Firewall Wizards mailing list archives
RE: tests about latency
From: Andrea Pasquinucci <cesare () ucci it>
Date: Fri, 12 Sep 2003 20:09:15 +0200 (CEST)
On Fri, 12 Sep 2003, Paul Robertson wrote: [ ... ]
Performance testing is difficult to get right, and the numbers change for most devices with minor changes to the packets you're generating. Sizes, fragments, windows for TCP, and the like all make different devices do different things, _especially_ if you're trying to make a security decision based upon the packets. For instance, how many out of sequence packets will a device buffer before making the other end retransmit packets? Are those buffers packet-size specific? If we fill up a different sized buffer, will it affect overall performance for the other buffers, and how? The best you can hope to do is get a representative sample of traffic out of wherever you want to put the device, then recreate a similar mix and test with each piece. Everything else is a guess, and probably a poorly educated one unless you completely understand the characteristics of the hardware, stack and testing going on.
The fact that it is not so easy is confirmed by various ongoing research projects (mostly done at univeristies, but a few companies are interested too). A few links I have right now (apologies for those I don't find anymore): http://www.caida.org/analysis/performance/bandwidth/ (famous are netperf and pathchar) http://www-iepm.slac.stanford.edu/ http://www.ripe.net/ttm/ http://moat.nlanr.net/ http://www.merit.edu/ipma/ (dead ?) http://ipm.mib.infn.it/ (see http://ipm.mib.infn.it/sim_projects.html for a list of other similar projects) http://www.advanced.org/IPPM/index.html and there was also matrix.net (now zaffire). Some of the techniques, applications and issues discussed in these pages are not directly relevant to the question asked, neither to firewalls and IT security. On the other side, Internet is now a very "complex system" and such that we should all worry about its complexity, robustness and fragility. In other words, it can have a life of its own, and rebel against its users. Firewalls and routers are at the moment the objects at the forefront, if something happens, they could mitigate the disaster or get the blame. Thanks for a great list. Andrea -- Andrea Pasquinucci cesare () ucci it My public PGP key is at http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: tests about latency TSimons (Sep 05)
- RE: tests about latency Neale Banks (Sep 12)
- RE: tests about latency Paul Robertson (Sep 12)
- Large number of packets on TCP/12159 David Vernon (Sep 14)
- Re: tests about latency Mikael Olsson (Sep 14)
- Re: tests about latency Christopher Hicks (Sep 14)
- RE: tests about latency Paul Robertson (Sep 12)
- <Possible follow-ups>
- RE: tests about latency Andrea Pasquinucci (Sep 14)
- RE: tests about latency Neale Banks (Sep 12)