Firewall Wizards mailing list archives
Re: RE: High Speed Firewalls
From: Crispin Cowan <crispin () wirex com>
Date: Tue, 14 Mar 2000 04:25:55 +0000
David Newman wrote:
Cars slow down when approaching and toll booth speed up goingaway from it,and that affects their "throughput." Ditto packets traversing firewalls.Not if the acceleration lanes are wide enough: 20 lanes of traffic moving at 10 MPH has the same throughput as 5 lanes of traffic moving at 40 MPH. Similarly, a "full speed" firewall may need to have several NICs on each side. Parallelism solves many throughput problems, but rarely benefits latency (except for reduced queue length).Eh? Here the analogy breaks. Regardless of the number of lanes, ALL the cars/packets were going 65 mph before they hit the toll booth/firewall. You need a hell of a lot of parallelism to make up for that.
You need a precisely measurable amount of parallelism to handle that. If the cars go from 65 MPH to 6.5 MPH (on average through the toll gate) then you need to go from 2 lanes to 20 lanes. Is that "a hell of a lot"? Sure, it's more than most toll plazas that I've ever seen, but most traffic authorities are not so concerned with throughput that they will engineer a full-bandwidth toll plaza under peak load. Similarly, most firewall vendors/customers are not so concerned with throughput that they will pay the (substantial) cost of a machine with enough computes/parallelsim to do sophisticated inspection at full network bandwidth. So it's rare and expensive, but not impossible Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org JOBS! http://immunix.org/jobs.html
Current thread:
- Re: High Speed Firewalls, (continued)
- Re: High Speed Firewalls Crispin Cowan (Mar 12)
- RE: High Speed Firewalls David Newman (Mar 12)
- Re: High Speed Firewalls Crispin Cowan (Mar 12)
- RE: High Speed Firewalls David Newman (Mar 12)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 17)
- RE: RE: High Speed Firewalls David Newman (Mar 17)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Saravana Ram (Mar 23)
- Re: High Speed Firewalls Crispin Cowan (Mar 12)
- Re: Re: High Speed Firewalls Dug Song (Mar 13)
- RE: RE: High Speed Firewalls David Newman (Mar 17)
- Re: RE: High Speed Firewalls Ryan Russell (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)