Pretty good stats. But please remember to take them with a grain of salt.
For starters, 64 byte packet size are really small, and checkpoint isn't
going to be doing much, if any, examination of the payload. Secondly, this
is udp data, so there is no state information to be maintained or checked.
It wasn't specified, but I'd guess that the 150 byte packets scaling to
520mbps was also simple udp traffic that checkpoint was basically just
packet filtering.
Regardless, these are pretty good stats.
On Wed, 20 Jun 2001, Richard Taylor wrote:
> Just been to a the Checkpoint Pacific Rim seminar in Sydney.
> Checkpoint was rating the Nokie. Nokie have made changes to their ISOv3.3
> which uses a thing call "FLOWS" which was available in CP2000- SP2.
> IP520 performance was 270,000 pps 64 bytes UDP
> It run up to 520Mps with 1500 bytes packets.
> Solaris ultra was 17,000 pps
> NT P111 800Mhz was 15,000 pps
>
>
> Richard Taylor
>
>
>
> -----Original Message-----
> From: Hiemstra, Brenno [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 20, 2001 6:14 PM
> To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject: RE: Checkpoint FW-1 & ATM performance
> degradation
>
> Maybe build a firewall cluster with Stonebeat and Firewall
> -1 if you
> run your systems on Solaris or NT (would not recommend NT
> though).
> You can scale your cluster to make a more load balanced /
> load sharing
> firewall solution then just one system firewall
>
> I think, don't have proof to support my thoughts, that
> Firewall 1 on a
> nokia has a better throughput then on Solaris.
>
> And if, after a thorough research, you don't think
> Firewall-1 can do it,
> I sure know Cisco PIX can do the job....
>
> Regards,
>
> Brenno
>
> > -----Original Message-----
> > From: Pere Camps [SMTP:[EMAIL PROTECTED]]
> > Sent: dinsdag 19 juni 2001 18:14
> > To: [EMAIL PROTECTED]
> > Subject: Checkpoint FW-1 & ATM performance
> degradation
> >
> > Hello,
> >
> > I've been given a project were I have to firewall off an
> ATM network.
> > Basically, it's just put Firewall-1 (with Solaris or
> Nokia) in all
> > the entry points of the enviorment.
> >
> > I'm quite worried about the performance degradation that
> this will
> > put on the ATM PVC connection.
> >
> > On one side, there's throughput. I've read that Checkpoint
> claims
> > that FW-1 can handle 240 Mbps on the correct machine. I
> very much
> > doubt it. The PVC that we're running is 155 Mbps, and I
> feel that
> > that would be too much, even if we're only going to use
> the firewall
> > as a "packet filter". Does anybody have any experience in
> this issue?
> >
> > Also, delay issues. Does anybody know what delay on the
> packets will
> > the firewall put? I'm not in a position to fine tune the
> MTU and
> > window size of the machines involved, so that's not an
> option to
> > get around throughput issues related to the RTT.
> >
> > Regarding the FW-1 choice, it's the companie's preferred
> firewall
> > solution. But if FW-1 is not able to handle the job, the
> company
> > is quite happy to go for another supplier.
> >
> > Can anybody help? Thanks!
> >
> > -- p.
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > http://lists.gnac.net/mailman/listinfo/firewalls
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
