Requirements for IPv6 Firewalls
dnewman at networktest.com
Thu Apr 17 15:26:03 UTC 2014
On 4/17/14, 5:51 AM, Dobbins, Roland wrote:
>> - packets per second
>> - Firewall Level
>> - Hosts level
> This is getting into QoS territory . . .
>> - packet size information
> Concur - packet-length.
The use of RFC 2544-esque metrics for firewall performance testing
mostly benefits ill-informed or unscrupulous firewall marketeers, who
send 1500-byte UDP packets and then brag about excellent performance.
For firewalls handling TCP traffic, upper-layer traffic metrics such as
HTTP object size, concurrent connection capacity, and connection setup
rate are a lot more meaningful.
The RFC 2544/2889 approach is OK if you only ever use your firewall as a
router or a switch. The performance of a firewall used as an L2-L7
device should be measured with L2-L7 traffic.
More information about the NANOG