nanog mailing list archives

Re: Requirements for IPv6 Firewalls

From: David Newman <dnewman () networktest com>
Date: Thu, 17 Apr 2014 08:26:03 -0700

On 4/17/14, 5:51 AM, Dobbins, Roland wrote:

- packets per second
     - Firewall Level
     - Hosts level


This is getting into QoS territory . . .

- packet size information


Concur - packet-length.


The use of RFC 2544-esque metrics for firewall performance testing
mostly benefits ill-informed or unscrupulous firewall marketeers, who
send 1500-byte UDP packets and then brag about excellent performance.

For firewalls handling TCP traffic, upper-layer traffic metrics such as
HTTP object size, concurrent connection capacity, and connection setup
rate are a lot more meaningful.

The RFC 2544/2889 approach is OK if you only ever use your firewall as a
router or a switch. The performance of a firewall used as an L2-L7
device should be measured with L2-L7 traffic.

dn

Current thread:

Requirements for IPv6 Firewalls Fernando Gont (Apr 17)
- RE: Requirements for IPv6 Firewalls Dustin Jurman (Apr 17)
  - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 17)
    - Re: Requirements for IPv6 Firewalls David Newman (Apr 17)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 17)
    - Re: Requirements for IPv6 Firewalls Fernando Gont (Apr 17)
    - RE: Requirements for IPv6 Firewalls Dustin Jurman (Apr 17)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 17)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 17)
  - Re: Requirements for IPv6 Firewalls Fernando Gont (Apr 17)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 17)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 17)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 17)
    - Re: Requirements for IPv6 Firewalls Valdis . Kletnieks (Apr 17)

(Thread continues...)