Two things about new firewalls etc.

[dnewman () data com]

Interesting thread! 

Two totally disconnected thoughts to add to this:

1. mjr et al. mentioned that there isn't much doing with new firewall 
technology--most of it is prettying up the UI or adding VPN functions.

One thing that's happening in other networking devices like switches is putting 
almost everything in ASICs, which makes the devices really fast. Today there are
routers with latency of less than 100 microseconds for short frames. And the 
latest ASICs have entire CPUs embedded in them, which allows them to do multiple
subnets per interface, run filters, and other sorts of tasks that require rule 
lookups.

Are any security vendors looking to embed firewall code in silicon?

2. To follow up on Vern Paxon's post, there is a famous paper that shows 
Ethernet traffic is inherently fractal--that is, it's just as bursty over 1 
million seconds as it is over 1 second. This paper, by Will Leland of Bellcore, 
answered once and for all the telco types who had always maintained that the 
burstiness of data traffic would even out over time.

The URL is:

ftp://ftp.bellcore.com/pub/wel/sigcomm93.ps.Z

Regards
David Newman
Data Communications magazine