Re: Question about how to define network equipments

[Dan Snyder <sliplever () gmail com>]

I know you can measure the actual performance if you use Ixia hardware. We
have used Ixia to find the limitations of hardware before putting it in
production.


On Mon, Jan 11, 2010 at 8:03 PM, GIULIANO (UOL) <giulianocm () uol com br>wrote:

> People,
>
> I have seen a discussion about DDoS Mitigation in this list.
>
> Someone reference Juniper SRX equipments like good equipments to prevent
> DDoS attacks.
>
> Like Juniper SRX, other players like fortinet has some hardware based (
> FORTIGATE) Appliances to provide great throughput, ddos mitigation, UTM
> Features, etc.  Ex. Recent Fortigate 1240B
>
> My question about this products is related to a combination of
> performance parameters that I really does not understand.
>
> Lets use Juniper SRX as an example:
>
> Juniper SRX has (from Juniper's web site):
>
> Firewall performance (max)
> 1.5 Gbps
>
> Maximum concurrent sessions
> 64 K (512 MB DRAM) / 128 K (1 GB DRAM)
>
> New sessions/second (sustained, TCP, 3-way)
> 9,000
>
> Lets suppose that we have a client with 100 Mbps total full duplex
> throughput in a SRX-240 interfaces.
>
> If this client has 6000 users ... how is possible to combine:
>
> 1.5 Gbps (100 Mbps) x 128K sessions x 9000 new sessions/second
>
> Supposing 5000 users x 100 sessions per user ... the box will not
> support it , right ?
>
> How is the correct way to calculate with accuracy this ?
>
> Every player looks like to have a way to calculate it. Every player said
> something about sessions.
>
> What is the correct parameter about sessions ?
>
> How many sessions per second a normal user (FTP, E-mail, HTTP, SSL, SSH,
> Telnet) can generate ?
>
> Why the number 9000 new sessions/second is important ?
>
> How can I sum to all of this 3 parameters ... the DDoS mitigation ?
>
> How much performance I will consume, under a DDoS attack ?
>
> It is possible to measure it ?
>
> Thanks a lot,
>
> Giuliano