Real-world performance of 100Mbps Ethernet (Nokia firewalls or otherwise)

[firewalls () msg net <firewalls () msg net>]

> I have a high speed network with a sustained traffic utilization of
> 90Mbps, has anyone used a Nokia based firewall under this kind of
> load using 100BAST-T  interfaces in full duplex?

Are you counting both directions of traffic for a total of 90Mbps out of
a theoretical 200Mbps, or is this 90Mbps just one direction of traffic?

I've done some basic testing with various systems for maximum sustained
throughput on a 100Base-T interface in full duplex. The best results I
have at this time give 70Mbps unidirectional TCP transfers on a 1 meter
crossover cable.

IIRC, I ran across a paper a while back detailing signalling limitations
which limit the 'real world' throughput of a single copper FE with Cat-5e,
showing that you just can't approach 200Mbps total bidirectional traffic
on a full-duplex copper connection.


> If so, what kind of performance does Nokia provide?  Where there any
> performance problems?

If 90Mbps is the total (say, 70M outbound and 20M inbound) you should be
fine with the Nokia.  If you need to be able to transmit 90Mbps sustained
outbound traffic and also a lower volume of inbound traffic, you may have
a problem, and you definitely have no headroom for growth on 100Mbps links.

Have you considered deploying Nokia's with their Gig interfaces?  They claim
500Mbps throughput on this platform.  I know the equivalent Cisco (PIX 535)
product can handle that kind of traffic level.  The price may be a bit
difficult to justify, but the performance is there.

Kevin Kadow
MSG.Net, Inc.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards