Re: [fw-wiz] Firewall performance testing (Was: Re: Evaluating Firewall)
From: Carson Gaspar (carson_at_taltos.org)
Date: 05/07/03
- Previous message: Mikael Olsson: "Re: [fw-wiz] Firewall performance testing (Was: Re: Evaluating Firewall)"
- In reply to: Mikael Olsson: "Re: [fw-wiz] Firewall performance testing (Was: Re: Evaluating Firewall)"
- Next in thread: Kyle R. Hofmann: "Re: [fw-wiz] Firewall performance testing (Was: Re: Evaluating Firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Wed, 07 May 2003 15:03:18 -0400
--On Wednesday, May 07, 2003 20:20:25 +0200 Mikael Olsson
<mikael.olsson@clavister.com> wrote:
>> These numbers should be for 0% packet loss.
>
> I've got to object here. Test for 0% packet loss if you need
> __zero__ loss. Sure, a unit running below spec shouldn't be
> losing packets, but to find out what "peak performance" is,
> you really should be testing with something like 0.1%..0.01%
> loss, IMHO. Take the intel e1000 series NICs for example.
> You can get them to do 1GBps flat with 0% packet loss by cranking
> their RX/TX rings to 1024..8192 buffers (I *** you not), but the
> latency hit is... yuck. Aim for 0.1%..0.01% loss and you'll get
> a NIC that behaves __much__ better all-round.
I'm a picky SOB. I want numbers for 0% packet loss. If they'd also like to
give me numbers for 0.01% loss, that's also a useful data point. I guess
I've spent too much time securing real time market data...
Speaking of which, I left latency out of my list. If you care, you should
ask specifically about that as well.
>> Most firewalls have to do a connection lookup for established sessions.
>> Good ones will do so with some algorithm that is O(log n) (or so) instead
>> of O(n).
>
> s/O(log n)/O(1..2)/
True, but be very cautious of the constant in both cases. Some "constant
time" algorithms end up being more expensive for sane values of n than a
good log n algorithm.
-- Carson Gaspar _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mikael Olsson: "Re: [fw-wiz] Firewall performance testing (Was: Re: Evaluating Firewall)"
- In reply to: Mikael Olsson: "Re: [fw-wiz] Firewall performance testing (Was: Re: Evaluating Firewall)"
- Next in thread: Kyle R. Hofmann: "Re: [fw-wiz] Firewall performance testing (Was: Re: Evaluating Firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
