Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: Firewall performance

Re: Firewall performance

Carric Dooley (carriccom2usa.com)
Thu, 24 Jun 1999 09:48:26 -0400 (EDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Lance Spitzner: "Code recommendaion?"
Previous message: Sheldrake, Kevin: "RE: Firewall RISKS"
Maybe in reply to: Robert Graham: "Firewall RISKS"

In your first posting you appeared to be asking what things besides RAM,
CPU and link speed would affect firewall performance. I am still not 100%
clear on what kind of data you are after in fact. Of course RAM and CPU
make a difference on a firewalls ability to handle a given load, but you
will also run into the inherent limitations of the OS or the protocol
stack (sometimes before you are even touching what the processor can do,
or the RAM can handle, or the before the link is saturated).

I have worked with a client that was working with an older firewall (it
was I think a 2 year old copy of Gauntlet) and even though they had
upgraded to a Sparc 20 with dual CPU's and 256MB of RAM, the response
still sucked. There were 2000 users using almost exclusively http, but at
certain times of the day you would have to hit refresh several times to
get to a web site. The interesting thing is, if you were trying to get to
a site to download a large file, when you finally initiated the download,
it screamed. Obviously the pipe was far from saturated. I have also seen
2 similarly configured machines handle 10,000 users (running FW-1 v.2.x)
and doing a MUCH better job, so it was not a limitation of the hardware in
my estimation.

Another factor to consider is: What kind of firewall is it? Is it an app
proxy or stateful inspection? For an app proxy I would be more concerned
with how fast the CPU was. Yes RAM is definatly critical, but I want the
fastest damned thing I can find becuase it is tearing down and rebuilding
every packet that comes through it. For stateful inspection, I am going
to be concerned with CPU, but for a high volume site, I am going to push
for a ton of RAM so it can keep all the state information ready and
available.

I think you are asking "how fast can a car go" or "what do I need to build
a house", but withought knowing what your needs are, the answer can only
be as vague as the question.

Carric Dooley
COM2:Interactive Media
http://www.com2usa.com

On Tue, 22 Jun 1999, Sandy Green wrote:

> Thanks to all those who responded. But actaully
> that does not answer my query.
> There is a lab report on the checkpoint site about the
> solaris vs NT performance.
> fine.... but actaully there are other important factors
> like PCI bus speed of the computer as well, CPU
> speed ,memory.
> The point is that even if the CPU speed is a 500 MHZ pentium and
> memory is 10 MB , that does not help improve the performance.
> what the labs do is get a machine from DELL/COMPAQ latest model as
> shipped by them and perform the tests on them without tailoring the
> RAM or PCI speed.
> I have done some tests on a server with 500 MB of RAM ! and there
> was no significant improvement. I thought that this list would have
> expereinced such issues in their environments. But unluckily for
> me I have not got any response from any of the list members.
> But I would keep persisting....
>
> thanks to all. and please do email me.
> sandy
>
> Date: Thu, 17 Jun 1999 17:58:46 -0700 (PDT)
> From: Sandy Green <sand232yahoo.com>
> Subject: Security conference NETSEC 99
>
> Dear list members,
>
> I needed to get some sort of feedback about the
> recently held Security conference NETSEC 99.
> All the lucky ones who atteneded this conference
> would have certainily benefited from it. But for some
> reason(s) I could not make it. I would greatly appreciate
> if some of you could share your experiences and
> learning with me.
>
> second. This is about the firewall performance.
> In my mind these would be the factors for the
> bastion host performance ( processing the number
> of packets and taking a decision )
> CPU speed, PCI bus speed, Memory,..., and of
> course the WAN link connectivity speed... any more
>
> all thes factors have in turn a direct bearing on each
> other... just like security as strong as the weakesk
> link, similarly the processing speed (of the firewall)
> would be as fast as the slowest parameter( CPU
> speed, WAN/LAN connectivity speed, PCI bus speed...)
> Please let me know your views or could point me to
> resources on the web.
>
> Thanks
> sandy
> _________________________________________________________
> Do You Yahoo!?
> Get your free yahoo.com address at http://mail.yahoo.com
>

Next message: Lance Spitzner: "Code recommendaion?"
Previous message: Sheldrake, Kevin: "RE: Firewall RISKS"
Maybe in reply to: Robert Graham: "Firewall RISKS"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:01 CDT