to the controller? you are supposed to add the local machine key as LG name and not the actual LG name/IP.

regards
Advisor
jj164
Posts: 30
Registered: ‎09-13-2012
Message 9 of 11 (855 Views)

Re: Loadrunner over Firewall does not work with Proxy

Yes I have use the local machine key,

 
but the problem occurs already in the communication between LG and MI Listener, bevor the Controller connect the MI-Listener.
 
 
Beautiful Christmas,
I'm on vacation until Jan/6.
HP Expert
TedyYu
Posts: 24
Registered: ‎08-17-2011
Message 10 of 11 (835 Views)

Re: Loadrunner over Firewall does not work with Proxy

Hi,

 

The sniffer log is reasonable, because if there is no load test to run on the target LG, MIL will reset the connection. Please try to run a real loadtest on the LG over Firewall to verify if it's working.

 

 

Thanks,

Tedy

Advisor
jj164
Posts: 30
Registered: ‎09-13-2012
Message 11 of 11 (814 Views)

Re: Loadrunner over Firewall does not work with Proxy

Hi,

 

I´m back from holiday :-)

 

A load test does not work, because the LC  can not connect the LG.

 

Jens

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.