Question about how to define network equipments
giulianocm at uol.com.br
Tue Jan 12 01:03:25 UTC 2010
I have seen a discussion about DDoS Mitigation in this list.
Someone reference Juniper SRX equipments like good equipments to prevent
Like Juniper SRX, other players like fortinet has some hardware based (
FORTIGATE) Appliances to provide great throughput, ddos mitigation, UTM
Features, etc. Ex. Recent Fortigate 1240B
My question about this products is related to a combination of
performance parameters that I really does not understand.
Lets use Juniper SRX as an example:
Juniper SRX has (from Juniper's web site):
Firewall performance (max)
Maximum concurrent sessions
64 K (512 MB DRAM) / 128 K (1 GB DRAM)
New sessions/second (sustained, TCP, 3-way)
Lets suppose that we have a client with 100 Mbps total full duplex
throughput in a SRX-240 interfaces.
If this client has 6000 users ... how is possible to combine:
1.5 Gbps (100 Mbps) x 128K sessions x 9000 new sessions/second
Supposing 5000 users x 100 sessions per user ... the box will not
support it , right ?
How is the correct way to calculate with accuracy this ?
Every player looks like to have a way to calculate it. Every player said
something about sessions.
What is the correct parameter about sessions ?
How many sessions per second a normal user (FTP, E-mail, HTTP, SSL, SSH,
Telnet) can generate ?
Why the number 9000 new sessions/second is important ?
How can I sum to all of this 3 parameters ... the DDoS mitigation ?
How much performance I will consume, under a DDoS attack ?
It is possible to measure it ?
Thanks a lot,
More information about the NANOG