Firewall Wizards mailing list archives

RE: tests about latency

From: Paul Robertson <proberts () patriot net>
Date: Fri, 12 Sep 2003 07:12:05 -0400 (EDT)

On Fri, 12 Sep 2003, Neale Banks wrote:

Ob FW:  Whilst obviously anything that's not simply routed (e.g. proxied
protocols) would be a completely different kettle of fish, to what extent
could one then reasonably generalise the results obtained from ping tests
(i.e. ICMP packets) to other protocols?


Not well at all, ICMP handling is generally a special case for most 
stacks/devices.  Also, some devices prioritize different protocols, and 
ICMP datagrams tend to be self-contained, not requiring things like 
sequence number checking.

Finally, the size of the ICMP datagram can make a huge difference even on 
the same platform, as can the type- how the stack is written may affect 
which ICMP type codes get handled more quickly, for instance.

I wouldn't base any conclusions of overall performance, let alone 
per-protocol performance on just an ICMP test.

Performance testing is difficult to get right, and the numbers change for 
most devices with minor changes to the packets you're generating.  Sizes, 
fragments, windows for TCP, and the like all make different devices do 
different things, _especially_ if you're trying to make a security 
decision based upon the packets.  For instance, how many out of sequence 
packets will a device buffer before making the other end retransmit 
packets?  Are those buffers packet-size specific?  If we fill up a 
different sized buffer, will it affect overall performance for the other 
buffers, and how?

The best you can hope to do is get a representative sample of traffic out 
of wherever you want to put the device, then recreate a similar mix and 
test with each piece.  Everything else is a guess, and probably a poorly 
educated one unless you completely understand the characteristics of the 
hardware, stack and testing going on.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: tests about latency TSimons (Sep 05)
- RE: tests about latency Neale Banks (Sep 12)
  - RE: tests about latency Paul Robertson (Sep 12)
    - Large number of packets on TCP/12159 David Vernon (Sep 14)
  - Re: tests about latency Mikael Olsson (Sep 14)
    - Re: tests about latency Christopher Hicks (Sep 14)
- <Possible follow-ups>
- RE: tests about latency Andrea Pasquinucci (Sep 14)