Requirements for IPv6 Firewalls

David Newman dnewman at
Thu Apr 17 15:26:03 UTC 2014

On 4/17/14, 5:51 AM, Dobbins, Roland wrote:

>> - packets per second
>> 	- Firewall Level
>> 	- Hosts level
> This is getting into QoS territory . . .
>> - packet size information
> Concur - packet-length.

The use of RFC 2544-esque metrics for firewall performance testing
mostly benefits ill-informed or unscrupulous firewall marketeers, who
send 1500-byte UDP packets and then brag about excellent performance.

For firewalls handling TCP traffic, upper-layer traffic metrics such as
HTTP object size, concurrent connection capacity, and connection setup
rate are a lot more meaningful.

The RFC 2544/2889 approach is OK if you only ever use your firewall as a
router or a switch. The performance of a firewall used as an L2-L7
device should be measured with L2-L7 traffic.


More information about the NANOG mailing list