Solved

Firewall throughput benchmark test?

Posted on 2004-08-12
5
1,738 Views
Last Modified: 2008-01-16
Dear,
I am setting up my Linux ipfilter firewall at work but my boss wants me to buy this firewall because he thinks the throughput is much better.

Anyone know of the standardsized way of measureing throughput via firewalls or ids/ips systems?

I want to show him my linux setup is FASTER!! :)

I can see in their brohure they have a claimed throughput of:
Maximum number of connections 16,000
Connection rate 8,000/second
Aggregate Throughput 140 Mbps.

It seems most use the term of Mbps ?
Is there a way they do this standardsized so he can see i am not cheating him?
0
Comment
Question by:benjsh
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 11784437
Maximum number of Connections is the size of the state table for keeping track of TCP sessions. 16,000 seems pretty low.

The Connection Rate is how many tcp three-way handshakes the thing can stuff into the TCP connection state table per second.

The Aggregate Troughput is probably how many maximally-sized UDP packets you stuff through it. Real-world throughput will probably be something like half of this.

The first question from a performance standpoint isn't whether one setup is faster than the other, but how much speed you need. If you're on the other side of a DS-3, neither this solution nor your linux box are likely to be sufficient. If you're on the other side of a T1, you can get away with linux on a 486/33, if you can still find one.

As for measuring these things on your linux box, that shouldn't be that difficult, and there are tools around that do this type of thing that you can Google for.

Of course, you also have to ask why your boss wants a commercial solution. There may be very good reasons, or his reasons may be bogus and you can easily dissuade him. And if there are very good reasons, that doesn't mean that the product he's looking at right now is even remotely close to the best choice.
0
 

Author Comment

by:benjsh
ID: 11785768
i know the firewall box we got an offer off is a 256 meg ram 800 mhz system with 100 mbit lan.

My system is a celeron 1700 with 512 meg ram :) so i know i should be able to do better.

Do you know of some "trusted" tools to do this analyze so he can see it is not me tricking him?
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 500 total points
ID: 11790176
You really have to be careful here. Find out what he actually cares about. Perhaps performance doesn't matter above a minimum threshold. Other considerations are security, ease/cost of management, ease/cost of use (related to things like whether it supports the protocols/features you need, etc.).

Meanwhile, some places to look for tools are
http://www.netperf.org/netperf/NetperfPage.html
http://www.etestinglabs.com/benchmarks/webbench/3w1about/3w1framework.asp
0
 

Author Comment

by:benjsh
ID: 11790700
Can you test the 3 categories with this program?
I already tried Netperf before with no results :(
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 11793324
The max connections is not something people usually test, since it's obvious from the way the system is designed. For iptables, it will depend on how much ram your system has, but will be way more than 16000 on your hardware.

Netperf should be able to do the other two, I would think, though I'v never used it myself.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OpenVPN running on Ubuntu 14.4 x64 5 92
Lame BIND 9.3 10 58
FTP: Servname not supported for ai_socktype 7 500
Linux alternative boot CD? 28 101
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now