Firewall Wizards mailing list archives

RE: Firewall performance

From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Wed, 23 Jun 1999 21:59:22 -0700

Depends on whether or not it's a proxy firewall or a filter. A
lot of the vendors that make NT-based firewalls access data just
above NDIS, then make a go/no-go decision at that point. Doing
that eliminates NT's IP stack entirely.


Still has to use NT routing code, no?  Just not the socket calls.
This could still be significant, couldn't it?  I've read that the
*BSDs can router IP with 1 memcpy of the packet, while Linux
takes 3.  Not being terribly impressed with NT networking,
I assume something equally bad or worse with NT.

                    Ryan

Current thread:

Re: Firewall performance Sandy Green (Jun 23)
- Re: Firewall performance Chris Brenton (Jun 23)
- Re: Firewall performance Lance Spitzner (Jun 23)
- Re: Firewall performance Carric Dooley (Jun 25)
- <Possible follow-ups>
- RE: Firewall performance Choi, Byoung (Jun 23)
- RE: Firewall performance sean . kelly (Jun 23)
- RE: Firewall performance Marcus J. Ranum (Jun 23)
  - RE: Firewall performance David LeBlanc (Jun 28)
- RE: Firewall performance Ryan Russell (Jun 24)
  - RE: Firewall performance David C Niemi (Jun 28)
    - Re: Firewall performance Darren Reed (Jun 29)
    - Re: Firewall performance Mike Shaver (Jun 29)
    - Re: Firewall performance Darren Reed (Jun 29)
  - RE: Firewall performance David LeBlanc (Jun 28)
- Re: Firewall performance Robert Graham (Jun 28)
- RE: Firewall performance Robert Graham (Jun 28)
- Re: Firewall performance Sean Costello (Jun 28)