Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: High Speed Firewalls

From: Crispin Cowan <crispin () wirex com>
Date: Mon, 13 Mar 2000 09:29:46 +0000
David Newman wrote:


Ok.  My contention is precisely that it IS possible to FTP a 100 Mbit file
through a firewall with 100Base-T interfaces in one second, plus
the epsilon
time of network latency for the last packet to get through.


How does a firewall push:

100 Mbits of payload,
plus packet headers,
plus tcp setup,
plus ftp setup,
plus ftp teardown,
plus tcp teardown,

all across a 100-Mbit/s link in 1 second?


The "headers" stuff degrades throughput.  The other stuff degrades latency.
The difference is essential in understanding upper bounds to throughput.



Immunix must be even cooler than I thought. ;-)


Immunix doesn't presently have any particular high-speed firewall features.
The claims I'm making are theoretical, not product features.  However, if it's
true that no one has addressed these issues in practice, I'll have to get
cracking on it :-)

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org
                  JOBS!  http://immunix.org/jobs.html
Previous By Date Next
Previous By Thread Next

Current thread: