RE: RE: High Speed Firewalls

["David Newman" <dnewman () networktest com>]

> > > Ok.  My contention is precisely that it IS possible to FTP a
> 100 Mbit file
> > > through a firewall with 100Base-T interfaces in one second, plus
> > > the epsilon
> > > time of network latency for the last packet to get through.
> >
> > How does a firewall push:
> >
> > 100 Mbits of payload,
> > plus packet headers,
> > plus tcp setup,
> > plus ftp setup,
> > plus ftp teardown,
> > plus tcp teardown,
> >
> > all across a 100-Mbit/s link in 1 second?
>
> The "headers" stuff degrades throughput.

Right. So you agree, then, that even in theory it's not possible to move 100
Mbits of *user data* (e.g., a 12.5-Mbyte file) in 1 second over fast
Ethernet?

>  The other stuff
> degrades latency.

They also degrade throughput. SYNs, FINs, and 3-way handshakes puts bits on
the wire too, and get counted in a throughput measurement (see RFC 1242). If
you're speaking of application-layer throughput (e.g., what wu-ftpd reports)
the overhead doesn't get counted -- but that measurement will never report
moving 12.5 Mbytes/second unless the implementation is seriously broken.

David Newman