I would like to gather comments and recommendations on my idea of programming with Perl or Python + Mechanize a browser under Docker. The goal is to emulate many simultaneous browser-initiated SSL-VPN tunnels + user traffic in these tunnels. SSL-VPN tunnels are to be initiated from a Java-applet VPN client, loaded from the VPN server, Juniper MAG in this case.
As one station (VM or phy) cannot run multiple VPN clients simultaneously, and as a large number of VMs (<5000) each hosting a VPN client is not realistic, I consider to host each VPN clients in a Docker container.
From an infra perspective, this would mean I have to spin-off < 5000 containers in one or several VMs on an adequately sized physical host.
In my understanding, each container uses its own IP@, which is source-Natted to the IP@ of the host’s (VM’s) (virtual) NIC. This should be OK for the egress connections, setup by the VPN client. Unless one would see a problem at this level.
Once the (Mechanize-programmed/emulated) browser has opened the SSL session to the VPN server, it gets the Java applet. Which in my opinion runs under control of the emulated ‘Mechanize’ browser (?). Then the script passes the credentials via Mechanize to the Java applet, which forwards them to the VPN server. The SSL-VPN establishes. Then the program can send data tru the tunnel, e.g. to a FTP or HTTP server.
This same program would run in < 5000 containers, emulating the load of 5000 remote access users.
Do you see any issues or attention points? Especially regarding
- max # containers per VM (apart from performance limits)
- Python/Perl programming of Mechanize to a Java applet (specifically here, the SSLVPN client)
Thank you in advance