Firewall Wizards mailing list archives
Re: RE: High Speed Firewalls
From: Gregory Hicks <ghicks () cadence com>
Date: Mon, 13 Mar 2000 09:42:57 -0800 (PST)
From: "David Newman" <dnewman () networktest com> Date: Tue, 7 Mar 2000 15:39:54 -0500
[...snip...]
firewall imposes latency, but most certainly can ingest and eject packets at line rates.
[...snip...]
to achieve in practice, and achieving line-rate throughput in a firewall is likely to be hard. Possible, but hard.
[...snip...]
My contention is that it is not possible to ftp a 12.5-Mbyte (100-Mbit) file through a firewall with 100Base-T interfaces in 1 second, even though the interfaces are theoretically capable of moving traffic at that rate. Even a perfect firewall will still have to deal with packet headers, TCP connection setup and tear down, and its own inspection engine -- and all that pushes us over our 1-second budget. Ergo, there's no such thing as "line-rate" throughput from an application perspective. Any claim that a firewall does so (and I've heard several such claims) is a lie.
From the application layer perspective, I believe that 12.5 Mbyte is
the theoretical maximum. Practical throughput is, about, 80% of max... Regards, Gregory Hicks
Current thread:
- RE: RE: High Speed Firewalls, (continued)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Saravana Ram (Mar 23)
- Re: Re: High Speed Firewalls Dug Song (Mar 13)
- RE: RE: High Speed Firewalls David Newman (Mar 17)
- Re: RE: High Speed Firewalls Ryan Russell (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls Ryan Russell (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- RE: High Speed Firewalls David Newman (Mar 21)