Re: cyberguard performance?

[Mike Scher <mscher () neohapsis com>]

On Sat, 28 Dec 2002, Mikael Olsson wrote:
[Cyberguard]
> Yes, it's a PC.  It runs a unix dialect that I can't quite
> remember right now.  SCO?

It's SCO modded with some B-level functionality (akin to SecureComputing's
mods to BSD).


That all said, in response to the original question:

Performance numbers in just one dimension are simply misleading.  BPS are
alone not meaningful.  How many PPS?  How many sessions up/down per second
(setup and teardown can be quite costly compared with session
maintenance)?  How many complex protocol internal state transitions for
dynamic port/connections (FTP, H.323, SQL*NET2, etc.) can it handle?  How
many disparate IP addresses participating at once?  Do large sets of
similar IP addresses for src/dst cause state table hash collisions
(indicating some short-cutting)?  How deep is "state" (even just L4 TCP is
frequently short-cut, let alone higher protocol layers), and how deeply is
that state monitored once sessions are what the FW considers 'up'?

Mere BPS tells one nothing.  "If all I wanted was speed, I'd have bought a
L3 switch."

The numbers for Cyberguard suggest to me a cut-through functionality, in
which the proxy passes off the connection to a much more simple engine
once the session is up.  Without a more broad spectrum of "speed"
measurements, however, one is simply unable to say what the "speed"
factoid means.

      -M

-- 
Michael Brian Scher     |     Director, Neohapsis Labs
mscher () neohapsis com    |     General Counsel
Fax: 773-394-8314       |     Vox: 773-394-8310
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards