North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: "firewalls" at high speed -- resending
- From: Hank Nussbacher
- Date: Sun Oct 03 02:40:08 1999
Hopefully this gets thru this time since the last time I sent it (Sept 30)
<firstname.lastname@example.org>: Command died with status 2: "/private/majordomo/wrapper
resend -l nanog -h merit.edu -s nanog-outgoing". Command output: Can't
locate getopts.pl in @INC (@INC contains:
/usr/local/perl-5.004_04/lib/site_perl .) at
/private/majordomo-1.94.4/resend line 74.
and no one from Merit has responded yet to my email.
>Alex Rudnev observed,
>>Folks, why all you are saying about the Gigabit traffic for the firewall?
>>Usially, firewall stand between intranet and internet, and it should
>>proceed your upstream traffic, not more... And than, it's important to
>>measure the throughput in packets/per_second, not in the gigabits...
>>Everything other is true - I suggess no one good firewall can proceed
>>gigabit traffic at all, and only a few specially designed boxes can
>>proceed 100Mbit traffic. But just again - it's a rare case when you does
>>have 100Mbit upstream link.
Almost all hit 72Mb/sec or more whether NAT was disabled or enabled.
To quote from the article:
Once again we started with a baseline test.
firewall on the test bed, we achieved TCP
forwarding rates of 15.6 Mbyte/s over each
four-minute run of the test scripts; this works
nearly 125 Mbit/s. So why didnít we get the
200-Mbit/s theoretical maximum of a switched,
full-duplex test bed? First and foremost, our
measurements are taken at the application
likely that packet headers and the continuous
opening and closing of SMTP connections took a
bite out of the effective data rate. Second,
offered lots of traffic that the rule sets
deniedóso at least some of the time the wire was
occupied carrying traffic that wouldnít be
Third, there may have been a firepower
the amount of traffic our clients and servers
offer. We canít say for certain how much the
degradation is due to application overhead, and
much to test platform limitations.
I would think that 200Mb/sec is achievable with not much effort and perhaps
the next testing round will prove it.