Re: Nokia interview questions

[Peter Lukas <plukas () oss uswest net>]

On Wed, 26 Sep 2001 hesselsp () ashaman dhs org wrote:

> On Tue, 25 Sep 2001 black () galaxy silvren com wrote:
> Ouch.  I haven't met a vendor that made a product that could stand up to
> the bandwidth very well.... except for Juniper.  I guess that ~200mb/s is
> reasonable for a gig card. My guess would be the only reason why they came
> out with this is because you can buy gig cards for linux and
> solaris.  More of a marketing thing really.  How many free PCI slots on a
> nokia?  mb/pci slot might be another reason.

Whether or not there are any free slots on a Nokia (i'd assume no more
than four) is not going to help you since so much as sneaking a peek
inside the box will void your warranty.

As for gigE cards in PC's, it seems a little silly unless you're placing
the adapter into a 64-bit PCI slot (a 32-bit standard PCI slot would be a
bottleneck). A better option would be to take a QuadFastE and drop it into
bridging mode (a linux system can do this quite easily). You'd then be
able to run 2 100Meg full interfaces on one IP. It'd be a relatively cheap
way to get better performance without taking the plunge to gigE (new card,
new switch, etc). Once again though, you could try this on a Nokia, but
don't think about getting any support for it. Also, if it's this kind of
speed you're after, you may want to up the ante on hardware, etc.

> Well, the way I have always looked at it is, an over powered firewall
> will likely have better latencies, less jitter, and less packet loss when
> dealing with reasonable speeds.  Then again, I have never done a
> "normal" firewall install.  Most people don't care too much about these
> things... it seems.  I guess that people don't put firewalls between their
> engineers and accounting.... so all you ever deal with is internet
> connection.  A T1 or something.  Not Fast Ethernet.... or worse.
>
> I did ask Checkpoint over and over again about which network card they
> used in linux... or what rule base they used... I don't remember now if I
> ever got an answer.

Typically, they benchmark with a 100-rule policy, and the bandwidth
clogger matching on the last rule. I would imagine that their GigE card
was the Netgear (a low-cost, Linux supported GigE). As with any benchmark,
theirs represented an unrealistic scenario reproduced across mismatched
hardware. I suppose treno, tcpblast and ttcp would have attempted to give
a more real-world scenario for a lab test.

Peter

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards