Firewall Wizards mailing list archives
RE: Firewall performance
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Wed, 23 Jun 1999 21:59:22 -0700
Depends on whether or not it's a proxy firewall or a filter. A lot of the vendors that make NT-based firewalls access data just above NDIS, then make a go/no-go decision at that point. Doing that eliminates NT's IP stack entirely.
Still has to use NT routing code, no? Just not the socket calls. This could still be significant, couldn't it? I've read that the *BSDs can router IP with 1 memcpy of the packet, while Linux takes 3. Not being terribly impressed with NT networking, I assume something equally bad or worse with NT. Ryan
Current thread:
- Re: Firewall performance Sandy Green (Jun 23)
- Re: Firewall performance Chris Brenton (Jun 23)
- Re: Firewall performance Lance Spitzner (Jun 23)
- Re: Firewall performance Carric Dooley (Jun 25)
- <Possible follow-ups>
- RE: Firewall performance Choi, Byoung (Jun 23)
- RE: Firewall performance sean . kelly (Jun 23)
- RE: Firewall performance Marcus J. Ranum (Jun 23)
- RE: Firewall performance David LeBlanc (Jun 28)
- RE: Firewall performance Ryan Russell (Jun 24)
- RE: Firewall performance David C Niemi (Jun 28)
- Re: Firewall performance Darren Reed (Jun 29)
- Re: Firewall performance Mike Shaver (Jun 29)
- Re: Firewall performance Darren Reed (Jun 29)
- RE: Firewall performance David C Niemi (Jun 28)
- RE: Firewall performance David LeBlanc (Jun 28)