Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: I don't need no stinking firewall!

  • From: Joel Jaeggli
  • Date: Fri Jan 08 19:52:48 2010 

Dobbins, Roland wrote:
> On Jan 8, 2010, at 9:02 PM, bill from home wrote:
> 
>> And maybe there is no way to tell, but I feel I need to ask the question.
> 
> Situationally-dependent; the only way to really tell, not just theorize, is to test the firewall to destruction during a maintenance window (or one like it, in the lab).

see my post in the subject, a reasonably complete performance report for
the device is a useful place to start. if you know what the maximum
session rate and state table size for the device are, you have a pretty
good idea at what rate of state instantiation it will break. rather
frequently it's more than two orders of magnitude lower than the peak
forwarding rate.


> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
> 
>     Injustice is relatively easy to bear; what stings is justice.
> 
>                         -- H.L. Mencken
> 
> 
> 
>


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.