Requirements for IPv6 Firewalls

• Previous message (by thread): Requirements for IPv6 Firewalls
• Next message (by thread): Requirements for IPv6 Firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/17/14, 5:51 AM, Dobbins, Roland wrote:

>> - packets per second
>> 	- Firewall Level
>> 	- Hosts level
> 
> This is getting into QoS territory . . .
> 
>> - packet size information
> 
> Concur - packet-length.

The use of RFC 2544-esque metrics for firewall performance testing
mostly benefits ill-informed or unscrupulous firewall marketeers, who
send 1500-byte UDP packets and then brag about excellent performance.

For firewalls handling TCP traffic, upper-layer traffic metrics such as
HTTP object size, concurrent connection capacity, and connection setup
rate are a lot more meaningful.

The RFC 2544/2889 approach is OK if you only ever use your firewall as a
router or a switch. The performance of a firewall used as an L2-L7
device should be measured with L2-L7 traffic.

dn

• Previous message (by thread): Requirements for IPv6 Firewalls
• Next message (by thread): Requirements for IPv6 Firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]